// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.authentication; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; import java.util.Hashtable; import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.x509.CertificateExtensions; import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.usrgrp.Certificates; /** * Authentication token returned by Authentication Managers. * Upon return, it contains authentication/identification information * as well as information retrieved from the database where the * authentication was done against. Each authentication manager has * its own list of such information. See individual authenticaiton * manager for more details. *

* * @version $Revision$, $Date$ */ public class AuthToken implements IAuthToken { protected Hashtable mAttrs = null; /* Subject name of the certificate in the authenticating entry */ public static final String TOKEN_CERT_SUBJECT = "tokenCertSubject"; /* NotBefore value of the certificate in the authenticating entry */ public static final String TOKEN_CERT_NOTBEFORE = "tokenCertNotBefore"; /* NotAfter value of the certificate in the authenticating entry */ public static final String TOKEN_CERT_NOTAFTER = "tokenCertNotAfter"; /* Cert Extentions value of the certificate in the authenticating entry */ public static final String TOKEN_CERT_EXTENSIONS = "tokenCertExts"; /* Serial number of the certificate in the authenticating entry */ public static final String TOKEN_CERT_SERIALNUM = "certSerial"; /** * Certificate to be renewed */ public static final String TOKEN_CERT = "tokenCert"; /* Certificate to be revoked */ public static final String TOKEN_CERT_TO_REVOKE = "tokenCertToRevoke"; /** * Plugin name of the authentication manager that created the * AuthToken as a string. */ public static final String TOKEN_AUTHMGR_IMPL_NAME = "authMgrImplName"; /** * Name of the authentication manager that created the AuthToken * as a string. */ public static final String TOKEN_AUTHMGR_INST_NAME = "authMgrInstName"; /** * Time of authentication as a java.util.Date */ public static final String TOKEN_AUTHTIME = "authTime"; /** * Constructs an instance of a authentication token. * The token by default contains the following attributes:
* *

     * 	"authMgrInstName" - The authentication manager instance name.
     * 	"authMgrImplName" - The authentication manager plugin name.
     * 	"authTime" - The - The time of authentication.
     *

* * @param authMgr The authentication manager that created this Token. */ public AuthToken(IAuthManager authMgr) { mAttrs = new Hashtable(); if (authMgr != null) { set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName()); set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName()); } set(TOKEN_AUTHTIME, new Date()); } public Object get(String attrName) { return mAttrs.get(attrName); } public String getInString(String attrName) { return (String) mAttrs.get(attrName); } public boolean set(String attrName, String value) { if (value == null) { return false; } mAttrs.put(attrName, value); return true; } /** * Removes an attribute in the AuthToken * * @param attrName The name of the attribute to remove. */ public void delete(String attrName) { mAttrs.remove(attrName); } /** * Enumerate all attribute names in the AuthToken. * * @return Enumeration of all attribute names in this AuthToken. */ public Enumeration getElements() { return (mAttrs.keys()); } public byte[] getInByteArray(String name) { String value = getInString(name); if (value == null) { return null; } return CMS.AtoB(value); } public boolean set(String name, byte[] value) { if (value == null) { return false; } return set(name, CMS.BtoA(value)); } public Integer getInInteger(String name) { String strVal = getInString(name); if (strVal == null) { return null; } try { return Integer.valueOf(strVal); } catch (NumberFormatException e) { return null; } } public boolean set(String name, Integer value) { if (value == null) { return false; } return set(name, value.toString()); } public BigInteger[] getInBigIntegerArray(String name) { String value = getInString(name); if (value == null) { return null; } String[] values = value.split(","); if (values.length == 0) { return null; } BigInteger[] result = new BigInteger[values.length]; for (int i = 0; i < values.length; i++) { try { result[i] = new BigInteger(values[i]); } catch (NumberFormatException e) { return null; } } return result; } public boolean set(String name, BigInteger[] value) { if (value == null) { return false; } StringBuffer buffer = new StringBuffer(); for (int i = 0; i < value.length; i++) { if (i != 0) { buffer.append(","); } buffer.append(value[i].toString()); } return set(name, buffer.toString()); } public Date getInDate(String name) { String value = getInString(name); if (value == null) { return null; } try { return new Date(Long.parseLong(value)); } catch (NumberFormatException e) { return null; } } public boolean set(String name, Date value) { if (value == null) { return false; } return set(name, String.valueOf(value.getTime())); } public String[] getInStringArray(String name) { String[] stringValues; byte[] byteValue = getInByteArray(name); if (byteValue == null) { return null; } try { DerInputStream in = new DerInputStream(byteValue); DerValue[] derValues = in.getSequence(5); stringValues = new String[derValues.length]; for (int i = 0; i < derValues.length; i++) { stringValues[i] = derValues[i].getAsString(); } } catch (IOException e) { return null; } return stringValues; } public boolean set(String name, String[] value) { if (value == null) { return false; } DerOutputStream out = new DerOutputStream(); DerValue[] derValues = new DerValue[value.length]; try { for (int i = 0; i < value.length; i++) { derValues[i] = new DerValue(value[i]); } out.putSequence(derValues); return set(name, out.toByteArray()); } catch (IOException e) { return false; } } public X509CertImpl getInCert(String name) { byte[] data = getInByteArray(name); if (data == null) { return null; } try { return new X509CertImpl(data); } catch (CertificateException e) { return null; } } public boolean set(String name, X509CertImpl value) { if (value == null) { return false; } ByteArrayOutputStream out = new ByteArrayOutputStream(); try { value.encode(out); } catch (CertificateEncodingException e) { return false; } return set(name, out.toByteArray()); } public CertificateExtensions getInCertExts(String name) throws IOException { CertificateExtensions exts = null; byte[] data = getInByteArray(name); if (data != null) { exts = new CertificateExtensions(); // exts.decode() doesn't work for empty CertExts exts.decodeEx(new ByteArrayInputStream(data)); } return exts; } public boolean set(String name, CertificateExtensions value) { if (value == null) { return false; } ByteArrayOutputStream out = new ByteArrayOutputStream(); try { value.encode(out); } catch (IOException e) { return false; } catch (CertificateException e) { return false; } return set(name, out.toByteArray()); } public Certificates getInCertificates(String name) throws IOException, CertificateException { X509CertImpl[] certArray; byte[] byteValue = getInByteArray(name); if (byteValue == null) { return null; } DerInputStream in = new DerInputStream(byteValue); DerValue[] derValues = in.getSequence(5); certArray = new X509CertImpl[derValues.length]; for (int i = 0; i < derValues.length; i++) { byte[] certData = derValues[i].toByteArray(); certArray[i] = new X509CertImpl(certData); } return new Certificates(certArray); } public boolean set(String name, Certificates value) { if (value == null) { return false; } DerOutputStream derStream = new DerOutputStream(); X509Certificate[] certArray = value.getCertificates(); DerValue[] derValues = new DerValue[certArray.length]; try { for (int i = 0; i < certArray.length; i++) { ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); try { X509CertImpl certImpl = (X509CertImpl) certArray[i]; certImpl.encode(byteStream); derValues[i] = new DerValue(byteStream.toByteArray()); } catch (CertificateEncodingException e) { return false; } catch (ClassCastException e) { return false; } } derStream.putSequence(derValues); return set(name, derStream.toByteArray()); } catch (IOException e) { return false; } } public byte[][] getInByteArrayArray(String name) throws IOException { byte[][] retval; byte[] byteValue = getInByteArray(name); if (byteValue == null) { return null; } DerInputStream in = new DerInputStream(byteValue); DerValue[] derValues = in.getSequence(5); retval = new byte[derValues.length][]; for (int i = 0; i < derValues.length; i++) { retval[i] = derValues[i].getOctetString(); } return retval; } public boolean set(String name, byte[][] value) { if (value == null) { return false; } DerOutputStream out = new DerOutputStream(); DerValue[] derValues = new DerValue[value.length]; try { for (int i = 0; i < value.length; i++) { derValues[i] = new DerValue(DerValue.tag_OctetString, value[i]); } out.putSequence(derValues); return set(name, out.toByteArray()); } catch (IOException e) { return false; } } /** * Enumerate all attribute values in the AuthToken. * * @return Enumeration of all attribute names in this AuthToken. */ public Enumeration