// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; import java.io.ByteArrayInputStream; import java.util.Enumeration; import java.util.Locale; import java.util.Vector; import javax.ws.rs.core.MultivaluedHashMap; import javax.ws.rs.core.MultivaluedMap; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.EInvalidCredentials; import com.netscape.certsrv.authentication.EMissingCredential; import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.authentication.IAuthManager; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.csadmin.ConfigurationUtils; import com.netscape.cmsutil.xml.XMLObject; /** * Token authentication. * Checked if the given token is valid. *
* * @version $Revision$, $Date$ */ public class TokenAuthentication implements IAuthManager, IProfileAuthenticator { /* required credentials */ public static final String CRED_SESSION_ID = IAuthManager.CRED_SESSION_ID; protected String[] mRequiredCreds = { CRED_SESSION_ID }; /* config parameters to pass to console (none) */ protected static String[] mConfigParams = null; private String mName = null; private String mImplName = null; private IConfigStore mConfig = null; public TokenAuthentication() { } /** * initializes the TokenAuthentication auth manager *
* called by AuthSubsystem init() method, when initializing all available authentication managers. * * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) throws EBaseException { mName = name; mImplName = implName; mConfig = config; } /** * Gets the name of this authentication manager. */ public String getName() { return mName; } /** * Gets the plugin name of authentication manager. */ public String getImplName() { return mImplName; } public boolean isSSLClientRequired() { return false; } /** * authenticates user(agent) by certificate *
* called by other subsystems or their servlets to authenticate users (agents)
*
* @param authCred - authentication credential that contains
* an usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
* @exception EMissingCredential If a required credential for this
* authentication manager is missing.
* @exception EInvalidCredentials If credentials cannot be authenticated.
* @exception EBaseException If an internal error occurred.
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
throws EMissingCredential, EInvalidCredentials, EBaseException {
CMS.debug("TokenAuthentication: start");
// force SSL handshake
SessionContext context = SessionContext.getExistingContext();
// retreive certificate from socket
AuthToken authToken = new AuthToken(this);
// get group name from configuration file
IConfigStore sconfig = CMS.getConfigStore();
String sessionId = (String) authCred.get(CRED_SESSION_ID);
String givenHost = (String) authCred.get("clientHost");
String authHost = sconfig.getString("securitydomain.host");
int authAdminPort = sconfig.getInteger("securitydomain.httpsadminport");
int authEEPort = sconfig.getInteger("securitydomain.httpseeport");
String authURL = "/ca/admin/ca/tokenAuthenticate";
MultivaluedMap