org.cesecore.authentication.tokens.PublicAccessAuthenticationToken Maven / Gradle / Ivy
/*************************************************************************
* *
* CESeCore: CE Security Core *
* *
* This software is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or any later version. *
* *
* See terms of license at gnu.org. *
* *
*************************************************************************/
package org.cesecore.authentication.tokens;
import java.io.Serializable;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import org.cesecore.authentication.AuthenticationFailedException;
import org.cesecore.authorization.user.AccessUserAspect;
/**
* AuthenticationToken representing a user that has provided no means of authentication,
* e.g. a client accessing an interface like public RA web pages.
*
* @version $Id: PublicAccessAuthenticationToken.java 26057 2017-06-22 08:08:34Z anatom $
*/
public class PublicAccessAuthenticationToken extends NestableAuthenticationToken {
/** Public access to the RA. Compare to PublicWebPrincipal which serves the same purpose, but is used in the PublicWeb */
public static class PublicAccessPrincipal implements Principal, Serializable {
private static final long serialVersionUID = 1L;
private final String principal;
public PublicAccessPrincipal(final String principal) {
this.principal = principal;
}
@Override
public String getName() {
return principal;
}
}
private static class PublicAccessCredential implements Serializable {
private static final long serialVersionUID = 1L;
private final boolean confidentialTransport;
public PublicAccessCredential(final boolean confidentialTransport) {
this.confidentialTransport = confidentialTransport;
}
public boolean isConfidentialTransport() {
return confidentialTransport;
}
}
private static final long serialVersionUID = 1L;
public static final PublicAccessAuthenticationTokenMetaData metaData = new PublicAccessAuthenticationTokenMetaData();
private final PublicAccessPrincipal principal;
private final PublicAccessCredential credential;
@Deprecated
public PublicAccessAuthenticationToken(final String principal) {
this(principal, false);
}
public PublicAccessAuthenticationToken(final String principal, final boolean confidentialTransport) {
super(new HashSet<>(Arrays.asList(new PublicAccessPrincipal(principal))),
new HashSet<>(Arrays.asList(new PublicAccessCredential(confidentialTransport))));
this.principal = new PublicAccessPrincipal(principal);
this.credential = new PublicAccessCredential(confidentialTransport);
}
@Override
public boolean matches(AccessUserAspect accessUser) throws AuthenticationFailedException {
// Protect against spoofing by checking if this token was created locally
if (!super.isCreatedInThisJvm()) {
return false;
}
if (!matchTokenType(accessUser.getTokenType())) {
return false;
}
final PublicAccessMatchValue matchValue = (PublicAccessMatchValue) getMatchValueFromDatabaseValue(accessUser.getMatchWith());
switch (matchValue) {
case TRANSPORT_CONFIDENTIAL:
return credential.isConfidentialTransport();
case TRANSPORT_PLAIN:
return !credential.isConfidentialTransport();
case TRANSPORT_ANY:
return true;
default:
return false;
}
}
@Override
public int getPreferredMatchKey() {
return AuthenticationToken.NO_PREFERRED_MATCH_KEY; // not applicable to this type of authentication token
}
@Override
public String getPreferredMatchValue() {
return null;
}
/** Returns information of the entity this authentication token belongs to. */
@Override
public String toString() {
return super.toString();
}
/** Override the default Principal.getName() when doing toString on this object. */
@Override
protected String toStringOverride() {
return principal.getName() + (credential.isConfidentialTransport() ? " (TRANSPORT_CONFIDENTIAL)" : " (TRANSPORT_PLAIN)");
}
@Override
public int hashCode() {
int hashCode = 4711 * 1 + ((principal.getName() == null) ? 0 : principal.getName().hashCode());
hashCode *= 17 + (credential.isConfidentialTransport() ? 0 : 1);
return hashCode;
}
@Override
public boolean equals(final Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
PublicAccessAuthenticationToken other = (PublicAccessAuthenticationToken) obj;
if (principal.getName() == null) {
if (other.principal.getName() != null) {
return false;
}
} else if (!principal.getName().equals(other.principal.getName())) {
return false;
}
return credential.isConfidentialTransport()==other.credential.isConfidentialTransport();
}
@Override
protected String generateUniqueId() {
return generateUniqueId(super.isCreatedInThisJvm(), principal.getName(), credential.isConfidentialTransport()) + ";" + super.generateUniqueId();
}
@Override
public AuthenticationTokenMetaData getMetaData() {
return metaData;
}
}