org.jboss.sasl.localuser.LocalUserServer Maven / Gradle / Ivy
Go to download
This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including
all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and
Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up
with different versions on classes on the class path).
/*
* JBoss, Home of Professional Open Source.
* Copyright 2011, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.sasl.localuser;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.Random;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jboss.sasl.util.AbstractSaslServer;
import org.jboss.sasl.util.Charsets;
import org.jboss.sasl.util.SaslState;
import org.jboss.sasl.util.SaslStateContext;
/**
* @author David M. Lloyd
* @author Darran Lofthouse
*/
public final class LocalUserServer extends AbstractSaslServer implements SaslServer {
// Should SecureRandom be used? Default to true
public static final String LOCAL_USER_USE_SECURE_RANDOM = "jboss.sasl.local-user.use-secure-random";
public static final String LOCAL_USER_CHALLENGE_PATH = "jboss.sasl.local-user.challenge-path";
public static final String DEFAULT_USER = "jboss.sasl.local-user.default-user";
private static final byte UTF8NUL = 0x00;
private volatile String authorizationId;
private volatile File challengeFile;
private final File basePath;
private final String defaultUser;
private final boolean useSecureRandom;
LocalUserServer(final String protocol, final String serverName, final Map props, final CallbackHandler callbackHandler) {
super(LocalUserSaslFactory.JBOSS_LOCAL_USER, protocol, serverName, callbackHandler);
String value;
if (props.containsKey(LOCAL_USER_CHALLENGE_PATH)) {
basePath = new File(props.get(LOCAL_USER_CHALLENGE_PATH).toString()).getAbsoluteFile();
} else if ((value = getProperty(LOCAL_USER_CHALLENGE_PATH)) != null) {
basePath = new File(value).getAbsoluteFile();
} else {
basePath = new File(getProperty("java.io.tmpdir"));
}
Object useSecureRandomObj = null;
if (props.containsKey(LOCAL_USER_USE_SECURE_RANDOM)) {
useSecureRandomObj = props.get(LOCAL_USER_USE_SECURE_RANDOM);
} else {
useSecureRandomObj = getProperty(LOCAL_USER_USE_SECURE_RANDOM);
}
if (useSecureRandomObj != null) {
if (useSecureRandomObj instanceof Boolean) {
useSecureRandom = ((Boolean) useSecureRandomObj).booleanValue();
} else if (useSecureRandomObj instanceof String) {
useSecureRandom = Boolean.parseBoolean((String) useSecureRandomObj);
} else {
useSecureRandom = true;
}
} else {
useSecureRandom = true;
}
defaultUser = (String) (props.containsKey(DEFAULT_USER) ? props.get(DEFAULT_USER) : null);
}
private static String getProperty(final String name) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return AccessController.doPrivileged(new PrivilegedAction() {
public String run() {
return System.getProperty(name);
}
});
} else {
return System.getProperty(name);
}
}
private Random getRandom() {
if (useSecureRandom) {
return new SecureRandom();
} else {
return new Random();
}
}
public void init() {
getContext().setNegotiationState(new SaslState() {
public byte[] evaluateMessage(final SaslStateContext context, final byte[] message) throws SaslException {
if (message.length == 0) {
// trigger initial response
return NO_BYTES;
}
// initial message
if (message.length == 1 && message[0] == UTF8NUL) {
authorizationId = null;
} else {
authorizationId = new String(message, Charsets.UTF_8);
}
final Random random = getRandom();
try {
challengeFile = File.createTempFile("local", ".challenge", basePath);
} catch (IOException e) {
throw new SaslException("Failed to create challenge file", e);
}
final FileOutputStream fos;
try {
fos = new FileOutputStream(challengeFile);
} catch (FileNotFoundException e) {
throw new SaslException("Failed to create challenge file", e);
}
boolean ok = false;
final byte[] bytes;
try {
bytes = new byte[8];
random.nextBytes(bytes);
try {
fos.write(bytes);
fos.close();
ok = true;
} catch (IOException e) {
throw new SaslException("Failed to create challenge file", e);
}
} finally {
if (!ok) {
deleteChallenge();
}
try {
fos.close();
} catch (Throwable ignored) {
}
}
final String path = challengeFile.getAbsolutePath();
final byte[] response = new byte[Charsets.encodedLengthOf(path)];
Charsets.encodeTo(path, response, 0);
getContext().setNegotiationState(new SaslState() {
public byte[] evaluateMessage(final SaslStateContext context, final byte[] message) throws SaslException {
deleteChallenge();
final int length = message.length;
if (length < 8) {
throw new SaslException("Invalid response");
}
if (!Arrays.equals(bytes, Arrays.copyOf(message, 8))) {
throw new SaslException("Invalid response");
}
String authenticationRealm;
String authenticationId;
final int firstMarker = Charsets.indexOf(message, 0, 8);
if (firstMarker > -1) {
authenticationId = new String(message, 8, firstMarker - 8, Charsets.UTF_8);
final int secondMarker = Charsets.indexOf(message, 0, firstMarker + 1);
if (secondMarker > -1) {
authenticationRealm = new String(message, firstMarker + 1, secondMarker - firstMarker - 1, Charsets.UTF_8);
} else {
authenticationRealm = null;
}
} else {
authenticationId = null;
authenticationRealm = null;
}
if (authenticationId == null || authenticationId.length() == 0) {
authenticationId = defaultUser;
}
if (authenticationId == null) {
throw new SaslException("No authentication ID given");
}
if (authorizationId == null) {
// If no authorization ID is specifed default to authentication ID
authorizationId = authenticationId;
}
final NameCallback nameCallback = new NameCallback("User name", authenticationId);
final AuthorizeCallback authorizeCallback = new AuthorizeCallback(authenticationId, authorizationId);
if (authenticationRealm == null) {
handleCallbacks(nameCallback, authorizeCallback);
} else {
final RealmCallback realmCallback = new RealmCallback("User realm", authenticationRealm);
handleCallbacks(realmCallback, nameCallback, authorizeCallback);
}
if (!authorizeCallback.isAuthorized()) {
throw new SaslException("User " + authorizationId + " is not authorized");
}
context.negotiationComplete();
return null;
}
});
return response;
}
});
}
public String getAuthorizationID() {
if (isComplete()) {
return authorizationId;
} else {
throw new IllegalStateException("JBOSS-LOCAL-USER server negotiation not complete");
}
}
private void deleteChallenge() {
if (challengeFile != null) {
challengeFile.delete();
challengeFile = null;
}
}
@Override
public void dispose() throws SaslException {
super.dispose();
deleteChallenge();
}
@Override
protected void finalize() throws Throwable {
deleteChallenge();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy