@Override protected boolean validatePassword(String inputPassword, String expectedPassword) { if (digestCredential != null) { return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8)); } switch (validationMode) { case DIGEST: String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray()); return expectedPassword.equals(inputHashed); case PASSWORD: return expectedPassword.equals(inputPassword); case VALIDATION: RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName()); NameCallback ncb = new NameCallback("User Name", getUsername()); EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray())); try { handle(new Callback[]{rcb, ncb, evc}); return evc.isVerified(); } catch (LoginException e) { return false; } default: return false; } }
public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { return delegate.createSaslServer(mechanism, protocol, serverName, props, callbacks -> { ArrayList<Callback> list = new ArrayList<>(Arrays.asList(callbacks)); final Iterator<Callback> iterator = list.iterator(); while (iterator.hasNext()) { Callback callback = iterator.next(); if (callback instanceof TrustedAuthoritiesCallback) { final X509TrustManager trustManager = getTrustManager(); ((TrustedAuthoritiesCallback) callback).setTrustedAuthorities(getTrustedAuthorities(trustManager.getAcceptedIssuers())); iterator.remove(); } else if (callback instanceof EvidenceVerifyCallback) { final EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback; final X509PeerCertificateChainEvidence peerCertificateChainEvidence = evidenceVerifyCallback.getEvidence(X509PeerCertificateChainEvidence.class); if (peerCertificateChainEvidence != null) { final X509TrustManager trustManager = getTrustManager(); try { trustManager.checkClientTrusted(peerCertificateChainEvidence.getPeerCertificateChain(), peerCertificateChainEvidence.getAlgorithm()); evidenceVerifyCallback.setVerified(true); } catch (CertificateException e) { } iterator.remove(); } } } if (! list.isEmpty()) { cbh.handle(list.toArray(new Callback[list.size()])); } }); }
/** * Get the acquired evidence, if it is set and of the given type and algorithm, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param algorithmName the algorithm name * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria are not met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType, String algorithmName) { return applyToEvidence(evidenceType, algorithmName, Function.identity()); }
throw DomainManagementLogger.ROOT_LOGGER.noUsername(); if (evidenceVerifyCallback == null || evidenceVerifyCallback.getEvidence() == null) { SECURITY_LOGGER.trace("No password to verify."); throw DomainManagementLogger.ROOT_LOGGER.noPassword(); if (evidenceVerifyCallback.getEvidence() instanceof PasswordGuessEvidence) { char[] guess = ((PasswordGuessEvidence) evidenceVerifyCallback.getEvidence()).getGuess(); password = guess != null ? new String(guess) : null; } else { evidenceVerifyCallback.setVerified(verifyPassword(lch, searchResult, username, password, sharedState)); } catch (Exception e) { SECURITY_LOGGER.trace("Unable to verify identity.", e); throw DomainManagementLogger.ROOT_LOGGER.cannotPerformVerification(e); } finally { if (shareConnection && lch != null && evidenceVerifyCallback != null && evidenceVerifyCallback.isVerified()) { sharedState.put(LdapConnectionHandler.class.getName(), lch); } else {
} else if (current instanceof EvidenceVerifyCallback) { EvidenceVerifyCallback vpc = (EvidenceVerifyCallback) current; vpc.setVerified(server.getAuthKey().equals(vpc.applyToEvidence(PasswordGuessEvidence.class, e -> new String(e.getGuess())))); } else if (current instanceof CredentialCallback) { CredentialCallback dhc = (CredentialCallback) current;
throw DomainManagementLogger.ROOT_LOGGER.noUsername(); if (evidenceVerifyCallback == null || evidenceVerifyCallback.getEvidence() == null) { SECURITY_LOGGER.trace("No password to verify."); throw DomainManagementLogger.ROOT_LOGGER.noPassword(); if (evidenceVerifyCallback.getEvidence() instanceof PasswordGuessEvidence) { char[] guess = ((PasswordGuessEvidence) evidenceVerifyCallback.getEvidence()).getGuess(); password = guess != null ? new String(guess) : null; } else { evidenceVerifyCallback.setVerified(verifyPassword(lch, searchResult, username, password, sharedState)); } catch (Exception e) { SECURITY_LOGGER.trace("Unable to verify identity.", e); throw DomainManagementLogger.ROOT_LOGGER.cannotPerformVerification(e); } finally { if (shareConnection && lch != null && evidenceVerifyCallback != null && evidenceVerifyCallback.isVerified()) { sharedState.put(LdapConnectionHandler.class.getName(), lch); } else {
} else if (current instanceof EvidenceVerifyCallback) { EvidenceVerifyCallback vpc = (EvidenceVerifyCallback) current; vpc.setVerified(server.getAuthKey().equals(vpc.applyToEvidence(PasswordGuessEvidence.class, e -> new String(e.getGuess())))); } else if (current instanceof CredentialCallback) { CredentialCallback dhc = (CredentialCallback) current;
nameCallback.setName(username); final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password); EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence); if(evidenceVerifyCallback.isVerified()) { IdentityCredentialCallback credentialUpdateCallback = new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password)), true); callbackHandler.handle(new Callback[]{credentialUpdateCallback});
final X509PeerCertificateChainEvidence peerCertificateChainEvidence = evidenceVerifyCallback.getEvidence(X509PeerCertificateChainEvidence.class); if (peerCertificateChainEvidence != null) { X509TrustManager trustManager; evidenceVerifyCallback.setVerified(true); } catch (CertificateException e) {
/** * Get the acquired evidence, if it is set and of the given type, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria wasn't met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType) { return applyToEvidence(evidenceType, Function.identity()); }
String token = auth.substring(auth.indexOf(" ") + 1); BearerTokenEvidence evidence = new BearerTokenEvidence(token); EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence); if (evidenceVerifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback; evidenceVerifyCallback.setVerified(verifyEvidence(evidenceVerifyCallback.getEvidence()));
/** * Get the acquired evidence, if it is set and of the given type and algorithm, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param algorithmName the algorithm name * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria are not met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType, String algorithmName) { return applyToEvidence(evidenceType, algorithmName, Function.identity()); }
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }
public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { return delegate.createSaslServer(mechanism, protocol, serverName, props, callbacks -> { ArrayList<Callback> list = new ArrayList<>(Arrays.asList(callbacks)); final Iterator<Callback> iterator = list.iterator(); while (iterator.hasNext()) { Callback callback = iterator.next(); if (callback instanceof TrustedAuthoritiesCallback) { final X509TrustManager trustManager = getTrustManager(); ((TrustedAuthoritiesCallback) callback).setTrustedAuthorities(getTrustedAuthorities(trustManager.getAcceptedIssuers())); iterator.remove(); } else if (callback instanceof EvidenceVerifyCallback) { final EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback; final X509PeerCertificateChainEvidence peerCertificateChainEvidence = evidenceVerifyCallback.getEvidence(X509PeerCertificateChainEvidence.class); if (peerCertificateChainEvidence != null) { final X509TrustManager trustManager = getTrustManager(); try { trustManager.checkClientTrusted(peerCertificateChainEvidence.getPeerCertificateChain(), peerCertificateChainEvidence.getAlgorithm()); evidenceVerifyCallback.setVerified(true); } catch (CertificateException e) { } iterator.remove(); } } } if (! list.isEmpty()) { cbh.handle(list.toArray(new Callback[list.size()])); } }); }
/** * Get the acquired evidence, if it is set and of the given type, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria wasn't met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType) { return applyToEvidence(evidenceType, Function.identity()); }
EvidenceVerifyCallback callback = new EvidenceVerifyCallback(evidence); if (! skipVerification) { try { boolean verified = callback.isVerified(); httpClientCert.tracef("X509PeerCertificateChainEvidence was verified by EvidenceVerifyCallback handler: %b verification skipped: %b", verified, skipVerification);
public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { return delegate.createSaslServer(mechanism, protocol, serverName, props, callbacks -> { ArrayList<Callback> list = new ArrayList<>(Arrays.asList(callbacks)); final Iterator<Callback> iterator = list.iterator(); while (iterator.hasNext()) { Callback callback = iterator.next(); if (callback instanceof TrustedAuthoritiesCallback) { final X509TrustManager trustManager = getTrustManager(); ((TrustedAuthoritiesCallback) callback).setTrustedAuthorities(getTrustedAuthorities(trustManager.getAcceptedIssuers())); iterator.remove(); } else if (callback instanceof EvidenceVerifyCallback) { final EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback; final X509PeerCertificateChainEvidence peerCertificateChainEvidence = evidenceVerifyCallback.getEvidence(X509PeerCertificateChainEvidence.class); if (peerCertificateChainEvidence != null) { final X509TrustManager trustManager = getTrustManager(); try { trustManager.checkClientTrusted(peerCertificateChainEvidence.getPeerCertificateChain(), peerCertificateChainEvidence.getAlgorithm()); evidenceVerifyCallback.setVerified(true); } catch (CertificateException e) { } iterator.remove(); } } } if (! list.isEmpty()) { cbh.handle(list.toArray(new Callback[list.size()])); } }); }
/** * Get the acquired evidence, if it is set and of the given type and algorithm, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param algorithmName the algorithm name * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria are not met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType, String algorithmName) { return applyToEvidence(evidenceType, algorithmName, Function.identity()); }
EvidenceVerifyCallback evc = new EvidenceVerifyCallback(evidence); if (evc.isVerified() == false) { throw saslPlain.mechPasswordNotVerified().toSaslException();