View Javadoc
1   /*
2    * Copyright 2001-2008 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   */
17  
18  package org.apache.juddi.v3.auth;
19  
20  import java.io.IOException;
21  import java.security.InvalidAlgorithmParameterException;
22  import java.security.InvalidKeyException;
23  import java.security.NoSuchAlgorithmException;
24  
25  import javax.crypto.BadPaddingException;
26  import javax.crypto.IllegalBlockSizeException;
27  import javax.crypto.NoSuchPaddingException;
28  import javax.persistence.EntityManager;
29  import javax.persistence.EntityTransaction;
30  import javax.xml.bind.JAXBException;
31  
32  import org.apache.commons.configuration.ConfigurationException;
33  import org.apache.commons.logging.Log;
34  import org.apache.commons.logging.LogFactory;
35  import org.apache.juddi.config.AppConfig;
36  import org.apache.juddi.config.PersistenceManager;
37  import org.apache.juddi.config.Property;
38  import org.apache.juddi.v3.client.cryptor.Cryptor;
39  import org.apache.juddi.cryptor.CryptorFactory;
40  import org.apache.juddi.model.Publisher;
41  import static org.apache.juddi.v3.auth.XMLDocAuthenticator.log;
42  import org.apache.juddi.v3.error.AuthenticationException;
43  import org.apache.juddi.v3.error.ErrorMessage;
44  import org.apache.juddi.v3.error.FatalErrorException;
45  import org.apache.juddi.v3.error.RegistryException;
46  import org.apache.juddi.v3.error.UnknownUserException;
47  
48  /**
49   * @author Anou Manavalan
50   */
51  public class CryptedXMLDocAuthenticator extends XMLDocAuthenticator {
52  	
53  	private Log logger = LogFactory.getLog(this.getClass());
54  	/**
55  	 * @throws IOException
56  	 * @throws JAXBException
57  	 * @throws ConfigurationException 
58  	 * 
59  	 */
60  	public CryptedXMLDocAuthenticator() throws JAXBException, IOException, ConfigurationException {
61  		super();
62  	}
63          
64          private CryptedXMLDocAuthenticator(boolean b) {
65  		super(b);
66  	}
67  	@Override
68  	protected String getFilename() throws ConfigurationException {
69  		return AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE, Property.DEFAULT_ENCRYPTED_XML_USERSFILE);
70  	}
71  	/**
72  	 *
73           * @return user id
74           * @throws org.apache.juddi.v3.error.AuthenticationException 
75           * @throws org.apache.juddi.v3.error.FatalErrorException 
76  	 */
77  	public String authenticate(String userID, String credential)
78  	throws AuthenticationException, FatalErrorException {
79  		preProcess(userID, credential);
80  		String encryptedCredential = encrypt(credential);
81  		return postProcess(userID, encryptedCredential);
82  	}
83  	/**
84  	 *
85  	 */
86  	private String encrypt(String str) throws FatalErrorException {
87  		try {
88  			Cryptor cryptor = (Cryptor) CryptorFactory.getCryptor();
89  			return cryptor.encrypt(str);
90  		} catch (InvalidKeyException e) {
91  			logger.error("Invalid Key Exception in crypting the password", e);
92  			throw new FatalErrorException(new ErrorMessage(
93  					"errors.auth.cryptor.InvalidKey", e.getMessage()));
94  		} catch (NoSuchPaddingException e) {
95  			logger.error("Padding Exception in crypting the password", e);
96  			throw new FatalErrorException(new ErrorMessage(
97  					"errors.auth.cryptor.Padding", e.getMessage()));
98  		} catch (NoSuchAlgorithmException e) {
99  			logger.error("Algorithm Exception in crypting the password", e);
100 			throw new FatalErrorException(new ErrorMessage(
101 					"errors.auth.cryptor.Algorithm", e.getMessage()));
102 		} catch (InvalidAlgorithmParameterException e) {
103 			logger.error("Algorithm parameter Exception in crypting the password",
104 					e);
105 			throw new FatalErrorException(new ErrorMessage(
106 					"errors.auth.cryptor.AlgorithmParam", e.getMessage()));
107 		} catch (IllegalBlockSizeException e) {
108 			logger.error("Block size Exception in crypting the password", e);
109 			throw new FatalErrorException(new ErrorMessage(
110 					"errors.auth.cryptor.BlockSize", e.getMessage()));
111 		} catch (BadPaddingException e) {
112 			logger.error("Bad Padding Exception in crypting the password", e);
113 			throw new FatalErrorException(new ErrorMessage(
114 					"errors.auth.cryptor.BadPadding", e.getMessage()));
115 		} catch (Exception e) {
116 			logger.error(e.getMessage(), e);
117 			throw new FatalErrorException(new ErrorMessage(
118 					"errors.auth.cryptor.BlockSize", e.getMessage()));
119 		}
120 	}
121 	/**
122 	 * @param userID
123 	 * @param credential
124 	 * @throws RegistryException
125 	 */
126 	private void preProcess(String userID, String credential)
127 	throws AuthenticationException {
128 		// a userID must be specified.
129 		if (userID == null) {
130 			throw new UnknownUserException(new ErrorMessage(
131 					"errors.auth.InvalidUserId"));
132 		}
133 		// credential (password) must be specified.
134 		if (credential == null) {
135 			throw new UnknownUserException(new ErrorMessage(
136 			"errors.auth.InvalidCredentials"));
137 		}
138 	}
139 	/**
140 	 * @param userID
141 	 * @param encryptedCredential
142 	 * @return user id
143 	 * @throws AuthenticationException
144 	 */
145 	private String postProcess(String userID, String encryptedCredential)
146 	throws AuthenticationException {
147 		if (userTable.containsKey(userID)) {
148 			User user = (User) userTable.get(userID);
149 			if ((user.getPassword() == null)
150 					|| (!encryptedCredential.equals(user.getPassword()))) {
151 				throw new UnknownUserException(new ErrorMessage(
152 						"errors.auth.InvalidCredentials", userID));
153 			}
154 		} else {
155 			throw new UnknownUserException(new ErrorMessage(
156 					"errors.auth.InvalidUserId", userID));
157 		}
158 		int MaxBindingsPerService = -1;
159                 int MaxServicesPerBusiness = -1;
160                 int MaxTmodels = -1;
161                 int MaxBusinesses = -1;
162                 try {
163                         MaxBindingsPerService = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BINDINGS_PER_SERVICE, -1);
164                         MaxServicesPerBusiness = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_SERVICES_PER_BUSINESS, -1);
165                         MaxTmodels = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_TMODELS_PER_PUBLISHER, -1);
166                         MaxBusinesses = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BUSINESSES_PER_PUBLISHER, -1);
167                 } catch (Exception ex) {
168                         MaxBindingsPerService = -1;
169                         MaxServicesPerBusiness = -1;
170                         MaxTmodels = -1;
171                         MaxBusinesses = -1;
172                         log.error("config exception! " + userID, ex);
173                 }
174                 EntityManager em = PersistenceManager.getEntityManager();
175                 EntityTransaction tx = em.getTransaction();
176                 try {
177                         tx.begin();
178                         Publisher publisher = em.find(Publisher.class, userID);
179                         if (publisher == null) {
180                                 log.warn("Publisher \"" + userID + "\" was not found in the database, adding the publisher in on the fly.");
181                                 publisher = new Publisher();
182                                 publisher.setAuthorizedName(userID);
183                                 publisher.setIsAdmin("false");
184                                 publisher.setIsEnabled("true");
185                                 publisher.setMaxBindingsPerService(MaxBindingsPerService);
186                                 publisher.setMaxBusinesses(MaxBusinesses);
187                                 publisher.setMaxServicesPerBusiness(MaxServicesPerBusiness);
188                                 publisher.setMaxTmodels(MaxTmodels);
189                                 publisher.setPublisherName("Unknown");
190                                 em.persist(publisher);
191                                 tx.commit();
192                         }
193                 } finally {
194                         if (tx.isActive()) {
195                                 tx.rollback();
196                         }
197                         em.close();
198                 }
199 		return userID;
200 	}
201 }