This project has retired. For details please refer to its Attic page.
MD5XMLDocAuthenticator xref
View Javadoc
1   /*
2    * Copyright 2001-2008 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   */
17  
18  package org.apache.juddi.v3.auth;
19  
20  import java.io.IOException;
21  import javax.persistence.EntityManager;
22  import javax.persistence.EntityTransaction;
23  import javax.xml.bind.JAXBException;
24  import org.apache.commons.codec.digest.DigestUtils;
25  import org.apache.commons.configuration.ConfigurationException;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  import org.apache.juddi.config.AppConfig;
29  import org.apache.juddi.config.PersistenceManager;
30  import org.apache.juddi.config.Property;
31  import org.apache.juddi.model.Publisher;
32  import org.apache.juddi.v3.error.AuthenticationException;
33  import org.apache.juddi.v3.error.ErrorMessage;
34  import org.apache.juddi.v3.error.FatalErrorException;
35  import org.apache.juddi.v3.error.RegistryException;
36  import org.apache.juddi.v3.error.UnknownUserException;
37  
38  /**
39   * Uses MD5 hashes for passwords
40   * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
41   */
42  public class MD5XMLDocAuthenticator extends XMLDocAuthenticator {
43  	
44  	private Log logger = LogFactory.getLog(this.getClass());
45  	/**
46  	 * @throws IOException
47  	 * @throws JAXBException
48  	 * @throws ConfigurationException 
49  	 * 
50  	 */
51  	public MD5XMLDocAuthenticator() throws JAXBException, IOException, ConfigurationException {
52  		super();
53  	}
54          /**
55           * A private constructor used for calculating hashes only
56           * @param x 
57           */
58          private MD5XMLDocAuthenticator(boolean x)  {
59              super(x);
60  	}
61  	@Override
62  	protected String getFilename() throws ConfigurationException {
63  		return AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE, Property.DEFAULT_HASHED_XML_USERSFILE);
64  	}
65  	/**
66  	 *
67  	 */
68  	@Override
69  	public String authenticate(String userID, String credential)
70  	throws AuthenticationException, FatalErrorException {
71  		preProcess(userID, credential);
72  		String encryptedCredential = hash(credential);
73  		return postProcess(userID, encryptedCredential);
74  	}
75  	/**
76  	 *
77  	 */
78  	private String hash(String str) throws FatalErrorException {
79  		try {
80                          return DigestUtils.md5Hex(str)       ;
81  		} catch (Exception e) {
82  			logger.error("Exception caught hashing password", e);
83  			throw new FatalErrorException(new ErrorMessage(
84  					"errors.auth.cryptor.InvalidKey", e.getMessage()));
85  		} 
86  	}
87  	/**
88  	 * @param userID
89  	 * @param credential
90  	 * @throws RegistryException
91  	 */
92  	private void preProcess(String userID, String credential)
93  	throws AuthenticationException {
94  		// a userID must be specified.
95  		if (userID == null) {
96  			throw new UnknownUserException(new ErrorMessage(
97  					"errors.auth.InvalidUserId"));
98  		}
99  		// credential (password) must be specified.
100 		if (credential == null) {
101 			throw new UnknownUserException(new ErrorMessage(
102 			"errors.auth.InvalidCredentials"));
103 		}
104 	}
105 	/**
106 	 * @param userID
107 	 * @param encryptedCredential
108 	 * @return user id
109 	 * @throws AuthenticationException
110 	 */
111 	private String postProcess(String userID, String encryptedCredential)
112 	throws AuthenticationException {
113 		if (userTable.containsKey(userID)) {
114 			User user = (User) userTable.get(userID);
115 			if ((user.getPassword() == null)
116 					|| (!encryptedCredential.equals(user.getPassword()))) {
117 				throw new UnknownUserException(new ErrorMessage(
118 						"errors.auth.InvalidCredentials", userID));
119 			}
120 		} else {
121 			throw new UnknownUserException(new ErrorMessage(
122 					"errors.auth.InvalidUserId", userID));
123 		}
124 		int MaxBindingsPerService = -1;
125                 int MaxServicesPerBusiness = -1;
126                 int MaxTmodels = -1;
127                 int MaxBusinesses = -1;
128                 try {
129                         MaxBindingsPerService = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BINDINGS_PER_SERVICE, -1);
130                         MaxServicesPerBusiness = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_SERVICES_PER_BUSINESS, -1);
131                         MaxTmodels = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_TMODELS_PER_PUBLISHER, -1);
132                         MaxBusinesses = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BUSINESSES_PER_PUBLISHER, -1);
133                 } catch (Exception ex) {
134                         MaxBindingsPerService = -1;
135                         MaxServicesPerBusiness = -1;
136                         MaxTmodels = -1;
137                         MaxBusinesses = -1;
138                         log.error("config exception! " + userID, ex);
139                 }
140                 EntityManager em = PersistenceManager.getEntityManager();
141                 EntityTransaction tx = em.getTransaction();
142                 try {
143                         tx.begin();
144                         Publisher publisher = em.find(Publisher.class, userID);
145                         if (publisher == null) {
146                                 log.warn("Publisher \"" + userID + "\" was not found in the database, adding the publisher in on the fly.");
147                                 publisher = new Publisher();
148                                 publisher.setAuthorizedName(userID);
149                                 publisher.setIsAdmin("false");
150                                 publisher.setIsEnabled("true");
151                                 publisher.setMaxBindingsPerService(MaxBindingsPerService);
152                                 publisher.setMaxBusinesses(MaxBusinesses);
153                                 publisher.setMaxServicesPerBusiness(MaxServicesPerBusiness);
154                                 publisher.setMaxTmodels(MaxTmodels);
155                                 publisher.setPublisherName("Unknown");
156                                 em.persist(publisher);
157                                 tx.commit();
158                         }
159                 } finally {
160                         if (tx.isActive()) {
161                                 tx.rollback();
162                         }
163                         em.close();
164                 }
165 		return userID;
166 	}
167         
168          public static void main(String[] args) throws Exception
169          {
170              System.out.print("Password: ");
171              char[] readPassword = System.console().readPassword();
172              System.out.println("Cipher: " + new MD5XMLDocAuthenticator(true).hash(new String(readPassword)));
173          }
174 }