Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/jaas/SecureStorageLoginModule.java
blob: 6128b26f97d3a192b11c73500c5655ee39cfdcfd (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

/*******************************************************************************
 * Copyright (c) 2011, 2017 SAP AG
 *
 * This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License 2.0
 * which accompanies this distribution, and is available at
 * https://www.eclipse.org/legal/epl-2.0/
 *
 * SPDX-License-Identifier: EPL-2.0
 * 
 * Contributors:
 *     Lazar Kirchev, SAP AG - initial API and implementation
 *******************************************************************************/

package org.eclipse.equinox.console.jaas;

import java.io.IOException;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.eclipse.equinox.console.storage.DigestUtil;
import org.eclipse.equinox.console.storage.SecureUserStore;

/**
 * This class implements a JAAS LoginModule, which performs username/password
 * based authentication. It reads the user data from the store. 
 *
 */
public class SecureStorageLoginModule implements LoginModule {
	
	private volatile Subject subject;
	private volatile CallbackHandler callbackHandler;
	private volatile UserPrincipal userPrincipal;
	private volatile boolean isSuccess;

	@Override
	public void initialize(Subject subject, CallbackHandler callbackHandler,
			Map<String, ?> sharedState, Map<String, ?> options) {
		this.subject = subject;
		this.callbackHandler = callbackHandler;
	}

	@Override
	public boolean login() throws LoginException {
		NameCallback nameCallback = new NameCallback("username: ");
		PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
		try {
			callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
		} catch (IOException e) {
			throw new FailedLoginException("Cannot get username and password");
		} catch (UnsupportedCallbackException e) {
			throw new FailedLoginException("Cannot get username and password");
		}
		
		String username = nameCallback.getName();
		char[] password = passwordCallback.getPassword();
		
		userPrincipal = getUserInfo(username);
		
		try {
			isSuccess = userPrincipal.authenticate(DigestUtil.encrypt(new String(password)).toCharArray());
		} catch (Exception e) {
			throw new FailedLoginException("Wrong credentials");
		}
		
		if (isSuccess == true) {
			return isSuccess;
		} else {
			throw new FailedLoginException("Wrong credentials");
		}
	}

	@Override
	public boolean commit() throws LoginException {
		if (isSuccess == true) {
			synchronized (this) {
				subject.getPrincipals().add(userPrincipal);
				subject.getPrincipals().addAll(userPrincipal.getRoles());
			}
			return true;
		} else {
			userPrincipal.destroy();
			userPrincipal = null;
			return false;
		}
	}

	@Override
	public boolean abort() throws LoginException {
		userPrincipal.destroy();
		userPrincipal = null;
		return true;
	}

	@Override
	public boolean logout() throws LoginException {
		synchronized (this) {
			subject.getPrincipals().remove(userPrincipal);
			subject.getPrincipals().removeAll(userPrincipal.getRoles());
		}
		subject = null;
		userPrincipal.destroy();
		userPrincipal = null;
		return true;
	}
	
	private UserPrincipal getUserInfo(String username) throws FailedLoginException {
		try {
			if (!SecureUserStore.existsUser(username)) {
				throw new FailedLoginException("Wrong credentials");
			}
			
			String password = SecureUserStore.getPassword(username);
			if (password == null) {
				throw new FailedLoginException("Corrupted user");
			}
			
			String roles = SecureUserStore.getRoles(username);
			if (roles == null) {
				roles = "";
			}
			
			UserPrincipal userPrincipal = new UserPrincipal(username, password);
			for (String role : roles.split(",")) {
				userPrincipal.addRole(new RolePrincipal(role));
			}
			
			return userPrincipal;
		} catch (Exception e) {
			throw new FailedLoginException(e.getMessage());
		}
	}
	
}

Back to the top