Package org.jboss.resteasy.keystone.server

Source Code of org.jboss.resteasy.keystone.server.TokenService

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
package org.jboss.resteasy.keystone.server;

import org.infinispan.Cache;
import org.jboss.resteasy.keystone.model.Access;
import org.jboss.resteasy.keystone.model.Authentication;
import org.jboss.resteasy.keystone.model.Project;
import org.jboss.resteasy.keystone.model.Role;
import org.jboss.resteasy.keystone.model.Roles;
import org.jboss.resteasy.keystone.model.StoredUser;
import org.jboss.resteasy.keystone.model.UrlToken;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.security.smime.SignedOutput;
import org.jboss.resteasy.util.Base64;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;

/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@Path("/tokens")
public class TokenService
{
   private Cache cache;
   private long expiration;
   private TimeUnit expirationUnit;
   private PrivateKey privateKey;
   private X509Certificate certificate;

   private ProjectsService projects;
   private UsersService users;
   private static Logger log = Logger.getLogger(TokenService.class);

   public TokenService(Cache cache, long expiration, TimeUnit expirationUnit, ProjectsService projects, UsersService users)
   {
      this.cache = cache;
      this.expiration = expiration;
      this.expirationUnit = expirationUnit;
      this.projects = projects;
      this.users = users;
   }

   public X509Certificate getCertificate()
   {
      return certificate;
   }

   public void setPrivateKey(PrivateKey privateKey)
   {
      this.privateKey = privateKey;
   }

   public void setCertificate(X509Certificate certificate)
   {
      this.certificate = certificate;
   }

   @Path("signed")
   @Produces("text/plain")
   @Consumes("application/json")
   @POST
   public SignedOutput createSigned(Authentication auth) throws Exception
   {
      if (privateKey == null || certificate == null)
      {
         log.warn("privateKey or certificate not set for this operation");
         throw new WebApplicationException(500);
      }
      Access access = create(auth);
      SignedOutput signed = new SignedOutput(access, "application/json");
      signed.setPrivateKey(privateKey);
      signed.setCertificate(certificate);
      return signed;
   }

   @POST
   @Consumes("application/json")
   @Produces("application/json")
   public Access create(Authentication auth) throws Exception
   {
      String projectId = auth.getProjectId();
      Project project = null;
      if (projectId == null)
      {
         if (auth.getProjectName() == null) throw new WebApplicationException(401);
         List<Project> list = projects.getProjects(auth.getProjectName()).getList();
         if (list.size() != 1) throw new WebApplicationException(401);
         project = list.get(0);
         projectId = project.getId();
      }
      else
      {
         project = projects.getProject(projectId);
         if (project == null) throw new WebApplicationException(401);
      }
      String userId = auth.getPasswordCredentials().getUser_id();
      if (userId == null)
      {
         String username = auth.getPasswordCredentials().getUsername();
         if (username == null) throw new WebApplicationException(401);
         userId = projects.getUserIdByName(projectId, username);
      }
      if (userId == null) throw new WebApplicationException(401);
      StoredUser user = users.getStoredUser(userId);
      if (user == null) throw new WebApplicationException(401);
      String password = auth.getPasswordCredentials().getPassword();
      MessageDigest digest = MessageDigest.getInstance("MD5");
      String hashPassword = Base64.encodeBytes(digest.digest(password.getBytes("UTF-8")));
      String savedPassword = user.getCredentials().get("password-hash");
      if (!hashPassword.equals(savedPassword)) throw new WebApplicationException(401);

      Roles roles = projects.getUserRoles(projectId, userId);
      if (roles == null || roles.getRoles().size() < 1) throw new WebApplicationException(403);

      String tokenId = UUID.randomUUID().toString();
      long expMillis = expirationUnit.toMillis(expiration);
      Calendar expires = Calendar.getInstance();
      expires.setTime(new Date(System.currentTimeMillis() + expMillis));
      Access.Token token = new Access.Token(tokenId, expires, project);
      Access.User userInfo = new Access.User(user.getId(), user.getName(), user.getUsername(), roles.getRoles());
      Access access = new Access(token, null, userInfo, null);
      cache.put("/tokens/" + tokenId, access, expiration, expirationUnit);
      return access;
   }

   @POST
   @Path("url")
   @Consumes("application/json")
   @Produces("application/json")
   public UrlToken createTiny(Authentication auth) throws Exception
   {
      String projectId = auth.getProjectId();
      Project project = null;
      if (projectId == null)
      {
         if (auth.getProjectName() == null) throw new WebApplicationException(401);
         List<Project> list = projects.getProjects(auth.getProjectName()).getList();
         if (list.size() != 1) throw new WebApplicationException(401);
         project = list.get(0);
         projectId = project.getId();
      }
      else
      {
         project = projects.getProject(projectId);
         if (project == null) throw new WebApplicationException(401);
      }
      String userId = auth.getPasswordCredentials().getUser_id();
      if (userId == null)
      {
         String username = auth.getPasswordCredentials().getUsername();
         if (username == null) throw new WebApplicationException(401);
         userId = projects.getUserIdByName(projectId, username);
      }
      if (userId == null) throw new WebApplicationException(401);
      StoredUser user = users.getStoredUser(userId);
      if (user == null) throw new WebApplicationException(401);
      String password = auth.getPasswordCredentials().getPassword();
      MessageDigest digest = MessageDigest.getInstance("MD5");
      String hashPassword = Base64.encodeBytes(digest.digest(password.getBytes("UTF-8")));
      String savedPassword = user.getCredentials().get("password-hash");
      if (!hashPassword.equals(savedPassword)) throw new WebApplicationException(401);

      Roles roles = projects.getUserRoles(projectId, userId);
      if (roles == null || roles.getRoles().size() < 1) throw new WebApplicationException(403);

      String tokenId = UUID.randomUUID().toString();
      long expMillis = expirationUnit.toMillis(expiration);
      Calendar expires = Calendar.getInstance();
      expires.setTime(new Date(System.currentTimeMillis() + expMillis));

      UrlToken tiny = new UrlToken();
      //tiny.setId(tokenId);
      tiny.setUserId(user.getId());
      tiny.setExpires(expires);
      tiny.setProjectId(projectId);
      for (Role role : roles)
      {
         tiny.getRoles().add(role.getName());
      }
      return tiny;
   }

   @GET
   @Produces("application/json")
   @Path("{token}")
   @RolesAllowed({"token-verifier", "admin"})
   public Access get(@PathParam("token") String tokenId) throws NotFoundException
   {
      Access access = (Access)cache.get("/tokens/" + tokenId);
      if (access == null) throw new NotFoundException();
      if (access.getToken().getExpires().getTimeInMillis() < System.currentTimeMillis())
      {
         cache.remove("/tokens/" + tokenId);
         throw new NotFoundException();
      }
      return access;
   }

}
TOP

Related Classes of org.jboss.resteasy.keystone.server.TokenService

  • org.jboss.resteasy.keystone.model.Access
  • org.jboss.resteasy.keystone.model.Project
  • org.jboss.resteasy.keystone.model.Roles
  • org.jboss.resteasy.keystone.model.StoredUser
  • org.jboss.resteasy.keystone.model.UrlToken
  • org.jboss.resteasy.security.smime.SignedOutput
  • javax.ws.rs.NotFoundException
  • java.util.Date
  • java.security.MessageDigest
  • java.util.Calendar
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.