package org.openeai.uportal.handlers;
import org.openeai.moa.jmsobjects.JmsEnterpriseObject;
import org.openeai.jms.producer.PointToPointProducer;
import org.any_openeai_enterprise.moa.objects.resources.v1_0.LightweightPerson;
import org.any_openeai_enterprise.moa.objects.resources.v1_0.Password;
import org.any_openeai_enterprise.moa.jmsobjects.coreapplication.v1_0.EnterpriseUser;
import org.any_openeai_enterprise.moa.jmsobjects.coreapplication.v1_0.NetId;
import org.any_openeai_enterprise.moa.jmsobjects.coreapplication.v1_0.EnterpriseUserPassword;
import org.jasig.portal.services.LogService;
import org.jasig.portal.security.provider.AccountStoreFactory;
import java.security.MessageDigest;
public class EnterpriseUserPasswordUpdateHandler extends UportalFormHandlerBase implements UportalFormHandler {
public EnterpriseUserPasswordUpdateHandler() {
}
public String process() throws UportalFormHandlerException {
String messageObjectName = getProperties().getProperty(MESSAGE_OBJECT_NAME_PROP);
String producerName = getProperties().getProperty(PRODUCER_NAME_PROP);
String xml = INITIAL_XML;
try {
String newPassword = getChannelRuntimeData().getParameter("NewPassword@value");
String confirmNewPassword = getChannelRuntimeData().getParameter("ConfirmNewPassword@value");
String oldPassword = getChannelRuntimeData().getParameter("OldPassword@value");
// get the baseline (current value of 'xml' variable)
EnterpriseUserPassword baselineEup = (EnterpriseUserPassword)getAppConfig().getObject(messageObjectName);
baselineEup.getXmlEnterpriseObject().getEnterpriseFields().setIgnoreValidation(true);
baselineEup.getXmlEnterpriseObject().buildObjectFromXmlString(getBaselineXml());
boolean doCreate = false;
if (oldPassword.equals(baselineEup.getPassword().getValue()) == false) {
// check the old password against the uPortal stored password because it may
// need to be created yet in our enterprise...
LogService.log(LogService.INFO,
"[EnterpriseUserPasswordUpdateHandler] entered password doesn't match " +
"baseline password in message, have to check uPortal repository.");
if (passwordMatchesUPortalPassword(oldPassword)) {
LogService.log(LogService.INFO, "password entered matches uPortal repository");
doCreate = true;
}
else {
// error, return
String errMessage = "[EnterpriseUserPasswordUpdateHandler] old password '" +
oldPassword + "' typed in does not match old password '" +
baselineEup.getPassword().getValue() + "' for this person";
LogService.log(LogService.ERROR, errMessage);
throw new UportalFormHandlerException(errMessage);
}
}
if (newPassword.equals(confirmNewPassword) == false) {
// error, return
String errMessage = "[EnterpriseUserPasswordUpdateHandler] new password '" +
newPassword + "' typed in does not match confirmation password '" +
confirmNewPassword + "' typed in.";
LogService.log(LogService.ERROR, errMessage);
throw new UportalFormHandlerException(errMessage);
}
// get the newdata from the form data
EnterpriseUserPassword eup = (EnterpriseUserPassword)getAppConfig().getObject(messageObjectName);
eup.getXmlEnterpriseObject().setBaseline(baselineEup.getXmlEnterpriseObject());
Password p = eup.newPassword();
p.setValue(newPassword);
p.setType(getChannelRuntimeData().getParameter("Password@type"));
p.setEncryption(getChannelRuntimeData().getParameter("Password@encryption"));
eup.setPassword(p);
eup.setEnterpriseUser(baselineEup.getEnterpriseUser());
// todo - use producer pool
if (doCreate == false) {
LogService.log(LogService.INFO,
"[EnterpriseUserPasswordUpdateHandler] built " + messageObjectName +
" from form data, performing Update...");
eup.update((PointToPointProducer)getAppConfig().getObject(producerName));
LogService.log(LogService.INFO,
"[EnterpriseUserPasswordUpdateHandler] " + messageObjectName +
" update is done.");
}
else {
LogService.log(LogService.INFO,
"[EnterpriseUserPasswordUpdateHandler] performing the Create...");
eup.create((PointToPointProducer)getAppConfig().getObject(producerName));
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] " +
messageObjectName + " create is done.");
}
xml = INITIAL_XML;
xml += eup.getXmlEnterpriseObject().toXmlString();
}
catch (Exception openeaiExc) {
LogService.log(LogService.ERROR, openeaiExc);
openeaiExc.printStackTrace();
throw new UportalFormHandlerException("[EnterpriseUserPasswordUpdateHandler] Error performing update action", openeaiExc);
}
return xml;
}
private boolean passwordMatchesUPortalPassword(String oldPassword) throws UportalFormHandlerException {
boolean same = true;
try {
String userName = getChannelStaticData().getPerson().getSecurityContext().getPrincipal().getUID();
String acct[] = AccountStoreFactory.getAccountStoreImpl().getUserAccountInformation(userName);
if (acct[0] != null) {
String first_name = acct[1];
String last_name = acct[2];
String md5_passwd = acct[0];
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] user account info (first_name) " + first_name);
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] user account info (last_name) " + last_name);
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] user account info (md5_passwd) " + md5_passwd);
String txthash = md5_passwd.substring(5);
byte[] whole, salt = new byte[8], compare = new byte[16], dgx;
whole = decode(txthash);
System.arraycopy(whole, 0, salt, 0, 8);
System.arraycopy(whole, 8, compare, 0, 16);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(salt);
dgx = md.digest(oldPassword.getBytes());
int i;
for (i = 0; i < dgx.length; i++) {
if (dgx[i] != compare[i])
same = false;
}
if (same) {
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] credentials match");
}
else {
LogService.log(LogService.INFO, "[EnterpriseUserPasswordUpdateHandler] Credentials DO NOT match");
}
}
else {
same = false;
}
}
catch (Exception e) {
LogService.log(LogService.ERROR, e);
e.printStackTrace();
throw new UportalFormHandlerException("Exception obtaining user account information", e);
}
return same;
}
//
// This was originally Jonathan B. Knudsen's Example from his book
// Java Cryptography published by O'Reilly Associates (1st Edition 1998)
//
private static byte[] decode(String base64) {
int pad = 0;
for (int i = base64.length() - 1; base64.charAt(i) == '='; i--)
pad++;
int length = base64.length()*6/8 - pad;
byte[] raw = new byte[length];
int rawIndex = 0;
for (int i = 0; i < base64.length(); i += 4) {
int block = (getValue(base64.charAt(i)) << 18) + (getValue(base64.charAt(i + 1)) << 12) + (getValue(base64.charAt(
i + 2)) << 6) + (getValue(base64.charAt(i + 3)));
for (int j = 0; j < 3 && rawIndex + j < raw.length; j++)
raw[rawIndex + j] = (byte)((block >> (8*(2 - j))) & 0xff);
rawIndex += 3;
}
return raw;
}
private static int getValue(char c) {
if (c >= 'A' && c <= 'Z')
return c - 'A';
if (c >= 'a' && c <= 'z')
return c - 'a' + 26;
if (c >= '0' && c <= '9')
return c - '0' + 52;
if (c == '+')
return 62;
if (c == '/')
return 63;
if (c == '=')
return 0;
return -1;
}
}