Package com.caucho.cloud.security

Source Code of com.caucho.cloud.security.SecurityService

/*
* Copyright (c) 1998-2011 Caucho Technology -- all rights reserved
*
* This file is part of Resin(R) Open Source
*
* Each copy or derived work must preserve the copyright notice and this
* notice unmodified.
*
* Resin Open Source is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Resin Open Source is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
* of NON-INFRINGEMENT.  See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with Resin Open Source; if not, write to the
*
*   Free Software Foundation, Inc.
*   59 Temple Place, Suite 330
*   Boston, MA 02111-1307  USA
*
* @author Scott Ferguson
*/

package com.caucho.cloud.security;

import java.security.MessageDigest;
import java.util.Set;

import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.inject.spi.Bean;

import com.caucho.config.AdminLiteral;
import com.caucho.config.inject.InjectManager;
import com.caucho.env.service.*;
import com.caucho.security.*;
import com.caucho.util.Base64;

public class SecurityService extends AbstractResinSubSystem
{
  public static final int START_PRIORITY = 30;
 
  private String _signatureSecret;
  private Authenticator _authenticator;
 
  public SecurityService()
  {
  }
 
  public static SecurityService createAndAddService()
  {
    ResinSystem system = preCreate(SecurityService.class);
   
    SecurityService service = new SecurityService();
    system.addService(SecurityService.class, service);
   
    return service;
  }
 
  public static SecurityService getCurrent()
  {
    return ResinSystem.getCurrentService(SecurityService.class);
  }
 
  public void setSignatureSecret(String secret)
  {
    _signatureSecret = secret;
  }
 
  public boolean isSystemAuthKey()
  {
    return _signatureSecret != null;
  }
 
  public void setAuthenticator(Authenticator auth)
  {
    _authenticator = auth;
  }
 
  public Authenticator getAuthenticator()
  {
    return _authenticator;
  }
 
  public String getAlgorithm(String uid)
  {
    if (_authenticator != null)
      return _authenticator.getAlgorithm(new BasicPrincipal(uid));
    else
      return "plain";
  }
 
  public String signSystem(String uid, String nonce)
  {
    try {
      String password = null;
     
      password = _signatureSecret;
     
      MessageDigest digest = MessageDigest.getInstance("SHA-256");
     
      if (uid != null)
        digest.update(uid.getBytes("UTF-8"));
     
      digest.update(nonce.getBytes("UTF-8"));

      if (password != null)
        digest.update(password.getBytes("UTF-8"));
     
      return Base64.encode(digest.digest());
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
 
  public String sign(String algorithm,
                     String uid, String password,
                     String nonce)
  {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-256");
     
      if (uid != null)
        digest.update(uid.getBytes("UTF-8"));
     
      digest.update(nonce.getBytes("UTF-8"));
     
      if (password != null) {
        char []pwDigest = DigestBuilder.getDigest(new BasicPrincipal(uid),
                                                  algorithm,
                                                  password.toCharArray(),
                                                  algorithm.toCharArray());
         
        if (pwDigest != null)
          password = new String(pwDigest);

        digest.update(password.getBytes("UTF-8"));
      }

      return Base64.encode(digest.digest());
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
 
  public byte [] sign(byte []data)
  {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-256");
     
      digest.update(data);

      if (_signatureSecret != null)
        digest.update(_signatureSecret.getBytes("UTF-8"));
     
      return digest.digest();
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
 
  public DigestCredentials createCredentials(String algorithm,
                                             String user,
                                             String password,
                                             String nonce)
  {
    String digest = sign(algorithm, user, password, nonce);
   
    DigestCredentials cred = new DigestCredentials(user, nonce, digest);
    cred.setRealm("resin");
   
    return cred;
  }
 
  public byte []createDigest(String user,
                             String password,
                             String nonce)
  {
    try {
      String realm = "resin";
     
      MessageDigest md = MessageDigest.getInstance("MD5");
     
      if (user != null)
        md.update(user.getBytes("UTF-8"));
     
      md.update((byte) ':');
      md.update(realm.getBytes("UTF-8"));
      md.update((byte) ':');
     
      if (password != null)
        md.update(password.getBytes("UTF-8"));
     
      byte []digest = md.digest();
     
      md.reset();
     
      updateHex(md, digest);
      md.update((byte) ':');
      md.update(nonce.getBytes("UTF-8"));
     
      return md.digest();
    } catch (Exception e) {
      throw new IllegalStateException(e);
    }
  }
 
  private void updateHex(MessageDigest md, byte []digest)
  {
    for (int i = 0; i < digest.length; i++) {
      updateHex(md, digest[i] >> 4);
      updateHex(md, digest[i]);
    }
  }
 
  private void updateHex(MessageDigest md, int digit)
  {
    digit = digit & 0xf;
   
    if (digit < 10)
      md.update((byte) (digit + '0'));
    else
      md.update((byte) (digit - 10 + 'a'));
  }
 
  @Override
  public int getStartPriority()
  {
    return START_PRIORITY;
  }
 
  @Override
  public void start()
  {
    InjectManager cdiManager = InjectManager.getCurrent();
   
    if (_authenticator == null) {
      Bean<Authenticator> bean = findAuthenticator(cdiManager);
     
      if (bean != null) {
        CreationalContext<Authenticator> env
          = cdiManager.createCreationalContext(bean);
       
        _authenticator = (Authenticator)
           cdiManager.getReference(bean, Authenticator.class, env);
      }
    }
  }
 
  @SuppressWarnings("unchecked")
  private Bean<Authenticator> findAuthenticator(InjectManager cdiManager)
  {
    Set<Bean<?>> beans = cdiManager.getBeans(Authenticator.class,
                                             new AdminLiteral());
  
    if (beans.size() > 0) {
      return (Bean<Authenticator>) cdiManager.resolve(beans);
    }
   
    return null;
  }
}
TOP

Related Classes of com.caucho.cloud.security.SecurityService

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.