1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
package org.openslx.dozmod.authentication;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
import java.util.Map.Entry;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.ClientProtocolException;
import org.apache.hc.core5.http.ParseException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.Satellite;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.dozmod.authentication.ServiceProviderResponse.JSatellite;
import org.openslx.dozmod.authentication.ShibbolethEcp.ReturnCode;
import com.google.gson.JsonSyntaxException;
/**
* @author Jonathan Bauer
*
*/
public class EcpAuthenticator implements Authenticator {
/**
* Logger instance for this class
*/
private final static Logger LOGGER = LogManager.getLogger(EcpAuthenticator.class);
private final String ecpUrl;
public EcpAuthenticator(String ecpUrl) {
// first lets check the given ecpUrl
if (!ecpUrl.isEmpty())
this.ecpUrl = ecpUrl;
else
this.ecpUrl = null;
// NOTE: the actual check for a correct URI will be done by
// the ECP client.
}
@Override
public void login(String username, String password, AuthenticatorCallback callback)
throws TAuthorizationException, JsonSyntaxException, ClientProtocolException, ParseException,
MalformedURLException, URISyntaxException, IOException {
// try to login
ReturnCode ret = ShibbolethEcp.doLogin(this.ecpUrl, username, password);
if (ret == null) {
LOGGER.warn("Shibboleth doLogin returned null as ReturnCode!");
ret = ReturnCode.GENERIC_ERROR;
}
ServiceProviderResponse response = ShibbolethEcp.getResponse();
RuntimeException errEx = null;
if (response != null && response.error != null) {
errEx = new RuntimeException(response.error);
}
// If login succeeded, set up session data
AuthenticationData data = null;
if (ret == ReturnCode.NO_ERROR) {
// we have a token?
final String token = response.token;
if (token == null || token.isEmpty()) {
// bad token
LOGGER.error("No token received from the service provider!");
callback.postLogin(ReturnCode.SERVICE_PROVIDER_ERROR, null, errEx);
}
// create the session for the user from the response of the ECP
List<Satellite> sats = new ArrayList<>();
// TODO: Handle cert fingerprint
if (response.satellites2 != null) {
Base64 base64 = new Base64();
for (Entry<String, JSatellite> it : response.satellites2.entrySet()) {
JSatellite jsat = it.getValue();
ByteBuffer hash = jsat.certHash == null ? null
: ByteBuffer.wrap(base64.decode(jsat.certHash));
sats.add(new Satellite(jsat.addresses, it.getKey(), hash));
}
}
data = new AuthenticationData(response.token, response.sessionId, sats);
}
callback.postLogin(ret, data, errEx);
}
}
|