1 28 package net.sf.jguard.ext.authentication.loginmodules; 29 30 import java.lang.reflect.Array ; 31 import java.security.cert.CertificateParsingException ; 32 import java.security.cert.X509Certificate ; 33 import java.util.Arrays ; 34 import java.util.Collection ; 35 import java.util.Iterator ; 36 import java.util.List ; 37 import java.util.Set ; 38 import java.util.logging.Logger ; 39 40 import javax.security.auth.Subject ; 41 import javax.security.auth.login.LoginException ; 42 import javax.security.auth.spi.LoginModule ; 43 44 import net.sf.jguard.core.authentication.credentials.JGuardCredential; 45 import net.sf.jguard.ext.SecurityConstants; 46 47 54 public abstract class CertificateLoginModule implements LoginModule { 55 56 57 private static final Logger logger = Logger.getLogger(CertificateLoginModule.class.getName()); 58 protected Subject subject; 59 protected boolean loginOK = true; 60 protected X509Certificate [] certChainToCheck; 61 65 public boolean abort() throws LoginException { 66 if(subject!= null){ 67 subject.getPrincipals().clear(); 68 subject.getPrivateCredentials().clear(); 69 subject.getPublicCredentials().clear(); 70 } 71 return true; 72 } 73 public boolean commit() throws LoginException { 74 if(loginOK){ 75 return certificateCommit(); 76 }else{ 77 return false; 78 } 79 } 80 81 82 83 87 public boolean logout() throws LoginException { 88 subject.getPrincipals().clear(); 89 subject.getPublicCredentials().clear(); 90 subject.getPrivateCredentials().clear(); 91 return true; 92 } 93 94 95 96 protected boolean certificateCommit() throws LoginException { 97 Set publicCredentials = this.subject.getPublicCredentials(); 98 List certs = Arrays.asList(this.certChainToCheck); 99 X509Certificate cert = (X509Certificate )certs.get(0); 101 subject.getPrincipals().add(cert.getSubjectX500Principal()); 102 103 104 if(cert.getSubjectUniqueID()!=null){ 105 JGuardCredential credential1 = new JGuardCredential(); 106 credential1.setId(SecurityConstants.UNIQUE_ID); 107 credential1.setValue(cert.getSubjectUniqueID()); 108 publicCredentials.add(credential1); 109 } 110 111 Collection altNames=null; 112 try { 113 altNames = cert.getSubjectAlternativeNames(); 114 } catch (CertificateParsingException e) { 115 logger.severe(" certificate cannot be parsed "); 116 throw new LoginException (e.getMessage()); 118 } 119 if(altNames==null){ 120 return true; 121 } 122 int count = 0; 123 Iterator itAltNames = altNames.iterator(); 125 while(itAltNames.hasNext()){ 126 List extensionEntry = (List )itAltNames.next(); 127 Integer nameType = (Integer ) extensionEntry.get(0); 128 Object name = extensionEntry.get(1); 129 byte[] nameAsBytes = null; 130 JGuardCredential credential = new JGuardCredential(); 131 credential.setId(SecurityConstants.ALTERNATIVE_NAME+"#"+count); 132 if(name instanceof Array ){ 133 nameAsBytes = (byte[]) name; 134 } 135 if(nameAsBytes!= null){ 136 credential.setValue(nameType+"#"+new String (nameAsBytes)); 137 }else{ 138 credential.setValue(nameType+"#"+(String )name); 139 } 140 publicCredentials.add(credential); 141 count++; 142 } 143 144 return true; 145 } 146 } 147 | Popular Tags |