1 18 19 package org.apache.activemq.jaas; 20 21 import org.apache.commons.logging.Log; 22 import org.apache.commons.logging.LogFactory; 23 24 import java.io.IOException ; 25 import java.security.cert.X509Certificate ; 26 import java.util.HashSet ; 27 import java.util.Iterator ; 28 import java.util.Map ; 29 import java.util.Set ; 30 31 import javax.security.auth.Subject ; 32 import javax.security.auth.callback.Callback ; 33 import javax.security.auth.callback.CallbackHandler ; 34 import javax.security.auth.callback.UnsupportedCallbackException ; 35 import javax.security.auth.login.FailedLoginException ; 36 import javax.security.auth.login.LoginException ; 37 import javax.security.auth.spi.LoginModule ; 38 39 48 public abstract class CertificateLoginModule implements LoginModule { 49 50 private CallbackHandler callbackHandler; 51 private Subject subject; 52 53 private X509Certificate certificates[]; 54 private String username = null; 55 private Set groups = null; 56 57 private Set principals = new HashSet (); 58 59 private static final Log log = LogFactory.getLog(CertificateLoginModule.class); 60 private boolean debug; 61 62 67 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 68 this.subject = subject; 69 this.callbackHandler = callbackHandler; 70 71 debug = "true".equalsIgnoreCase((String ) options.get("debug")); 72 73 if (debug) { 74 log.debug("Initialized debug"); 75 } 76 } 77 78 83 public boolean login() throws LoginException { 84 Callback [] callbacks = new Callback [1]; 85 86 callbacks[0] = new CertificateCallback(); 87 try { 88 callbackHandler.handle(callbacks); 89 } catch (IOException ioe) { 90 throw new LoginException (ioe.getMessage()); 91 } catch (UnsupportedCallbackException uce) { 92 throw new LoginException (uce.getMessage() + " Unable to obtain client certificates."); 93 } 94 certificates = ((CertificateCallback) callbacks[0]).getCertificates(); 95 96 username = getUserNameForCertificates(certificates); 97 if ( username == null ) 98 throw new FailedLoginException ("No user for client certificate: " 99 + getDistinguishedName(certificates)); 100 101 groups = getUserGroups(username); 102 103 if (debug) { 104 log.debug("Certificate for user: " + username); 105 } 106 return true; 107 } 108 109 114 public boolean commit() throws LoginException { 115 principals.add(new UserPrincipal(username)); 116 117 String currentGroup = null; 118 for (Iterator iter = groups.iterator(); iter.hasNext(); ) { 119 currentGroup = (String )iter.next(); 120 principals.add(new GroupPrincipal(currentGroup)); 121 } 122 123 subject.getPrincipals().addAll(principals); 124 125 clear(); 126 127 if (debug) { 128 log.debug("commit"); 129 } 130 return true; 131 } 132 133 136 public boolean abort() throws LoginException { 137 clear(); 138 139 if (debug) { 140 log.debug("abort"); 141 } 142 return true; 143 } 144 145 148 public boolean logout() { 149 subject.getPrincipals().removeAll(principals); 150 principals.clear(); 151 152 if (debug) { 153 log.debug("logout"); 154 } 155 return true; 156 } 157 158 161 private void clear() { 162 groups.clear(); 163 certificates = null; 164 } 165 166 175 protected abstract String getUserNameForCertificates(final X509Certificate [] certs) throws LoginException ; 176 177 186 protected abstract Set getUserGroups(final String username) throws LoginException ; 187 188 protected String getDistinguishedName(final X509Certificate [] certs) { 189 if (certs != null && certs.length > 0 && certs[0] != null) { 190 return certs[0].getSubjectDN().getName(); 191 } else { 192 return null; 193 } 194 } 195 196 } 197 | Popular Tags |