KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > security > srp > SerialObjectStore


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.security.srp;
23
24 import java.io.File JavaDoc;
25 import java.io.FileInputStream JavaDoc;
26 import java.io.FileOutputStream JavaDoc;
27 import java.io.IOException JavaDoc;
28 import java.io.ObjectInputStream JavaDoc;
29 import java.io.ObjectOutputStream JavaDoc;
30 import java.math.BigInteger JavaDoc;
31 import java.security.KeyException JavaDoc;
32 import java.security.NoSuchAlgorithmException JavaDoc;
33 import java.util.Collections JavaDoc;
34 import java.util.HashMap JavaDoc;
35 import java.util.Map JavaDoc;
36
37 import org.jboss.logging.Logger;
38 import org.jboss.security.Util;
39 import org.jboss.security.srp.SRPConf;
40 import org.jboss.security.srp.SRPVerifierStore;
41 import org.jboss.security.srp.SRPVerifierStore.VerifierInfo;
42
43 /** A simple implementation of the SRPVerifierStore that uses a
44 file store made up of VerifierInfo serialized objects. Users and
45 be added or removed using the addUser and delUser methods. User passwords
46 are never stored in plaintext either in memory or in the serialized file.
47 Note that usernames and passwords are logged when a user is added
48 via the addUser operation. This is a development class and its use in
49 a production environment is not advised.
50
51 @see #addUser(String, String)
52 @see #delUser(String)
53
54 @author Scott.Stark@jboss.org
55 @version $Revision: 40096 $
56 */
57 public class SerialObjectStore implements SRPVerifierStore
58 {
59     private static Logger log = Logger.getLogger(SerialObjectStore.class);
60     private Map JavaDoc infoMap;
61     private BigInteger JavaDoc g;
62     private BigInteger JavaDoc N;
63
64    /** Create an in memory store and load any VerifierInfo found in
65         ./SerialObjectStore.ser if it exists.
66     */
67     public SerialObjectStore() throws IOException JavaDoc
68     {
69         this(null);
70     }
71     /** Create an in memory store and load any VerifierInfo found in
72         the storeFile archive if it exists.
73     */
74     public SerialObjectStore(File JavaDoc storeFile) throws IOException JavaDoc
75     {
76         if( storeFile == null )
77             storeFile = new File JavaDoc("SerialObjectStore.ser");
78         if( storeFile.exists() == true )
79         {
80             FileInputStream JavaDoc fis = new FileInputStream JavaDoc(storeFile);
81             ObjectInputStream JavaDoc ois = new ObjectInputStream JavaDoc(fis);
82             try
83             {
84                 infoMap = (Map JavaDoc) ois.readObject();
85             }
86             catch(ClassNotFoundException JavaDoc e)
87             {
88             }
89             ois.close();
90             fis.close();
91         }
92         else
93         {
94             infoMap = Collections.synchronizedMap(new HashMap JavaDoc());
95         }
96
97         try
98         {
99             Util.init();
100         }
101         catch(NoSuchAlgorithmException JavaDoc e)
102         {
103             e.printStackTrace();
104             throw new IOException JavaDoc("Failed to initialzed security utils: "+e.getMessage());
105         }
106         N = SRPConf.getDefaultParams().N();
107         g = SRPConf.getDefaultParams().g();
108         log.trace("N: "+Util.tob64(N.toByteArray()));
109         log.trace("g: "+Util.tob64(g.toByteArray()));
110         byte[] hn = Util.newDigest().digest(N.toByteArray());
111         log.trace("H(N): "+Util.tob64(hn));
112         byte[] hg = Util.newDigest().digest(g.toByteArray());
113         log.trace("H(g): "+Util.tob64(hg));
114     }
115
116 // --- Begin SRPVerifierStore interface methods
117 public VerifierInfo getUserVerifier(String JavaDoc username) throws KeyException JavaDoc, IOException JavaDoc
118     {
119         VerifierInfo info = null;
120         if( infoMap != null )
121             info = (VerifierInfo) infoMap.get(username);
122         if( info == null )
123             throw new KeyException JavaDoc("username: "+username+" not found");
124         return info;
125     }
126     public void setUserVerifier(String JavaDoc username, VerifierInfo info)
127     {
128         infoMap.put(username, info);
129     }
130
131    public void verifyUserChallenge(String JavaDoc username, Object JavaDoc auxChallenge)
132          throws SecurityException JavaDoc
133    {
134       throw new SecurityException JavaDoc("verifyUserChallenge not supported");
135    }
136 // --- End SRPVerifierStore interface methods
137
138     /** Save the current in memory map of VerifierInfo to the indicated
139         storeFile by simply serializing the map to the file.
140     */
141     public void save(File JavaDoc storeFile) throws IOException JavaDoc
142     {
143         FileOutputStream JavaDoc fos = new FileOutputStream JavaDoc(storeFile);
144         ObjectOutputStream JavaDoc oos = new ObjectOutputStream JavaDoc(fos);
145         synchronized( infoMap )
146         {
147             oos.writeObject(infoMap);
148         }
149         oos.close();
150         fos.close();
151     }
152
153     public void addUser(String JavaDoc username, String JavaDoc password)
154     {
155         log.trace("addUser, username='"+username+"', password='"+password+"'");
156         VerifierInfo info = new VerifierInfo();
157         info.username = username;
158         /*
159         long r = Util.nextLong();
160         String rs = Long.toHexString(r);
161          */
162         String JavaDoc rs = "123456";
163         info.salt = rs.getBytes();
164         try
165         {
166            char[] pass = password.toCharArray();
167            info.verifier = Util.calculateVerifier(username, pass,
168                info.salt, N, g);
169            info.g = g.toByteArray();
170            info.N = N.toByteArray();
171            if( log.isTraceEnabled() )
172            {
173                log.trace("N: "+Util.tob64(info.N));
174                log.trace("g: "+Util.tob64(info.g));
175                log.trace("s: "+Util.tob64(info.salt));
176                byte[] xb = Util.calculatePasswordHash(username, pass, info.salt);
177                log.trace("x: "+Util.tob64(xb));
178                log.trace("v: "+Util.tob64(info.verifier));
179                byte[] hn = Util.newDigest().digest(info.N);
180                log.trace("H(N): "+Util.tob64(hn));
181                byte[] hg = Util.newDigest().digest(info.g);
182                log.trace("H(g): "+Util.tob64(hg));
183            }
184         }
185         catch(Throwable JavaDoc t)
186         {
187            log.error("Failed to calculate verifier", t);
188            return;
189         }
190
191         setUserVerifier(username, info);
192     }
193     public void delUser(String JavaDoc username)
194     {
195         infoMap.remove(username);
196     }
197
198     public static void main(String JavaDoc[] args) throws IOException JavaDoc
199     {
200         File JavaDoc storeFile = new File JavaDoc("SerialObjectStore.ser");
201         SerialObjectStore store = new SerialObjectStore();
202
203         for(int a = 0; a < args.length; a ++)
204         {
205             if( args[a].startsWith("-a") )
206             {
207                 store.addUser(args[a+1], args[a+2]);
208             }
209             else if( args[a].startsWith("-d") )
210             {
211                 store.delUser(args[a+1]);
212             }
213         }
214         store.save(storeFile);
215     }
216 }
217
Popular Tags