AuthenticatingUser.java

   1 package org.argeo.cms.auth;
   2
   3 import java.nio.ByteBuffer;
   4 import java.nio.CharBuffer;
   5 import java.nio.charset.Charset;
   6 import java.util.Arrays;
   7 import java.util.Dictionary;
   8 import java.util.Hashtable;
   9
  10 import javax.naming.ldap.LdapName;
  11
  12 import org.osgi.service.useradmin.User;
  13
  14 /**
  15  * A special user type used during authentication in order to provide the
  16  * credentials required for scoping the user admin.
  17  */
  18 class AuthenticatingUser implements User {
  19         private final String name;
  20         private final Dictionary<String, Object> credentials;
  21
  22         public AuthenticatingUser(LdapName name) {
  23                 this.name = name.toString();
  24                 this.credentials = new Hashtable<>();
  25         }
  26
  27         public AuthenticatingUser(String name, Dictionary<String, Object> credentials) {
  28                 this.name = name;
  29                 this.credentials = credentials;
  30         }
  31
  32         public AuthenticatingUser(String name, char[] password) {
  33                 this.name = name;
  34                 credentials = new Hashtable<>();
  35                 credentials.put(AuthConstants.SHARED_STATE_USERNAME, name);
  36                 byte[] pwd = charsToBytes(password);
  37                 credentials.put(AuthConstants.SHARED_STATE_PASSWORD, pwd);
  38         }
  39
  40         @Override
  41         public String getName() {
  42                 return name;
  43         }
  44
  45         @Override
  46         public int getType() {
  47                 return User.USER;
  48         }
  49
  50         @SuppressWarnings("rawtypes")
  51         @Override
  52         public Dictionary getProperties() {
  53                 throw new UnsupportedOperationException();
  54         }
  55
  56         @SuppressWarnings("rawtypes")
  57         @Override
  58         public Dictionary getCredentials() {
  59                 return credentials;
  60         }
  61
  62         @Override
  63         public boolean hasCredential(String key, Object value) {
  64                 throw new UnsupportedOperationException();
  65         }
  66
  67
  68         static byte[] charsToBytes(char[] chars) {
  69                 CharBuffer charBuffer = CharBuffer.wrap(chars);
  70                 ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
  71                 byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
  72                 Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
  73                 Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
  74                 return bytes;
  75         }
  76
  77         static char[] bytesToChars(byte[] bytes) {
  78                 ByteBuffer byteBuffer = ByteBuffer.wrap(bytes);
  79                 CharBuffer charBuffer = Charset.forName("UTF-8").decode(byteBuffer);
  80                 char[] chars = Arrays.copyOfRange(charBuffer.array(), charBuffer.position(), charBuffer.limit());
  81                 Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
  82                 Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
  83                 return chars;
  84         }
  85
  86
  87 }