projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adapt for Raspberry Pi
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / KernelLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java
index 8983d65dc7427367e64d92049321a202350ae1ed..00d0085d1e25f35d9f357ded07ae1bb5812caffc 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java
@@ -36,35 +36,42 @@ public class KernelLoginModule implements LoginModule {
                // Check that kernel has been logged in w/ certificate
                // Name
                Set<X500Principal> names = subject.getPrincipals(X500Principal.class);
-               if (names.isEmpty() || names.size() > 1)
-                       throw new LoginException("Kernel must have been named");
-               X500Principal name = names.iterator().next();
-               if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
-                       throw new LoginException("Kernel must be named named "
-                                       + AuthConstants.ROLE_KERNEL);
-               // Private certificate
-               Set<X500PrivateCredential> privateCerts = subject
-                               .getPrivateCredentials(X500PrivateCredential.class);
-               X500PrivateCredential privateCert = null;
-               for (X500PrivateCredential pCert : privateCerts) {
-                       if (pCert.getCertificate().getSubjectX500Principal().equals(name)) {
-                               privateCert = pCert;
+               if (names.isEmpty() || names.size() > 1) {
+                       // throw new LoginException("Kernel must have been named");
+                       // TODO set not hardened
+                       subject.getPrincipals().add(
+                                       new X500Principal(AuthConstants.ROLE_KERNEL));
+               } else {
+                       X500Principal name = names.iterator().next();
+                       if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
+                               throw new LoginException("Kernel must be named "
+                                               + AuthConstants.ROLE_KERNEL);
+                       // Private certificate
+                       Set<X500PrivateCredential> privateCerts = subject
+                                       .getPrivateCredentials(X500PrivateCredential.class);
+                       X500PrivateCredential privateCert = null;
+                       for (X500PrivateCredential pCert : privateCerts) {
+                               if (pCert.getCertificate().getSubjectX500Principal()
+                                               .equals(name)) {
+                                       privateCert = pCert;
+                               }
                        }
-               }
-               if (privateCert == null)
-                       throw new LoginException("Kernel must have a private certificate");
-               // Certificate path
-               Set<CertPath> certPaths = subject.getPublicCredentials(CertPath.class);
-               CertPath certPath = null;
-               for (CertPath cPath : certPaths) {
-                       if (cPath.getCertificates().get(0)
-                                       .equals(privateCert.getCertificate())) {
-                               certPath = cPath;
+                       if (privateCert == null)
+                               throw new LoginException(
+                                               "Kernel must have a private certificate");
+                       // Certificate path
+                       Set<CertPath> certPaths = subject
+                                       .getPublicCredentials(CertPath.class);
+                       CertPath certPath = null;
+                       for (CertPath cPath : certPaths) {
+                               if (cPath.getCertificates().get(0)
+                                               .equals(privateCert.getCertificate())) {
+                                       certPath = cPath;
+                               }
                        }
+                       if (certPath == null)
+                               throw new LoginException("Kernel must have a certificate path");
                }
-               if (certPath == null)
-                       throw new LoginException("Kernel must have a certificate path");
-
                Set<Principal> principals = subject.getPrincipals();
                // Add admin roles
 
Argeo Commons - Lightweight integration framework in pure Java/OSGi