4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: SAE.java,v 1.5 2009/02/26 23:58:10 exu Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.authentication.modules.sae;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.spi.AMLoginModule;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.spi.AuthLoginException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.CallbackHandler;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.NameCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.PasswordCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static final int DEFAULT_AUTH_LEVEL = 0;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static final String customModule = "SAE";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Constructor
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster public void init(Subject subject, Map sharedState, Map options) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Validates the authentication credentials.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * @return ISAuthConstants.LOGIN_SUCCEED on login success
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * @exception AuthLoginException on failure.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster public int process (Callback[] callbacks, int state)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster HttpServletRequest req = getHttpServletRequest();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.error("SAE AuthModule.process: httprequest is null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster throw new AuthLoginException("HttpServletRequest is null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String encodedString = req.getParameter(SecureAttrs.SAE_PARAM_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule.process+encodedStr="+encodedString);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = req.getParameter(SAML2Constants.SAE_REALM);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpEntityId = req.getParameter(SAML2Constants.SAE_IDP_ENTITYID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpAppUrl = req.getParameter(SAML2Constants.SAE_IDPAPP_URL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule.SAML2Utils.getSAEAttrs");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster realm, idpEntityId, SAML2Constants.IDP_ROLE, idpAppUrl);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster "SAE AuthModule.process:get SAE Attrs failed:null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster throw new AuthLoginException("SAE config Attributes are null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String cryptoType = (String) saeattrs.get(SecureAttrs.SAE_CRYPTO_TYPE);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String encryptStrength = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule: realm=" + realm +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster cryptoType + "_" + encryptAlg + "_" + encryptStrength;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster // Initialize SecureAttrs here.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster "com.sun.identity.sae.api.FMCerts");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster SecureAttrs.init(saInstanceName, cryptoType, prop);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule.: SAE attrs:"+attrs);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.error("SAE AuthModule.process: verification failed.", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster "SAE AuthModule.process:verification failed:attrs null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster throw new AuthLoginException("Attributes are null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster userTokenId = (String)attrs.get(SecureAttrs.SAE_PARAM_USERID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("Session Property set: " + key + "= " + value);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String authLevel = (String)attrs.get(SecureAttrs.SAE_PARAM_AUTHLEVEL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster if (authLevel != null && authLevel.length() != 0) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule: auth level = " + authLevelInt);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster debug.message("SAE AuthModule:return SUCCESS");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Returns the User Principal
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * @return SAEPrincipal
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster public java.security.Principal getPrincipal() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster if ((userPrincipal == null) && (userTokenId != null)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster /** cleanup module state