modules/sae/SAE.java

4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: SAE.java,v 1.5 2009/02/26 23:58:10 exu Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.authentication.modules.sae;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Properties;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.ResourceBundle;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Set;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Iterator;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.servlet.http.HttpServletRequest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.servlet.http.Cookie;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.spi.AMLoginModule;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.spi.AuthLoginException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.am.util.Misc;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.debug.Debug;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.Subject;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.CallbackHandler;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.Callback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.NameCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.PasswordCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.sae.api.SecureAttrs;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class SAE extends AMLoginModule {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int DEFAULT_AUTH_LEVEL = 0;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private String userTokenId;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private SAEPrincipal userPrincipal;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String customModule = "SAE";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static Debug debug = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    debug = Debug.getInstance(customModule);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Constructor
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public SAE() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void init(Subject subject, Map sharedState, Map options) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Validates the authentication credentials.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return ISAuthConstants.LOGIN_SUCCEED on login success
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @exception AuthLoginException on failure.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public int process (Callback[] callbacks, int state)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throws AuthLoginException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        debug.message("SAE AuthModule.process...");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest req = getHttpServletRequest();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if(req == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           debug.error("SAE AuthModule.process: httprequest is null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           throw new AuthLoginException("HttpServletRequest is null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String encodedString = req.getParameter(SecureAttrs.SAE_PARAM_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("SAE AuthModule.process+encodedStr="+encodedString);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String realm = req.getParameter(SAML2Constants.SAE_REALM);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String idpEntityId = req.getParameter(SAML2Constants.SAE_IDP_ENTITYID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String idpAppUrl = req.getParameter(SAML2Constants.SAE_IDPAPP_URL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        debug.message("SAE AuthModule.SAML2Utils.getSAEAttrs");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Map saeattrs = SAML2Utils.getSAEAttrs(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                  realm, idpEntityId, SAML2Constants.IDP_ROLE, idpAppUrl);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if(saeattrs == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster              "SAE AuthModule.process:get SAE Attrs failed:null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new AuthLoginException("SAE config Attributes are null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String cryptoType = (String) saeattrs.get(SecureAttrs.SAE_CRYPTO_TYPE);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String encryptAlg = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String encryptStrength = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String saekey = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String saeprivatekey = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ("symmetric".equals(cryptoType)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            saekey = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                  SecureAttrs.SAE_CONFIG_SHARED_SECRET);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            saeprivatekey = saekey;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        else if ("asymmetric".equals(cryptoType)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            saekey = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                  SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            saeprivatekey = (String) saeattrs.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                  SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("SAE AuthModule: realm=" + realm +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ", idpEntityID=" + idpEntityId +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ", idpAppUrl=" + idpAppUrl +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ", cryptoType=" + cryptoType +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ", key=" + saekey);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Map attrs = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String saInstanceName =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                cryptoType + "_" + encryptAlg + "_" + encryptStrength;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (sa == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                // Initialize SecureAttrs here.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Properties prop = new Properties();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "com.sun.identity.sae.api.FMCerts");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 if(encryptAlg != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                   prop.setProperty(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                         SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                         encryptAlg);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if(encryptStrength != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                   prop.setProperty(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        encryptStrength);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SecureAttrs.init(saInstanceName, cryptoType, prop);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                sa = SecureAttrs.getInstance(saInstanceName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            attrs = sa.verifyEncodedString(encodedString,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    saekey, saeprivatekey);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled())
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message("SAE AuthModule.: SAE attrs:"+attrs);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("SAE AuthModule.process: verification failed.", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new AuthLoginException("verify failed");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if(attrs == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster              "SAE AuthModule.process:verification failed:attrs null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new AuthLoginException("Attributes are null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        userTokenId = (String)attrs.get(SecureAttrs.SAE_PARAM_USERID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Iterator iter = attrs.entrySet().iterator();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        while(iter.hasNext()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           Map.Entry entry = (Map.Entry)iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           String key = (String)entry.getKey();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           String value = (String)entry.getValue();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           if(key.equals(SecureAttrs.SAE_PARAM_USERID)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster              continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           if(debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster              debug.message("Session Property set: " + key + "= " + value);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           setUserSessionProperty(key, value);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String authLevel = (String)attrs.get(SecureAttrs.SAE_PARAM_AUTHLEVEL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        int authLevelInt = DEFAULT_AUTH_LEVEL;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (authLevel != null && authLevel.length() != 0) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                authLevelInt = Integer.parseInt(authLevel);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (Exception e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.error("Unable to parse auth level " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            authLevel + ". Using default.",e);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                authLevelInt = DEFAULT_AUTH_LEVEL;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("SAE AuthModule: auth level = " + authLevelInt);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        setAuthLevel(authLevelInt);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        debug.message("SAE AuthModule:return SUCCESS");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return  ISAuthConstants.LOGIN_SUCCEED;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Returns the User Principal
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return SAEPrincipal
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public java.security.Principal getPrincipal() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((userPrincipal == null) && (userTokenId != null)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            userPrincipal = new SAEPrincipal(userTokenId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    return userPrincipal;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /** cleanup module state
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void destroyModuleState() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    userPrincipal = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    userTokenId = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}