authnsvc/mechanism/CramMD5MechanismHandler.java

ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts/*
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: CramMD5MechanismHandler.java,v 1.8 2008/12/16 20:54:03 hengming Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyrighted 2016 ForgeRock AS.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.liberty.ws.authnsvc.mechanism;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.io.UnsupportedEncodingException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.security.AccessController;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.security.MessageDigest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.security.NoSuchAlgorithmException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.security.SecureRandom;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.ArrayList;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Date;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Iterator;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.List;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Set;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.Callback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.NameCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.callback.PasswordCallback;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.common.PeriodicCleanUpMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.common.SystemTimerPool;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.common.TaskRunnable;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.common.TimerPool;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.AMIdentity;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.AMIdentityRepository;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdType;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdSearchControl;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdSearchResults;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdRepoException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.security.AdminTokenAction;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.debug.Debug;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOTokenManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.AuthContext;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.spi.AuthLoginException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.authnsvc.AuthnSvcConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.authnsvc.AuthnSvcService;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.authnsvc.AuthnSvcUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.authnsvc.protocol.SASLRequest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.liberty.ws.soapbinding.Message;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.sm.SMSEntry;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The <code>CramMD5MechanismHandler</code> is a handler for 'CRAM-MD5'
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * mechanism.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class CramMD5MechanismHandler implements MechanismHandler {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static Debug debug = Debug.getInstance("libIDWSF");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String PROP_SERVER_HOST = "com.iplanet.am.server.host";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String serverHost = SystemPropertiesManager.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        PROP_SERVER_HOST, "localhost");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int MAX_RANDOM_NUM = 9999;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int NUM_RANDOM_DIGITS =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    Integer.toString(MAX_RANDOM_NUM).length();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String ATTR_USER_PASSWORD = "userPassword";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final String COMP_AUTHN_SVC = "authnsvc";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * The block length in characters used in generating an HMAC-MD5 digest.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final int BLOCK_LENGTH = 64;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final byte IPAD_BYTE = 0x36;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static final byte OPAD_BYTE = 0x5c;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * table to convert a nibble to a hex char.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static char[] hexChar = { '0' , '1' , '2' , '3' ,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                      '4' , '5' , '6' , '7' ,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                      '8' , '9' , 'a' , 'b' ,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                      'c' , 'd' , 'e' , 'f' };
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static SecureRandom secureRandom = new SecureRandom();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static final String CHALLENGE_CLEANUP_INTERVAL_PROP =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        "com.sun.identity.liberty.ws.authnsvc.challengeCleanupInterval";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static int challenge_cleanup_interval = 60000; // millisec
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static final String STALE_TIME_LIMIT_PROP =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        "com.sun.identity.liberty.ws.soap.staleTimeLimit";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static int stale_time_limit = 300000; // millisec
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static Map challengeMap = new PeriodicCleanUpMap(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        (long) challenge_cleanup_interval, (long) stale_time_limit);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String tmpstr =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SystemPropertiesManager.get(CHALLENGE_CLEANUP_INTERVAL_PROP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (tmpstr != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                challenge_cleanup_interval = Integer.parseInt(tmpstr);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.warningEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.warning(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "CramMD5MechanismHandler.static:" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        " Unable to get stale time limit. Default" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        " value will be used", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        tmpstr = SystemPropertiesManager.get(STALE_TIME_LIMIT_PROP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (tmpstr != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                stale_time_limit = Integer.parseInt(tmpstr);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.warningEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.warning(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                         "CramMD5MechanismHandler.static:" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                         " Unable to get stale time limit. Default " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                         "value will be used");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SystemTimerPool.getTimerPool().schedule((TaskRunnable) challengeMap,
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts            new Date(((currentTimeMillis() + challenge_cleanup_interval)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            / 1000) * 1000));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Generates a SASL response according to the SASL request.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param saslReq a SASL request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param message a SOAP Message containing the SASL request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param respMessageID messageID of SOAP Message response that will
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                      contain returned SASL response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return a SASL response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public SASLResponse processSASLRequest(SASLRequest saslReq,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                       Message message, String respMessageID) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("CramMD5MechanismHandler.processSASLRequest: ");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String refToMessageID = saslReq.getRefToMessageID();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        boolean isFirstRequest = (refToMessageID == null ||
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                  refToMessageID.length() == 0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("CramMD5MechanismHandler.processSASLRequest: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "refToMessageID = " + refToMessageID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SASLResponse saslResp = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte[] data = saslReq.getData();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (data == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (isFirstRequest) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp = new SASLResponse(SASLResponse.CONTINUE);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp.setServerMechanism(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                AuthnSvcConstants.MECHANISM_CRAMMD5);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                byte[] challenge = generateChallenge();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("CramMD5MechanismHandler.processSASLRequest:"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        + " add respMessageID: " + respMessageID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                challengeMap.put(respMessageID, challenge);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp.setData(challenge);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp = new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String dataStr = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                dataStr = new String(data, "UTF-8");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.error("CramMD5MechanismHandler.processSASLRequest: ", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (dataStr == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp = new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp = authenticate(dataStr, message);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (isFirstRequest) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp.setServerMechanism(AuthnSvcConstants.MECHANISM_PLAIN);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return saslResp;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private SASLResponse authenticate(String data, Message message) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        int index = data.indexOf(' ');
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (index == -1) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userName = data.substring(0, index);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String clientDigest = data.substring(index + 1);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String password = getUserPassword(userName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (password == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "CramMD5MechanismHandler.authenticate: can't get password");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String refToMessageID = message.getCorrelationHeader()
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                       .getRefToMessageID();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (refToMessageID == null || refToMessageID.length() == 0) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "CramMD5MechanismHandler.authenticate: no refToMessageID");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte[] challengeBytes = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("CramMD5MechanismHandler.authenticate:" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                " remove refToMessageID: " + refToMessageID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        challengeBytes = (byte[])challengeMap.remove(refToMessageID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (challengeBytes == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "CramMD5MechanismHandler.authenticate: no challenge found");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte[] passwordBytes = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            passwordBytes = password.getBytes("UTF-8");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (UnsupportedEncodingException ueex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("CramMD5MechanismHandler.authenticate:", ueex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String serverDigest = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            serverDigest = generateHMACMD5(passwordBytes, challengeBytes);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch(NoSuchAlgorithmException nsaex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("CramMD5MechanismHandler.authenticate:", nsaex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (!clientDigest.equals(serverDigest)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    "CramMD5MechanismHandler.authenticate: digests not equal");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "CramMD5MechanismHandler.authenticate: digests equal");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String authModule =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            AuthnSvcService.getCramMD5MechanismAuthenticationModule();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("PlainMechanismHandler.authenticate: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "authModule = " + authModule);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        AuthContext authContext = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            authContext = new AuthContext(SMSEntry.getRootSuffix());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            authContext.login(AuthContext.IndexType.MODULE_INSTANCE,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                authModule);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (AuthLoginException le) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("CramMD5MechanismHandler.authenticate: ", le);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (authContext.hasMoreRequirements()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Callback[] callbacks = authContext.getRequirements();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (callbacks != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                fillInCallbacks(callbacks, userName, password);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                authContext.submitRequirements(callbacks);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        AuthContext.Status loginStatus = authContext.getStatus();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "CramMD5MechanismHandler.authenticate: login status = " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                loginStatus);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (loginStatus != AuthContext.Status.SUCCESS) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SSOToken token = authContext.getSSOToken();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String userDN = token.getPrincipal().getName();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SSOTokenManager.getInstance().destroyToken(token);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (SSOException ssoex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (AuthnSvcUtils.debug.warningEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    AuthnSvcUtils.debug.warning(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "PlainMechanismHandler.authenticate:", ssoex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SASLResponse saslResp = new SASLResponse(SASLResponse.OK);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (!AuthnSvcUtils.setResourceOfferingAndCredentials(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                saslResp, message, userDN)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return saslResp;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.error("CramMD5MechanismHandler.authenticate: ", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return new SASLResponse(SASLResponse.ABORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static void fillInCallbacks(Callback[] callbacks,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        String username,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        String password) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            debug.message("CramMD5MechanismHandler.fillInCallbacks:");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for(int i = 0; i < callbacks.length; i++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Callback callback = callbacks[i];
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (callback instanceof NameCallback) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ((NameCallback)callback).setName(username);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } else if (callback instanceof PasswordCallback) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ((PasswordCallback)callback).setPassword(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                                  password.toCharArray());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static byte[] generateChallenge() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        StringBuffer sb = new StringBuffer();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        sb.append("<");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // append random digits
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        int randomInt = secureRandom.nextInt(MAX_RANDOM_NUM);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String randomIntString = Integer.toString(randomInt);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for(int i=randomIntString.length(); i<NUM_RANDOM_DIGITS; i++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            sb.append("0");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        sb.append(randomIntString).append(".");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // append timestamp
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts        sb.append(currentTimeMillis()).append("@");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // append hostname
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        sb.append(serverHost).append(">");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return sb.toString().getBytes("UTF-8");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (UnsupportedEncodingException ueex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return sb.toString().getBytes();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static String getUserPassword(String userName) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SSOToken adminToken = (SSOToken)AccessController.doPrivileged(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        AdminTokenAction.getInstance());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        AMIdentityRepository idRepo = new AMIdentityRepository(adminToken,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SMSEntry.getRootSuffix());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        IdSearchControl searchControl = new IdSearchControl();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        searchControl.setTimeOut(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        searchControl.setMaxResults(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        searchControl.setAllReturnAttributes(false);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        IdSearchResults searchResults = idRepo.searchIdentities(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        IdType.USER, userName, searchControl);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Set users = searchResults.getSearchResults();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (users == null || users.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("CramMD5MechanismHandler.getUserPassword: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "no user found");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (users.size() > 1) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("CramMD5MechanismHandler.getUserPassword: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "more than 1 user found");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            AMIdentity user = (AMIdentity)users.iterator().next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Set passwords = user.getAttribute("userPassword");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (passwords == null || passwords.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("CramMD5MechanismHandler.getUserPassword: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "user has no password");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (passwords.size() > 1) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    debug.message("CramMD5MechanismHandler.getUserPassword: " +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "user has more than 1 passwords");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String password = (String)passwords.iterator().next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (password.startsWith("{CLEAR}")) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                password = password.substring(7);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return password;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (Exception ex) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            AuthnSvcUtils.debug.error(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "CramMD5MechanismHandler.getUserPassword: ", ex);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static String generateHMACMD5(byte[] passwordBytes,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                          byte[] challengeBytes)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        throws NoSuchAlgorithmException
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        MessageDigest messagedigest = MessageDigest.getInstance("MD5");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if(passwordBytes.length > BLOCK_LENGTH) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            passwordBytes = messagedigest.digest(passwordBytes);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte abyte2[] = new byte[BLOCK_LENGTH];
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte abyte3[] = new byte[BLOCK_LENGTH];
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for(int i = 0; i < passwordBytes.length; i++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            abyte2[i] = (byte)(passwordBytes[i] ^ IPAD_BYTE);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            abyte3[i] = (byte)(passwordBytes[i] ^ OPAD_BYTE);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for(int i = passwordBytes.length; i < BLOCK_LENGTH; i++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            abyte2[i] = 0 ^ IPAD_BYTE;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            abyte3[i] = 0 ^ OPAD_BYTE;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        messagedigest.update(abyte2);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        messagedigest.update(challengeBytes);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        byte digestBytes[] = messagedigest.digest();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        messagedigest.update(abyte3);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        messagedigest.update(digestBytes);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        digestBytes = messagedigest.digest();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return toHexString(digestBytes);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private static String toHexString ( byte[] b ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        StringBuffer sb = new StringBuffer( b.length * 2 );
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for ( int i=0; i<b.length; i++ ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            sb.append( hexChar [( b[i] & 0xf0 ) >>> 4] );
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            sb.append( hexChar [b[i] & 0x0f] );
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return sb.toString();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}