bundles/org.simantics.db.common/src/org/simantics/db/common/auth/UserAuthenticators.java

   1 /*******************************************************************************\r
   2  * Copyright (c) 2007, 2010 Association for Decentralized Information Management\r
   3  * in Industry THTH ry.\r
   4  * All rights reserved. This program and the accompanying materials\r
   5  * are made available under the terms of the Eclipse Public License v1.0\r
   6  * which accompanies this distribution, and is available at\r
   7  * http://www.eclipse.org/legal/epl-v10.html\r
   8  *\r
   9  * Contributors:\r
  10  *     VTT Technical Research Centre of Finland - initial API and implementation\r
  11  *******************************************************************************/\r
  12 package org.simantics.db.common.auth;\r
  13 \r
  14 import java.io.UnsupportedEncodingException;\r
  15 import java.security.MessageDigest;\r
  16 import java.security.NoSuchAlgorithmException;\r
  17 \r
  18 import org.simantics.databoard.Bindings;\r
  19 import org.simantics.databoard.binding.error.BindingConstructionException;\r
  20 import org.simantics.db.ReadGraph;\r
  21 import org.simantics.db.RequestProcessor;\r
  22 import org.simantics.db.Resource;\r
  23 import org.simantics.db.authentication.UserAuthenticator;\r
  24 import org.simantics.db.exception.DatabaseException;\r
  25 import org.simantics.db.exception.InvalidAuthenticationException;\r
  26 import org.simantics.db.exception.InvalidUserException;\r
  27 import org.simantics.db.request.Read;\r
  28 import org.simantics.layer0.Layer0;\r
  29 import org.simantics.user.UserResource;\r
  30 import org.simantics.utils.bytes.Base64;\r
  31 \r
  32 public final class UserAuthenticators {\r
  33 \r
  34     private static class Digest implements UserAuthenticator {\r
  35         private final String userName;\r
  36         private final String localDigest;\r
  37         private final String remoteDigest;\r
  38 \r
  39         Digest(String userName, String localDigest, String remoteDigest) {\r
  40             this.userName = userName;\r
  41             this.localDigest = localDigest;\r
  42             this.remoteDigest = remoteDigest;\r
  43         }\r
  44 \r
  45         @Override\r
  46         public Resource getUser(RequestProcessor processor) throws InvalidUserException, InvalidAuthenticationException {\r
  47 \r
  48             try {\r
  49 \r
  50                 Resource user = processor.syncRequest(new Read<Resource>() {\r
  51 \r
  52                     @Override\r
  53                     public Resource perform(final ReadGraph graph) throws DatabaseException {\r
  54 \r
  55                         Resource userLibrary = graph.getResource("http://Users");\r
  56                         Resource consistsOf = graph.getResource(Layer0.URIs.ConsistsOf);\r
  57                         Resource hasName = graph.getResource(Layer0.URIs.HasLabel);\r
  58                         Resource hasPasswordHash = graph.getResource(UserResource.URIs.HasPasswordHash);\r
  59 \r
  60                         for(Resource r : graph.getObjects(userLibrary, consistsOf)) {\r
  61 \r
  62                                 try {\r
  63 \r
  64                                         String name = graph.getRelatedValue(r, hasName, Bindings.STRING);\r
  65         \r
  66                                     if(name.equals(userName)) {\r
  67         \r
  68                                         String graphDigest = graph.getRelatedValue(r, hasPasswordHash, Bindings.getBinding(String.class));\r
  69         \r
  70                                         if(graphDigest.equals(localDigest)) return r;\r
  71                                         else throw new InvalidAuthenticationException("Password was not valid for user '" + userName + "'");\r
  72         \r
  73                                     }\r
  74                                 } catch(BindingConstructionException e) {\r
  75                                         throw new DatabaseException(e);\r
  76                                 }\r
  77                                     \r
  78                         }\r
  79 \r
  80                         throw new InvalidUserException("User '" + userName + "' was not found.");\r
  81 \r
  82                     }\r
  83 \r
  84                 });\r
  85 \r
  86                 return user;\r
  87 \r
  88             } catch (InvalidAuthenticationException e) {\r
  89 \r
  90                 throw e;\r
  91 \r
  92             } catch (InvalidUserException e) {\r
  93 \r
  94                 throw e;\r
  95 \r
  96             } catch (DatabaseException e) {\r
  97 \r
  98                 throw new InvalidAuthenticationException("Authentication failed, see cause for details.", e);\r
  99 \r
 100             }\r
 101 \r
 102         }\r
 103 \r
 104         @Override\r
 105         public String userName() {\r
 106             return userName;\r
 107         }\r
 108 \r
 109         @Override\r
 110         public String remoteDigest() {\r
 111             return remoteDigest;\r
 112         }\r
 113     }\r
 114 \r
 115     public static UserAuthenticator byNameAndPassword(String userName, String password) {\r
 116         try {\r
 117             MessageDigest digest = MessageDigest.getInstance("SHA-512");\r
 118             String localDigest = Base64.encode(digest.digest(password.getBytes("US-ASCII"))).replace("\n", "").replace("\r", "");\r
 119             String reversePassword = new StringBuilder(password).reverse().toString();\r
 120             String remoteDigest = Base64.encode(digest.digest(reversePassword.getBytes("US-ASCII"))).replace("\n", "").replace("\r", "");\r
 121 \r
 122             return new Digest(userName, localDigest, remoteDigest);\r
 123         } catch (NoSuchAlgorithmException e) {\r
 124             throw new RuntimeException(e);\r
 125         } catch (UnsupportedEncodingException e) {\r
 126             throw new Error( "The JVM is required to support UTF-8 and US-ASCII encodings.");\r
 127         }\r
 128     }\r
 129 \r
 130 }\r