--- /dev/null
+/*******************************************************************************\r
+ * Copyright (c) 2007, 2010 Association for Decentralized Information Management\r
+ * in Industry THTH ry.\r
+ * All rights reserved. This program and the accompanying materials\r
+ * are made available under the terms of the Eclipse Public License v1.0\r
+ * which accompanies this distribution, and is available at\r
+ * http://www.eclipse.org/legal/epl-v10.html\r
+ *\r
+ * Contributors:\r
+ * VTT Technical Research Centre of Finland - initial API and implementation\r
+ *******************************************************************************/\r
+package org.simantics.db.common.auth;\r
+\r
+import java.io.UnsupportedEncodingException;\r
+import java.security.MessageDigest;\r
+import java.security.NoSuchAlgorithmException;\r
+\r
+import org.simantics.databoard.Bindings;\r
+import org.simantics.databoard.binding.error.BindingConstructionException;\r
+import org.simantics.db.ReadGraph;\r
+import org.simantics.db.RequestProcessor;\r
+import org.simantics.db.Resource;\r
+import org.simantics.db.authentication.UserAuthenticator;\r
+import org.simantics.db.exception.DatabaseException;\r
+import org.simantics.db.exception.InvalidAuthenticationException;\r
+import org.simantics.db.exception.InvalidUserException;\r
+import org.simantics.db.request.Read;\r
+import org.simantics.layer0.Layer0;\r
+import org.simantics.user.UserResource;\r
+import org.simantics.utils.bytes.Base64;\r
+\r
+public final class UserAuthenticators {\r
+\r
+ private static class Digest implements UserAuthenticator {\r
+ private final String userName;\r
+ private final String localDigest;\r
+ private final String remoteDigest;\r
+\r
+ Digest(String userName, String localDigest, String remoteDigest) {\r
+ this.userName = userName;\r
+ this.localDigest = localDigest;\r
+ this.remoteDigest = remoteDigest;\r
+ }\r
+\r
+ @Override\r
+ public Resource getUser(RequestProcessor processor) throws InvalidUserException, InvalidAuthenticationException {\r
+\r
+ try {\r
+\r
+ Resource user = processor.syncRequest(new Read<Resource>() {\r
+\r
+ @Override\r
+ public Resource perform(final ReadGraph graph) throws DatabaseException {\r
+\r
+ Resource userLibrary = graph.getResource("http://Users");\r
+ Resource consistsOf = graph.getResource(Layer0.URIs.ConsistsOf);\r
+ Resource hasName = graph.getResource(Layer0.URIs.HasLabel);\r
+ Resource hasPasswordHash = graph.getResource(UserResource.URIs.HasPasswordHash);\r
+\r
+ for(Resource r : graph.getObjects(userLibrary, consistsOf)) {\r
+\r
+ try {\r
+\r
+ String name = graph.getRelatedValue(r, hasName, Bindings.STRING);\r
+ \r
+ if(name.equals(userName)) {\r
+ \r
+ String graphDigest = graph.getRelatedValue(r, hasPasswordHash, Bindings.getBinding(String.class));\r
+ \r
+ if(graphDigest.equals(localDigest)) return r;\r
+ else throw new InvalidAuthenticationException("Password was not valid for user '" + userName + "'");\r
+ \r
+ }\r
+ } catch(BindingConstructionException e) {\r
+ throw new DatabaseException(e);\r
+ }\r
+ \r
+ }\r
+\r
+ throw new InvalidUserException("User '" + userName + "' was not found.");\r
+\r
+ }\r
+\r
+ });\r
+\r
+ return user;\r
+\r
+ } catch (InvalidAuthenticationException e) {\r
+\r
+ throw e;\r
+\r
+ } catch (InvalidUserException e) {\r
+\r
+ throw e;\r
+\r
+ } catch (DatabaseException e) {\r
+\r
+ throw new InvalidAuthenticationException("Authentication failed, see cause for details.", e);\r
+\r
+ }\r
+\r
+ }\r
+\r
+ @Override\r
+ public String userName() {\r
+ return userName;\r
+ }\r
+\r
+ @Override\r
+ public String remoteDigest() {\r
+ return remoteDigest;\r
+ }\r
+ }\r
+\r
+ public static UserAuthenticator byNameAndPassword(String userName, String password) {\r
+ try {\r
+ MessageDigest digest = MessageDigest.getInstance("SHA-512");\r
+ String localDigest = Base64.encode(digest.digest(password.getBytes("US-ASCII"))).replace("\n", "").replace("\r", "");\r
+ String reversePassword = new StringBuilder(password).reverse().toString();\r
+ String remoteDigest = Base64.encode(digest.digest(reversePassword.getBytes("US-ASCII"))).replace("\n", "").replace("\r", "");\r
+\r
+ return new Digest(userName, localDigest, remoteDigest);\r
+ } catch (NoSuchAlgorithmException e) {\r
+ throw new RuntimeException(e);\r
+ } catch (UnsupportedEncodingException e) {\r
+ throw new Error( "The JVM is required to support UTF-8 and US-ASCII encodings.");\r
+ }\r
+ }\r
+\r
+}\r