You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ga...@apache.org on 2009/07/28 03:03:42 UTC
svn commit: r798343 - in /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security: LoginService.java authentication/ClientCertAuthenticator.java impl/GeronimoLoginService.java

Author: gawor
Date: Tue Jul 28 01:03:41 2009
New Revision: 798343

URL: http://svn.apache.org/viewvc?rev=798343&view=rev
Log:
improve cert based authentication

Modified:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java Tue Jul 28 01:03:41 2009
@@ -20,6 +20,8 @@
 
 package org.apache.geronimo.tomcat.security;
 
+import java.security.cert.X509Certificate;
+
 /**
  * @version $Rev$ $Date$
  */
@@ -27,5 +29,7 @@
 
     UserIdentity login(String userName, String password);
 
+    UserIdentity login(X509Certificate[] certs);
+
     void logout(UserIdentity userIdentity);
 }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java Tue Jul 28 01:03:41 2009
@@ -77,11 +77,7 @@
             }
 
             // Authenticate the specified certificate chain
-            //TODO almost certainly wrong
-            Principal p = certs[0].getSubjectDN();
-            byte[] sig = certs[0].getSignature();
-            String cred = new String(Base64.encode(sig));
-            UserIdentity userIdentity = loginService.login(p.getName(), cred);
+            UserIdentity userIdentity = loginService.login(certs);
             if (userIdentity != null) {
                 return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
             }

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java Tue Jul 28 01:03:41 2009
@@ -21,6 +21,7 @@
 package org.apache.geronimo.tomcat.security.impl;
 
 import java.security.Principal;
+import java.security.cert.X509Certificate;
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginContext;
@@ -31,6 +32,7 @@
 import org.apache.geronimo.tomcat.security.UserIdentity;
 import org.apache.geronimo.tomcat.security.IdentityService;
 import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.apache.geronimo.security.ContextManager;
 
@@ -48,7 +50,14 @@
     }
 
     public UserIdentity login(String userName, String password) {
-        CallbackHandler callbackHandler = new PasswordCallbackHandler(userName, password.toCharArray());
+        return login(new PasswordCallbackHandler(userName, password.toCharArray()));
+    }
+
+    public UserIdentity login(X509Certificate[] certs) {
+        return login(new CertificateChainCallbackHandler(certs));
+    }
+    
+    private UserIdentity login(CallbackHandler callbackHandler) {
         try {
             LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());
             Subject establishedSubject = loginContext.getSubject();
@@ -58,7 +67,7 @@
             return null;
         }
     }
-
+    
     public void logout(UserIdentity userIdentity) {
     }
 }