You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2017/10/27 17:50:52 UTC

[08/24] incubator-guacamole-client git commit: GUACAMOLE-362: Change new property to a PrivateKey and refactor code accordingly.

GUACAMOLE-362: Change new property to a PrivateKey and refactor code accordingly.


Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/badbf4cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/badbf4cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/badbf4cc

Branch: refs/heads/staging/0.9.14-incubating
Commit: badbf4cc7dd1436be8d94e3f346829bcbb9e46ca
Parents: ed4c025
Author: Nick Couchman <vn...@apache.org>
Authored: Sun Sep 24 15:58:09 2017 -0400
Committer: Nick Couchman <ni...@yahoo.com>
Committed: Fri Oct 27 13:05:12 2017 -0400

----------------------------------------------------------------------
 .../auth/cas/AuthenticationProviderService.java | 33 ++++---
 .../auth/cas/conf/CASGuacamoleProperties.java   |  6 +-
 .../auth/cas/conf/ConfigurationService.java     |  4 +-
 .../properties/CipherGuacamoleProperty.java     | 95 --------------------
 .../properties/PrivateKeyGuacamoleProperty.java | 81 +++++++++++++++++
 5 files changed, 106 insertions(+), 113 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/badbf4cc/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
index da32f72..22a63bd 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -44,6 +44,7 @@ import javax.xml.bind.DatatypeConverter;
 import org.apache.guacamole.environment.Environment;
 import org.apache.guacamole.form.Field;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
@@ -166,32 +167,38 @@ public class AuthenticationProviderService {
             throws GuacamoleException {
 
         // If we get nothing, we return nothing.
-        if (encryptedPassword == null || encryptedPassword.isEmpty())
+        if (encryptedPassword == null || encryptedPassword.isEmpty()) {
+            logger.warn("No or empty encrypted password, no password will be available.");
             return null;
+        }
+
+        final PrivateKey clearpassKey = confService.getClearpassKey();
+        if (clearpassKey == null) {
+            logger.warn("No private key available to decrypt password.");
+            return null;
+        }
 
         try {
 
-            final Cipher cipher = confService.getClearpassCipher();
+            final Cipher cipher = Cipher.getInstance(clearpassKey.getAlgorithm());
 
-            if (cipher != null) {
+            if (cipher == null)
+                throw new GuacamoleServerException("Failed to initialize cipher object with private key.");
 
-                // Decode and decrypt, and return a new string.
-                final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
-                final byte[] cipherData = cipher.doFinal(pass64);
-                return new String(cipherData);
+            // Initialize the Cipher in decrypt mode.
+            cipher.init(Cipher.DECRYPT_MODE, clearpassKey);
 
-            }
+            // Decode and decrypt, and return a new string.
+            final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
+            final byte[] cipherData = cipher.doFinal(pass64);
+            return new String(cipherData);
 
         }
         catch (Throwable t) {
-            logger.error("Failed to decrypt the data, password token will not be available.");
             logger.debug("Failed to either convert Base64 or decrypt the password.  CAS Password will not be available inside Guacamole.  Exception is: {}", t);
-            return null;
+            throw new GuacamoleServerException("Failed to decrypt CAS ClearPass password.", t);
         }
 
-        logger.warn("Encrypted password provided by CAS, but no Private Key was available to decrypt it.");
-        return null;
-
     }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/badbf4cc/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
index 7a600c9..aa4a06e 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
@@ -19,7 +19,7 @@
 
 package org.apache.guacamole.auth.cas.conf;
 
-import org.apache.guacamole.properties.CipherGuacamoleProperty;
+import org.apache.guacamole.properties.PrivateKeyGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 
 /**
@@ -62,8 +62,8 @@ public class CASGuacamoleProperties {
      * The location of the private key file used to retrieve the
      * password if CAS is configured to support ClearPass.
      */
-    public static final CipherGuacamoleProperty CAS_CLEARPASS_KEY =
-            new CipherGuacamoleProperty() {
+    public static final PrivateKeyGuacamoleProperty CAS_CLEARPASS_KEY =
+            new PrivateKeyGuacamoleProperty() {
 
         @Override
         public String getName() { return "cas-clearpass-key"; }

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/badbf4cc/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
index ba969d4..409097e 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
@@ -21,7 +21,7 @@ package org.apache.guacamole.auth.cas.conf;
 
 import com.google.inject.Inject;
 import java.io.File;
-import javax.crypto.Cipher;
+import java.security.PrivateKey;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.environment.Environment;
 
@@ -82,7 +82,7 @@ public class ConfigurationService {
      * @throws GuacamoleException
      *     If guacamole.properties cannot be parsed.
      */
-    public Cipher getClearpassCipher() throws GuacamoleException {
+    public PrivateKey getClearpassKey() throws GuacamoleException {
         return environment.getProperty(CASGuacamoleProperties.CAS_CLEARPASS_KEY);
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/badbf4cc/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
----------------------------------------------------------------------
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
deleted file mode 100644
index d4d763f..0000000
--- a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.guacamole.properties;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.InputStream;
-import java.io.IOException;
-import java.lang.IllegalArgumentException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.environment.Environment;
-import org.apache.guacamole.environment.LocalEnvironment;
-
-/**
- * A GuacamoleProperty whose value is derived from a private key file.
- */
-public abstract class CipherGuacamoleProperty implements GuacamoleProperty<Cipher>  {
-
-    @Override
-    public Cipher parseValue(String value) throws GuacamoleException {
-
-        if (value == null || value.isEmpty())
-            return null;
-
-        try {
-
-            final Environment environment = new LocalEnvironment();
-
-            // Open and read the file specified in the configuration.
-            File keyFile = new File(environment.getGuacamoleHome(), value);
-            InputStream keyInput = new BufferedInputStream(new FileInputStream(keyFile));
-            final byte[] keyBytes = new byte[(int) keyFile.length()];
-            keyInput.read(keyBytes);
-            keyInput.close();
-
-            // Set up decryption infrastructure
-            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-            KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
-            final PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
-            final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
-            cipher.init(Cipher.DECRYPT_MODE, privateKey);
-
-            return cipher;
-
-        }
-        catch (FileNotFoundException e) {
-            throw new GuacamoleException("Could not find the specified key file.", e);
-        }
-        catch (IOException e) {
-            throw new GuacamoleException("Could not read in the specified key file.", e);
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new GuacamoleException("Specified algorithm does not exist.", e);
-        }
-        catch (InvalidKeyException e) {
-            throw new GuacamoleException("Specified key is invalid.", e);
-        }
-        catch (InvalidKeySpecException e) {
-            throw new GuacamoleException("Invalid KeySpec initialization.", e);
-        }
-        catch (NoSuchPaddingException e) {
-            throw new GuacamoleException("No such padding exception.", e);
-        }
-
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/badbf4cc/guacamole-ext/src/main/java/org/apache/guacamole/properties/PrivateKeyGuacamoleProperty.java
----------------------------------------------------------------------
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/PrivateKeyGuacamoleProperty.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/PrivateKeyGuacamoleProperty.java
new file mode 100644
index 0000000..904a4d1
--- /dev/null
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/PrivateKeyGuacamoleProperty.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.properties;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.IOException;
+import java.lang.IllegalArgumentException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * A GuacamoleProperty whose value is derived from a private key file.
+ */
+public abstract class PrivateKeyGuacamoleProperty implements GuacamoleProperty<PrivateKey>  {
+
+    @Override
+    public PrivateKey parseValue(String value) throws GuacamoleServerException {
+
+        if (value == null || value.isEmpty())
+            return null;
+
+        try {
+
+            // Open and read the file specified in the configuration.
+            File keyFile = new File(value);
+            InputStream keyInput = new BufferedInputStream(new FileInputStream(keyFile));
+            final byte[] keyBytes = new byte[(int) keyFile.length()];
+            keyInput.read(keyBytes);
+            keyInput.close();
+
+            // Set up decryption infrastructure
+            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+            KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
+            return keyFactory.generatePrivate(keySpec);
+
+        }
+        catch (FileNotFoundException e) {
+            throw new GuacamoleServerException("Could not find the specified key file.", e);
+        }
+        catch (IOException e) {
+            throw new GuacamoleServerException("Could not read in the specified key file.", e);
+        }
+        catch (NoSuchAlgorithmException e) {
+            throw new GuacamoleServerException("Specified algorithm does not exist.", e);
+        }
+        catch (InvalidKeySpecException e) {
+            throw new GuacamoleServerException("Invalid KeySpec initialization.", e);
+        }
+
+    }
+
+}