You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by cs...@apache.org on 2016/09/15 16:12:53 UTC
[1/2] karaf git commit: [KARAF-4520] Inline digest handling to avoid
dependency to CXF and wss4j
Repository: karaf
Updated Branches:
refs/heads/master 82cee21fd -> 69a332f33
[KARAF-4520] Inline digest handling to avoid dependency to CXF and wss4j
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/225943bf
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/225943bf
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/225943bf
Branch: refs/heads/master
Commit: 225943bf6c20cd471eeaced261d9711b4f4b8f22
Parents: 82cee21
Author: Christian Schneider <ch...@die-schneider.net>
Authored: Thu Sep 15 18:12:22 2016 +0200
Committer: Christian Schneider <ch...@die-schneider.net>
Committed: Thu Sep 15 18:12:22 2016 +0200
----------------------------------------------------------------------
jaas/modules/pom.xml | 45 +------
.../properties/DigestPasswordLoginModule.java | 60 +++++++++-
.../NameDigestPasswordCallbackHandler.java | 116 +++++++++++++++++++
.../jaas/modules/jdbc/JdbcLoginModuleTest.java | 2 +-
4 files changed, 179 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/225943bf/jaas/modules/pom.xml
----------------------------------------------------------------------
diff --git a/jaas/modules/pom.xml b/jaas/modules/pom.xml
index c635b44..7b4cb00 100644
--- a/jaas/modules/pom.xml
+++ b/jaas/modules/pom.xml
@@ -54,22 +54,11 @@
<artifactId>org.apache.felix.utils</artifactId>
<scope>provided</scope>
</dependency>
-
- <dependency>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.fileinstall</artifactId>
- </dependency>
-
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>org.osgi</groupId>
@@ -82,24 +71,12 @@
<artifactId>org.osgi.compendium</artifactId>
<scope>provided</scope>
</dependency>
-
- <dependency>
- <groupId>org.springframework.osgi</groupId>
- <artifactId>spring-osgi-core</artifactId>
- <scope>provided</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.aries.blueprint</groupId>
- <artifactId>org.apache.aries.blueprint.api</artifactId>
- <scope>provided</scope>
- </dependency>
<dependency>
<groupId>org.apache.karaf</groupId>
<artifactId>org.apache.karaf.util</artifactId>
<scope>provided</scope>
</dependency>
-
+
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@@ -107,22 +84,12 @@
<version>4.3.5</version>
</dependency>
+ <!-- Test dependencies -->
<dependency>
- <groupId>org.apache.wss4j</groupId>
- <artifactId>wss4j-ws-security-dom</artifactId>
- <version>2.0.3</version>
- <scope>provided</scope>
- </dependency>
-
-
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-core</artifactId>
- <version>3.1.7</version>
- <scope>provided</scope>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <scope>test</scope>
</dependency>
-
-
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core-integ</artifactId>
@@ -180,8 +147,6 @@
javax.net,
org.apache.karaf.jaas.config,
org.osgi.service.event;resolution:=optional,
- org.apache.cxf.interceptor.security;resolution:=optional,
- org.apache.wss4j.dom.message.token;resolution:=optional,
!net.sf.ehcache*,
!net.spy.memcached*,
com.sun.security.auth.module;resolution:=optional,
http://git-wip-us.apache.org/repos/asf/karaf/blob/225943bf/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
index e37e047..ffbd9cc 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
@@ -19,6 +19,7 @@ package org.apache.karaf.jaas.modules.properties;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
+import java.security.MessageDigest;
import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
@@ -31,13 +32,12 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-import org.apache.cxf.interceptor.security.NameDigestPasswordCallbackHandler;
+import org.apache.commons.codec.binary.Base64;
import org.apache.felix.utils.properties.Properties;
import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
-import org.apache.wss4j.dom.message.token.UsernameToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -50,6 +50,8 @@ public class DigestPasswordLoginModule extends AbstractKarafLoginModule {
static final String USER_FILE = "users";
+ private MessageDigest digest;
+
private String usersFile;
@@ -60,6 +62,58 @@ public class DigestPasswordLoginModule extends AbstractKarafLoginModule {
LOGGER.debug("Initialized debug={} usersFile={}", debug, usersFile);
}
}
+
+ public String doPasswordDigest(String nonce, String created, String password) {
+ String passwdDigest = null;
+ try {
+ passwdDigest = doPasswordDigest(nonce, created, password.getBytes("UTF-8"));
+ } catch (Exception e) {
+ LOGGER.debug(e.getMessage(), e);
+ }
+ return passwdDigest;
+ }
+
+ public String doPasswordDigest(String nonce, String created, byte[] password) {
+ String passwdDigest = null;
+ try {
+ byte[] b1 = nonce != null ? new Base64().decode(nonce) : new byte[0];
+ byte[] b2 = created != null ? created.getBytes("UTF-8") : new byte[0];
+ byte[] b3 = password;
+ byte[] b4 = new byte[b1.length + b2.length + b3.length];
+ int offset = 0;
+ System.arraycopy(b1, 0, b4, offset, b1.length);
+ offset += b1.length;
+
+ System.arraycopy(b2, 0, b4, offset, b2.length);
+ offset += b2.length;
+
+ System.arraycopy(b3, 0, b4, offset, b3.length);
+
+ byte[] digestBytes = generateDigest(b4);
+ passwdDigest = new String(new Base64().encodeBase64(digestBytes));
+ } catch (Exception e) {
+ LOGGER.debug(e.getMessage(), e);
+ }
+ return passwdDigest;
+ }
+
+ /**
+ * Generate a (SHA1) digest of the input bytes. The MessageDigest instance that backs this
+ * method is cached for efficiency.
+ * @param inputBytes the bytes to digest
+ * @return the digest of the input bytes
+ * @throws WSSecurityException
+ */
+ public synchronized byte[] generateDigest(byte[] inputBytes) {
+ try {
+ if (digest == null) {
+ digest = MessageDigest.getInstance("SHA-1");
+ }
+ return digest.digest(inputBytes);
+ } catch (Exception e) {
+ throw new RuntimeException("Error in generating digest", e);
+ }
+ }
public boolean login() throws LoginException {
if (usersFile == null) {
@@ -137,7 +191,7 @@ public class DigestPasswordLoginModule extends AbstractKarafLoginModule {
if (myCallbackHandler instanceof NameDigestPasswordCallbackHandler) {
NameDigestPasswordCallbackHandler digestCallbackHandler = (NameDigestPasswordCallbackHandler)myCallbackHandler;
- storedPassword = UsernameToken.doPasswordDigest(digestCallbackHandler.getNonce(),
+ storedPassword = doPasswordDigest(digestCallbackHandler.getNonce(),
digestCallbackHandler.getCreatedTime(),
storedPassword);
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/225943bf/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/NameDigestPasswordCallbackHandler.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/NameDigestPasswordCallbackHandler.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/NameDigestPasswordCallbackHandler.java
new file mode 100644
index 0000000..2b0874b
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/NameDigestPasswordCallbackHandler.java
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.properties;
+
+import java.io.IOException;
+import java.lang.reflect.Method;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class NameDigestPasswordCallbackHandler implements CallbackHandler {
+
+ private static final Logger LOG = LoggerFactory.getLogger(NameDigestPasswordCallbackHandler.class);
+ private static final String PASSWORD_CALLBACK_NAME = "setObject";
+ private static final Class<?>[] PASSWORD_CALLBACK_TYPES =
+ new Class[]{Object.class, char[].class, String.class};
+
+ private String username;
+ private String password;
+ private String nonce;
+ private String createdTime;
+
+ private String passwordCallbackName;
+
+ public NameDigestPasswordCallbackHandler(String username, String password, String nonce, String createdTime) {
+ this(username, password, nonce, createdTime, null);
+ }
+
+ public NameDigestPasswordCallbackHandler(String username,
+ String password,
+ String nonce,
+ String createdTime,
+ String passwordCallbackName) {
+ this.username = username;
+ this.password = password;
+ this.nonce = nonce;
+ this.createdTime = createdTime;
+ this.passwordCallbackName = passwordCallbackName;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ Callback callback = callbacks[i];
+ if (handleCallback(callback)) {
+ continue;
+ } else if (callback instanceof NameCallback) {
+ ((NameCallback) callback).setName(username);
+ } else if (callback instanceof PasswordCallback) {
+ PasswordCallback pwCallback = (PasswordCallback) callback;
+ pwCallback.setPassword(password.toCharArray());
+ } else if (!invokePasswordCallback(callback)) {
+ String msg = "Unsupported callback type" + callbacks[i].getClass().getName();
+ LOG.info(msg);
+ throw new UnsupportedCallbackException(callbacks[i], msg);
+ }
+ }
+ }
+
+ protected boolean handleCallback(Callback callback) {
+ return false;
+ }
+
+ /*
+ * This method is called from the handle(Callback[]) method when the specified callback
+ * did not match any of the known callback classes. It looks for the callback method
+ * having the specified method name with one of the suppported parameter types.
+ * If found, it invokes the callback method on the object and returns true.
+ * If not, it returns false.
+ */
+ private boolean invokePasswordCallback(Callback callback) {
+ String cbname = passwordCallbackName == null
+ ? PASSWORD_CALLBACK_NAME : passwordCallbackName;
+ for (Class<?> arg : PASSWORD_CALLBACK_TYPES) {
+ try {
+ Method method = callback.getClass().getMethod(cbname, arg);
+ method.invoke(callback, arg == String.class ? password : password.toCharArray());
+ return true;
+ } catch (Exception e) {
+ // ignore and continue
+ LOG.debug(e.getMessage(), e);
+ }
+ }
+ return false;
+ }
+
+ public String getNonce() {
+ return this.nonce;
+ }
+
+ public String getCreatedTime() {
+ return this.createdTime;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/225943bf/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
index 24634dc..7fe9a7f 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
@@ -100,7 +100,7 @@ public class JdbcLoginModuleTest {
options.put(BundleContext.class.getName(), context);
expect(context.getServiceReferences(DataSource.class.getName(), null)).andReturn(new ServiceReference[] { reference });
- expect(context.getService(reference)).andReturn(dataSource);
+ expect((DataSource)context.getService(reference)).andReturn(dataSource);
expect(context.ungetService(reference)).andReturn(true);
EasyMock.replay(context);
[2/2] karaf git commit: Switch to stable version of plugin
Posted by cs...@apache.org.
Switch to stable version of plugin
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/69a332f3
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/69a332f3
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/69a332f3
Branch: refs/heads/master
Commit: 69a332f3314348c5ef141c51201a43de5e4bcd89
Parents: 225943b
Author: Christian Schneider <ch...@die-schneider.net>
Authored: Thu Sep 15 18:12:44 2016 +0200
Committer: Christian Schneider <ch...@die-schneider.net>
Committed: Thu Sep 15 18:12:44 2016 +0200
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/69a332f3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 988bd04..f5bbcc9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1922,7 +1922,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
- <version>3.0.0-SNAPSHOT</version>
+ <version>3.0.0</version>
</plugin>
<plugin>
<groupId>org.apache.karaf.tooling</groupId>