Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joseph I. <jos...@us...> - 2007-01-03 07:24:07
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3754/src/org/tolven/web Modified Files: TopAction.java RegisterAction.java Log Message: UserPrivateKey is now passed directly to AccountDAOBean to circumvent problems with the @SecurityDomain beign added there. A number of different types of login come through AccountDAOBean, and until the bean is refactored, it is best to avoid using the annotation there (and that removes access to the Subject for some mysterious JBoss reason). Index: TopAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TopAction.java,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** TopAction.java 1 Jan 2007 07:33:09 -0000 1.26 --- TopAction.java 3 Jan 2007 07:24:05 -0000 1.27 *************** *** 15,18 **** --- 15,19 ---- import java.io.IOException; + import java.security.GeneralSecurityException; import java.util.Collection; import java.util.LinkedList; *************** *** 26,29 **** --- 27,33 ---- import javax.naming.InitialContext; import javax.naming.NamingException; + import javax.security.auth.Subject; + import javax.security.jacc.PolicyContext; + import javax.security.jacc.PolicyContextException; import javax.servlet.http.HttpSession; *************** *** 39,42 **** --- 43,47 ---- import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; + import org.tolven.security.key.UserPrivateKey; /** *************** *** 259,262 **** --- 264,277 ---- } + public UserPrivateKey getUserPrivateKey() throws PolicyContextException, GeneralSecurityException { + Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); + if (subject == null) + throw new GeneralSecurityException("No Subject found in PolicyContext for " + getUser().getLdapUID()); + Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); + if (privateCredentials.isEmpty()) + throw new GeneralSecurityException(": No UserPrivateKey found for " + getUser().getLdapUID()); + return (UserPrivateKey) privateCredentials.iterator().next(); + } + public void setUser(TolvenUser user) { this.user = user; Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.27 retrieving revision 1.28 diff -C2 -d -r1.27 -r1.28 *** RegisterAction.java 25 Dec 2006 01:43:28 -0000 1.27 --- RegisterAction.java 3 Jan 2007 07:24:05 -0000 1.28 *************** *** 43,46 **** --- 43,47 ---- import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; + import org.tolven.security.key.UserPrivateKey; /** *************** *** 145,149 **** System.out.println( "Created account: " + account.getId() + ", acct type " + account.getAccountType().getKnownType()); // Note, the user automatically gets account permission because they are the only user on that new account. ! accountBean.addAccountUser( account, getTop().getUser(), getNow(), true); accountUsers = null; menu.createDefaultMenuStructure( account ); --- 146,150 ---- System.out.println( "Created account: " + account.getId() + ", acct type " + account.getAccountType().getKnownType()); // Note, the user automatically gets account permission because they are the only user on that new account. ! accountBean.addAccountUser(account, getTop().getUser(), getNow(), true); accountUsers = null; menu.createDefaultMenuStructure( account ); *************** *** 608,612 **** return "fail"; } ! AccountUser accountUser = accountBean.inviteAccountUser(getAccount(), activation.findAccountUser(getTop().getAccountUserId()), user, getNow(), false ); FacesContext.getCurrentInstance().addMessage( "accountAdmin:uid", new FacesMessage("Demo user " + uid + " added, id: " + accountUser.getUser().getId())); // force a refresh of the list --- 609,625 ---- return "fail"; } ! AccountUser accountUser = null; ! if (System.getProperty("tolven.security.keys.activate") == null) { ! //TODO: For backward compatibility, a null UserPublicKey is allowed, to support the existence of no encryption keys existed ! accountUser = accountBean.inviteAccountUser(getAccount(), activation.findAccountUser(getTop().getAccountUserId()), user, null, getNow(), false); ! } else { ! UserPrivateKey userPrivateKey = null; ! try { ! userPrivateKey = getTop().getUserPrivateKey(); ! } catch (Exception ex) { ! throw new RuntimeException("When invited to an Account, a user must have UserPublicKey to protect the AccountPrivateKey"); ! } ! accountUser = accountBean.inviteAccountUser(getAccount(), activation.findAccountUser(getTop().getAccountUserId()), user, userPrivateKey, getNow(), false); ! } FacesContext.getCurrentInstance().addMessage( "accountAdmin:uid", new FacesMessage("Demo user " + uid + " added, id: " + accountUser.getUser().getId())); // force a refresh of the list |
|
From: Joseph I. <jos...@us...> - 2007-01-02 04:29:31
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19259/src/org/tolven/security/key Modified Files: AccountPrivateKey.java UserPrivateKey.java TolvenEncryptedPrivateKey.java Log Message: Provided functionality to change the password for a given UserPrivateKey Index: UserPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/UserPrivateKey.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** UserPrivateKey.java 2 Jan 2007 00:17:41 -0000 1.2 --- UserPrivateKey.java 2 Jan 2007 04:29:26 -0000 1.3 *************** *** 96,103 **** throw new IllegalStateException(INITIALIZED); String privateKeyAlgorithm = System.getProperty(USER_PRIVATE_KEY_ALGORITHM_PROP); ! String pbeKeyAlgorithm = System.getProperty(PBE_KEY_ALGORITHM_PROP); ! byte[] salt = getRandomSalt(); ! int iterationCount = Integer.parseInt(System.getProperty(USER_PASSWORD_ITERATION_COUNT_PROP)); ! return init(privateKeyAlgorithm, pbeKeyAlgorithm, aPassword, salt, iterationCount); } --- 96,111 ---- throw new IllegalStateException(INITIALIZED); String privateKeyAlgorithm = System.getProperty(USER_PRIVATE_KEY_ALGORITHM_PROP); ! int keySize = Integer.parseInt(System.getProperty(USER_PRIVATE_KEY_LENGTH_PROP)); ! KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(privateKeyAlgorithm); ! keyPairGenerator.initialize(keySize); ! KeyPair keyPair = keyPairGenerator.genKeyPair(); ! init(keyPair.getPrivate(), keySize, aPassword); ! return keyPair.getPublic(); ! } ! ! public void initNewPassword(UserPrivateKey aUserPrivateKey, char[] userPrivateKeyPassword, char[] newPassword) throws GeneralSecurityException, IOException { ! if (getEncodedEncryptedPrivateKeyInfo() != null || pbeKeyAlgorithm != null || salt != null) ! throw new IllegalStateException(INITIALIZED); ! init(aUserPrivateKey.getPrivateKey(userPrivateKeyPassword), aUserPrivateKey.getKeySize(), newPassword); } *************** *** 124,144 **** * @throws GeneralSecurityException */ ! private PublicKey init(String aPrivateKeyAlgorithm, String aPBEKeyAlgorithm, char[] aPassword, byte[] salt, int iterationCount) throws GeneralSecurityException, IOException { ! setKeySize(Integer.parseInt(System.getProperty(USER_PRIVATE_KEY_LENGTH_PROP))); ! KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); ! keyPairGenerator.initialize(getKeySize()); ! KeyPair keyPair = keyPairGenerator.genKeyPair(); PBEKeySpec pbeKeySpec = new PBEKeySpec(aPassword); ! SecretKey secretKey = SecretKeyFactory.getInstance(aPBEKeyAlgorithm).generateSecret(pbeKeySpec); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, iterationCount); Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, secretKey, pbeParamSpec); ! byte[] encryptedPrivateKey = cipher.doFinal(keyPair.getPrivate().getEncoded()); ! EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKeyAlgorithm, encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo); ! this.pbeKeyAlgorithm = aPBEKeyAlgorithm; this.salt = salt; this.iterationCount = iterationCount; - return keyPair.getPublic(); } --- 132,152 ---- * @throws GeneralSecurityException */ ! private void init(PrivateKey aPrivateKey, int aKeySize, char[] aPassword) throws GeneralSecurityException, IOException { ! if (getEncodedEncryptedPrivateKeyInfo() != null || pbeKeyAlgorithm != null || salt != null) ! throw new IllegalStateException(INITIALIZED); ! String pbeKeyAlgorithm = System.getProperty(PBE_KEY_ALGORITHM_PROP); ! byte[] salt = getRandomSalt(); ! int iterationCount = Integer.parseInt(System.getProperty(USER_PASSWORD_ITERATION_COUNT_PROP)); PBEKeySpec pbeKeySpec = new PBEKeySpec(aPassword); ! SecretKey secretKey = SecretKeyFactory.getInstance(pbeKeyAlgorithm).generateSecret(pbeKeySpec); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, iterationCount); Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, secretKey, pbeParamSpec); ! byte[] encryptedPrivateKey = cipher.doFinal(aPrivateKey.getEncoded()); ! EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKey.getAlgorithm(), encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo, aKeySize); ! this.pbeKeyAlgorithm = pbeKeyAlgorithm; this.salt = salt; this.iterationCount = iterationCount; } Index: AccountPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/AccountPrivateKey.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** AccountPrivateKey.java 2 Jan 2007 00:17:40 -0000 1.2 --- AccountPrivateKey.java 2 Jan 2007 04:29:26 -0000 1.3 *************** *** 90,94 **** if (accountSecretKey != null) throw new IllegalStateException(INITIALIZED); - setKeySize(anAccountPrivateKey.getKeySize()); PrivateKey privateKey = anAccountPrivateKey.getPrivateKey(aUserPrivateKey.getPrivateKey()); accountSecretKey = AccountSecretKey.getInstance(); --- 90,93 ---- *************** *** 98,102 **** byte[] encryptedPrivateKey = cipher.doFinal(privateKey.getEncoded()); EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(privateKey.getAlgorithm(), encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo); } --- 97,101 ---- byte[] encryptedPrivateKey = cipher.doFinal(privateKey.getEncoded()); EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(privateKey.getAlgorithm(), encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo, anAccountPrivateKey.getKeySize()); } *************** *** 114,120 **** if (accountSecretKey != null) throw new IllegalStateException(INITIALIZED); ! setKeySize(Integer.parseInt(System.getProperty(ACCOUNT_PRIVATE_KEY_LENGTH_PROP))); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); ! keyPairGenerator.initialize(getKeySize()); KeyPair keyPair = keyPairGenerator.genKeyPair(); accountSecretKey = AccountSecretKey.getInstance(); --- 113,119 ---- if (accountSecretKey != null) throw new IllegalStateException(INITIALIZED); ! int keySize = Integer.parseInt(System.getProperty(ACCOUNT_PRIVATE_KEY_LENGTH_PROP)); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); ! keyPairGenerator.initialize(keySize); KeyPair keyPair = keyPairGenerator.genKeyPair(); accountSecretKey = AccountSecretKey.getInstance(); *************** *** 124,128 **** byte[] encryptedPrivateKey = cipher.doFinal(keyPair.getPrivate().getEncoded()); EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKeyAlgorithm, encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo); return keyPair.getPublic(); } --- 123,127 ---- byte[] encryptedPrivateKey = cipher.doFinal(keyPair.getPrivate().getEncoded()); EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKeyAlgorithm, encryptedPrivateKey); ! setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo, keySize); return keyPair.getPublic(); } Index: TolvenEncryptedPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/TolvenEncryptedPrivateKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TolvenEncryptedPrivateKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- TolvenEncryptedPrivateKey.java 2 Jan 2007 04:29:26 -0000 1.2 *************** *** 53,58 **** * @param anEncryptedPrivateKeyInfo */ ! protected void setEncodedEncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo anEncryptedPrivateKeyInfo) throws IOException { algorithm = anEncryptedPrivateKeyInfo.getAlgName(); encodedEncryptedPrivateKeyInfo = anEncryptedPrivateKeyInfo.getEncoded(); } --- 53,59 ---- * @param anEncryptedPrivateKeyInfo */ ! protected void setEncodedEncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo anEncryptedPrivateKeyInfo, int aKeySize) throws IOException { algorithm = anEncryptedPrivateKeyInfo.getAlgName(); + keySize = aKeySize; encodedEncryptedPrivateKeyInfo = anEncryptedPrivateKeyInfo.getEncoded(); } *************** *** 68,81 **** /** - * Keep the PrivateKey size since it does not appear to be readily available - * from an EncryptedPrivateKeyInfo - * - * @param anInt - */ - protected void setKeySize(int anInt) { - keySize = anInt; - } - - /** * return the PrivateKey algorithm * --- 69,72 ---- |
|
From: Joseph I. <jos...@us...> - 2007-01-02 04:29:31
|
Update of /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19259/src/test/org/tolven/security/key Modified Files: UserPrivateKeyTestCase.java Log Message: Provided functionality to change the password for a given UserPrivateKey Index: UserPrivateKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/UserPrivateKeyTestCase.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** UserPrivateKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 --- UserPrivateKeyTestCase.java 2 Jan 2007 04:29:26 -0000 1.3 *************** *** 93,95 **** --- 93,109 ---- } + /* + * Test method for 'org.tolven.security.key.UserPrivateKey.initNewPassword()' + */ + + public void testInitNewPassword() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey pbePrivateKey = UserPrivateKey.getInstance(); + char[] oldPassword = "oldPassword".toCharArray(); + pbePrivateKey.init(oldPassword); + UserPrivateKey newPBEPrivateKey = UserPrivateKey.getInstance(); + char[] newPassword = "newPassword".toCharArray(); + newPBEPrivateKey.initNewPassword(pbePrivateKey, oldPassword, newPassword); + assertEquals(pbePrivateKey.getPrivateKey(oldPassword), newPBEPrivateKey.getPrivateKey(newPassword)); + } } |
|
From: Joseph I. <jos...@us...> - 2007-01-02 00:17:43
|
Update of /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv13090/src/test/org/tolven/security/key Modified Files: UserPrivateKeyTestCase.java UserPublicKeyTestCase.java DocumentSecretKeyTestCase.java AccountSecretKeyTestCase.java AccountPublicKeyTestCase.java AccountPrivateKeyTestCase.java Log Message: Ensure that keys are immutable as a safety feature. New keys can be contructed from selected components of old ones, but the original key should not accidently be changed internally. Index: AccountSecretKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/AccountSecretKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** AccountSecretKeyTestCase.java 25 Dec 2006 06:34:39 -0000 1.1 --- AccountSecretKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 76,78 **** --- 76,99 ---- } + /* + * Test method for immutability of + * 'org.tolven.security.key.AccountSecretKey.init(PublicKey)' + */ + public void testInitInitPublicKey() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + PublicKey theUserPublicKey = userPrivateKey.init(password); + AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); + PublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); + AccountSecretKey accountSecretKey = AccountSecretKey.getInstance(); + accountSecretKey.init(accountPublicKey); + try { + accountSecretKey.init(accountPublicKey); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + } Index: UserPrivateKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/UserPrivateKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** UserPrivateKeyTestCase.java 25 Dec 2006 06:34:39 -0000 1.1 --- UserPrivateKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 51,54 **** --- 51,70 ---- /* + * Test method for immutability of 'org.tolven.security.key.UserPrivateKey.init(char[])' + */ + public void testInitInitCharArray() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey pbePrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + pbePrivateKey.init(password); + try { + pbePrivateKey.init(password); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + + /* * Test method for * 'org.tolven.security.key.UserPrivateKey.getPrivateKey(char[])' Index: UserPublicKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/UserPublicKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** UserPublicKeyTestCase.java 1 Jan 2007 10:04:21 -0000 1.1 --- UserPublicKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 51,54 **** --- 51,73 ---- /* + * Test method for immutability + * 'org.tolven.security.key.UserPublicKey.init(PublicKey)' + */ + public void testInitInitPublicKey() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + PublicKey theUserPublicKey = userPrivateKey.init(password); + UserPublicKey userPublicKey = UserPublicKey.getInstance(); + userPublicKey.init(theUserPublicKey); + try { + userPublicKey.init(theUserPublicKey); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + + /* * Test method for 'org.tolven.security.key.UserPublicKey.getPublicKey()' */ Index: DocumentSecretKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/DocumentSecretKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** DocumentSecretKeyTestCase.java 25 Dec 2006 06:34:39 -0000 1.1 --- DocumentSecretKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 77,79 **** --- 77,100 ---- } + /* + * Test method for immutability of + * 'org.tolven.security.key.DocumentSecretKey.init(PublicKey)' + */ + public void testInitInitPublicKey() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + PublicKey theUserPublicKey = userPrivateKey.init(password); + AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); + PublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); + DocumentSecretKey accountSecretKey = DocumentSecretKey.getInstance(); + accountSecretKey.init(accountPublicKey); + try { + accountSecretKey.init(accountPublicKey); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + } Index: AccountPrivateKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/AccountPrivateKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** AccountPrivateKeyTestCase.java 25 Dec 2006 06:34:39 -0000 1.1 --- AccountPrivateKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 54,57 **** --- 54,76 ---- /* + * Test method for immutability of + * 'org.tolven.security.key.AccountPrivateKey.init(PublicKey)' + */ + public void testInitInitPublicKey() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + PublicKey publicKey = userPrivateKey.init(password); + AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); + accountPrivateKey.init(publicKey); + try { + accountPrivateKey.init(publicKey); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + + /* * Test method for * 'org.tolven.security.key.AccountPrivateKey.init(AccountPrivateKey, UserPrivateKey, PublicKey)' Index: AccountPublicKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/AccountPublicKeyTestCase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** AccountPublicKeyTestCase.java 1 Jan 2007 10:04:21 -0000 1.1 --- AccountPublicKeyTestCase.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 51,54 **** --- 51,73 ---- /* + * Test method for immutability of + * 'org.tolven.security.key.AccountPublicKey.init(PublicKey)' + */ + public void testInitInitPublicKey() throws GeneralSecurityException, IOException { + SecurityTestSuite.initProperties(); + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + char[] password = "password".toCharArray(); + PublicKey theUserPublicKey = userPrivateKey.init(password); + AccountPublicKey accountPublicKey = AccountPublicKey.getInstance(); + accountPublicKey.init(theUserPublicKey); + try { + accountPublicKey.init(theUserPublicKey); + fail("Intializing twice is not allowed because keys are immutable"); + } catch (IllegalStateException ex) { + // init should fail second time around, and thus this test passes + } + } + + /* * Test method for 'org.tolven.security.key.AccountPublicKey.getPublicKey()' */ |
|
From: Joseph I. <jos...@us...> - 2007-01-02 00:17:43
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv13090/src/org/tolven/security/key Modified Files: AccountPrivateKey.java TolvenEncryptedSecretKey.java TolvenPublicKey.java AccountSecretKey.java UserPrivateKey.java DocumentSecretKey.java Log Message: Ensure that keys are immutable as a safety feature. New keys can be contructed from selected components of old ones, but the original key should not accidently be changed internally. Index: DocumentSecretKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/DocumentSecretKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** DocumentSecretKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- DocumentSecretKey.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 56,59 **** --- 56,62 ---- */ public SecretKey init(PublicKey aPublicKey) throws GeneralSecurityException { + // The initialization check seems to belong in the superclass, but it's abstract? + if (getEncryptedKey() != null || getAlgorithm() != null) + throw new IllegalStateException(getClass() + " already initialized"); String kbeKeyAlgorithm = System.getProperty(DOC_KBE_KEY_ALGORITHM_PROP); KeyGenerator keyGenerator = KeyGenerator.getInstance(kbeKeyAlgorithm); Index: AccountSecretKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/AccountSecretKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** AccountSecretKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- AccountSecretKey.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 56,59 **** --- 56,62 ---- */ public SecretKey init(PublicKey aPublicKey) throws GeneralSecurityException { + // The initialization check seems to belong in the superclass, but it's abstract? + if (getEncryptedKey() != null || getAlgorithm() != null) + throw new IllegalStateException(getClass() + " already initialized"); String kbeKeyAlgorithm = System.getProperty(ACCOUNT_USER_KBE_KEY_ALGORITHM_PROP); KeyGenerator keyGenerator = KeyGenerator.getInstance(kbeKeyAlgorithm); Index: AccountPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/AccountPrivateKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** AccountPrivateKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- AccountPrivateKey.java 2 Jan 2007 00:17:40 -0000 1.2 *************** *** 42,45 **** --- 42,46 ---- private static final String NOT_INITIALIZED = "AccountPrivateKey not initialized"; + private static final String INITIALIZED = "AccountPrivateKey already initialized"; public static final String ACCOUNT_PRIVATE_KEY_ALGORITHM_PROP = "tolven.security.account.privateKeyAlgorithm"; public static final String ACCOUNT_PRIVATE_KEY_LENGTH_PROP = "tolven.security.account.keyLength"; *************** *** 87,90 **** --- 88,93 ---- */ public void init(AccountPrivateKey anAccountPrivateKey, UserPrivateKey aUserPrivateKey, PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { + if (accountSecretKey != null) + throw new IllegalStateException(INITIALIZED); setKeySize(anAccountPrivateKey.getKeySize()); PrivateKey privateKey = anAccountPrivateKey.getPrivateKey(aUserPrivateKey.getPrivateKey()); *************** *** 109,112 **** --- 112,117 ---- */ private PublicKey init(String aPrivateKeyAlgorithm, PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { + if (accountSecretKey != null) + throw new IllegalStateException(INITIALIZED); setKeySize(Integer.parseInt(System.getProperty(ACCOUNT_PRIVATE_KEY_LENGTH_PROP))); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); Index: UserPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/UserPrivateKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** UserPrivateKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- UserPrivateKey.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 47,50 **** --- 47,51 ---- private static final String NOT_INITIALIZED = "UserPrivateKey not initialized"; + private static final String INITIALIZED = "UserPrivateKey already initialized"; private static final String KEY_LOCKED = "UserPrivateKey is locked"; public static final String USER_PRIVATE_KEY_ALGORITHM_PROP = "tolven.security.user.privateKeyAlgorithm"; *************** *** 92,95 **** --- 93,98 ---- */ public PublicKey init(char[] aPassword) throws GeneralSecurityException, IOException { + if (getEncodedEncryptedPrivateKeyInfo() != null || pbeKeyAlgorithm != null || salt != null) + throw new IllegalStateException(INITIALIZED); String privateKeyAlgorithm = System.getProperty(USER_PRIVATE_KEY_ALGORITHM_PROP); String pbeKeyAlgorithm = System.getProperty(PBE_KEY_ALGORITHM_PROP); *************** *** 181,184 **** --- 184,195 ---- /** + * Return true if the PrivateKey has been locked and requires a password to unlock it + * @return + */ + public boolean isLocked() { + return privateKey == null; + } + + /** * Return the privateKey if it is not locked, otherwise return null * Index: TolvenPublicKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/TolvenPublicKey.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** TolvenPublicKey.java 1 Jan 2007 10:04:21 -0000 1.2 --- TolvenPublicKey.java 2 Jan 2007 00:17:41 -0000 1.3 *************** *** 31,34 **** --- 31,35 ---- protected static final String NOT_INITIALIZED = "TolvenPublicKey not initialized"; + protected static final String INITIALIZED = "TolvenPublicKey already initialized"; @Lob *************** *** 48,51 **** --- 49,54 ---- */ public void init(PublicKey aPublicKey) { + if (x509EncodedKeySpec != null || algorithm != null) + throw new IllegalStateException(INITIALIZED); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(aPublicKey.getEncoded()); x509EncodedKeySpec = keySpec.getEncoded(); Index: TolvenEncryptedSecretKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/TolvenEncryptedSecretKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TolvenEncryptedSecretKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- TolvenEncryptedSecretKey.java 2 Jan 2007 00:17:41 -0000 1.2 *************** *** 58,62 **** /** ! * Encrypt a SecretKey using a PublicKey * * @param aPublicKey --- 58,62 ---- /** ! * Encrypt a SecretKey using a PublicKey. Subclasses are responsible for ensuring that this key is not initialized more than once i.e. is immutable * * @param aPublicKey |
|
From: Joseph I. <jos...@us...> - 2007-01-01 22:16:00
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27051/src/org/tolven/doc/entity Modified Files: DocBase.java Log Message: A Principal could easily be Group representing roles, so filter out the Group which is a subclass of Principal. Index: DocBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocBase.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** DocBase.java 1 Jan 2007 11:19:31 -0000 1.11 --- DocBase.java 1 Jan 2007 22:15:59 -0000 1.12 *************** *** 18,21 **** --- 18,22 ---- import java.security.PrivateKey; import java.security.PublicKey; + import java.security.acl.Group; import java.util.Iterator; import java.util.Set; *************** *** 182,191 **** if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext"); ! //TODO: Should the Principal be identified in the Subject or via ejbContext? ! Set principals = subject.getPrincipals(Principal.class); ! if (principals.isEmpty()) throw new IllegalStateException("No Principal found in Subject"); - //TODO: Assume one Principal, but could potentially be more - Principal principal = (Principal)principals.iterator().next(); Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); if (privateCredentials.isEmpty()) --- 183,198 ---- if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext"); ! //TODO: Assume one Principal at this time. Should the Principal be identified in the Subject or via ejbContext? ! Principal principal = null; ! Object obj = null; ! for (java.util.Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof Principal && !(obj instanceof Group)) { ! principal = (Principal) obj; ! break; ! } ! } ! if (principal == null) throw new IllegalStateException("No Principal found in Subject"); Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); if (privateCredentials.isEmpty()) |
|
From: Joseph I. <jos...@us...> - 2007-01-01 11:19:41
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17556/src/org/tolven/doc/entity Modified Files: DocBase.java Log Message: Find Principals, PublicCredentials and PrivateCredentials more efficiently within a Subject. Index: DocBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocBase.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** DocBase.java 1 Jan 2007 03:11:03 -0000 1.10 --- DocBase.java 1 Jan 2007 11:19:31 -0000 1.11 *************** *** 15,18 **** --- 15,19 ---- import java.io.Serializable; + import java.security.Principal; import java.security.PrivateKey; import java.security.PublicKey; *************** *** 182,206 **** throw new IllegalStateException("No Subject found in PolicyContext"); //TODO: Should the Principal be identified in the Subject or via ejbContext? ! java.security.Principal principal = null; ! Object obj = null; ! for (java.util.Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof java.security.Principal && !(obj instanceof java.security.acl.Group)) { ! principal = (java.security.Principal) obj; ! break; ! } ! } ! if (principal == null) throw new IllegalStateException("No Principal found in Subject"); ! UserPrivateKey userPrivateKey = null; ! obj = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof UserPrivateKey) { ! userPrivateKey = (UserPrivateKey) obj; ! } ! } ! if (userPrivateKey == null) ! throw new RuntimeException(": No UserPrivateKey found for " + principal.getName()); PrivateKey privateKey = userPrivateKey.getPrivateKey(); //TODO: Not sure if this is the most efficient way to find the AccountUser of the logged in user --- 183,195 ---- throw new IllegalStateException("No Subject found in PolicyContext"); //TODO: Should the Principal be identified in the Subject or via ejbContext? ! Set principals = subject.getPrincipals(Principal.class); ! if (principals.isEmpty()) throw new IllegalStateException("No Principal found in Subject"); ! //TODO: Assume one Principal, but could potentially be more ! Principal principal = (Principal)principals.iterator().next(); ! Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); ! if (privateCredentials.isEmpty()) ! throw new RuntimeException(": No UserPrivateKey found in Subject " + principal.getName()); ! UserPrivateKey userPrivateKey = (UserPrivateKey)privateCredentials.iterator().next(); PrivateKey privateKey = userPrivateKey.getPrivateKey(); //TODO: Not sure if this is the most efficient way to find the AccountUser of the logged in user |
|
From: Joseph I. <jos...@us...> - 2007-01-01 11:19:41
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17556/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Find Principals, PublicCredentials and PrivateCredentials more efficiently within a Subject. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.19 retrieving revision 1.20 diff -C2 -d -r1.19 -r1.20 *** AccountDAOBean.java 1 Jan 2007 10:04:21 -0000 1.19 --- AccountDAOBean.java 1 Jan 2007 11:19:31 -0000 1.20 *************** *** 18,21 **** --- 18,22 ---- import java.util.Date; import java.util.List; + import java.util.Set; import javax.annotation.Resource; *************** *** 167,180 **** if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! UserPrivateKey inviterPrivateKey = null; ! Object obj = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof UserPrivateKey) { ! inviterPrivateKey = (UserPrivateKey) obj; ! } ! } ! if (inviterPrivateKey == null) throw new RuntimeException(": No UserPrivateKey found for " + ejbContext.getCallerPrincipal()); AccountPrivateKey inviterAccountPrivateKey = inviterAccountUser.getAccountPrivateKey(); if (inviterAccountPrivateKey == null) --- 168,175 ---- if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); ! if (privateCredentials.isEmpty()) throw new RuntimeException(": No UserPrivateKey found for " + ejbContext.getCallerPrincipal()); + UserPrivateKey inviterPrivateKey = (UserPrivateKey)privateCredentials.iterator().next(); AccountPrivateKey inviterAccountPrivateKey = inviterAccountUser.getAccountPrivateKey(); if (inviterAccountPrivateKey == null) *************** *** 242,258 **** if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! UserPublicKey userPublicKey = null; ! Object obj = null; ! for (java.util.Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! // TODO: Assume one and only PublicKey for the current logged in user, and give this key a type ! obj = iter.next(); ! if (obj instanceof UserPublicKey) { ! userPublicKey = (UserPublicKey) obj; ! break; ! } ! } ! if (userPublicKey == null) { ! System.out.println(getClass() + ": Debug info: No PublicKey found for " + ejbContext.getCallerPrincipal()); } else { AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); PublicKey accountPublicKey = accountPrivateKey.init(userPublicKey.getPublicKey()); --- 237,245 ---- if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! Set publicCredentials = subject.getPublicCredentials(UserPublicKey.class); ! if (publicCredentials.isEmpty()) { ! throw new IllegalStateException("No UserPublicKey found for Subject " + ejbContext.getCallerPrincipal()); } else { + UserPublicKey userPublicKey = (UserPublicKey) publicCredentials.iterator().next(); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); PublicKey accountPublicKey = accountPrivateKey.init(userPublicKey.getPublicKey()); *************** *** 262,268 **** } } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of ! // encryption keys ! System.out.println(getClass() + ": Debug info: Problem while setting up Account Keys for " + ejbContext.getCallerPrincipal() + " CAUSE: " + ex.getMessage()); } } --- 249,254 ---- } } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of encryption keys ! System.out.println(getClass() + ": Problem while setting up Account Keys for " + ejbContext.getCallerPrincipal() + " CAUSE: " + ex.getMessage()); } } |
|
From: Joseph I. <jos...@us...> - 2007-01-01 10:15:36
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv26284/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Use new Date() instead of Calendar.getInstance().getTime() Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** KeyLdapLoginModule.java 1 Jan 2007 10:04:21 -0000 1.6 --- KeyLdapLoginModule.java 1 Jan 2007 10:15:35 -0000 1.7 *************** *** 14,22 **** package org.tolven.security.auth; import javax.naming.InitialContext; import javax.resource.spi.security.PasswordCredential; - import java.security.Principal; - import java.util.Calendar; - import javax.security.auth.Subject; import javax.security.auth.login.LoginException; --- 14,21 ---- package org.tolven.security.auth; + import java.security.Principal; + import java.util.Date; import javax.naming.InitialContext; import javax.resource.spi.security.PasswordCredential; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; *************** *** 100,104 **** user.setLastLogin(null); // Last login is null, never logged in before this //TODO: Where should I get the current time from (Calendar is not used much in this application)? ! user.setCreation(Calendar.getInstance().getTime()); userModified = true; } --- 99,103 ---- user.setLastLogin(null); // Last login is null, never logged in before this //TODO: Where should I get the current time from (Calendar is not used much in this application)? ! user.setCreation(new Date()); userModified = true; } |
|
From: Joseph I. <jos...@us...> - 2007-01-01 10:04:23
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21867/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Added tighter typing to TolvenPublicKey by subclassing with UserPublicKey and AccountPublicKey. When these are located in a Subject's publicCredentials, they will be easier to locate. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** AccountDAOBean.java 1 Jan 2007 07:33:14 -0000 1.18 --- AccountDAOBean.java 1 Jan 2007 10:04:21 -0000 1.19 *************** *** 38,41 **** --- 38,42 ---- import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.UserPrivateKey; + import org.tolven.security.key.UserPublicKey; *************** *** 159,163 **** try { if (invitedUser.getPublicKey() == null) { ! throw new RuntimeException(": Invited user " + ejbContext.getCallerPrincipal() + " has no PublicKey to protect the AccountPrivateKey"); } // TODO: The correct location of the creation of an Invitation is still to be determined. It is created --- 160,164 ---- try { if (invitedUser.getPublicKey() == null) { ! throw new RuntimeException(": Invited user " + invitedUser.getLdapUID() + " has no PublicKey to protect the AccountPrivateKey"); } // TODO: The correct location of the creation of an Invitation is still to be determined. It is created *************** *** 241,251 **** if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! PublicKey userPublicKey = null; Object obj = null; for (java.util.Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { // TODO: Assume one and only PublicKey for the current logged in user, and give this key a type obj = iter.next(); ! if (obj instanceof PublicKey) { ! userPublicKey = (PublicKey) obj; break; } --- 242,252 ---- if (subject == null) throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! UserPublicKey userPublicKey = null; Object obj = null; for (java.util.Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { // TODO: Assume one and only PublicKey for the current logged in user, and give this key a type obj = iter.next(); ! if (obj instanceof UserPublicKey) { ! userPublicKey = (UserPublicKey) obj; break; } *************** *** 255,259 **** } else { AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(userPublicKey); account.setPublicKey(accountPublicKey); accountUser.setAccountPrivateKey(accountPrivateKey); --- 256,260 ---- } else { AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(userPublicKey.getPublicKey()); account.setPublicKey(accountPublicKey); accountUser.setAccountPrivateKey(accountPrivateKey); |
|
From: Joseph I. <jos...@us...> - 2007-01-01 10:04:23
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21867/src/org/tolven/core/entity Modified Files: TolvenUser.java Account.java Log Message: Added tighter typing to TolvenPublicKey by subclassing with UserPublicKey and AccountPublicKey. When these are located in a Subject's publicCredentials, they will be easier to locate. Index: Account.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/Account.java,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** Account.java 25 Dec 2006 06:34:40 -0000 1.14 --- Account.java 1 Jan 2007 10:04:21 -0000 1.15 *************** *** 30,34 **** import javax.persistence.Table; ! import org.tolven.security.key.TolvenPublicKey; /** --- 30,34 ---- import javax.persistence.Table; ! import org.tolven.security.key.AccountPublicKey; /** *************** *** 72,76 **** @Embedded ! private TolvenPublicKey tolvenPublicKey; --- 72,76 ---- @Embedded ! private AccountPublicKey accountPublicKey; *************** *** 208,225 **** } public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey == null ? null : tolvenPublicKey.getPublicKey(); } public void setPublicKey(PublicKey aPublicKey) { ! tolvenPublicKey = TolvenPublicKey.getInstance(); ! tolvenPublicKey.init(aPublicKey); } public boolean hasPublicKey() { ! return tolvenPublicKey != null; } - - } --- 208,227 ---- } + public AccountPublicKey getAccountPublicKey() { + return accountPublicKey; + } + public PublicKey getPublicKey() throws GeneralSecurityException { ! return accountPublicKey == null ? null : accountPublicKey.getPublicKey(); } public void setPublicKey(PublicKey aPublicKey) { ! accountPublicKey = AccountPublicKey.getInstance(); ! accountPublicKey.init(aPublicKey); } public boolean hasPublicKey() { ! return accountPublicKey != null; } } Index: TolvenUser.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/TolvenUser.java,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** TolvenUser.java 25 Dec 2006 06:34:40 -0000 1.14 --- TolvenUser.java 1 Jan 2007 10:04:21 -0000 1.15 *************** *** 23,27 **** import org.tolven.doc.entity.DocBase; ! import org.tolven.security.key.TolvenPublicKey; import org.tolven.security.key.UserPrivateKey; --- 23,27 ---- import org.tolven.doc.entity.DocBase; ! import org.tolven.security.key.UserPublicKey; import org.tolven.security.key.UserPrivateKey; *************** *** 92,96 **** @Embedded ! private TolvenPublicKey tolvenPublicKey; transient private Date oldLastLogin; --- 92,96 ---- @Embedded ! private UserPublicKey userPublicKey; transient private Date oldLastLogin; *************** *** 227,241 **** } public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey == null ? null : tolvenPublicKey.getPublicKey(); } public void setPublicKey(PublicKey aPublicKey) { ! tolvenPublicKey = TolvenPublicKey.getInstance(); ! tolvenPublicKey.init(aPublicKey); } public void initUserPrivateKey(char[] password) throws GeneralSecurityException, IOException { ! if (getUserPrivateKey() != null || getPublicKey() != null) throw new IllegalStateException("User already has public/private keys"); UserPrivateKey privateKey = UserPrivateKey.getInstance(); --- 227,245 ---- } + public UserPublicKey getUserPublicKey() { + return userPublicKey; + } + public PublicKey getPublicKey() throws GeneralSecurityException { ! return userPublicKey == null ? null : userPublicKey.getPublicKey(); } public void setPublicKey(PublicKey aPublicKey) { ! userPublicKey = UserPublicKey.getInstance(); ! userPublicKey.init(aPublicKey); } public void initUserPrivateKey(char[] password) throws GeneralSecurityException, IOException { ! if (getUserPrivateKey() != null || getUserPublicKey() != null) throw new IllegalStateException("User already has public/private keys"); UserPrivateKey privateKey = UserPrivateKey.getInstance(); |
|
From: Joseph I. <jos...@us...> - 2007-01-01 10:04:22
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21867/src/org/tolven/security/key Modified Files: TolvenPublicKey.java Added Files: UserPublicKey.java AccountPublicKey.java Log Message: Added tighter typing to TolvenPublicKey by subclassing with UserPublicKey and AccountPublicKey. When these are located in a Subject's publicCredentials, they will be easier to locate. --- NEW FILE: UserPublicKey.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.key; import javax.persistence.Embeddable; /** * This class encapsulates an x509EncodedKeySpec for a Public Key * * @author Joseph Isaac * */ @Embeddable public class UserPublicKey extends TolvenPublicKey { protected static final String NOT_INITIALIZED = "UserPublicKey not initialized"; /** * Return an instance of UserPublicKey * * @return */ public static UserPublicKey getInstance() { return new UserPublicKey(); } } --- NEW FILE: AccountPublicKey.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.key; import javax.persistence.Embeddable; /** * This class encapsulates an x509EncodedKeySpec for a Public Key * * @author Joseph Isaac * */ @Embeddable public class AccountPublicKey extends TolvenPublicKey { protected static final String NOT_INITIALIZED = "AccountPublicKey not initialized"; /** * Return an instance of UserPublicKey * * @return */ public static AccountPublicKey getInstance() { return new AccountPublicKey(); } } Index: TolvenPublicKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/key/TolvenPublicKey.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TolvenPublicKey.java 25 Dec 2006 06:34:39 -0000 1.1 --- TolvenPublicKey.java 1 Jan 2007 10:04:21 -0000 1.2 *************** *** 27,34 **** * */ ! @Embeddable ! public class TolvenPublicKey implements Serializable { ! private static final String NOT_INITIALIZED = "TolvenPublicKey not initialized"; @Lob --- 27,34 ---- * */ ! @MappedSuperclass ! public abstract class TolvenPublicKey implements Serializable { ! protected static final String NOT_INITIALIZED = "TolvenPublicKey not initialized"; @Lob *************** *** 44,56 **** /** - * Return an instance of TolvenPublicKey - * - * @return - */ - public static TolvenPublicKey getInstance() { - return new TolvenPublicKey(); - } - - /** * Initialize TolvenPublicKey with aPublicKey * @param aPublicKey --- 44,47 ---- |
|
From: Joseph I. <jos...@us...> - 2007-01-01 10:04:22
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21867/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Added tighter typing to TolvenPublicKey by subclassing with UserPublicKey and AccountPublicKey. When these are located in a Subject's publicCredentials, they will be easier to locate. Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** KeyLdapLoginModule.java 1 Jan 2007 07:33:14 -0000 1.5 --- KeyLdapLoginModule.java 1 Jan 2007 10:04:21 -0000 1.6 *************** *** 17,21 **** import javax.resource.spi.security.PasswordCredential; import java.security.Principal; - import java.security.acl.Group; import java.util.Calendar; --- 17,20 ---- *************** *** 45,50 **** /** ! * If the LdapLoginModule superclass validates the inputPassword as true, then create a PasswordCredential ! * and finds the TolvenUser via the pricipal and keeps both for commit phase. */ protected boolean validatePassword(String inputPassword, String expectedPassword) { --- 44,51 ---- /** ! * If the LdapLoginModule superclass validates the inputPassword as true, then create a corresponding TolvenUser with status NEW_LOGIN, if necessary. ! * Create a UserPrivateKey/PublicKey for the TolvenUser and persist it to the DB. Add the UserPrivateKey/PublicKey to the Subject. ! * If the caller is an MDB, then give it access. ! * If the user has no Subject, they did not login, but this can happen when users register, and will be controlled more thoroughly before this code is activated. */ protected boolean validatePassword(String inputPassword, String expectedPassword) { *************** *** 158,165 **** userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding PublicKey to Subject " + user.getLdapUID()); ! subject.getPublicCredentials().add(user.getPublicKey()); ! System.out.println(getClass() + ": Adding PasswordCredential to Subject " + user.getLdapUID()); ! subject.getPrivateCredentials().add(passwordCredential); if (userModified) { loginLocal.update(user); --- 159,164 ---- userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); ! subject.getPublicCredentials().add(user.getUserPublicKey()); if (userModified) { loginLocal.update(user); *************** *** 183,190 **** if (aborted && System.getProperty("tolven.security.keys.activate") != null) { try { - subject.getPrivateCredentials().remove(passwordCredential); if (user != null) { subject.getPrivateCredentials().remove(user.getUserPrivateKey()); ! subject.getPublicCredentials().remove(user.getPublicKey()); } } catch (Exception ex) { --- 182,188 ---- if (aborted && System.getProperty("tolven.security.keys.activate") != null) { try { if (user != null) { subject.getPrivateCredentials().remove(user.getUserPrivateKey()); ! subject.getPublicCredentials().remove(user.getUserPublicKey()); } } catch (Exception ex) { |
Update of /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21867/src/test/org/tolven/security/key Modified Files: SecurityTestSuite.java Added Files: UserPublicKeyTestCase.java AccountPublicKeyTestCase.java Removed Files: TolvenPublicKeyTestCase.java Log Message: Added tighter typing to TolvenPublicKey by subclassing with UserPublicKey and AccountPublicKey. When these are located in a Subject's publicCredentials, they will be easier to locate. --- NEW FILE: AccountPublicKeyTestCase.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package test.org.tolven.security.key; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.PublicKey; import junit.framework.TestCase; import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.UserPrivateKey; /** * This class is used to testing AccountPublicKey. * * @author Joseph Isaac * */ public class AccountPublicKeyTestCase extends TestCase { /* * Test method for 'org.tolven.security.key.AccountPublicKey.getInstance()' */ public void testGetInstance() { AccountPublicKey.getInstance(); } /* * Test method for * 'org.tolven.security.key.AccountPublicKey.init(PublicKey)' */ public void testInitPublicKey() throws GeneralSecurityException, IOException { SecurityTestSuite.initProperties(); UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); char[] password = "password".toCharArray(); PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPublicKey accountPublicKey = AccountPublicKey.getInstance(); accountPublicKey.init(theUserPublicKey); } /* * Test method for 'org.tolven.security.key.AccountPublicKey.getPublicKey()' */ public void testGetPublicKey() throws GeneralSecurityException, IOException { SecurityTestSuite.initProperties(); UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); char[] password = "password".toCharArray(); PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPublicKey accountPublicKey = AccountPublicKey.getInstance(); accountPublicKey.init(theUserPublicKey); PublicKey publicKey = accountPublicKey.getPublicKey(); assertTrue(publicKey.equals(theUserPublicKey)); } } Index: SecurityTestSuite.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/key/SecurityTestSuite.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** SecurityTestSuite.java 25 Dec 2006 06:34:39 -0000 1.1 --- SecurityTestSuite.java 1 Jan 2007 10:04:21 -0000 1.2 *************** *** 35,41 **** //$JUnit-BEGIN$ suite.addTestSuite(UserPrivateKeyTestCase.class); suite.addTestSuite(AccountSecretKeyTestCase.class); - suite.addTestSuite(TolvenPublicKeyTestCase.class); suite.addTestSuite(AccountPrivateKeyTestCase.class); suite.addTestSuite(DocumentSecretKeyTestCase.class); suite.addTestSuite(DocumentEncryptionTestCase.class); --- 35,42 ---- //$JUnit-BEGIN$ suite.addTestSuite(UserPrivateKeyTestCase.class); + suite.addTestSuite(UserPublicKeyTestCase.class); suite.addTestSuite(AccountSecretKeyTestCase.class); suite.addTestSuite(AccountPrivateKeyTestCase.class); + suite.addTestSuite(AccountPublicKeyTestCase.class); suite.addTestSuite(DocumentSecretKeyTestCase.class); suite.addTestSuite(DocumentEncryptionTestCase.class); --- NEW FILE: UserPublicKeyTestCase.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package test.org.tolven.security.key; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.PublicKey; import junit.framework.TestCase; import org.tolven.security.key.UserPublicKey; import org.tolven.security.key.UserPrivateKey; /** * This class is used to testing UserPublicKey. * * @author Joseph Isaac * */ public class UserPublicKeyTestCase extends TestCase { /* * Test method for 'org.tolven.security.key.UserPublicKey.getInstance()' */ public void testGetInstance() { UserPublicKey.getInstance(); } /* * Test method for * 'org.tolven.security.key.UserPublicKey.init(PublicKey)' */ public void testInitPublicKey() throws GeneralSecurityException, IOException { SecurityTestSuite.initProperties(); UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); char[] password = "password".toCharArray(); PublicKey theUserPublicKey = userPrivateKey.init(password); UserPublicKey userPublicKey = UserPublicKey.getInstance(); userPublicKey.init(theUserPublicKey); } /* * Test method for 'org.tolven.security.key.UserPublicKey.getPublicKey()' */ public void testGetPublicKey() throws GeneralSecurityException, IOException { SecurityTestSuite.initProperties(); UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); char[] password = "password".toCharArray(); PublicKey theUserPublicKey = userPrivateKey.init(password); UserPublicKey userPublicKey = UserPublicKey.getInstance(); userPublicKey.init(theUserPublicKey); PublicKey publicKey = userPublicKey.getPublicKey(); assertTrue(publicKey.equals(theUserPublicKey)); } } --- TolvenPublicKeyTestCase.java DELETED --- |
|
From: Joseph I. <jos...@us...> - 2007-01-01 07:33:15
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25278/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: When the new encryption code is activated, the KeyLdapLoginModule will create TolvenUsers and add the encryption keys they need. The LoginModule will also handle MDBs access to resources, as well as access from users who are not logged in. This LoginModule will eventually be broken up into separate LoginModules, possibly attached to different application policies. When deactivated, it mimics its superclass behavior i.e. LdapLoginModule. Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** KeyLdapLoginModule.java 25 Dec 2006 06:34:40 -0000 1.4 --- KeyLdapLoginModule.java 1 Jan 2007 07:33:14 -0000 1.5 *************** *** 17,24 **** --- 17,29 ---- import javax.resource.spi.security.PasswordCredential; import java.security.Principal; + import java.security.acl.Group; + import java.util.Calendar; + import javax.security.auth.Subject; import javax.security.auth.login.LoginException; + import javax.security.jacc.PolicyContext; import org.jboss.security.auth.spi.LdapLoginModule; + import org.tolven.core.entity.Status; import org.tolven.core.entity.TolvenUser; import org.tolven.security.key.UserPrivateKey; *************** *** 37,40 **** --- 42,46 ---- private transient LoginLocal loginLocal; private transient TolvenUser user; + private transient boolean userModified = false; /** *************** *** 45,70 **** System.out.println(getClass() + ": validatePassword"); boolean validated = super.validatePassword(inputPassword, expectedPassword); ! if (validated) { try { ! if (System.getProperty("tolven.security.keys.activate") != null) { ! char[] password = null; ! if (inputPassword != null) ! password = inputPassword.toCharArray(); ! Principal principal = getIdentity(); ! String principalUserName = null; ! if (principal != null) ! principalUserName = principal.getName(); ! passwordCredential = new PasswordCredential(principalUserName, password); ! InitialContext ictx = new InitialContext(); ! loginLocal = (LoginLocal) ictx.lookup("tolven/LoginBean/local"); ! user = loginLocal.findUser(principalUserName); ! if (user == null) { ! System.out.println(getClass() + ": user == null "); ! return false; } } } catch (Exception ex) { ex.printStackTrace(); ! return false; } } --- 51,81 ---- System.out.println(getClass() + ": validatePassword"); boolean validated = super.validatePassword(inputPassword, expectedPassword); ! if (System.getProperty("tolven.security.keys.activate") != null) { ! Principal callerPrincipal = getIdentity(); ! String callerPrincipalUserName = null; ! if (callerPrincipal != null) ! callerPrincipalUserName = callerPrincipal.getName(); try { ! if (validated) { ! //TODO: Must be a real LDAP validated user logging in ! validated = validateLDAPUser(callerPrincipalUserName, inputPassword); ! System.out.println(getClass() + ": login " + callerPrincipalUserName + "=" + validated); ! } else { ! Subject callerSubject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (callerSubject == null) { ! //TODO: No Subject and it's not a tolvenLDAP user logging in, for now assume a register request until roles implemented ! validated = true; ! System.out.println(getClass() + ": login null Subject=" + validated); ! } else { ! //TODO: Could be one of our MDBs logging in...check the role ! validated = validateMDB(); ! System.out.println(getClass() + ": login MDB=" + validated); } + //TODO: Could be one of our MDBs logging in...check the role + System.out.println(getClass() + ": MDB validated=" + validated); } } catch (Exception ex) { ex.printStackTrace(); ! validated = false; } } *************** *** 72,75 **** --- 83,140 ---- } + private boolean validateLDAPUser(String callerPrincipalUserName, String inputPassword) { + try { + char[] password = null; + if (inputPassword != null) + password = inputPassword.toCharArray(); + passwordCredential = new PasswordCredential(callerPrincipalUserName, password); + InitialContext ictx = new InitialContext(); + loginLocal = (LoginLocal) ictx.lookup("tolven/LoginBean/local"); + user = loginLocal.findUser(callerPrincipalUserName); + if (user == null) { + // Password has validated at this point, so must be a real LDAPUser with no TolvenUser yet (sregisterd user) + user = new TolvenUser(); + user.setLdapUID(callerPrincipalUserName); + user.setStatus(Status.NEW_LOGIN.value()); + user.setLastLogin(null); // Last login is null, never logged in before this + //TODO: Where should I get the current time from (Calendar is not used much in this application)? + user.setCreation(Calendar.getInstance().getTime()); + userModified = true; + } + return true; + } catch (Exception ex) { + ex.printStackTrace(); + return false; + } + } + + private boolean validateMDB() { + try { + Subject callerSubject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); + if (callerSubject == null) { + System.out.println(getClass() + ": MDB Subject is null"); + } else { + Object obj = null; + for (java.util.Iterator iter = callerSubject.getPrincipals().iterator(); iter.hasNext();) { + obj = iter.next(); + if (obj instanceof java.security.acl.Group) { + Principal callerPrincipal = null; + for (java.util.Enumeration e = ((java.security.acl.Group) obj).members(); e.hasMoreElements();) { + callerPrincipal = (java.security.Principal) e.nextElement(); + //TODO: This role will become configurable when a separate loginmodule is created + if ("guest".equals(callerPrincipal.getName())) { + return true; + } + } + } + } + } + return false; + } catch (Exception ex) { + ex.printStackTrace(); + return false; + } + } + /** * If the superclass commits, then place the PasswordCredential, UserPrivateKey and PublicKey in the Subject *************** *** 80,99 **** if (committed && System.getProperty("tolven.security.keys.activate") != null) { try { ! boolean newKeys = !user.hasUserPrivateKey(); ! if (newKeys) { ! System.out.println(getClass() + ": initialize keys "); ! user.initUserPrivateKey(passwordCredential.getPassword()); ! } ! UserPrivateKey userPrivateKey = user.getUserPrivateKey(); ! System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + user.getLdapUID()); ! userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); ! subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding PublicKey to Subject " + user.getLdapUID()); ! subject.getPublicCredentials().add(user.getPublicKey()); ! System.out.println(getClass() + ": Adding PasswordCredential to Subject " + user.getLdapUID()); ! subject.getPrivateCredentials().add(passwordCredential); ! if (newKeys) { ! loginLocal.update(user); ! System.out.println(getClass() + ": persisted new keys user " + user.getLdapUID()); } } catch (Exception ex) { --- 145,170 ---- if (committed && System.getProperty("tolven.security.keys.activate") != null) { try { ! if (user == null) { ! //Must be an MDB ! System.out.println(getClass() + ": completing login for an MDB"); ! } else { ! if (!user.hasUserPrivateKey()) { ! System.out.println(getClass() + ": initialize keys "); ! user.initUserPrivateKey(passwordCredential.getPassword()); ! userModified = true; ! } ! UserPrivateKey userPrivateKey = user.getUserPrivateKey(); ! System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + user.getLdapUID()); ! userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); ! subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding PublicKey to Subject " + user.getLdapUID()); ! subject.getPublicCredentials().add(user.getPublicKey()); ! System.out.println(getClass() + ": Adding PasswordCredential to Subject " + user.getLdapUID()); ! subject.getPrivateCredentials().add(passwordCredential); ! if (userModified) { ! loginLocal.update(user); ! System.out.println(getClass() + ": persisted new keys user " + user.getLdapUID()); ! } ! System.out.println(getClass() + ": completing login for " + user.getLdapUID()); } } catch (Exception ex) { *************** *** 124,127 **** --- 195,199 ---- passwordCredential = null; user = null; + userModified = false; loginLocal = null; return aborted; |
|
From: Joseph I. <jos...@us...> - 2007-01-01 07:33:15
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25278/src/org/tolven/core/bean Modified Files: AccountDAOBean.java ActivationBean.java Log Message: When the new encryption code is activated, the KeyLdapLoginModule will create TolvenUsers and add the encryption keys they need. The LoginModule will also handle MDBs access to resources, as well as access from users who are not logged in. This LoginModule will eventually be broken up into separate LoginModules, possibly attached to different application policies. When deactivated, it mimics its superclass behavior i.e. LdapLoginModule. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** AccountDAOBean.java 25 Dec 2006 12:52:15 -0000 1.17 --- AccountDAOBean.java 1 Jan 2007 07:33:14 -0000 1.18 *************** *** 124,130 **** String activatingStatus = Status.fromValue("ACTIVATING").value(); String newStatus = Status.fromValue("new").value(); String select = "SELECT DISTINCT u FROM TolvenUser u WHERE u.ldapUID = :principal " + "and ( u.status = '"; ! select += oldActiveStatus + "' or u.status = '" + activeStatus + "' or u.status = '" + newStatus + "' or u.status = '" + activatingStatus + "') "; Query query = em.createQuery(select); query.setParameter("principal", principal.toLowerCase()); --- 124,131 ---- String activatingStatus = Status.fromValue("ACTIVATING").value(); String newStatus = Status.fromValue("new").value(); + String newLoginStatus = Status.fromValue("new_login").value(); String select = "SELECT DISTINCT u FROM TolvenUser u WHERE u.ldapUID = :principal " + "and ( u.status = '"; ! select += oldActiveStatus + "' or u.status = '" + activeStatus + "' or u.status = '" + newStatus + "' or u.status = '" + activatingStatus + "' or u.status = '" + newLoginStatus + "') "; Query query = em.createQuery(select); query.setParameter("principal", principal.toLowerCase()); Index: ActivationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/ActivationBean.java,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** ActivationBean.java 22 Dec 2006 05:26:42 -0000 1.25 --- ActivationBean.java 1 Jan 2007 07:33:14 -0000 1.26 *************** *** 116,120 **** if (!principal.equals(activate.getPrincipal())) return false; // OK, we're good to go. Create the user and mark the invitation as used ! TolvenUser user = createTolvenUser( principal, now ); user.setDemoUser(false); if (activate.getReferenceCode()!=null) { --- 116,123 ---- if (!principal.equals(activate.getPrincipal())) return false; // OK, we're good to go. Create the user and mark the invitation as used ! TolvenUser user = accountBean.findUser(principal); ! //TODO: If TolvenUser is found, the expected status is NEW_LOGIN. Should we check here, and if not what expected? ! if(user == null) ! user = createTolvenUser( principal, now ); user.setDemoUser(false); if (activate.getReferenceCode()!=null) { *************** *** 259,267 **** user.setOldLastLogin(user.getLastLogin()); user.setLastLogin( now ); // Now - current time. Update last login to now. - // TODO: Note that keys are not ready for release and creating them - // before they are tested could lead to problems for later - // migration. But if you know what you are doing and the DB is - // experimental, then developers are free to play by setting System - // property tolven.security.keys.activate } return user; --- 262,265 ---- |
|
From: Joseph I. <jos...@us...> - 2007-01-01 07:33:15
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25278/src/org/tolven/core/entity Modified Files: Status.java Log Message: When the new encryption code is activated, the KeyLdapLoginModule will create TolvenUsers and add the encryption keys they need. The LoginModule will also handle MDBs access to resources, as well as access from users who are not logged in. This LoginModule will eventually be broken up into separate LoginModules, possibly attached to different application policies. When deactivated, it mimics its superclass behavior i.e. LdapLoginModule. Index: Status.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/Status.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** Status.java 6 Nov 2006 07:41:24 -0000 1.1 --- Status.java 1 Jan 2007 07:33:14 -0000 1.2 *************** *** 1,4 **** --- 1,9 ---- package org.tolven.core.entity; + /** + * NEW_LOGIN is assigned with a LoginModule creates a valid user who previously did not exist + * @author John Churin + * + */ public enum Status { ACTIVE("active"), *************** *** 10,13 **** --- 15,19 ---- OLD_INACTIVE("INACTIVE"), NEW("new"), + NEW_LOGIN("new_login"), NULLIFIED("nullified"), OBSOLETE("obsolete"), |
|
From: Joseph I. <jos...@us...> - 2007-01-01 07:33:15
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25241/src/org/tolven/web Modified Files: TopAction.java Log Message: When the new encryption code is activated, the KeyLdapLoginModule will create TolvenUsers and add the encryption keys they need. The LoginModule will also handle MDBs access to resources, as well as access from users who are not logged in. This LoginModule will eventually be broken up into separate LoginModules, possibly attached to different application policies. When deactivated, it mimics its superclass behavior i.e. LdapLoginModule. Index: TopAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TopAction.java,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** TopAction.java 25 Dec 2006 01:43:28 -0000 1.25 --- TopAction.java 1 Jan 2007 07:33:09 -0000 1.26 *************** *** 34,37 **** --- 34,38 ---- import org.tolven.core.entity.AccountType; import org.tolven.core.entity.AccountUser; + import org.tolven.core.entity.Status; import org.tolven.core.entity.TolvenUser; import org.tolven.gen.CHRGenerator; *************** *** 162,166 **** // Get invitation id if any // If the user object is missing but we have an invitation, see if it might get the user all the way logged in. ! if (getUser()==null && getInvitationId()!=0) { // Since we have no user yet, we'll try executing an activation invitation (if it works) if (!activation.activate(getTp().getUid(), getInvitationId(), getNow())) { --- 163,167 ---- // Get invitation id if any // If the user object is missing but we have an invitation, see if it might get the user all the way logged in. ! if ((getUser()==null || Status.NEW_LOGIN.value().equalsIgnoreCase(getUser().getStatus())) && getInvitationId()!=0) { // Since we have no user yet, we'll try executing an activation invitation (if it works) if (!activation.activate(getTp().getUid(), getInvitationId(), getNow())) { |
|
From: Joseph I. <jos...@us...> - 2007-01-01 03:11:05
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv16900/src/org/tolven/doc/entity Modified Files: DocBase.java Log Message: Prevent a NullPointerException if the account associated with a Document is null. Index: DocBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocBase.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** DocBase.java 25 Dec 2006 11:30:27 -0000 1.9 --- DocBase.java 1 Jan 2007 03:11:03 -0000 1.10 *************** *** 243,247 **** private byte[] getEncryptedContent(byte[] content) { ! if (content == null) return content; try { --- 243,248 ---- private byte[] getEncryptedContent(byte[] content) { ! if (content == null || account == null) ! //TODO: Then presumably the content could not have been encrypted return content; try { |
|
From: John C. <jc...@us...> - 2006-12-30 06:20:57
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv8742/src/org/tolven/ccr Modified Files: DateTimeType.java Log Message: Rollback Index: DateTimeType.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr/DateTimeType.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** DateTimeType.java 28 Dec 2006 19:57:05 -0000 1.6 --- DateTimeType.java 30 Dec 2006 06:20:54 -0000 1.7 *************** *** 19,23 **** import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; - import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import org.tolven.ccr.DateTimeType.DateTimeRange; --- 19,22 ---- *************** *** 52,58 **** protected List<DateTimeRange> dateTimeRange; - @XmlTransient private transient SimpleDateFormat iso8601 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZZ"); - @XmlTransient private transient SimpleDateFormat iso8601d = new SimpleDateFormat("yyyy-MM-dd"); --- 51,55 ---- |
|
From: John C. <jc...@us...> - 2006-12-30 06:01:32
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv901/src/org/tolven/ccr Modified Files: CCRCodedDataObjectType.java Log Message: Rollback previous Index: CCRCodedDataObjectType.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr/CCRCodedDataObjectType.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** CCRCodedDataObjectType.java 28 Dec 2006 19:58:36 -0000 1.3 --- CCRCodedDataObjectType.java 30 Dec 2006 06:01:31 -0000 1.4 *************** *** 10,14 **** import java.util.ArrayList; - import java.util.Date; import java.util.List; import javax.xml.bind.annotation.XmlAccessType; --- 10,13 ---- *************** *** 117,200 **** /** - * Helper to set the object type - */ - public void setTypeText( String type ) { - org.tolven.ccr.CodedDescriptionType tt = ObjectFactory.getInstance().createCodedDescriptionType(); - tt.setText(type); - setType(tt); - - } - /** - * Helper to get the Object type - */ - public String getTypeText() { - org.tolven.ccr.CodedDescriptionType tt = getType(); - if (tt==null) return null; - return tt.getText(); - } - - /** - * This helper function returns only the DataTypeType with a specific type - * @return return the first or only DateType matching the specified type or null if not found - */ - public DateTimeType getDateTimeType(String type) { - for (DateTimeType dtt : getDateTime()) { - if (type.equals( dtt.getType().getText())) return dtt; - } - return null; - } - - /** - * Set the specified type of date time value. - * Duplicates (previos dates of this type) are eliminated. - */ - public void setDateTimeType( String type, Date date) { - while (removeDateTimeType( type )!=null); // Remove existing dates of that type. - DateTimeType dtt = ObjectFactory.getInstance().createDateTimeType(); - dtt.setDateValue(date); - CodedDescriptionType dateTimeTypeType = ObjectFactory.getInstance().createCodedDescriptionType(); - dateTimeTypeType.setText(type); - dtt.setType(dateTimeTypeType); - getDateTime().add(dtt); - } - - /** - * Remove the first instance of the specified DateTime or null if it doesn't exist. - * @param type - * @return the item removed - */ - public DateTimeType removeDateTimeType( String type) { - int x = 0; - for (DateTimeType dtt : getDateTime()) { - if (type.equals( dtt.getType().getText())) - { - getDateTime().remove(x); - return dtt; - } - } - return null; - - } - /** - * Helper to set the status text - * @param status - */ - public void setStatusText( String status ) { - org.tolven.ccr.CodedDescriptionType statusField = ObjectFactory.getInstance().createCodedDescriptionType(); - statusField.setText(status); - setStatus(statusField); - } - - /** - * Helper to get the status text - * - */ - public String getStatusText( ) { - org.tolven.ccr.CodedDescriptionType status = getStatus(); - if (status==null) return null; - return status.getText(); - } - - /** * Gets the value of the iDs property. * --- 116,119 ---- *************** *** 274,296 **** /** - * Helper method to get Description text - */ - public String getDescriptionText( ) { - org.tolven.ccr.CodedDescriptionType description = getDescription(); - if (description==null) return null; - return description.getText(); - } - - /** - * Helper method to set description text - */ - public void setDescriptionText( String description ) { - org.tolven.ccr.CodedDescriptionType descriptionField = ObjectFactory.getInstance().createCodedDescriptionType(); - descriptionField.setText(description); - setDescription(descriptionField); - - } - - /** * Gets the value of the status property. * --- 193,196 ---- |
|
From: John C. <jc...@us...> - 2006-12-28 19:58:37
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3777/src/org/tolven/ccr Modified Files: CCRCodedDataObjectType.java Log Message: Provide some helper methods Index: CCRCodedDataObjectType.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr/CCRCodedDataObjectType.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** CCRCodedDataObjectType.java 21 Jun 2006 02:29:54 -0000 1.2 --- CCRCodedDataObjectType.java 28 Dec 2006 19:58:36 -0000 1.3 *************** *** 10,13 **** --- 10,14 ---- import java.util.ArrayList; + import java.util.Date; import java.util.List; import javax.xml.bind.annotation.XmlAccessType; *************** *** 116,119 **** --- 117,200 ---- /** + * Helper to set the object type + */ + public void setTypeText( String type ) { + org.tolven.ccr.CodedDescriptionType tt = ObjectFactory.getInstance().createCodedDescriptionType(); + tt.setText(type); + setType(tt); + + } + /** + * Helper to get the Object type + */ + public String getTypeText() { + org.tolven.ccr.CodedDescriptionType tt = getType(); + if (tt==null) return null; + return tt.getText(); + } + + /** + * This helper function returns only the DataTypeType with a specific type + * @return return the first or only DateType matching the specified type or null if not found + */ + public DateTimeType getDateTimeType(String type) { + for (DateTimeType dtt : getDateTime()) { + if (type.equals( dtt.getType().getText())) return dtt; + } + return null; + } + + /** + * Set the specified type of date time value. + * Duplicates (previos dates of this type) are eliminated. + */ + public void setDateTimeType( String type, Date date) { + while (removeDateTimeType( type )!=null); // Remove existing dates of that type. + DateTimeType dtt = ObjectFactory.getInstance().createDateTimeType(); + dtt.setDateValue(date); + CodedDescriptionType dateTimeTypeType = ObjectFactory.getInstance().createCodedDescriptionType(); + dateTimeTypeType.setText(type); + dtt.setType(dateTimeTypeType); + getDateTime().add(dtt); + } + + /** + * Remove the first instance of the specified DateTime or null if it doesn't exist. + * @param type + * @return the item removed + */ + public DateTimeType removeDateTimeType( String type) { + int x = 0; + for (DateTimeType dtt : getDateTime()) { + if (type.equals( dtt.getType().getText())) + { + getDateTime().remove(x); + return dtt; + } + } + return null; + + } + /** + * Helper to set the status text + * @param status + */ + public void setStatusText( String status ) { + org.tolven.ccr.CodedDescriptionType statusField = ObjectFactory.getInstance().createCodedDescriptionType(); + statusField.setText(status); + setStatus(statusField); + } + + /** + * Helper to get the status text + * + */ + public String getStatusText( ) { + org.tolven.ccr.CodedDescriptionType status = getStatus(); + if (status==null) return null; + return status.getText(); + } + + /** * Gets the value of the iDs property. * *************** *** 193,196 **** --- 274,296 ---- /** + * Helper method to get Description text + */ + public String getDescriptionText( ) { + org.tolven.ccr.CodedDescriptionType description = getDescription(); + if (description==null) return null; + return description.getText(); + } + + /** + * Helper method to set description text + */ + public void setDescriptionText( String description ) { + org.tolven.ccr.CodedDescriptionType descriptionField = ObjectFactory.getInstance().createCodedDescriptionType(); + descriptionField.setText(description); + setDescription(descriptionField); + + } + + /** * Gets the value of the status property. * |
|
From: John C. <jc...@us...> - 2006-12-28 19:57:07
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv2950/src/org/tolven/ccr Modified Files: DateTimeType.java Log Message: ISO8601 date formats should be identified as transient Index: DateTimeType.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/ccr/DateTimeType.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** DateTimeType.java 4 Dec 2006 03:23:52 -0000 1.5 --- DateTimeType.java 28 Dec 2006 19:57:05 -0000 1.6 *************** *** 19,22 **** --- 19,23 ---- import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; + import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import org.tolven.ccr.DateTimeType.DateTimeRange; *************** *** 51,55 **** --- 52,58 ---- protected List<DateTimeRange> dateTimeRange; + @XmlTransient private transient SimpleDateFormat iso8601 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZZ"); + @XmlTransient private transient SimpleDateFormat iso8601d = new SimpleDateFormat("yyyy-MM-dd"); |
|
From: Joseph I. <jos...@us...> - 2006-12-25 12:52:20
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19115/web/WEB-INF Modified Files: web.xml Log Message: Had to valve back the introduction of SecurityDomain annotations to keep them from affecting the current code. So this represents another flag similar to the tolven.security.keys.activate flag Index: web.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/web.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** web.xml 22 Dec 2006 05:26:46 -0000 1.11 --- web.xml 25 Dec 2006 12:52:19 -0000 1.12 *************** *** 96,102 **** <servlet-class>org.tolven.ajax.AjaxServlet</servlet-class> <load-on-startup>5</load-on-startup> - <run-as> - <role-name>*</role-name> - </run-as> </servlet> <servlet-mapping> --- 96,99 ---- |
|
From: Joseph I. <jos...@us...> - 2006-12-25 12:52:18
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19075/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Had to valve back the introduction of SecurityDomain annotations to keep them from affecting the current code. So this represents another flag similar to the tolven.security.keys.activate flag Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** AccountDAOBean.java 25 Dec 2006 11:38:28 -0000 1.16 --- AccountDAOBean.java 25 Dec 2006 12:52:15 -0000 1.17 *************** *** 47,51 **** @Stateless() @Local(AccountDAOLocal.class) ! @SecurityDomain("tolvenLDAP") public class AccountDAOBean implements org.tolven.core.AccountDAOLocal { @PersistenceContext --- 47,51 ---- @Stateless() @Local(AccountDAOLocal.class) ! //@SecurityDomain("tolvenLDAP") public class AccountDAOBean implements org.tolven.core.AccountDAOLocal { @PersistenceContext |
3 messages has been excluded from this view by a project administrator.
