[jboss-cvs] JBossAS SVN: r74926 - projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype.

Mon Jun 23 18:35:39 EDT 2008

Author: darran.lofthouse at jboss.com
Date: 2008-06-23 18:35:39 -0400 (Mon, 23 Jun 2008)
New Revision: 74926

Added:
   projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java
Log:
Borrow existing login module.

Copied: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java (from rev 74925, projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java)
===================================================================

--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java	                        (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java	2008-06-23 22:35:39 UTC (rev 74926)
@@ -0,0 +1,110 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.auth.spi;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.crypto.Cipher;
+import javax.management.ObjectName;
+
+import org.jboss.security.config.SecurityConfiguration;
+
+/**
+ * PriviledgedActions used by login modules for decoding passwords
+ * 
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+class DecodeAction implements PrivilegedExceptionAction<Object>
+{
+   /** The permission required to access decode, decode64 */
+   private static final RuntimePermission decodePermission =
+      new RuntimePermission("org.jboss.security.auth.spi.DecodeAction.decode"); 
+   
+   String password;
+   ObjectName serviceName;
+
+   DecodeAction(String password, ObjectName serviceName)
+   {
+      this.password = password;
+      this.serviceName = serviceName;
+   }
+
+   /**
+    * 
+    * @return
+    * @throws Exception
+    */
+   public Object run() throws Exception
+   {  
+      // Invoke the decodeb64 op
+      byte[] secret = decode64(password);
+      // Convert to UTF-8 base char array
+      String secretPassword = new String(secret, "UTF-8");
+      return secretPassword.toCharArray();
+   }
+   
+   private byte[] decode64(String secret)
+   throws Exception
+   {
+     byte[] encoding = Util.fromb64(secret);
+     byte[] decode = decode(encoding);
+     return decode;
+   }
+   
+   /** Decrypt the secret using the cipherKey.
+   *
+   * @param secret - the encrypted secret to decrypt.
+   * @return the decrypted secret
+   * @throws Exception
+   */
+  private byte[] decode(byte[] secret)
+     throws Exception
+  {
+     SecurityManager sm = System.getSecurityManager();
+     if( sm != null )
+        sm.checkPermission(decodePermission);
+
+     Cipher cipher = Cipher.getInstance(SecurityConfiguration.getCipherAlgorithm());
+     cipher.init(Cipher.DECRYPT_MODE, SecurityConfiguration.getCipherKey(), 
+           SecurityConfiguration.getCipherSpec());
+     byte[] decode = cipher.doFinal(secret);
+     return decode;
+  }
+  
+   static char[] decode(String password, ObjectName serviceName)
+      throws Exception
+   {
+      DecodeAction action = new DecodeAction(password, serviceName);
+      try
+      {
+         char[] decode = (char[]) AccessController.doPrivileged(action);
+         return decode;
+      }
+      catch(PrivilegedActionException e)
+      {
+         throw e.getException();
+      }
+   }
+}


