View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import org.apache.commons.lang3.StringUtils;
5   import org.apache.logging.log4j.LogManager;
6   import org.apache.logging.log4j.Logger;
7   
8   import java.io.File;
9   import java.net.Authenticator;
10  import java.net.PasswordAuthentication;
11  import java.util.prefs.Preferences;
12  
13  /**
14   * Manage authentication protocols Basic, Digest, NTLM and Kerberos.
15   * Java class Authenticator processes Basic, Digest and NTLM, library spnego
16   * processes kerberos.
17   */
18  public class AuthenticationUtil {
19      
20      /**
21       * Log4j logger sent to view.
22       */
23      private static final Logger LOGGER = LogManager.getRootLogger();
24      
25      /**
26       * True if standard authentication Basic, Digest, NTLM is activated.
27       */
28      private boolean isAuthentication = false;
29  
30      /**
31       * Login for standard authentication.
32       */
33      private String usernameAuthentication;
34  
35      /**
36       * Pass for standard authentication.
37       */
38      private String passwordAuthentication;
39      
40      /**
41       * True if kerberos authentication is activated.
42       */
43      private boolean isKerberos = false;
44  
45      /**
46       * Path to the kerberos file login.
47       */
48      private String pathKerberosLogin;
49  
50      /**
51       * Path to the kerberos file krb5.
52       */
53      private String pathKerberosKrb5;
54  
55      /**
56       * Get new authentication settings from the view, update the utility class,
57       * persist settings to the JVM and apply changes to the system.
58       * @param isAuthentication true if non-kerberos authentication is activated
59       * @param usernameAuthentication login for standard authentication
60       * @param passwordAuthentication pass for standard authentication
61       * @param isKerberos true if krb authentication is activated
62       * @param kerberosKrb5Conf path to the file krb5
63       * @param kerberosLoginConf path to the file login
64       */
65      public boolean set(
66          boolean isAuthentication,
67          String usernameAuthentication,
68          String passwordAuthentication,
69          boolean isKerberos,
70          String kerberosKrb5Conf,
71          String kerberosLoginConf
72      ) {
73  
74          boolean isRestartRequired = this.initializeKerberos(isKerberos, kerberosKrb5Conf, kerberosLoginConf);
75          
76          this.initializeSimpleAuthorization(isAuthentication, usernameAuthentication, passwordAuthentication);
77          
78          this.setAuthentication();
79          
80          return isRestartRequired;
81      }
82  
83      public void initializeSimpleAuthorization(boolean isAuthentication, String usernameAuthentication, String passwordAuthentication) {
84          
85          var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
86          
87          preferences.putBoolean("isAuthentication", isAuthentication);
88          preferences.put("usernameAuthentication", usernameAuthentication);
89          preferences.put("passwordAuthentication", passwordAuthentication);
90          
91          // Define proxy settings
92          this.isAuthentication = isAuthentication;
93          this.usernameAuthentication = usernameAuthentication;
94          this.passwordAuthentication = passwordAuthentication;
95      }
96  
97      private boolean initializeKerberos(boolean isKerberos, String kerberosKrb5Conf, String kerberosLoginConf) {
98          
99          // Persist to JVM
100         var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
101         
102         this.isKerberos = isKerberos;
103         this.pathKerberosKrb5 = kerberosKrb5Conf;
104         this.pathKerberosLogin = kerberosLoginConf;
105         
106         // Check if krb file has change
107         boolean isRestartRequired = this.isKerberos
108             && !new File(this.pathKerberosKrb5).exists()
109             && !kerberosKrb5Conf.equals(this.pathKerberosKrb5);
110         
111         preferences.putBoolean("enableKerberos", this.isKerberos);
112         preferences.put("kerberosKrb5Conf", this.pathKerberosKrb5);
113         preferences.put("kerberosLoginConf", this.pathKerberosLogin);
114         
115         // Check krb integrity
116         if (this.isKerberos) {
117             
118             // Fix #23877: NoClassDefFoundError on java/nio/file/Paths
119             if (!new File(this.pathKerberosKrb5).exists()) {
120                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Krb5 file not found: {}", this.pathKerberosKrb5);
121             }
122             
123             if (!new File(this.pathKerberosLogin).exists()) {
124                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Login file not found: {}", this.pathKerberosLogin);
125             }
126         }
127         
128         return isRestartRequired;
129     }
130     
131     /**
132      * Initialize the utility class with preferences from the JVM
133      * and apply environment settings.
134      */
135     public void setKerberosCifs() {
136         
137         // Use Preferences API to persist proxy configuration
138         var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
139 
140         // Default proxy disabled
141         this.isAuthentication = preferences.getBoolean("isAuthentication", false);
142 
143         // Default TOR config
144         this.usernameAuthentication = preferences.get("usernameAuthentication", StringUtils.EMPTY);
145         this.passwordAuthentication = preferences.get("passwordAuthentication", StringUtils.EMPTY);
146         
147         this.isKerberos = preferences.getBoolean("enableKerberos", false);
148         this.pathKerberosKrb5 = preferences.get("kerberosKrb5Conf", StringUtils.EMPTY);
149         this.pathKerberosLogin = preferences.get("kerberosLoginConf", StringUtils.EMPTY);
150         
151         this.setAuthentication();
152     }
153     
154     /**
155      * Apply kerberos authentication to the JVM.
156      */
157     public void setAuthentication() {
158         
159         Authenticator.setDefault(null);
160 
161         if (this.isAuthentication) {
162             Authenticator.setDefault(new Authenticator() {
163                 @Override
164                 protected PasswordAuthentication getPasswordAuthentication() {
165                     return new PasswordAuthentication (
166                         AuthenticationUtil.this.usernameAuthentication,
167                         AuthenticationUtil.this.passwordAuthentication.toCharArray()
168                     );
169                 }
170             });
171         } else {
172             Authenticator.setDefault(null);
173         }
174         
175         if (this.isKerberos) {
176             
177             System.setProperty("java.security.krb5.conf", this.pathKerberosKrb5);
178             System.setProperty("java.security.auth.login.config", this.pathKerberosLogin);
179             System.setProperty("spnego.krb5.conf", this.pathKerberosKrb5);
180             System.setProperty("spnego.login.conf", this.pathKerberosLogin);
181             
182         } else {
183             
184             System.setProperty("java.security.krb5.conf", StringUtils.EMPTY);
185             System.setProperty("java.security.auth.login.config", StringUtils.EMPTY);
186             System.setProperty("spnego.krb5.conf", StringUtils.EMPTY);
187             System.setProperty("spnego.login.conf", StringUtils.EMPTY);
188         }
189     }
190     
191     
192     // Getters and setters
193 
194     public boolean isAuthentEnabled() {
195         return this.isAuthentication;
196     }
197 
198     public String getPathKerberosLogin() {
199         return this.pathKerberosLogin;
200     }
201 
202     public String getPathKerberosKrb5() {
203         return this.pathKerberosKrb5;
204     }
205 
206     public boolean isKerberos() {
207         return this.isKerberos;
208     }
209 
210     public String getUsernameAuthentication() {
211         return this.usernameAuthentication;
212     }
213 
214     public String getPasswordAuthentication() {
215         return this.passwordAuthentication;
216     }
217     
218     
219     // Builder
220     
221     public AuthenticationUtil withAuthenticationEnabled() {
222         this.isAuthentication = true;
223         return this;
224     }
225     
226     public AuthenticationUtil withUsernameAuthentication(String usernameAuthentication) {
227         this.usernameAuthentication = usernameAuthentication;
228         return this;
229     }
230     
231     public AuthenticationUtil withPasswordAuthentication(String passwordAuthentication) {
232         this.passwordAuthentication = passwordAuthentication;
233         return this;
234     }
235 }