View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import org.apache.commons.lang3.StringUtils;
5   import org.apache.logging.log4j.LogManager;
6   import org.apache.logging.log4j.Logger;
7   
8   import java.io.File;
9   import java.net.Authenticator;
10  import java.net.PasswordAuthentication;
11  import java.util.prefs.Preferences;
12  
13  /**
14   * Manage authentication protocols Basic, Digest, NTLM and Kerberos.
15   * Java class Authenticator processes Basic, Digest and NTLM, library spnego
16   * processes kerberos.
17   */
18  public class AuthenticationUtil {
19      
20      /**
21       * Log4j logger sent to view.
22       */
23      private static final Logger LOGGER = LogManager.getRootLogger();
24      
25      /**
26       * True if standard authentication Basic, Digest, NTLM is activated.
27       */
28      private boolean isAuthentication = false;
29  
30      /**
31       * Login for standard authentication.
32       */
33      private String usernameAuthentication;
34  
35      /**
36       * Pass for standard authentication.
37       */
38      private String passwordAuthentication;
39      
40      /**
41       * True if kerberos authentication is activated.
42       */
43      private boolean isKerberos = false;
44  
45      /**
46       * Path to the kerberos file login.
47       */
48      private String pathKerberosLogin;
49  
50      /**
51       * Path to the kerberos file krb5.
52       */
53      private String pathKerberosKrb5;
54  
55      /**
56       * Get new authentication settings from the view, update the utility class,
57       * persist settings to the JVM and apply changes to the system.
58       * @param isAuthentication true if non-kerberos authentication is activated
59       * @param usernameAuthentication login for standard authentication
60       * @param passwordAuthentication pass for standard authentication
61       * @param isKerberos true if krb authentication is activated
62       * @param kerberosKrb5Conf path to the file krb5
63       * @param kerberosLoginConf path to the file login
64       */
65      public boolean set(
66          boolean isAuthentication,
67          String usernameAuthentication,
68          String passwordAuthentication,
69          boolean isKerberos,
70          String kerberosKrb5Conf,
71          String kerberosLoginConf
72      ) {
73          boolean isRestartRequired = this.initKerberos(isKerberos, kerberosKrb5Conf, kerberosLoginConf);
74          this.initSimpleAuthorization(isAuthentication, usernameAuthentication, passwordAuthentication);
75          this.setAuthentication();
76          return isRestartRequired;
77      }
78  
79      public void initSimpleAuthorization(boolean isAuthentication, String usernameAuthentication, String passwordAuthentication) {
80          var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
81          preferences.putBoolean("isAuthentication", isAuthentication);
82          preferences.put("usernameAuthentication", usernameAuthentication);
83          preferences.put("passwordAuthentication", passwordAuthentication);
84          // Define proxy settings
85          this.isAuthentication = isAuthentication;
86          this.usernameAuthentication = usernameAuthentication;
87          this.passwordAuthentication = passwordAuthentication;
88      }
89  
90      private boolean initKerberos(boolean isKerberos, String kerberosKrb5Conf, String kerberosLoginConf) {
91          // Persist to JVM
92          var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
93          
94          this.isKerberos = isKerberos;
95          this.pathKerberosKrb5 = kerberosKrb5Conf;
96          this.pathKerberosLogin = kerberosLoginConf;
97          
98          // Check if krb file has changed
99          boolean isRestartRequired = this.isKerberos
100             && !new File(this.pathKerberosKrb5).exists()
101             && !kerberosKrb5Conf.equals(this.pathKerberosKrb5);
102         
103         preferences.putBoolean("enableKerberos", this.isKerberos);
104         preferences.put("kerberosKrb5Conf", this.pathKerberosKrb5);
105         preferences.put("kerberosLoginConf", this.pathKerberosLogin);
106         
107         // Check krb integrity
108         if (this.isKerberos) {
109             // Fix #23877: NoClassDefFoundError on java/nio/file/Paths
110             if (!new File(this.pathKerberosKrb5).exists()) {
111                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Krb5 file not found: {}", this.pathKerberosKrb5);
112             }
113             if (!new File(this.pathKerberosLogin).exists()) {
114                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Login file not found: {}", this.pathKerberosLogin);
115             }
116         }
117         return isRestartRequired;
118     }
119     
120     /**
121      * Initialize the utility class with preferences from the JVM
122      * and apply environment settings.
123      */
124     public void setKerberosCifs() {
125         // Use Preferences API to persist proxy configuration
126         var preferences = Preferences.userRoot().node(InjectionModel.class.getName());
127 
128         // Default proxy disabled
129         this.isAuthentication = preferences.getBoolean("isAuthentication", false);
130 
131         // Default TOR config
132         this.usernameAuthentication = preferences.get("usernameAuthentication", StringUtils.EMPTY);
133         this.passwordAuthentication = preferences.get("passwordAuthentication", StringUtils.EMPTY);
134         
135         this.isKerberos = preferences.getBoolean("enableKerberos", false);
136         this.pathKerberosKrb5 = preferences.get("kerberosKrb5Conf", StringUtils.EMPTY);
137         this.pathKerberosLogin = preferences.get("kerberosLoginConf", StringUtils.EMPTY);
138         
139         this.setAuthentication();
140     }
141     
142     /**
143      * Apply kerberos authentication to the JVM.
144      */
145     public void setAuthentication() {
146         Authenticator.setDefault(null);
147         if (this.isAuthentication) {
148             Authenticator.setDefault(new Authenticator() {
149                 @Override
150                 protected PasswordAuthentication getPasswordAuthentication() {
151                     return new PasswordAuthentication (
152                         AuthenticationUtil.this.usernameAuthentication,
153                         AuthenticationUtil.this.passwordAuthentication.toCharArray()
154                     );
155                 }
156             });
157         } else {
158             Authenticator.setDefault(null);
159         }
160         if (this.isKerberos) {
161             System.setProperty("java.security.krb5.conf", this.pathKerberosKrb5);
162             System.setProperty("java.security.auth.login.config", this.pathKerberosLogin);
163             System.setProperty("spnego.krb5.conf", this.pathKerberosKrb5);
164             System.setProperty("spnego.login.conf", this.pathKerberosLogin);
165         } else {
166             System.setProperty("java.security.krb5.conf", StringUtils.EMPTY);
167             System.setProperty("java.security.auth.login.config", StringUtils.EMPTY);
168             System.setProperty("spnego.krb5.conf", StringUtils.EMPTY);
169             System.setProperty("spnego.login.conf", StringUtils.EMPTY);
170         }
171     }
172     
173     
174     // Getters and setters
175 
176     public boolean isAuthentEnabled() {
177         return this.isAuthentication;
178     }
179 
180     public String getPathKerberosLogin() {
181         return this.pathKerberosLogin;
182     }
183 
184     public String getPathKerberosKrb5() {
185         return this.pathKerberosKrb5;
186     }
187 
188     public boolean isKerberos() {
189         return this.isKerberos;
190     }
191 
192     public String getUsernameAuthentication() {
193         return this.usernameAuthentication;
194     }
195 
196     public String getPasswordAuthentication() {
197         return this.passwordAuthentication;
198     }
199     
200     
201     // Builder
202     
203     public AuthenticationUtil withAuthenticationEnabled() {
204         this.isAuthentication = true;
205         return this;
206     }
207     
208     public AuthenticationUtil withUsernameAuthentication(String usernameAuthentication) {
209         this.usernameAuthentication = usernameAuthentication;
210         return this;
211     }
212     
213     public AuthenticationUtil withPasswordAuthentication(String passwordAuthentication) {
214         this.passwordAuthentication = passwordAuthentication;
215         return this;
216     }
217 }