Metacat

 *      <user dn="uid=tao,o=NCEAS,dc=ecoinformatics,dc=org">

 *          <email>foo@foo.com</email>

 *          <surName>Smith</surName>

 *          <givenName>John</givenName>

 *    <group name="nceas-dev">

 *        <description>developers at NCEAS</description>

 *    </group>

    private static final String DN = "dn";

    private static final String EMAIL = "email";

    private static final String SURNAME = "surName";

    private static final String GIVENNAME = "givenName";

    private static XMLConfiguration userpassword = null;

    private static AuthFileHashInterface hashClass = null;

    private void init() throws PropertyNotFoundException, IOException, ConfigurationException, ClassNotFoundException, InstantiationException, IllegalAccessException {

        authURI = SystemUtil.getContextURL();

        String hashClassName = PropertyService.getProperty("auth.file.hashClassName");

        Class classDefinition = Class.forName(hashClassName);

        Object object = classDefinition.newInstance();

        hashClass = (AuthFileHashInterface) object;

        boolean match = false;

        String passwordRecord = userpassword.getString(USERS+SLASH+USER+"["+AT+DN+"='"+user+"']"+SLASH+PASSWORD);

                match = hashClass.match(password, passwordRecord);

                throw new AuthenticationException(e.getMessage());

        return match;

        List<Object> users = userpassword.getList(USERS+SLASH+USER+SLASH+AT+DN);

        List<Object> users = userpassword.getList(USERS+SLASH+USER+"["+GROUP+"='"+group+"']"+SLASH+AT+DN);

        List<Object> groups = userpassword.getList(USERS+SLASH+USER+"["+AT+DN+"='"+foruser+"']"+SLASH+GROUP);

    public void addUser(String dn, String[] groups, String plainPass, String hashedPass, String email, String surName, String givenName) throws AuthenticationException{

       User user = new User();

       user.setDN(dn);

       user.setGroups(groups);

       user.setEmail(email);

       user.setSurName(surName);

       user.setGivenName(givenName);

       user.serialize();

     * Change the password of the user to the new one which is hashed

     * @param usrName the specified user.   

     * @param newPassword the new password which will be set

    public void modifyPassWithHash(String userName, String newHashPassword) throws AuthenticationException {

       User user = new User();

       user.setDN(userName);

       user.modifyHashPass(newHashPassword);

     * Change the password of the user to the new one which is plain. However, only the hashed version will be serialized.

    public void modifyPassWithPlain(String userName, String newPlainPassword) throws AuthenticationException {

        User user = new User();

        user.setDN(userName);

        user.modifyPlainPass(newPlainPassword);

        User user = new User();

        user.setDN(userName);

        user.addToGroup(group);

        User user = new User();

        user.setDN(userName);

        user.removeFromGroup(group);

    private synchronized boolean userExists(String userName) throws AuthenticationException{

        List<Object> users = userpassword.getList(USERS+SLASH+USER+SLASH+AT+DN);

    private synchronized boolean groupExists(String groupName) throws AuthenticationException{

     * Encrypt a plain text

    private static String encrypt(String plain)  {

      return hashClass.hash(plain);

     * An class represents the information for a user. 

    private class User {

        private String dn = null;//the distinguish name

        private String plainPass = null;

        private String hashedPass = null;

        private String email = null;

        private String surName = null;

        private String givenName = null;

        private String cn = null;//the common name

        private String[] groups = null;

        /**

         * Get the distinguish name of the user

         * @return the distinguish name 

         */

        public String getDN() {

            return this.dn;

        }

        /**

         * Set the distinguish name for the user

         * @param dn the specified dn

         */

        public void setDN(String dn) {

            this.dn = dn;

        }

        /**

         * Get the plain password for the user. This value will NOT be serialized to

         * the password file

         * @return the plain password for the user

         */

        public String getPlainPass() {

            return plainPass;

        }

        /**

         * Set the plain password for the user.

         * @param plainPass the plain password will be set.

         */

        public void setPlainPass(String plainPass) {

            this.plainPass = plainPass;

        }

        /**

         * Get the hashed password of the user

         * @return the hashed password of the user

         */

        public String getHashedPass() {

            return hashedPass;

        }

        /**

         * Set the hashed the password for the user.

         * @param hashedPass the hashed password will be set.

         */

        public void setHashedPass(String hashedPass) {

            this.hashedPass = hashedPass;

        }

        /**

         * Get the email of the user

         * @return the email of the user

         */

        public String getEmail() {

            return email;

        }

        /**

         * Set the email address for the user

         * @param email the eamil address will be set

         */

        public void setEmail(String email) {

            this.email = email;

        }

        /**

         * Get the surname of the user

         * @return the surname of the user

         */

        public String getSurName() {

            return surName;

        }

        /**

         * Set the surname of the user

         * @param surName

         */

        public void setSurName(String surName) {

            this.surName = surName;

        }

        /**

         * Get the given name of the user

         * @return the given name of the user

         */

        public String getGivenName() {

            return givenName;

        }

        /**

         * Set the GivenName of the user

         * @param givenName

         */

        public void setGivenName(String givenName) {

            this.givenName = givenName;

        }

        /**

         * Get the common name of the user. If the cn is null, the GivenName +SurName will

         * be returned

         * @return the common name

         */

        public String getCn() {

            if(cn != null) {

                return cn;

            } else {

                if (givenName != null && surName != null) {

                    return givenName+" "+surName;

                } else if (givenName != null) {

                    return givenName;

                } else if (surName != null ) {

                    return surName;

                } else {

                    return null;

                }

        }

        /**

         * Set the common name for the user

         * @param cn

         */

        public void setCn(String cn) {

            this.cn = cn;

        }

        /**

         * Get the groups of the user belong to

         * @return

         */

        public String[] getGroups() {

            return groups;

        }

        /**

         * Set the groups of the user belong to

         * @param groups

         */

        public void setGroups(String[] groups) {

            this.groups = groups;

        }

        /**

         * Add the user to a group and serialize the change to the password file.

         * @param group the group which the user will join

         * @throws AuthenticationException 

         */

        public void addToGroup(String group) throws AuthenticationException {

            if(group == null || group.trim().equals("")) {

                throw new IllegalArgumentException("AuthFile.User.addGroup - the group can't be null or blank");

            if(!userExists(dn)) {

                throw new AuthenticationException("AuthFile.addUserToGroup - the user "+dn+ " doesn't exist.");

            if(!groupExists(group)) {

                throw new AuthenticationException("AuthFile.addUserToGroup - the group "+group+ " doesn't exist.");

            }

            List<Object> existingGroups = userpassword.getList(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+SLASH+GROUP);

            if(existingGroups != null && existingGroups.contains(group)) {

                throw new AuthenticationException("AuthFile.addUserToGroup - the user "+dn+ " already is the memember of the group "+group);

            }

            userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+GROUP, group);

            //add information to the memory

            if(groups == null) {

                if(existingGroups == null || existingGroups.isEmpty()) {

                    groups = new String[1];

                    groups[0] = group;

                } else {

                    groups = new String[existingGroups.size()+1];

                    for(int i=0; i<existingGroups.size(); i++) {

                        groups[i] = (String)existingGroups.get(i);

                    }

                    groups[existingGroups.size()] = group;

            } else {

                String[] oldGroups = groups;

                groups = new String[oldGroups.length+1];

                for(int i=0; i<oldGroups.length; i++) {

                    groups[i]= oldGroups[i];

                }

                groups[oldGroups.length] = group;

        /**

         * Remove the user from a group and serialize the change to the password file

         * @param group

         * @throws AuthenticationException

         */

        public void removeFromGroup(String group) throws AuthenticationException {

            if(!userExists(dn)) {

                throw new AuthenticationException("AuthFile.removeUserFromGroup - the user "+dn+ " doesn't exist.");

            }

            if(!groupExists(group)) {

                throw new AuthenticationException("AuthFile.removeUserFromGroup - the group "+group+ " doesn't exist.");

            }

            String key = USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+SLASH+GROUP;

            List<Object> existingGroups = userpassword.getList(key);

            if(!existingGroups.contains(group)) {

                throw new AuthenticationException("AuthFile.removeUserFromGroup - the user "+dn+ " isn't the memember of the group "+group);

            } else {

                userpassword.clearProperty(key+"[.='"+group+"']");

            }

            //change the value in the memory.

            if(groups != null) {

                boolean contains = false;

                for(int i=0; i<groups.length; i++) {

                    if(groups[i].equals(group)) {

                        contains = true;

                        break;

                    }

                }

                String[] newGroups = new String[groups.length-1];

                int k =0;

                for(int i=0; i<groups.length; i++) {

                    if(!groups[i].equals(group)) {

                       newGroups[k] = groups[i];

                       k++;

                    }

                }

                groups = newGroups;

            }

        /**

         * Modify the hash password and serialize it to the password file

         * @param hashPass

         * @throws AuthenticationException

         */

        public void modifyHashPass(String hashPass) throws AuthenticationException {

            if(hashPass == null || hashPass.trim().equals("")) {

                throw new AuthenticationException("AuthFile.User.modifyHashPass - can't change the password to the null or blank.");

            }

            if(!userExists(dn)) {

                throw new AuthenticationException("AuthFile.modifyHashPass - can't change the password for the user "+dn+" since it doesn't eixt.");

            }

            userpassword.setProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+SLASH+PASSWORD, hashPass);

            setHashedPass(hashPass);

        }

        /**

         * Modify the plain password and serialize its hash version to the password file

         * @param plainPass

         * @throws AuthenticationException 

         */

        public void modifyPlainPass(String plainPass) throws AuthenticationException {

            if(plainPass == null || plainPass.trim().equals("")) {

                throw new AuthenticationException("AuthFile.User.modifyPlainPass - can't change the password to the null or blank.");

            }

            if(!userExists(dn)) {

                throw new AuthenticationException("AuthFile.modifyPlainPass - can't change the password for the user "+dn+" since it doesn't eixt.");

            }

            String hashPassword = null;

            try {

                hashPassword = encrypt(plainPass);

            } catch (Exception e) {

                throw new AuthenticationException("AuthFile.addUser - can't encript the password since "+e.getMessage());

            }

            userpassword.setProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+SLASH+PASSWORD, hashPassword);

            setPlainPass(plainPass);

        }

        /**

         * Add the user to the password file. 

         */

        public void serialize() throws AuthenticationException {

            if(dn == null || dn.trim().equals("")) {

                throw new AuthenticationException("AuthFile.addUser - can't add a user whose name is null or blank.");

            }

            if(hashedPass == null || hashedPass.trim().equals("")) {

                if(plainPass == null || plainPass.trim().equals("")) {

                    throw new AuthenticationException("AuthFile.addUser - can't add a user whose password is null or blank.");

                } else {

                    try {

                        hashedPass = encrypt(plainPass);

                    } catch (Exception e) {

                        throw new AuthenticationException("AuthFile.addUser - can't encript the password since "+e.getMessage());

                    }

                }

            }

            if(!userExists(dn)) {

                if(userpassword != null) {

                  userpassword.addProperty(USERS+" "+USER+AT+DN, dn);

                  userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+PASSWORD, hashedPass);

                  if(email != null && !email.trim().equals("")) {

                      userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+EMAIL, email);

                  }

                  if(surName != null && !surName.trim().equals("")) {

                      userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+SURNAME, surName);

                  }

                  if(givenName != null && !givenName.trim().equals("")) {

                      userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+GIVENNAME, givenName);

                  }

                  if(groups != null) {

                      for(int i=0; i<groups.length; i++) {

                          String group = groups[i];

                          if(group != null && !group.trim().equals("")) {

                              if(groupExists(group)) {

                                  userpassword.addProperty(USERS+SLASH+USER+"["+AT+DN+"='"+dn+"']"+" "+GROUP, group);

                              }

                          }

                      }

                  }

                  //userpassword.reload();

                 }

            } else {

                throw new AuthenticationException("AuthFile.addUser - can't add the user "+dn+" since it already exists.");

            }

        }

/**

 *  '$RCSfile$'

 *  Copyright: 2013 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

package edu.ucsb.nceas.metacat.authentication;

/**

 * This an interface for different hash algorithms using to protect users' password

 * in the username/password file 

 * @author tao

 *

 */

public interface AuthFileHashInterface {

    /**

     * Check if the plain password matches the hashed password. Return true if they match;

     * false otherwise.

     * @param plain  the plain password

     * @param hashed  the hashed password

     * @return true if they match

     * @throws Exception

     */

    public boolean match(String plain, String hashed) throws Exception;

    /**

     * Generate the hash value for a specified plaint password

     * @param plain  the plain password

     * @return the hash value of the password

     */

    public String hash(String plain);

}

/**

 *  '$RCSfile$'

 *  Copyright: 2013 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

package edu.ucsb.nceas.metacat.authentication;

import org.mindrot.jbcrypt.BCrypt;

/**

 * A class to use the BCryptHash algorithm to generate the hash. This is a recommended way

 * to protect password.

 * @author tao

 *

 */

public class AuthFileBCryptHash implements AuthFileHashInterface {

    /**

     * Default Constructor

     */

    public AuthFileBCryptHash() {

    }

    @Override

    public boolean match(String plain, String hashed) throws Exception {

        if(plain == null || plain.trim().equals("")) {

            throw new IllegalArgumentException("AuthFileBrryptHash.match - the password parameter can't be null or blank");   

        }

        if(hashed == null || hashed.trim().equals("")) {

            throw new IllegalArgumentException("AuthFileBrryptHash.match - the hashed value of password parameter can't be null or blank");

        }

        return BCrypt.checkpw(plain, hashed);

    }

    @Override

    public String hash(String plain) {

        if(plain == null || plain.trim().equals("")) {

            throw new IllegalArgumentException("AuthFileBrryptHash.hash - the password parameter can't be null or blank");   

        }

        return BCrypt.hashpw(plain, BCrypt.gensalt());

    }

}