Commit 757055d9 authored by frederic motte's avatar frederic motte
Browse files

encrypt service password

parent 8ccbbc8d
......@@ -56,6 +56,11 @@
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency> -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
......
......@@ -2,14 +2,20 @@ package eu.chorevolution.transformations.sfgenerator.impl;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider.Service;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
......@@ -26,6 +32,7 @@ import org.slf4j.LoggerFactory;
import eu.chorevolution.transformations.sfgenerator.SFGeneratorException;
import eu.chorevolution.transformations.sfgenerator.SFType;
import eu.chorevolution.transformations.sfgenerator.impl.utility.Encryptor;
import eu.chorevolution.transformations.sfgenerator.impl.utility.Utilities;
import eu.chorevolution.transformations.sfgenerator.impl.utility.XACMLGeneration;
import eu.chorevolution.transformations.sfgenerator.model.SF;
......@@ -141,7 +148,19 @@ public class SFGeneratorImpl implements SFGenerator {
{
if (lpAccount.getLogin()!=null && lpAccount.getPassword()!=null)
{
String service = "{\"servicename\":\""+serviceName + "\",\"serviceaccount\":\"" + lpAccount.getLogin()+ "\",\"credentialtype\":\"usernametoken\",\"credential\":\""+lpAccount.getPassword()+"\"}";
//TODO : remove hard coded value
Encryptor enc = new Encryptor("dsadsadasa4444");
String service;
try {
service = "{\"servicename\":\""+serviceName + "\",\"serviceaccount\":\"" + lpAccount.getLogin()+ "\",\"credentialtype\":\"usernametoken\",\"credential\":\""+enc.encode(lpAccount.getPassword())+"\"}";
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchPaddingException | IllegalBlockSizeException
| BadPaddingException | UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
throw new SFGeneratorException("Password encryption failed");
}
postService(sModel.getSecuritypolicyset().getDomainName(),serviceName, service, STSUrl);
}
}
......@@ -250,93 +269,93 @@ public class SFGeneratorImpl implements SFGenerator {
groups.add("group1");
groups.add("group5");
// {
// System.out.println("Generation of a SF in front of the choreography");
// String SFName = "testProtection";
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
//
// String domain = "domain2";
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", domain , groups);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
{
System.out.println("Generation of a SF in front of the choreography");
String SFName = "testProtection";
SFGenerator cdGenerator = new SFGeneratorImpl();
String domain = "domain2";
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", domain , groups);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
{
System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has provided an account to access it");
String SFName = "testGenAccountWithCred";
Path securityPath = Paths.get("SecModelGenAccountWithCred.security");
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
{
System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
String SFName = "testGenAccountWithoutCred";
Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
account.setLogin("root");
account.setPassword("password");
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
{
System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has required a nominative user account");
String SFName = "testUserAccount";
Path securityPath = Paths.get("SecModelUserAccount.security");
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
//
// {
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has provided an account to access it");
// String SFName = "testGenAccountWithCred";
// Path securityPath = Paths.get("SecModelGenAccountWithCred.security");
// System.out.println("Generation of a SF in front of a POI Service.");
// String SFName = "POISF";
// Path securityPath = Paths.get("POIService.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// SFGenerator cdGenerator = new SFGeneratorImpl();
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
//
// {
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
// String SFName = "testGenAccountWithoutCred";
// Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
// System.out.println("Generation of a SF in front of a Traffic Information Service.");
// String SFName = "TrafficInformationSF";
// Path securityPath = Paths.get("TrafficInformationService.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
// account.setLogin("root");
// account.setPassword("password");
//
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
//
// {
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has required a nominative user account");
// String SFName = "testUserAccount";
// Path securityPath = Paths.get("SecModelUserAccount.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
//
// {
// System.out.println("Generation of a SF in front of a POI Service.");
// String SFName = "POISF";
// Path securityPath = Paths.get("POIService.security");
// System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
// String SFName = "testGenAccountWithoutCred";
// Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
//
// SFGenerator cdGenerator = new SFGeneratorImpl();
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
//
// {
// System.out.println("Generation of a SF in front of a Traffic Information Service.");
// String SFName = "TrafficInformationSF";
// Path securityPath = Paths.get("TrafficInformationService.security");
// byte[] securityModel = Files.readAllBytes(securityPath);
// LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
// account.setLogin("root");
// account.setPassword("password");
// SFGenerator cdGenerator = new SFGeneratorImpl();
//
// SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
// FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
// }
{
System.out.println("Generation of a SF in front of a legacy Service. During the service definition, the service owner has not provided an account to access it. the account must be provided by the designer");
String SFName = "testGenAccountWithoutCred";
Path securityPath = Paths.get("SecModelGenAccountWithoutCred.security");
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
LoginPasswordConnectionAccount account = new LoginPasswordConnectionAccount();
account.setLogin("root");
account.setPassword("password");
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
}
......
package eu.chorevolution.transformations.sfgenerator.impl.utility;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
public class Encryptor {
private static String algo ="AES";
private SecretKeySpec keySpec = null;
public Encryptor(String secretKey) {
System.out.println("CREATE ENCRYPTOR WITH : " + secretKey);
String actualKey = secretKey;
if (actualKey.length() < 16) {
StringBuilder actualKeyPadding = new StringBuilder(actualKey);
for (int i = 0; i < 16 - actualKey.length(); i++) {
actualKeyPadding.append('0');
}
actualKey = actualKeyPadding.toString();
}
try {
keySpec = new SecretKeySpec(ArrayUtils.subarray(
actualKey.getBytes("UTF-8"), 0, 16), algo);
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public String encode(final String value) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{
String encodedValue = null;
if (value != null) {
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] envVal = cipher.doFinal(value.getBytes("UTF-8"));
encodedValue = Base64.getEncoder().encodeToString(envVal);
}
return encodedValue;
}
public String decode(final String encodedValue) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
System.out.println("encoded value " + encodedValue);
String value = null;
if (encodedValue != null){
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decodedValue = Base64.getDecoder().decode(encodedValue);
byte[] decVal = cipher.doFinal(decodedValue);
value = new String(decVal, "UTF-8");
}
return value;
}
public static void main(String[] args) {
String password = "password";
Encryptor encryptor = new Encryptor("skjajsjsjljkdsa6633");
try {
String encryptedText = encryptor.encode(password);
String decryptedText = encryptor.decode(encryptedText);
System.out.println("original " + password);
System.out.println("encrypted " + encryptedText);
System.out.println("decrypted " + decryptedText);
System.out.println(encryptor.decode("AEdnzs++tE4XgTQVE6csCw=="));
} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
| BadPaddingException | UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
......@@ -66,6 +66,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
<httpclient.version>4.5</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
</properties>
<dependencies>
......@@ -173,6 +174,11 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
<artifactId>authzforce-ce-core</artifactId>
<version>5.0.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
......
......@@ -78,18 +78,34 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Rule;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Target;
import org.springframework.util.ResourceUtils;
import com.google.gson.Gson;
import com.fasterxml.jackson.databind.ObjectMapper;
//import com.google.gson.Gson;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
public class UsernameTokenValidator implements Validator {
public static Object fromDBObject(Object dbObj, Class clazz) {
String json = dbObj.toString();
ObjectMapper om = new ObjectMapper();
try {
Object o = om.readValue(json, clazz);
logger.info("json output" + json);
return o;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
/**
* XACML policy filename used by default when no PDP configuration file found, i.e. no file named
* {@value #PDP_CONF_FILENAME} exists in the test directory
*/
public final static String POLICY_FILENAME = "policy.xml";
/**
* PDP Configuration file name
*/
......@@ -373,42 +389,46 @@ public class UsernameTokenValidator implements Validator {
private void checkAuthZ(String originUsername, String domain, String STSUrl, File xacmlConfigurationFile) throws WSSecurityException {
// TODO Auto-generated method stub
PDPImpl pdp;
PDPImpl pdp;
try {
Client client = Client.create();
WebResource webResource = client
.resource(STSUrl + "/resources/domains/" + domain + "/endusers/" + originUsername);
// webResource.path(domain).path("endusers").path(originUsername);
.resource(STSUrl + "/resources/domains/" + domain + "/endusers/" + originUsername);
// webResource.path(domain).path("endusers").path(originUsername);
logger.debug("call the REST URL : " + webResource.getURI() );
ClientResponse response = webResource.accept("application/json")
.get(ClientResponse.class);
.get(ClientResponse.class);
if (response.getStatus() != 200) {
throw new WSSecurityException("Unauthorized to access the service. No user information found");
}
}
String output = response.getEntity(String.class);
logger.debug("Output from Server .... \n");
logger.debug(output);
Gson gson = new Gson();
EndUser userRes = gson.fromJson(output, EndUser.class);
// System.out.println(userRes.getPassword());
// System.out.println(userRes.getUsername());
//Gson gson = new Gson();
ObjectMapper om = new ObjectMapper();
EndUser userRes = om.readValue(output, EndUser.class);
logger.info("json output" + output);
//EndUser userRes = gson.fromJson(output, EndUser.class);
// System.out.println(userRes.getPassword());
// System.out.println(userRes.getUsername());
pdp = PdpConfigurationParser.getPDP(xacmlConfigurationFile.getAbsolutePath(), XML_CATALOG_LOCATION, null);
MultiRequests multiRequests = null;
List<Attributes> attributes = new ArrayList<Attributes>();
List<Attribute> attributeList = new ArrayList<Attribute>();
Attributes a1 = new Attributes(null, attributeList, "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", null);
List<AttributeValueType> attributeValues = new ArrayList<AttributeValueType>();
Set<String> UserGroup = userRes.getGroups();
for (Iterator iterator = UserGroup.iterator(); iterator.hasNext();) {
......@@ -417,7 +437,7 @@ public class UsernameTokenValidator implements Validator {
AttributeValueType e = new AttributeValueType(content, "http://www.w3.org/2001/XMLSchema#string", Collections.emptyMap());
attributeValues.add(e);
}
Attribute attribute = new Attribute(attributeValues, "group", null, false);
attributeList.add(attribute);
......@@ -431,7 +451,7 @@ public class UsernameTokenValidator implements Validator {
jaxbMarshaller.marshal(r, System.out);
System.out.println(r.toString());
Response res = pdp.evaluate(r);
List<Result> result = res.getResults();
for (Iterator iterator = result.iterator(); iterator.hasNext();) {
Result result2 = (Result) iterator.next();
......@@ -439,7 +459,7 @@ public class UsernameTokenValidator implements Validator {
throw new WSSecurityException("Unauthorized to access the service");
}
}
JAXBContext context2 = JAXBContext.newInstance(Response.class);
Marshaller jaxbmarshaller2 = context2.createMarshaller();
jaxbmarshaller2.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment