@Override public UserSession startSession(Credentials credentials) throws JasDBStorageException { User user = userManager.authenticate(credentials); String sessionId = UUID.randomUUID().toString(); String token = UUID.randomUUID().toString(); CryptoEngine userEncryptionEngine = CryptoFactory.getEngine(user.getEncryptionEngine()); String encryptedContentKey = user.getEncryptedContentKey(); String contentKey = userEncryptionEngine.decrypt(user.getPasswordSalt(), credentials.getPassword(), encryptedContentKey); encryptedContentKey = userEncryptionEngine.encrypt(user.getPasswordSalt(), token, contentKey); UserSession session = new UserSessionImpl(sessionId, token, encryptedContentKey, user); userManager.authorize(session, "/", AccessMode.CONNECT); secureUserSessionMap.put(sessionId, new SecureUserSession(session)); return session; }
@Override public User getUser(String userName, String sourceHost, String password) throws JasDBStorageException { User user = userMetadataProvider.getUser(userName); LOG.debug("Expected host: {} actual: {}", user.getHost(), sourceHost); CryptoEngine cryptoEngine = CryptoFactory.getEngine(user.getEncryptionEngine()); if(user.getPasswordHash().equals(cryptoEngine.hash(user.getPasswordSalt(), password)) && (user.getHost().equals("*") || user.getHost().equals(sourceHost))) { LOG.debug("User: {} has been authenticated", user); return user; } else { throw new JasDBSecurityException("Could not authenticate, invalid credentials"); } }
@Override public User addUser(UserSession currentSession, String userName, String allowedHost, String password) throws JasDBStorageException { authorize(currentSession, "/Users", AccessMode.WRITE); User currentUser = currentSession.getUser(); CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String contentKey = cryptoEngine.decrypt(currentUser.getPasswordSalt(), currentSession.getAccessToken(), currentSession.getEncryptedContentKey()); return credentialsProvider.addUser(userName, allowedHost, contentKey, password); }
private GrantObject decrypt(UserSession session, EncryptedGrants encryptedGrants) throws JasDBStorageException { CryptoEngine contentCryptoEngine = CryptoFactory.getEngine(); String contentKey = contentCryptoEngine.decrypt(session.getUser().getPasswordSalt(), session.getAccessToken(), session.getEncryptedContentKey()); CryptoEngine cryptoEngine = CryptoFactory.getEngine(encryptedGrants.getEncryptionEngine()); String decryptedData = cryptoEngine.decrypt(encryptedGrants.getSalt(), contentKey, encryptedGrants.getEncryptedData()); return GrantObjectMeta.fromEntity(SimpleEntity.fromJson(decryptedData)); }
public static SimpleEntity toEntity(User user) { SimpleEntity entity = new SimpleEntity(); entity.addProperty(Constants.USER_NAME, user.getUsername()); entity.addProperty(Constants.HOST, user.getHost()); entity.addProperty(Constants.USER_CONTENT_KEY, user.getEncryptedContentKey()); entity.addProperty(Constants.SALT, user.getPasswordSalt()); entity.addProperty(Constants.USER_PASSWORD_HASH, user.getPasswordHash()); entity.addProperty(Constants.USER_ENGINE, user.getEncryptionEngine()); entity.addProperty(Constants.META_TYPE, UserMetadataProvider.USERMETA_TYPE); return entity; }
private EncryptedGrants encryptGrants(GrantObject grantObject, UserSession userSession) throws JasDBStorageException { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String contentKey = CryptoFactory.getEngine().decrypt(userSession.getUser().getPasswordSalt(), userSession.getAccessToken(), userSession.getEncryptedContentKey()); String salt = cryptoEngine.generateSalt(); String unencryptedData = SimpleEntity.toJson(GrantObjectMeta.toEntity(grantObject)); String encryptedData = cryptoEngine.encrypt(salt, contentKey, unencryptedData); return new EncryptedGrants(grantObject.getObjectName(), encryptedData, salt, cryptoEngine.getDescriptor()); }