@Override public User authenticate(Credentials credentials) throws JasDBStorageException { return credentialsProvider.getUser(credentials.getUsername(), credentials.getSourceHost(), credentials.getPassword()); }
@Override public List<String> getUsers() throws JasDBStorageException { return userManager.getUsers(session); }
public SecureUserSession(UserSession userSession) { this.sessionId = userSession.getSessionId(); this.user = userSession.getUser(); this.encryptedContentKey = userSession.getEncryptedContentKey(); try { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); accessTokenHash = cryptoEngine.hash(sessionId, userSession.getAccessToken()); } catch(JasDBSecurityException e) { throw new RuntimeJasDBException("Unable to hash token", e); } }
@Override public User addUser(UserSession currentSession, String userName, String allowedHost, String password) throws JasDBStorageException { authorize(currentSession, "/Users", AccessMode.WRITE); User currentUser = currentSession.getUser(); CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String contentKey = cryptoEngine.decrypt(currentUser.getPasswordSalt(), currentSession.getAccessToken(), currentSession.getEncryptedContentKey()); return credentialsProvider.addUser(userName, allowedHost, contentKey, password); }
private EncryptedGrants encryptGrants(GrantObject grantObject, UserSession userSession) throws JasDBStorageException { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String contentKey = CryptoFactory.getEngine().decrypt(userSession.getUser().getPasswordSalt(), userSession.getAccessToken(), userSession.getEncryptedContentKey()); String salt = cryptoEngine.generateSalt(); String unencryptedData = SimpleEntity.toJson(GrantObjectMeta.toEntity(grantObject)); String encryptedData = cryptoEngine.encrypt(salt, contentKey, unencryptedData); return new EncryptedGrants(grantObject.getObjectName(), encryptedData, salt, cryptoEngine.getDescriptor()); }
@Override public UserSession startSession(Credentials credentials) throws JasDBStorageException { User user = userManager.authenticate(credentials); String sessionId = UUID.randomUUID().toString(); String token = UUID.randomUUID().toString(); CryptoEngine userEncryptionEngine = CryptoFactory.getEngine(user.getEncryptionEngine()); String encryptedContentKey = user.getEncryptedContentKey(); String contentKey = userEncryptionEngine.decrypt(user.getPasswordSalt(), credentials.getPassword(), encryptedContentKey); encryptedContentKey = userEncryptionEngine.encrypt(user.getPasswordSalt(), token, contentKey); UserSession session = new UserSessionImpl(sessionId, token, encryptedContentKey, user); userManager.authorize(session, "/", AccessMode.CONNECT); secureUserSessionMap.put(sessionId, new SecureUserSession(session)); return session; }
private void validateSession() throws JasDBStorageException { if(session == null || !sessionManager.sessionValid(session.getSessionId())) { throw new JasDBSecurityException("Unable to change security principals, not logged in or session expired"); } } }
/** * Creates a local DB session with credentials * @param credentials The credentials * @throws JasDBStorageException If unable to request the session */ public LocalDBSession(Credentials credentials) throws JasDBException { this(); SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class); userSession = sessionManager.startSession(credentials); }
@Override public void addUser(String username, String allowedHost, String password) throws JasDBStorageException { validateSession(); userManager.addUser(session, username, allowedHost, password); }
@Override public void deleteUser(String username) throws JasDBStorageException { validateSession(); userManager.deleteUser(session, username); }
@Override public void grant(String username, String object, AccessMode mode) throws JasDBStorageException { validateSession(); userManager.grantUser(session, object, username, mode); }
@Override public void revoke(String username, String object) throws JasDBStorageException { validateSession(); userManager.revoke(session, object, username); }
@Override public void deleteUser(UserSession session, String userName) throws JasDBStorageException { authorize(session, "/Users", AccessMode.WRITE); credentialsProvider.deleteUser(userName); }
@Override public List<String> getUsers(UserSession currentSession) throws JasDBStorageException { authorize(currentSession, "/Users", AccessMode.READ); return credentialsProvider.getUsers(); }
private RestEntity loadSpecificGrantObject(RequestContext context, String object) throws RestException { try { GrantObject grantObject = userManager.getGrantObject(context.getUserSession(), object); return GrantModelMapper.map(grantObject); } catch(JasDBStorageException e) { throw new RestException("Unable to load grant objects", e); } }
private GrantObject decrypt(UserSession session, EncryptedGrants encryptedGrants) throws JasDBStorageException { CryptoEngine contentCryptoEngine = CryptoFactory.getEngine(); String contentKey = contentCryptoEngine.decrypt(session.getUser().getPasswordSalt(), session.getAccessToken(), session.getEncryptedContentKey()); CryptoEngine cryptoEngine = CryptoFactory.getEngine(encryptedGrants.getEncryptionEngine()); String decryptedData = cryptoEngine.decrypt(encryptedGrants.getSalt(), contentKey, encryptedGrants.getEncryptedData()); return GrantObjectMeta.fromEntity(SimpleEntity.fromJson(decryptedData)); }
private RestEntity loadUserList(RequestContext context) throws RestException { try { List<String> userList = userManager.getUsers(context.getUserSession()); return new RestUserList(userList); } catch(JasDBStorageException e) { throw new RestException("Unable to load user list", e); } }
/** * Creates a local DB session bound to a specific instance with given credentials * @param instanceId The instance * @param credentials The credentials * @throws JasDBStorageException If unable to request the session */ public LocalDBSession(String instanceId, Credentials credentials) throws JasDBException { this(instanceId); SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class); userSession = sessionManager.startSession(credentials); }