001/*
002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 *
017 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
018 */
019
020package org.nuxeo.ecm.platform.ui.web.auth.portal;
021
022import java.security.MessageDigest;
023import java.security.NoSuchAlgorithmException;
024import java.util.Date;
025import java.util.List;
026import java.util.Map;
027
028import javax.servlet.http.HttpServletRequest;
029import javax.servlet.http.HttpServletResponse;
030
031import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
032import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
033
034import com.noelios.restlet.util.Base64;
035
036public class PortalAuthenticator implements NuxeoAuthenticationPlugin {
037
038    private static final String SECRET_KEY_NAME = "secret";
039
040    private static final String MAX_AGE_KEY_NAME = "maxAge";
041
042    private static final String TS_HEADER = "NX_TS";
043
044    private static final String RANDOM_HEADER = "NX_RD";
045
046    private static final String TOKEN_HEADER = "NX_TOKEN";
047
048    private static final String USER_HEADER = "NX_USER";
049
050    private static final String TOKEN_SEP = ":";
051
052    //
053    private String secret = "secret";
054
055    // one hour by default
056    private long maxAge = 60 * 60;
057
058    public List<String> getUnAuthenticatedURLPrefix() {
059        return null;
060    }
061
062    public Boolean handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL) {
063        return false;
064    }
065
066    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest,
067            HttpServletResponse httpResponse) {
068
069        String ts = httpRequest.getHeader(TS_HEADER);
070        String random = httpRequest.getHeader(RANDOM_HEADER);
071        String token = httpRequest.getHeader(TOKEN_HEADER);
072        String userName = httpRequest.getHeader(USER_HEADER);
073
074        if (userName == null || ts == null || random == null || token == null) {
075            return null;
076        }
077
078        if (validateToken(ts, random, token, userName)) {
079            return new UserIdentificationInfo(userName, userName);
080        } else {
081            return null;
082        }
083    }
084
085    public void initPlugin(Map<String, String> parameters) {
086        if (parameters.containsKey(SECRET_KEY_NAME)) {
087            secret = parameters.get(SECRET_KEY_NAME);
088        }
089        if (parameters.containsKey(MAX_AGE_KEY_NAME)) {
090            String maxAgeStr = parameters.get(MAX_AGE_KEY_NAME);
091            if (maxAgeStr != null && !maxAgeStr.equals("")) {
092                maxAge = Long.parseLong(maxAgeStr);
093            }
094        }
095    }
096
097    public Boolean needLoginPrompt(HttpServletRequest httpRequest) {
098        return false;
099    }
100
101    private Boolean validateToken(String ts, String random, String token, String userName) {
102        // reconstruct the token
103        String clearToken = ts + TOKEN_SEP + random + TOKEN_SEP + secret + TOKEN_SEP + userName;
104
105        byte[] hashedToken;
106        try {
107            hashedToken = MessageDigest.getInstance("MD5").digest(clearToken.getBytes());
108        } catch (NoSuchAlgorithmException e) {
109            return false;
110        }
111        String base64HashedToken = Base64.encodeBytes(hashedToken);
112
113        // check that tokens are the same => that we have the same shared key
114        if (!base64HashedToken.equals(token)) {
115            return false;
116        }
117
118        // check time stamp
119        long portalTS = Long.parseLong(ts);
120        long currentTS = (new Date()).getTime();
121
122        return (currentTS - portalTS) / 1000 <= maxAge;
123    }
124
125}