package io.undertow.security.impl;
import io.undertow.UndertowMessages;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMechanismFactory;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.Cookie;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.util.HttpString;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import static io.undertow.security.api.AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
import static io.undertow.security.api.AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
import static io.undertow.security.api.AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
public class implements AuthenticationMechanism {
public static final AuthenticationMechanismFactory = new Factory();
public static final String = "GENERIC_HEADER";
public static final String = "identity-header";
public static final String = "session-header";
private final String ;
private final List<HttpString> ;
private final List<String> ;
private final IdentityManager ;
public (String mechanismName, List<HttpString> identityHeaders, List<String> sessionCookieNames, IdentityManager identityManager) {
this.mechanismName = mechanismName;
this.identityHeaders = identityHeaders;
this.sessionCookieNames = sessionCookieNames;
this.identityManager = identityManager;
}
@Override
public AuthenticationMechanismOutcome (HttpServerExchange exchange, SecurityContext securityContext) {
String principal = getPrincipal(exchange);
if(principal == null) {
return NOT_ATTEMPTED;
}
String session = getSession(exchange);
if(session == null) {
return NOT_ATTEMPTED;
}
Account account = identityManager.verify(principal, new PasswordCredential(session.toCharArray()));
if(account == null) {
securityContext.authenticationFailed(UndertowMessages.MESSAGES.authenticationFailed(principal), mechanismName);
return NOT_AUTHENTICATED;
}
securityContext.authenticationComplete(account, mechanismName, false);
return AUTHENTICATED;
}
private String (HttpServerExchange exchange) {
for(String header : sessionCookieNames) {
Cookie cookie = exchange.getRequestCookies().get(header);
if(cookie != null) {
return cookie.getValue();
}
}
return null;
}
private String (HttpServerExchange exchange) {
for(HttpString header : identityHeaders) {
String res = exchange.getRequestHeaders().getFirst(header);
if(res != null) {
return res;
}
}
return null;
}
@Override
public ChallengeResult (HttpServerExchange exchange, SecurityContext securityContext) {
return ChallengeResult.NOT_SENT;
}
public static class implements AuthenticationMechanismFactory {
@Deprecated
public (IdentityManager identityManager) {
}
public () {
}
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
String identity = properties.get(IDENTITY_HEADER);
if(identity == null) {
throw UndertowMessages.MESSAGES.authenticationPropertyNotSet(mechanismName, IDENTITY_HEADER);
}
String session = properties.get(SESSION_HEADER);
if(session == null) {
throw UndertowMessages.MESSAGES.authenticationPropertyNotSet(mechanismName, SESSION_HEADER);
}
List<HttpString> ids = new ArrayList<>();
for(String s : identity.split(",")) {
ids.add(new HttpString(s));
}
List<String> sessions = new ArrayList<>();
for(String s : session.split(",")) {
sessions.add(s);
}
return new GenericHeaderAuthenticationMechanism(mechanismName, ids, sessions, identityManager);
}
}
}