ExternalPWCallback.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.utils;

  23. import java.io.File;
  24. import java.io.FileInputStream;
  25. import java.io.IOException;
  26. import java.util.Date;
  27. import java.util.Iterator;
  28. import java.util.Properties;

  30. import javax.security.auth.callback.Callback;
  31. import javax.security.auth.callback.CallbackHandler;
  32. import javax.security.auth.callback.UnsupportedCallbackException;

  34. import org.apache.wss4j.common.ext.WSPasswordCallback;
  35. import org.openspcoop2.security.SecurityException;
  36. import org.openspcoop2.utils.date.DateManager;
  37. import org.openspcoop2.utils.properties.PropertiesReader;

  39. /**
  40.  * Gestore delle password dei certificati scambiati con wssecurity. Le password vengono mantenute in un file di proprietà
  41.  *  
  42.  * @author Andrea Poli (apoli@link.it)
  43.  * @author $Author$
  44.  * @version $Rev$, $Date$
  45.  */
  46. public class ExternalPWCallback
  47.     implements CallbackHandler
  48. {

  50.     public ExternalPWCallback()
  51.     {
  52.     }

  54.     @Override
  55.     public void handle(Callback[] callbacks) throws IOException,
  56.                UnsupportedCallbackException {
  57.         for(int i = 0; i < callbacks.length; i++)
  58.             if(callbacks[i] instanceof WSPasswordCallback)
  59.             {
  60.                 WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
  61.                 
  62.                 Properties pSource = null;
  63.                 try{
  64.                     pSource = getProperties();
  65.                 }catch(Exception e){
  66.                     throw new UnsupportedCallbackException(callbacks[i], "Identifier ["+pc.getIdentifier()+"], occurs error (read password from properties file): "+e.getMessage());
  67.                 }
  68.                 PropertiesReader pr = new PropertiesReader(pSource, true);
  69.                 Properties p = null;
  70.                 try{
  71.                     p = pr.readProperties_convertEnvProperties("user.",true);
  72.                 }catch(Exception e){
  73.                     throw new UnsupportedCallbackException(callbacks[i], "Identifier ["+pc.getIdentifier()+"], occurs error (read password from properties file): "+e.getMessage());
  74.                 }
  75.                 String key = pc.getIdentifier();
  76.                 if(p.containsKey(key)==false){
  77.                     
  78.                     // check se fosse con maiuscolo minuscolo
  79.                     if(p.size()>0){
  80.                         Iterator<?> it = p.keySet().iterator();
  81.                         while (it.hasNext()) {
  82.                             Object keyCheck = (Object) it.next();
  83.                             if(keyCheck instanceof String){
  84.                                 String tmp = (String) keyCheck;
  85.                                 if(tmp.toLowerCase().equals(key)){
  86.                                     key = tmp; // aggiorno la chiave
  87.                                 }
  88.                             }
  89.                         }
  90.                     }
  91.                     if(key==null){
  92.                         throw new UnsupportedCallbackException(callbacks[i], "Identifier ["+pc.getIdentifier()+"] unknown");
  93.                     }
  94.                 }
  95.                 String password = p.getProperty(key);
  96.                 pc.setPassword(password);
  97.                 
  98.             } else
  99.             {
  100.                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
  101.             }

  103.     }
  104.     
  105.     
  106.     private static String propertiesFilePath = "/etc/govway/wssPassword.properties";
  107.     private static Properties wssProperties = null;
  108.     
  109.     private static String wssRefreshProps = "refresh";
  110.     private static boolean wssRefresh = true; // default
  111.     private static Date wssRead = null;
  112.     private static int wssTime = 1*1000*60; // ogni minuti refresh
  113.     
  114.     public static synchronized void initialize() throws SecurityException{
  115.         initialize(propertiesFilePath);
  116.     }
  117.     public static synchronized void initialize(String path) throws SecurityException{
  118.         
  119.         propertiesFilePath = path; // aggiorno path nel caso mi venga inizializzato un path differente. Il path verrà utilizzato poi in presenza del file scaduto
  120.         
  121.         if(wssProperties==null || isScaduto()){
  122.             FileInputStream fin = null;
  123.             try{
  124.                 File f = new File(path);
  125.                 if(f.exists()==false){
  126.                     throw new SecurityException("File properties ["+path+"] doesn't exists");
  127.                 }
  128.                 if(f.canRead()==false){
  129.                     throw new SecurityException("File properties ["+path+"] cannot read");
  130.                 }
  131.                 fin = new FileInputStream(f);
  132.                 
  133.                 wssProperties = new Properties();
  134.                 wssProperties.load(fin);
  135.                 
  136.                 if(wssProperties.containsKey(wssRefreshProps)){
  137.                     String tmp = wssProperties.getProperty(wssRefreshProps);
  138.                     wssRefresh = "true".equalsIgnoreCase(tmp.trim());
  139.                 }
  140.                 
  141.                 if(wssRefresh){
  142.                     wssRead = DateManager.getDate(); // update date
  143.                 }
  144.             }
  145.             catch(SecurityException e){
  146.                 throw e;
  147.             }
  148.             catch(Exception e){
  149.                 throw new SecurityException("Errore durante la lettura del file properties ["+path+"]: "+e.getMessage(),e);
  150.             }
  151.             finally{
  152.                 try{
  153.                     if(fin!=null)
  154.                         fin.close();
  155.                 }catch(Exception eClose){
  156.                     // close
  157.                 }
  158.             }
  159.         }
  160.     } 
  161.     public static Properties getProperties() throws SecurityException{
  162.         if(wssProperties==null || isScaduto()){
  163.             initialize();
  164.         }
  165.         return wssProperties;
  166.     }
  167.     private static boolean isScaduto(){
  168.         boolean scaduto = false;
  169.         if(wssRefresh && wssRead!=null){
  170.             long read = wssRead.getTime();
  171.             Date now = DateManager.getDate();
  172.             long diff = now.getTime() - read;
  173.             if(diff > wssTime){
  174.                 scaduto = true;
  175.             }
  176.         }
  177.         return scaduto;
  178.     }

  180.     
  181. }
Created with JaCoCo 0.8.8.202204050719