package com.evolveum.midpoint.model.impl.security;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;
import com.evolveum.midpoint.model.api.context.NonceAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
@Component("nonceAuthenticationEvaluator")
public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<NonceType, NonceAuthenticationContext>{
@Override
protected void checkEnteredCredentials(ConnectionEnvironment connEnv,
NonceAuthenticationContext authCtx) {
if (StringUtils.isBlank(authCtx.getNonce())) {
recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
throw new BadCredentialsException("web.security.provider.password.encoding");
}
}
@Override
protected boolean suportsAuthzCheck() {
return false;
}
@Override
protected NonceType getCredential(CredentialsType credentials) {
return credentials.getNonce();
}
@Override
protected void validateCredentialNotNull(ConnectionEnvironment connEnv, MidPointPrincipal principal,
NonceType credential) {
if (credential.getValue() == null) {
recordAuthenticationFailure(principal, connEnv, "no stored password value");
throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
}
}
@Override
protected boolean passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal,
NonceType passwordType, NonceAuthenticationContext authCtx) {
return decryptAndMatch(connEnv, principal, passwordType.getValue(), authCtx.getNonce());
}
@Override
protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy,
NonceAuthenticationContext authnCtx) throws SchemaException {
NonceCredentialsPolicyType policy = authnCtx.getPolicy();
if (policy == null) {
policy = SecurityUtil.getEffectiveNonceCredentialsPolicy(securityPolicy);
}
return policy;
}
@Override
protected boolean supportsActivation() {
return false;
}
}