PasswordVerifier.java

/*******************************************************************************
 * Copyright (c) 2008-2015 Chair for Applied Software Engineering,
 * Technische Universitaet Muenchen.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 * Otto von Wesendonk - initial API and implementation
 * Edgar Mueller - refactorings
 ******************************************************************************/
package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;

import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.exceptions.ClientVersionOutOfDateException;
import org.eclipse.emf.emfstore.internal.server.exceptions.ServerKeyStoreException;
import org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation;
import org.eclipse.emf.emfstore.internal.server.model.ModelFactory;
import org.eclipse.emf.emfstore.server.auth.ESUserVerifier;
import org.eclipse.emf.emfstore.server.model.ESClientVersionInfo;

/**
 * Abstract class for authentication.
 *
 * @author wesendonk
 */
public abstract class PasswordVerifier implements ESUserVerifier {

	private final String superuser;
	private final String superuserpw;

	/**
	 * Default constructor.
	 */
	public PasswordVerifier() {
		superuser = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER,
			ServerConfiguration.SUPER_USER_DEFAULT);
		superuserpw = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER_PASSWORD,
			ServerConfiguration.SUPER_USER_PASSWORD_DEFAULT);
	}

	/**
	 * Creates a new {@link AuthenticationInformation} with a session ID set.
	 *
	 * @return a new instance of an {@link AuthenticationInformation} with an already
	 *         set session ID
	 */
	protected AuthenticationInformation createAuthenticationInfo() {
		final AuthenticationInformation authenticationInformation = ModelFactory.eINSTANCE
			.createAuthenticationInformation();
		authenticationInformation.setSessionId(ModelFactory.eINSTANCE.createSessionId());
		return authenticationInformation;
	}

	/**
	 * Prepares password before it is used for authentication. Normally this includes decrypting the password
	 *
	 * @param password password
	 * @return prepared password
	 * @throws ServerKeyStoreException in case of an exception
	 */
	protected String preparePassword(String password) throws ServerKeyStoreException {
		return ServerKeyStoreManager.getInstance().decrypt(password);

	}

	/**
	 * Check user name and password against superuser.
	 *
	 * @param username user name
	 * @param password password
	 * @return true if super user
	 */
	protected boolean verifySuperUser(String username, String password) {
		return username.equals(superuser) && password.equals(superuserpw);
	}

	/**
	 * This method must be implemented by subclasses in order to verify a pair of username and password.
	 * When using authentication you should use {@link ESUserVerifier#logIn(String, String, ESClientVersionInfo)} in
	 * order to gain a session id.
	 *
	 * @param username
	 *            the user name as entered by the client; may differ from the user name of the {@code resolvedUser}
	 * @param password
	 *            the password as entered by the client
	 * @return boolean {@code true} if authentication was successful, {@code false} if not
	 * @throws AccessControlException
	 *             if an exception occurs during the verification process
	 */
	protected abstract boolean verifyPassword(String username, String password) throws AccessControlException;

	/**
	 * Checks whether the given client version is valid.
	 * If not, throws an exception
	 *
	 * @param clientVersionInfo
	 *            the client version to be checked
	 * @throws ClientVersionOutOfDateException
	 *             in case the given client version is not valid
	 */
	protected void checkClientVersion(ESClientVersionInfo clientVersionInfo) throws ClientVersionOutOfDateException {
		VersionVerifier.verify(
			ServerConfiguration.getSplittedProperty(ServerConfiguration.ACCEPTED_VERSIONS),
			org.eclipse.emf.emfstore.internal.server.model.impl.api.ESClientVersionInfoImpl.class.cast(
				clientVersionInfo).toInternalAPI());
	}
}