InternalAuthn.java

package org.ovirt.engine.extensions.aaa.builtin.internal;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.Properties;

import org.ovirt.engine.api.extensions.Base;
import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.Extension;
import org.ovirt.engine.api.extensions.aaa.Authn;
import org.ovirt.engine.core.uutils.crypto.EnvelopePBE;

public class InternalAuthn implements Extension {

    private String adminUser;
    private String adminPassword;

    @Override
    public void invoke(ExtMap input, ExtMap output) {
        try {
            if (input.get(Base.InvokeKeys.COMMAND).equals(Base.InvokeCommands.LOAD)) {
                doLoad(input);
            } else if (input.get(Base.InvokeKeys.COMMAND).equals(Base.InvokeCommands.INITIALIZE)) {
                // Do nothing
            } else if (input.get(Base.InvokeKeys.COMMAND).equals(Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS)) {
                doAuthenticate(input, output);
            } else {
                output.put(Base.InvokeKeys.RESULT, Base.InvokeResult.UNSUPPORTED);
            }
            output.putIfAbsent(Base.InvokeKeys.RESULT, Base.InvokeResult.SUCCESS);
        } catch (Exception ex) {
            output.mput(Base.InvokeKeys.RESULT, Base.InvokeResult.FAILED).
                   mput(Base.InvokeKeys.MESSAGE, ex.getMessage());
        }

    }

    private void doAuthenticate(ExtMap input, ExtMap output) throws IOException, GeneralSecurityException {
        output.put(Authn.InvokeKeys.PRINCIPAL, input.get(Authn.InvokeKeys.USER));
        if (
            input.get(Authn.InvokeKeys.USER).equals(adminUser) &&
            EnvelopePBE.check(adminPassword, input.get(Authn.InvokeKeys.CREDENTIALS))
        ) {
            output.mput(
                    Authn.InvokeKeys.RESULT,
                    Authn.AuthResult.SUCCESS
                    ).mput(
                            Authn.InvokeKeys.AUTH_RECORD,
                            new ExtMap().mput(
                                    Authn.AuthRecord.PRINCIPAL,
                                    adminUser
                                    )
                    );
        } else {
            output.put(Authn.InvokeKeys.RESULT, Authn.AuthResult.CREDENTIALS_INVALID);
        }
    }

    private void doLoad(ExtMap input) {
        ExtMap context = input.get(Base.InvokeKeys.CONTEXT);
        context.<Collection<String>> get(
                Base.ContextKeys.CONFIGURATION_SENSITIVE_KEYS
                ).add("config.authn.user.password");
        context.mput(
                Base.ContextKeys.AUTHOR,
                "The oVirt Project"
                ).mput(
                        Base.ContextKeys.EXTENSION_NAME,
                        "Internal Authn (Built-in)"
                ).mput(
                        Base.ContextKeys.LICENSE,
                        "ASL 2.0"
                ).mput(
                        Base.ContextKeys.HOME_URL,
                        "http://www.ovirt.org"
                ).mput(
                        Base.ContextKeys.VERSION,
                        "N/A"
                ).mput(
                        Authn.ContextKeys.CAPABILITIES,
                        Authn.Capabilities.AUTHENTICATE_CREDENTIALS | Authn.Capabilities.AUTHENTICATE_PASSWORD
                ).mput(
                        Base.ContextKeys.BUILD_INTERFACE_VERSION,
                        Base.INTERFACE_VERSION_CURRENT);
        Properties config = context.get(Base.ContextKeys.CONFIGURATION);
        adminUser = config.getProperty("config.authn.user.name", "admin");
        adminPassword = config.getProperty("config.authn.user.password");
    }

}