Commit f0dd80a5 authored by ls1947's avatar ls1947
Browse files

refactor ssh key login mechanism

parent 5ee8ae5c
......@@ -22,4 +22,10 @@ public interface SshPubKeyRegistryDao extends BaseDao<SshPubKeyRegistryEntity, L
List<SshPubKeyRegistryEntity> findForApproval(Long serviceId);
List<SshPubKeyRegistryEntity> findByRegistryForInteractiveLogin(Long registryId);
List<SshPubKeyRegistryEntity> findByRegistryForCommandLogin(Long registryId);
List<SshPubKeyRegistryEntity> findByRegistryForLogin(Long registryId);
}
......@@ -10,6 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import java.util.Date;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
......@@ -18,6 +19,8 @@ import javax.inject.Named;
import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
import edu.kit.scc.webreg.entity.SshPubKeyStatus;
import edu.kit.scc.webreg.entity.SshPubKeyUsageType;
@Named
@ApplicationScoped
......@@ -40,6 +43,54 @@ public class JpaSshPubKeyRegistryDao extends JpaBaseDao<SshPubKeyRegistryEntity,
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyRegistryEntity> findByRegistryForInteractiveLogin(Long registryId) {
return em.createQuery("select e from SshPubKeyRegistryEntity e "
+ "where e.registry.id = :registryId and e.keyStatus =: keyStatus and "
+ "e.usageType = :usageType and e.sshPubKey.keyStatus =: keyStatus2 and "
+ "(e.sshPubKey.expiresAt > :dateNow or e.sshPubKey.expiresAt is null) and "
+ "(e.expiresAt > :dateNow or e.expiresAt is null)")
.setParameter("registryId", registryId)
.setParameter("keyStatus", SshPubKeyRegistryStatus.ACTIVE)
.setParameter("usageType", SshPubKeyUsageType.INTERACTIVE)
.setParameter("keyStatus2", SshPubKeyStatus.ACTIVE)
.setParameter("dateNow", new Date())
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyRegistryEntity> findByRegistryForCommandLogin(Long registryId) {
return em.createQuery("select e from SshPubKeyRegistryEntity e "
+ "where e.registry.id = :registryId and e.keyStatus =: keyStatus and "
+ "e.usageType = :usageType and e.sshPubKey.keyStatus =: keyStatus2 and "
+ "(e.sshPubKey.expiresAt > :dateNow or e.sshPubKey.expiresAt is null) and "
+ "(e.expiresAt > :dateNow or e.expiresAt is null)")
.setParameter("registryId", registryId)
.setParameter("keyStatus", SshPubKeyRegistryStatus.ACTIVE)
.setParameter("usageType", SshPubKeyUsageType.COMMAND)
.setParameter("keyStatus2", SshPubKeyStatus.ACTIVE)
.setParameter("dateNow", new Date())
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyRegistryEntity> findByRegistryForLogin(Long registryId) {
return em.createQuery("select e from SshPubKeyRegistryEntity e "
+ "where e.registry.id = :registryId and e.keyStatus =: keyStatus and "
+ "e.sshPubKey.keyStatus =: keyStatus2 and "
+ "(e.sshPubKey.expiresAt > :dateNow or e.sshPubKey.expiresAt is null) and "
+ "(e.expiresAt > :dateNow or e.expiresAt is null)")
.setParameter("registryId", registryId)
.setParameter("keyStatus", SshPubKeyRegistryStatus.ACTIVE)
.setParameter("keyStatus2", SshPubKeyStatus.ACTIVE)
.setParameter("dateNow", new Date())
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyRegistryEntity> findForApproval(Long serviceId) {
......
package edu.kit.scc.webreg.service.ssh;
import java.io.IOException;
import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.exc.RestInterfaceException;
public interface SshLoginService extends Serializable {
String authByUidNumberInteractive(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException;
String authByUidNumber(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException;
String authByUidNumberCommand(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException;
}
package edu.kit.scc.webreg.service.ssh;
import java.io.IOException;
import java.util.List;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import edu.kit.scc.webreg.dao.RegistryDao;
import edu.kit.scc.webreg.dao.ServiceDao;
import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.RegistryStatus;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.exc.NoRegistryFoundException;
import edu.kit.scc.webreg.exc.NoUserFoundException;
import edu.kit.scc.webreg.exc.RestInterfaceException;
@Stateless
public class SshLoginServiceImpl implements SshLoginService {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private UserDao userDao;
@Inject
private ServiceDao serviceDao;
@Inject
private RegistryDao registryDao;
@Inject
private SshPubKeyRegistryDao sshPubKeyRegistryDao;
@Override
public String authByUidNumberInteractive(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException {
service = serviceDao.merge(service);
UserEntity user = userDao.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryDao.findByRegistryForInteractiveLogin(registry.getId());
return buildKeyList(regKeyList, user);
}
@Override
public String authByUidNumberCommand(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException {
service = serviceDao.merge(service);
UserEntity user = userDao.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryDao.findByRegistryForCommandLogin(registry.getId());
return buildKeyList(regKeyList, user);
}
@Override
public String authByUidNumber(ServiceEntity service, Long uidNumber, HttpServletRequest request)
throws IOException, RestInterfaceException {
service = serviceDao.merge(service);
UserEntity user = userDao.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryDao.findByRegistryForLogin(registry.getId());
return buildKeyList(regKeyList, user);
}
protected String buildKeyList(List<SshPubKeyRegistryEntity> regKeyList, UserEntity user) {
StringBuffer sb = new StringBuffer();
for (SshPubKeyRegistryEntity regKey : regKeyList) {
sb.append(regKey.getSshPubKey().getKeyType());
sb.append(" ");
sb.append(regKey.getSshPubKey().getEncodedKey());
if (user.getEmail() != null) {
sb.append(" ");
sb.append(user.getEmail());
}
sb.append("\n");
}
return sb.toString();
}
}
......@@ -12,36 +12,22 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import edu.kit.scc.webreg.dto.entity.SshPubKeyEntityDto;
import edu.kit.scc.webreg.dto.service.SshPubKeyDtoService;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.RegistryStatus;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
import edu.kit.scc.webreg.entity.SshPubKeyStatus;
import edu.kit.scc.webreg.entity.SshPubKeyUsageType;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.exc.NoItemFoundException;
import edu.kit.scc.webreg.exc.NoRegistryFoundException;
import edu.kit.scc.webreg.exc.NoUserFoundException;
import edu.kit.scc.webreg.exc.RestInterfaceException;
import edu.kit.scc.webreg.exc.UnauthorizedException;
import edu.kit.scc.webreg.sec.SecurityFilter;
import edu.kit.scc.webreg.service.RegistryService;
import edu.kit.scc.webreg.service.RoleService;
import edu.kit.scc.webreg.service.ServiceService;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.service.ssh.SshLoginService;
import edu.kit.scc.webreg.service.ssh.SshPubKeyRegistryService;
@Path("/ssh-key")
public class SshKeyController {
@Inject
private Logger logger;
@Inject
private RoleService roleService;
......@@ -49,17 +35,11 @@ public class SshKeyController {
private ServiceService serviceService;
@Inject
private RegistryService registryService;
@Inject
private UserService userService;
private SshLoginService sshLoginService;
@Inject
private SshPubKeyDtoService dtoService;
@Inject
private SshPubKeyRegistryService sshPubKeyRegistryService;
@Path(value = "/list/uidnumber/{uidNumber}/all")
@Produces({MediaType.APPLICATION_JSON})
@GET
......@@ -91,43 +71,7 @@ public class SshKeyController {
if (! checkAccess(request, service.getAdminRole().getName()))
throw new UnauthorizedException("No access");
UserEntity user = userService.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryService.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryService.findByRegistry(registry.getId());
StringBuffer sb = new StringBuffer();
for (SshPubKeyRegistryEntity regKey : regKeyList) {
if (regKey.getSshPubKey().getKeyStatus().equals(SshPubKeyStatus.ACTIVE) &&
regKey.getKeyStatus().equals(SshPubKeyRegistryStatus.ACTIVE) &&
(regKey.getExpiresAt() == null || (System.currentTimeMillis() - regKey.getExpiresAt().getTime()) < 0) &&
(regKey.getSshPubKey().getExpiresAt() == null || (System.currentTimeMillis() - regKey.getSshPubKey().getExpiresAt().getTime()) < 0)
) {
if (regKey.getUsageType().equals(SshPubKeyUsageType.COMMAND)) {
sb.append("command=\"");
sb.append(regKey.getCommand());
sb.append("\" from=\"");
sb.append(regKey.getFrom());
sb.append("\" ");
}
sb.append(regKey.getSshPubKey().getKeyType());
sb.append(" ");
sb.append(regKey.getSshPubKey().getEncodedKey());
if (user.getEmail() != null) {
sb.append(" ");
sb.append(user.getEmail());
}
sb.append("\n");
}
}
return sb.toString();
return sshLoginService.authByUidNumber(service, uidNumber, request);
}
@Path(value = "/auth/interactive/{ssn}/uidnumber/{uidNumber}")
......@@ -144,37 +88,7 @@ public class SshKeyController {
if (! checkAccess(request, service.getAdminRole().getName()))
throw new UnauthorizedException("No access");
UserEntity user = userService.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryService.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryService.findByRegistry(registry.getId());
StringBuffer sb = new StringBuffer();
for (SshPubKeyRegistryEntity regKey : regKeyList) {
if (regKey.getSshPubKey().getKeyStatus().equals(SshPubKeyStatus.ACTIVE) &&
regKey.getUsageType().equals(SshPubKeyUsageType.INTERACTIVE) &&
regKey.getKeyStatus().equals(SshPubKeyRegistryStatus.ACTIVE) &&
(regKey.getExpiresAt() == null || (System.currentTimeMillis() - regKey.getExpiresAt().getTime()) < 0) &&
(regKey.getSshPubKey().getExpiresAt() == null || (System.currentTimeMillis() - regKey.getSshPubKey().getExpiresAt().getTime()) < 0)
) {
sb.append(regKey.getSshPubKey().getKeyType());
sb.append(" ");
sb.append(regKey.getSshPubKey().getEncodedKey());
if (user.getEmail() != null) {
sb.append(" ");
sb.append(user.getEmail());
}
sb.append("\n");
}
}
return sb.toString();
return sshLoginService.authByUidNumberInteractive(service, uidNumber, request);
}
@Path(value = "/auth/command/{ssn}/uidnumber/{uidNumber}")
......@@ -184,6 +98,7 @@ public class SshKeyController {
@PathParam("uidNumber") Long uidNumber, @Context HttpServletRequest request)
throws IOException, RestInterfaceException {
ServiceEntity service = serviceService.findByShortName(ssn);
if (service == null)
throw new NoItemFoundException("No such service");
......@@ -191,42 +106,7 @@ public class SshKeyController {
if (! checkAccess(request, service.getAdminRole().getName()))
throw new UnauthorizedException("No access");
UserEntity user = userService.findByUidNumber(uidNumber);
if (user == null)
throw new NoUserFoundException("No such user");
logger.debug("Searching for active registry for user {} and service {}", user.getId(), service.getShortName());
RegistryEntity registry = registryService.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry == null)
throw new NoRegistryFoundException("No active registry for user");
List<SshPubKeyRegistryEntity> regKeyList = sshPubKeyRegistryService.findByRegistry(registry.getId());
StringBuffer sb = new StringBuffer();
for (SshPubKeyRegistryEntity regKey : regKeyList) {
if (regKey.getSshPubKey().getKeyStatus().equals(SshPubKeyStatus.ACTIVE) &&
regKey.getUsageType().equals(SshPubKeyUsageType.COMMAND) &&
regKey.getKeyStatus().equals(SshPubKeyRegistryStatus.ACTIVE) &&
(regKey.getExpiresAt() == null || (System.currentTimeMillis() - regKey.getExpiresAt().getTime()) < 0) &&
(regKey.getSshPubKey().getExpiresAt() == null || (System.currentTimeMillis() - regKey.getSshPubKey().getExpiresAt().getTime()) < 0)
) {
sb.append("command=\"");
sb.append(regKey.getCommand());
sb.append("\" from=\"");
sb.append(regKey.getFrom());
sb.append("\" ");
sb.append(regKey.getSshPubKey().getKeyType());
sb.append(" ");
sb.append(regKey.getSshPubKey().getEncodedKey());
if (user.getEmail() != null) {
sb.append(" ");
sb.append(user.getEmail());
}
sb.append("\n");
}
}
return sb.toString();
return sshLoginService.authByUidNumberCommand(service, uidNumber, request);
}
protected Boolean checkAccess(HttpServletRequest request, String roleName) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment