org.openbase.bco.authentication.core

Class AuthenticatorController

java.lang.Object

org.openbase.bco.authentication.core.AuthenticatorController

All Implemented Interfaces:

AuthenticationService, org.openbase.jul.iface.Activatable, org.openbase.jul.iface.DefaultInitializable, org.openbase.jul.iface.DefaultInitializableImpl<Void>, org.openbase.jul.iface.Initializable<Void>, org.openbase.jul.iface.Launchable<Void>, org.openbase.jul.iface.Manageable<Void>, org.openbase.jul.iface.provider.DefaultConfigProvider<Void>, org.openbase.jul.iface.Shutdownable, org.openbase.jul.iface.VoidInitializable

public class AuthenticatorController
extends Object
implements AuthenticationService, org.openbase.jul.iface.Launchable<Void>, org.openbase.jul.iface.VoidInitializable

Author:

Tamino Huxohl

Nested Class Summary

Nested classes/interfaces inherited from interface org.openbase.jul.iface.Shutdownable

org.openbase.jul.iface.Shutdownable.ShutdownDeamon

Constructor Summary

Constructors

Constructor and Description
AuthenticatorController()
AuthenticatorController(byte[] serviceServerPrivateKey)
AuthenticatorController(CredentialStore credentialStore)
AuthenticatorController(CredentialStore credentialStore, byte[] serviceServerPrivateKey)

Method Summary

Modifier and Type	Method and Description
void	activate()
Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper>	changeCredentials(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange) Changes the credentials for a given user.
void	deactivate()
static String	getInitialPassword() Get the initial password which is randomly generated on startup with an empty credentialStore.
Future<Boolean>	hasUser(String userId)
void	init()
boolean	isActive()
Future<Boolean>	isAdmin(String userId) Returns whether a given user has admin rights or not.
Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper>	register(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange) Registers a client or user.
Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper>	removeUser(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange) Removes a user or client.
Future<rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper>	requestClientServerTicket(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper) Request a ClientServerTicket from the AuthenticatorService.
Future<rst.domotic.authentication.AuthenticatedValueType.AuthenticatedValue>	requestServiceServerSecretKey(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper) Validates the client server ticket and returns the service server secret key encrypted with the session key.
Future<rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper>	requestTicketGrantingTicket(String id) Request a TicketGrantingTicket from the AuthenticatorService.
Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper>	setAdministrator(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange) Appoints a normal user to an administrator.
Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper>	validateClientServerTicket(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper) Validate a ClientServierTicket.
void	waitForActivation()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.openbase.jul.iface.Launchable

launch

Methods inherited from interface org.openbase.jul.iface.Manageable

shutdown

Methods inherited from interface org.openbase.jul.iface.Shutdownable

registerShutdownHook, registerShutdownHook

Methods inherited from interface org.openbase.jul.iface.VoidInitializable

getDefaultConfig, init

Constructor Detail

AuthenticatorController

public AuthenticatorController()
                        throws org.openbase.jul.exception.InitializationException

Throws:

org.openbase.jul.exception.InitializationException

AuthenticatorController

public AuthenticatorController(CredentialStore credentialStore)
                        throws org.openbase.jul.exception.InitializationException

Throws:

org.openbase.jul.exception.InitializationException

AuthenticatorController

public AuthenticatorController(byte[] serviceServerPrivateKey)
                        throws org.openbase.jul.exception.InitializationException

Throws:

org.openbase.jul.exception.InitializationException

AuthenticatorController

public AuthenticatorController(CredentialStore credentialStore,
                               byte[] serviceServerPrivateKey)
                        throws org.openbase.jul.exception.InitializationException

Throws:

org.openbase.jul.exception.InitializationException

Method Detail

init

public void init()
          throws org.openbase.jul.exception.InitializationException,
                 InterruptedException

Specified by:

init in interface org.openbase.jul.iface.DefaultInitializable

Specified by:

init in interface org.openbase.jul.iface.DefaultInitializableImpl<Void>

Specified by:

init in interface org.openbase.jul.iface.VoidInitializable

Throws:

org.openbase.jul.exception.InitializationException

InterruptedException

activate

public void activate()
              throws org.openbase.jul.exception.CouldNotPerformException,
                     InterruptedException

Specified by:

activate in interface org.openbase.jul.iface.Activatable

Throws:

org.openbase.jul.exception.CouldNotPerformException

InterruptedException

deactivate

public void deactivate()
                throws org.openbase.jul.exception.CouldNotPerformException,
                       InterruptedException

Specified by:

deactivate in interface org.openbase.jul.iface.Activatable

Throws:

org.openbase.jul.exception.CouldNotPerformException

InterruptedException

isActive

public boolean isActive()

Specified by:

isActive in interface org.openbase.jul.iface.Activatable

waitForActivation

public void waitForActivation()
                       throws org.openbase.jul.exception.CouldNotPerformException,
                              InterruptedException

Throws:

org.openbase.jul.exception.CouldNotPerformException

InterruptedException

requestTicketGrantingTicket

public Future<rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper> requestTicketGrantingTicket(String id)
                                                                                                                   throws org.openbase.jul.exception.CouldNotPerformException

Description copied from interface: AuthenticationService

Request a TicketGrantingTicket from the AuthenticatorService. The reply is a TicketSessionKeyWrapper that contains the TicketGrantingTicket encrypted with the private key of the TicketGrantingService and the session key for the TicketGrantingService encrypted with the client password. Afterwards the client has to decrypt the session key with his password and create an authenticator encrypted with it. Then the unchanged TicketGrantingTicket and the encrypted Authenticator form a TicketAuthenticatorWrapper which is used to request a ClientServerTicket.

Specified by:

requestTicketGrantingTicket in interface AuthenticationService

Parameters:

id - the id of the client whose password is used for the encryption of the session key

Returns:

the described TicketSessionKeyWrapper

Throws:

org.openbase.jul.exception.NotAvailableException - If the clientId could not be found.

org.openbase.jul.exception.CouldNotPerformException - In the case of an internal server error or if the remote call fails.

requestClientServerTicket

public Future<rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper> requestClientServerTicket(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper)
                                                                                                                 throws org.openbase.jul.exception.CouldNotPerformException

Description copied from interface: AuthenticationService

Request a ClientServerTicket from the AuthenticatorService. The reply is a TicketSessionKeyWrapper that contains the ClientServerTicket encrypted with the private key of the ServiceServer and the session key encrypted with the TicketGrantingService session key that the client received when requesting the TicketGrantingTicket. Afterwards the client has to decrypt the session key with the TicketGrantingTicket session key and create an authenticator encrypted with it. Then the unchanged ClientServerTicket and the encrypted Authenticator form a TicketAuthenticatorWrapper which send to validate the client every time he wants to perform an action.

Specified by:

requestClientServerTicket in interface AuthenticationService

Parameters:

ticketAuthenticatorWrapper - a wrapper containing the authenticator encrypted with the TicketGrantingService session key and the unchanged TicketGrantingTicket

Returns:

a wrapper containing a ClientServerTicket and a session key as described above

Throws:

org.openbase.jul.exception.RejectedException - If timestamp in Authenticator does not fit to time period in TGT, if clientID in Authenticator does not match clientID in TGT or, if the decryption of the Authenticator or TGT fails, probably because the wrong keys were used.

org.openbase.jul.exception.CouldNotPerformException - In the case of an internal server error or if the remote call fails.

validateClientServerTicket

public Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper> validateClientServerTicket(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper)
                                                                                                                        throws org.openbase.jul.exception.CouldNotPerformException

Description copied from interface: AuthenticationService

Validate a ClientServierTicket. If validation is successful the reply is a TicketAuthenticatorWrapper which contains an updated validity period in the ClientServerTicket and an updated timestamp in the authenticator which has to be verified by the client to make sure that its the correct server answering the request.

Specified by:

validateClientServerTicket in interface AuthenticationService

Parameters:

ticketAuthenticatorWrapper - a wrapper containing the authenticator encrypted with the session key and the unchanged ClientServerTicket

Returns:

a TicketAuthenticatorWrapper as described above

Throws:

org.openbase.jul.exception.RejectedException - If timestamp in Authenticator does not fit to time period in TGT, if clientID in Authenticator does not match clientID in TGT or, if the decryption of the Authenticator or CST fails, probably because the wrong keys were used.

org.openbase.jul.exception.CouldNotPerformException - In the case of an internal server error or if the remote call fails.

changeCredentials

public Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper> changeCredentials(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange)
                                                                                                               throws org.openbase.jul.exception.CouldNotPerformException,
                                                                                                                      org.openbase.jul.exception.RejectedException,
                                                                                                                      org.openbase.jul.exception.PermissionDeniedException

Description copied from interface: AuthenticationService

Changes the credentials for a given user.

Specified by:

changeCredentials in interface AuthenticationService

Parameters:

loginCredentialsChange - Wrapper containing the user's ID, new and old password, and a TicketAuthenticatorWrapper to authenticate the user.

Returns:

TicketAuthenticatorWrapper which contains an updated validity period in the ClientServerTicket and an updated timestamp in the authenticator which has to be verified by the client to make sure that its the correct server answering the request.

Throws:

org.openbase.jul.exception.RejectedException - If the password change fails (invalid ticket, user has no permission, old password doesn't match).

org.openbase.jul.exception.PermissionDeniedException - If the user has no permission to change this password.

org.openbase.jul.exception.CouldNotPerformException

register

public Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper> register(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange)
                                                                                                      throws org.openbase.jul.exception.CouldNotPerformException,
                                                                                                             org.openbase.jul.exception.RejectedException,
                                                                                                             org.openbase.jul.exception.PermissionDeniedException

Description copied from interface: AuthenticationService

Registers a client or user.

Specified by:

register in interface AuthenticationService

Parameters:

loginCredentialsChange - Wrapper containing the user's ID, password or public key, isAdmin flag, and a TicketAuthenticatorWrapper to authenticate the user.

Returns:

TicketAuthenticatorWrapper which contains an updated validity period in the ClientServerTicket and an updated timestamp in the authenticator which has to be verified by the client to make sure that its the correct server answering the request.

Throws:

org.openbase.jul.exception.RejectedException - If the password change fails (invalid ticket, user has no permission, old password doesn't match) or if the decryption fails, because the wrong keys were used.

org.openbase.jul.exception.PermissionDeniedException - If the user has no permission to change this password.

org.openbase.jul.exception.CouldNotPerformException

removeUser

public Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper> removeUser(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange)
                                                                                                        throws org.openbase.jul.exception.CouldNotPerformException,
                                                                                                               org.openbase.jul.exception.RejectedException,
                                                                                                               org.openbase.jul.exception.PermissionDeniedException

Description copied from interface: AuthenticationService

Removes a user or client.

Specified by:

removeUser in interface AuthenticationService

Parameters:

loginCredentialsChange - change of credentials (id of user to remove)

Returns:

TicketAuthenticatorWrapper which contains an updated validity period in the ClientServerTicket and an updated timestamp in the authenticator which has to be verified by the client to make sure that its the correct server answering the request.

Throws:

org.openbase.jul.exception.RejectedException - If the password change fails (invalid ticket, user has no permission, old password doesn't match) or if the decryption fails, because the wrong keys were used.

org.openbase.jul.exception.PermissionDeniedException - If the user has no permission to change this password.

org.openbase.jul.exception.CouldNotPerformException

setAdministrator

public Future<rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper> setAdministrator(rst.domotic.authentication.LoginCredentialsChangeType.LoginCredentialsChange loginCredentialsChange)
                                                                                                              throws org.openbase.jul.exception.CouldNotPerformException,
                                                                                                                     org.openbase.jul.exception.RejectedException,
                                                                                                                     org.openbase.jul.exception.PermissionDeniedException

Description copied from interface: AuthenticationService

Appoints a normal user to an administrator.

Specified by:

setAdministrator in interface AuthenticationService

Parameters:

loginCredentialsChange - Wrapper containing the user's ID, password or public key, isAdmin flag, and a TicketAuthenticatorWrapper to authenticate the user.

Returns:

TicketAuthenticatorWrapper which contains an updated validity period in the ClientServerTicket and an updated timestamp in the authenticator which has to be verified by the client to make sure that its the correct server answering the request.

Throws:

org.openbase.jul.exception.RejectedException - If the password change fails (invalid ticket, user has no permission) or if the decryption fails, because the wrong keys were used.

org.openbase.jul.exception.PermissionDeniedException - If the user has no permission to change this password.

org.openbase.jul.exception.CouldNotPerformException

requestServiceServerSecretKey

public Future<rst.domotic.authentication.AuthenticatedValueType.AuthenticatedValue> requestServiceServerSecretKey(rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper ticketAuthenticatorWrapper)
                                                                                                           throws org.openbase.jul.exception.CouldNotPerformException

Description copied from interface: AuthenticationService

Validates the client server ticket and returns the service server secret key encrypted with the session key. This method will only work if a special client is logged in.

Specified by:

requestServiceServerSecretKey in interface AuthenticationService

Parameters:

ticketAuthenticatorWrapper - a wrapper containing the authenticator encrypted with the session key and the unchanged ClientServerTicket

Returns:

an authenticated value containing the updated client server ticket an the encrypted service server secret key

Throws:

org.openbase.jul.exception.CouldNotPerformException - if the validation of the client server ticket fails or the logged in client is not the service server

isAdmin

public Future<Boolean> isAdmin(String userId)
                        throws org.openbase.jul.exception.NotAvailableException

Description copied from interface: AuthenticationService

Returns whether a given user has admin rights or not.

Specified by:

isAdmin in interface AuthenticationService

Parameters:

userId - ID of the user to check for.

Returns:

True, if the user is admin, false if not.

Throws:

org.openbase.jul.exception.NotAvailableException - If the user could not be found.

getInitialPassword

public static String getInitialPassword()

Get the initial password which is randomly generated on startup with an empty credentialStore. Else it is null and will also be reset to null after registration of the first user.

Returns:

the password required for the registration of the initial user

hasUser

public Future<Boolean> hasUser(String userId)

Specified by:

hasUser in interface AuthenticationService