1 /*
2 * MIT License
3 *
4 * Copyright (c) 2010-2022 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in all
14 * copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24 package waffle.shiro.negotiate;
25
26 import java.security.Principal;
27
28 /**
29 * Derived from net.skorgenes.security.jsecurity.negotiate.NegotiateToken. see:
30 *
31 * https://bitbucket.org/lothor/shiro-negotiate
32 *
33 * /src/7b25efde130b9cbcacf579b3f926c532d919aa23/src/main/java/net/skorgenes/
34 *
35 * security/jsecurity/negotiate/NegotiateAuthenticationFilter.java?at=default
36 *
37 * @author Dan Rollo
38 */
39 import javax.security.auth.Subject;
40
41 import org.apache.shiro.authc.AuthenticationInfo;
42 import org.apache.shiro.authc.HostAuthenticationToken;
43 import org.apache.shiro.authc.RememberMeAuthenticationToken;
44
45 /**
46 * An authentication token wrapping a Waffle Negotiate token.
47 *
48 * @author Dan Rollo
49 *
50 * @since 1.0.0
51 */
52 public class NegotiateToken implements HostAuthenticationToken, RememberMeAuthenticationToken {
53
54 /** The Constant serialVersionUID. */
55 private static final long serialVersionUID = 1345343228636916781L;
56
57 /** The in. */
58 private final byte[] in;
59
60 /** The out. */
61 private byte[] out;
62
63 /** The subject. */
64 private Subject subject;
65
66 /** The principal. */
67 private Principal principal;
68
69 /** The connection id. */
70 private final String connectionId;
71
72 /** The security package. */
73 private final String securityPackage;
74
75 /** The ntlm post. */
76 private final boolean ntlmPost;
77
78 /**
79 * Whether or not 'rememberMe' should be enabled for the corresponding login attempt; default is <code>false</code>.
80 */
81 private final boolean rememberMe;
82
83 /**
84 * The location from where the login attempt occurs, or <code>null</code> if not known or explicitly omitted.
85 */
86 private final String host;
87
88 /**
89 * Instantiates a new negotiate token.
90 *
91 * @param newIn
92 * the new in
93 * @param newOut
94 * the new out
95 * @param newConnectionId
96 * the new connection id
97 * @param newSecurityPackage
98 * the new security package
99 * @param newNtlmPost
100 * the new ntlm post
101 * @param newRememberMe
102 * the new remember me
103 * @param newHost
104 * the new host
105 */
106 public NegotiateToken(final byte[] newIn, final byte[] newOut, final String newConnectionId,
107 final String newSecurityPackage, final boolean newNtlmPost, final boolean newRememberMe,
108 final String newHost) {
109 this.in = newIn;
110 this.out = newOut;
111 this.connectionId = newConnectionId;
112 this.securityPackage = newSecurityPackage;
113 this.ntlmPost = newNtlmPost;
114
115 this.rememberMe = newRememberMe;
116 this.host = newHost;
117 }
118
119 /**
120 * Gets the connection id.
121 *
122 * @return the connection id
123 */
124 public String getConnectionId() {
125 return this.connectionId;
126 }
127
128 /**
129 * Gets the security package.
130 *
131 * @return the security package
132 */
133 public String getSecurityPackage() {
134 return this.securityPackage;
135 }
136
137 /**
138 * Checks if is ntlm post.
139 *
140 * @return true, if is ntlm post
141 */
142 public boolean isNtlmPost() {
143 return this.ntlmPost;
144 }
145
146 @Override
147 public Object getCredentials() {
148 return this.subject;
149 }
150
151 @Override
152 public Principal getPrincipal() {
153 return this.principal;
154 }
155
156 /**
157 * Gets the out.
158 *
159 * @return the out
160 */
161 byte[] getOut() {
162 return this.out;
163 }
164
165 /**
166 * Sets the out.
167 *
168 * @param outToken
169 * the new out
170 */
171 public void setOut(final byte[] outToken) {
172 this.out = outToken != null ? outToken.clone() : null;
173 }
174
175 /**
176 * Sets the subject.
177 *
178 * @param value
179 * the new subject
180 */
181 public void setSubject(final Subject value) {
182 this.subject = value;
183 }
184
185 /**
186 * Gets the in.
187 *
188 * @return the in
189 */
190 public byte[] getIn() {
191 return this.in.clone();
192 }
193
194 /**
195 * Gets the subject.
196 *
197 * @return the subject
198 */
199 public Subject getSubject() {
200 return this.subject;
201 }
202
203 /**
204 * Creates the info.
205 *
206 * @return the authentication info
207 */
208 public AuthenticationInfo createInfo() {
209 return new NegotiateInfo(this.subject, "NegotiateWaffleRealm");
210 }
211
212 /**
213 * Sets the principal.
214 *
215 * @param value
216 * the new principal
217 */
218 public void setPrincipal(final Principal value) {
219 this.principal = value;
220 }
221
222 /**
223 * Returns <code>true</code> if the submitting user wishes their identity (principal(s)) to be remembered across
224 * sessions, <code>false</code> otherwise. Unless overridden, this value is <code>false</code> by default.
225 *
226 * @return <code>true</code> if the submitting user wishes their identity (principal(s)) to be remembered across
227 * sessions, <code>false</code> otherwise (<code>false</code> by default).
228 *
229 * @since 0.9
230 */
231 @Override
232 public boolean isRememberMe() {
233 return this.rememberMe;
234 }
235
236 /**
237 * Returns the host name or IP string from where the authentication attempt occurs. May be <code>null</code> if the
238 * host name/IP is unknown or explicitly omitted. It is up to the Authenticator implementation processing this token
239 * if an authentication attempt without a host is valid or not.
240 * <p>
241 * (Shiro's default Authenticator allows <code>null</code> hosts to support localhost and proxy server
242 * environments).
243 * </p>
244 *
245 * @return the host from where the authentication attempt occurs, or <code>null</code> if it is unknown or
246 * explicitly omitted.
247 *
248 * @since 1.0
249 */
250 @Override
251 public String getHost() {
252 return this.host;
253 }
254
255 }