Synnefo

/*

 * Copyright 2011 Electronic Business Systems Ltd.

 *

 * This file is part of GSS.

 *

 * GSS is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 *

 * GSS is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with GSS.  If not, see <http://www.gnu.org/licenses/>.

 */

package gr.ebs.gss.server.domain;

import java.util.Date;

import javax.persistence.Column;

import javax.persistence.Entity;

import javax.persistence.Id;

import javax.persistence.Temporal;

import javax.persistence.TemporalType;

import javax.persistence.Version;

import org.hibernate.annotations.CollectionOfElements;

import org.hibernate.annotations.IndexColumn;

import com.bradmcevoy.http.LockInfo;

import com.bradmcevoy.http.LockTimeout;

import com.bradmcevoy.http.LockToken;

import com.bradmcevoy.http.LockInfo.LockDepth;

import com.bradmcevoy.http.LockInfo.LockScope;

import com.bradmcevoy.http.LockInfo.LockType;

/**

 * @author kman

 *

 */

@Entity

public class FileLock {

	@Id

	String id;

	public String lockedByUser;

	@Temporal(TemporalType.TIMESTAMP)

	@Column(name="from_date")

	Date from;

    String tokenId;

    public LockScope scope;

    public LockType type;

    public LockDepth depth;

    Long seconds;

    @CollectionOfElements

    @IndexColumn(name="secId")

    Long[] otherSeconds;

    @Version

    private int version;

	/**

	 * 

	 */

	public FileLock() {

		// TODO Auto-generated constructor stub

	}

	public FileLock(String id,LockToken token){

		this.id=id;

		this.tokenId=token.tokenId;

		if(token.info!=null){

			this.depth=token.info.depth;

			this.scope=token.info.scope;

			this.type=token.info.type;

			this.lockedByUser=token.info.lockedByUser;

		}

		if(token.timeout!=null){

			this.seconds=token.timeout.getSeconds();

			this.otherSeconds=token.timeout.getOtherSeconds();

		}

		this.from=token.getFrom();

	}

    public LockToken toToken(){

    	LockToken res = new LockToken();

    	res.tokenId=tokenId;

    	LockInfo info = new LockInfo(scope,type,lockedByUser,depth);

    	LockTimeout timeout = new LockTimeout(seconds);

    	res.timeout=timeout;

    	res.info=info;

    	res.setFrom(from);

    	return res;

    }

	/**

	 * Retrieve the id.

	 *

	 * @return the id

	 */

	public String getId() {

		return id;

	}

	/**

	 * Modify the id.

	 *

	 * @param id the id to set

	 */

	public void setId(String id) {

		this.id = id;

	}

	/**

	 * Retrieve the lockedByUser.

	 *

	 * @return the lockedByUser

	 */

	public String getLockedByUser() {

		return lockedByUser;

	}

	/**

	 * Modify the lockedByUser.

	 *

	 * @param lockedByUser the lockedByUser to set

	 */

	public void setLockedByUser(String lockedByUser) {

		this.lockedByUser = lockedByUser;

	}

	/**

	 * Retrieve the from.

	 *

	 * @return the from

	 */

	public Date getFrom() {

		return from;

	}

	/**

	 * Modify the from.

	 *

	 * @param from the from to set

	 */

	public void setFrom(Date from) {

		this.from = from;

	}

	/**

	 * Retrieve the tokenId.

	 *

	 * @return the tokenId

	 */

	public String getTokenId() {

		return tokenId;

	}

	/**

	 * Modify the tokenId.

	 *

	 * @param tokenId the tokenId to set

	 */

	public void setTokenId(String tokenId) {

		this.tokenId = tokenId;

	}

	/**

	 * Retrieve the scope.

	 *

	 * @return the scope

	 */

	public LockScope getScope() {

		return scope;

	}

	/**

	 * Modify the scope.

	 *

	 * @param scope the scope to set

	 */

	public void setScope(LockScope scope) {

		this.scope = scope;

	}

	/**

	 * Retrieve the type.

	 *

	 * @return the type

	 */

	public LockType getType() {

		return type;

	}

	/**

	 * Modify the type.

	 *

	 * @param type the type to set

	 */

	public void setType(LockType type) {

		this.type = type;

	}

	/**

	 * Retrieve the depth.

	 *

	 * @return the depth

	 */

	public LockDepth getDepth() {

		return depth;

	}

	/**

	 * Modify the depth.

	 *

	 * @param depth the depth to set

	 */

	public void setDepth(LockDepth depth) {

		this.depth = depth;

	}

	/**

	 * Retrieve the seconds.

	 *

	 * @return the seconds

	 */

	public Long getSeconds() {

		return seconds;

	}

	/**

	 * Modify the seconds.

	 *

	 * @param seconds the seconds to set

	 */

	public void setSeconds(Long seconds) {

		this.seconds = seconds;

	}

	/**

	 * Retrieve the otherSeconds.

	 *

	 * @return the otherSeconds

	 */

	public Long[] getOtherSeconds() {

		return otherSeconds;

	}

	/**

	 * Modify the otherSeconds.

	 *

	 * @param otherSeconds the otherSeconds to set

	 */

	public void setOtherSeconds(Long[] otherSeconds) {

		this.otherSeconds = otherSeconds;

	}

}

/*

 * Copyright 2011 Electronic Business Systems Ltd.

 *

 * This file is part of GSS.

 *

 * GSS is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 *

 * GSS is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with GSS.  If not, see <http://www.gnu.org/licenses/>.

 */

package gr.ebs.gss.server.domain;

import java.util.Date;

import javax.persistence.Entity;

import javax.persistence.Id;

import javax.persistence.Temporal;

import javax.persistence.TemporalType;

/**

 * @author kman

 *

 */

@Entity

public class WebDavNonce {

	@Id

	String id;

	@Temporal(TemporalType.TIMESTAMP)

	Date issued;

    long nonceCount=0;

	/**

	 * Retrieve the id.

	 *

	 * @return the id

	 */

	public String getId() {

		return id;

	}

	/**

	 * Modify the id.

	 *

	 * @param id the id to set

	 */

	public void setId(String id) {

		this.id = id;

	}

	/**

	 * Retrieve the issued.

	 *

	 * @return the issued

	 */

	public Date getIssued() {

		return issued;

	}

	/**

	 * Modify the issued.

	 *

	 * @param issued the issued to set

	 */

	public void setIssued(Date issued) {

		this.issued = issued;

	}

	/**

	 * Retrieve the nonceCount.

	 *

	 * @return the nonceCount

	 */

	public long getNonceCount() {

		return nonceCount;

	}

	/**

	 * Modify the nonceCount.

	 *

	 * @param nonceCount the nonceCount to set

	 */

	public void setNonceCount(long nonceCount) {

		this.nonceCount = nonceCount;

	}

}

import gr.ebs.gss.server.domain.FileLock;

import gr.ebs.gss.server.domain.WebDavNonce;

	FileLock saveOrUpdateLock(FileLock lock);

	void removeLock(FileLock lock);

	FileLock getLockByToken(String tokenId);

	FileLock getLockById(String id);

	/**

	 * @param nonce

	 * @return

	 */

	WebDavNonce saveOrUpdateWebDavNonce(WebDavNonce nonce);

	/**

	 * @param nonce

	 */

	void removeWebDavNonce(WebDavNonce nonce);

	/**

	 * @param tokenId

	 * @return

	 */

	WebDavNonce getWebDavNonce(String tokenId);

import gr.ebs.gss.server.domain.FileLock;

import gr.ebs.gss.server.domain.WebDavNonce;

	public FileLock getLockById(String id) {

	public FileLock getLockByToken(String tokenId) {

	public void removeLock(FileLock lock) {

	public FileLock saveOrUpdateLock(FileLock lock) {

	@Override

	public WebDavNonce getWebDavNonce(String tokenId) {

		return dao.getWebDavNonce(tokenId);

	}

	@Override

	public void removeWebDavNonce(WebDavNonce nonce) {

		dao.removeWebDavNonce(nonce);		

	}

	@Override

	public WebDavNonce saveOrUpdateWebDavNonce(WebDavNonce nonce) {

		return dao.saveOrUpdateWebDavNonce(nonce);

	}

import gr.ebs.gss.server.domain.FileLock;

import gr.ebs.gss.server.domain.WebDavNonce;

	FileLock getLockById(String id);

	FileLock getLockByToken(String tokenId);

	void removeLock(FileLock lock);

	FileLock saveOrUpdateLock(FileLock lock);

	/**

	 * @param lock

	 * @return

	 */

	WebDavNonce saveOrUpdateWebDavNonce(WebDavNonce lock);

	/**

	 * @param lock

	 */

	void removeWebDavNonce(WebDavNonce lock);

	/**

	 * @param tokenId

	 * @return

	 */

	WebDavNonce getWebDavNonce(String tokenId);

import gr.ebs.gss.server.domain.FileLock;

import gr.ebs.gss.server.domain.WebDavNonce;

	public FileLock getLockById(String id) {

		return manager.find(FileLock.class, id);

	public FileLock getLockByToken(String tokenId) {

		return (FileLock) manager.createQuery("select c from GssLock c where c.tokenId=:tokenId").setParameter("tokenId", tokenId).getSingleResult();

	public void removeLock(FileLock lock) {

	public FileLock saveOrUpdateLock(FileLock lock) {

	@Override

	public WebDavNonce getWebDavNonce(String tokenId) {

		return manager.find(WebDavNonce.class, tokenId);

	}

	@Override

	public void removeWebDavNonce(WebDavNonce nonce) {

		nonce =getWebDavNonce(nonce.getId());

		if(nonce!=null)

			manager.remove(nonce);		

	}

	@Override

	public WebDavNonce saveOrUpdateWebDavNonce(WebDavNonce nonce) {

		if(getWebDavNonce(nonce.getId())!=null)

			manager.merge(nonce);

		else

			manager.persist(nonce);

		manager.flush();

		return nonce;

	}

import gr.ebs.gss.server.domain.FileLock;

        FileLock newLock = new FileLock( resource.getUniqueId(), newToken);

        FileLock curLock = getService().getLockByToken(tokenId);

        FileLock curLock = getService().getLockById(resource.getUniqueId());

        FileLock currentLock = getService().getLockByToken(token.tokenId);

        FileLock lock = getService().getLockById( resource.getUniqueId() );

            //SimpleMemoryNonceProvider nonce = new SimpleMemoryNonceProvider( 60*60*24 );

            GssNonceProvider nonce = new GssNonceProvider( 60*60*24 );

            //PreAuthenticationFilter filter = new PreAuthenticationFilter(compressHandler, securityManager,nonce);

/*

 * Copyright 2011 Electronic Business Systems Ltd.

 *

 * This file is part of GSS.

 *

 * GSS is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 *

 * GSS is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with GSS.  If not, see <http://www.gnu.org/licenses/>.

 */

package gr.ebs.gss.server.webdav.milton;

import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;

import gr.ebs.gss.client.exceptions.RpcException;

import gr.ebs.gss.server.domain.WebDavNonce;

import gr.ebs.gss.server.ejb.ExternalAPI;

import java.util.Date;

import java.util.Map;

import java.util.UUID;

import java.util.concurrent.ConcurrentHashMap;

import javax.naming.Context;

import javax.naming.InitialContext;

import javax.naming.NamingException;

import javax.rmi.PortableRemoteObject;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import com.bradmcevoy.http.Request;

import com.bradmcevoy.http.Resource;

import com.bradmcevoy.http.http11.auth.ExpiredNonceRemover;

import com.bradmcevoy.http.http11.auth.Nonce;

import com.bradmcevoy.http.http11.auth.NonceProvider;

import com.bradmcevoy.http.http11.auth.SimpleMemoryNonceProvider;

import com.bradmcevoy.http.http11.auth.NonceProvider.NonceValidity;

/**

 * @author kman

 *

 */

public class GssNonceProvider implements NonceProvider {

    private static final Logger log = LoggerFactory.getLogger( GssNonceProvider.class );

    private final int nonceValiditySeconds;

    private boolean enableNonceCountChecking;

    public GssNonceProvider( int nonceValiditySeconds ) {

        this.nonceValiditySeconds = nonceValiditySeconds;

    }

	@Override

	public String createNonce(Resource resource, Request request ) {

		UUID id = UUID.randomUUID();

        Date now = new Date();

        Nonce n = new Nonce( id, now );

        createOrUpdateGssNonce(n);

        return n.getValue().toString();

	}

	@Override

	public NonceValidity getNonceValidity( String nonce, Long nc ) {

        log.trace( "getNonceValidity: " + nonce );

        UUID value = null;

        try {

            value = UUID.fromString( nonce );

        } catch( Exception e ) {

            log.warn( "couldnt parse nonce" );

            return NonceValidity.INVALID;

        }

        Nonce n = getNonce( nonce );

        if( n == null ) {

            log.debug( "not found");

            return NonceValidity.INVALID;

        } else {

            if( isExpired( n.getIssued() ) ) {

                log.debug( "nonce has expired" );

                return NonceValidity.EXPIRED;

            } else {

                if( nc == null ) {

                    log.trace( "nonce ok" );

                    return NonceValidity.OK;

                } else {

                    if( enableNonceCountChecking && nc <= n.getNonceCount() ) {

                        log.warn( "nonce-count was not greater then previous, possible replay attack. new: " + nc + " old:" + n.getNonceCount() );

                        return NonceValidity.INVALID;

                    } else {

                        log.trace( "nonce and nonce-count ok" );

                        Nonce newNonce = n.increaseNonceCount( nc );

                        createOrUpdateGssNonce(newNonce);

                        return NonceValidity.OK;

                    }

                }

            }

        }

    }

    private boolean isExpired( Date issued ) {

        long dif = ( System.currentTimeMillis() - issued.getTime() ) / 1000;

        return dif > nonceValiditySeconds;

    }

    private void createOrUpdateGssNonce(Nonce nonce){

    	try{

	    	WebDavNonce non = getService().getWebDavNonce(nonce.getValue().toString());

	    	if(non==null){

	    		non = new WebDavNonce();

	    		non.setId(nonce.getValue().toString());

	    	}

	    	non.setIssued(nonce.getIssued());

	    	non.setNonceCount(nonce.getNonceCount());

	    	getService().saveOrUpdateWebDavNonce(non);

    	}

    	catch(Exception ex){

    		ex.printStackTrace();

    	}

    }

    private Nonce getNonce(String id){

    	try{

	    	WebDavNonce non = getService().getWebDavNonce(id);

	    	if(non!=null){

	    		Nonce nonce = new Nonce(UUID.fromString(id), non.getIssued());

	    		nonce.increaseNonceCount(non.getNonceCount());

	    		return nonce;

	    	}

    	}

    	catch(Exception ex){

    		ex.printStackTrace();

    	}

    	return null;

    }

    /**

	 * A helper method that retrieves a reference to the ExternalAPI bean and

	 * stores it for future use.

	 *

	 * @return an ExternalAPI instance

	 * @throws RpcException in case an error occurs

	 */

	protected ExternalAPI getService() throws RpcException {

		try {

			final Context ctx = new InitialContext();

			final Object ref = ctx.lookup(getConfiguration().getString("externalApiPath"));

			return (ExternalAPI) PortableRemoteObject.narrow(ref, ExternalAPI.class);

		} catch (final NamingException e) {

			log.error("Unable to retrieve the ExternalAPI EJB", e);

			throw new RpcException("An error occurred while contacting the naming service");

		}

	}

	/**

     * IE seems to send nc (nonce count) parameters out of order. To correctly

     * implement checking we need to record which nonces have been sent, and not

     * assume they will be sent in a monotonically increasing sequence.

     *

     * The quick fix here is to disable checking of the nc param, since other

     * common servers seem to do so to.

     *

     * Note that this will allow replay attacks.

     *

     * @return

     */

    public boolean isEnableNonceCountChecking() {

        return enableNonceCountChecking;

    }

   public void setEnableNonceCountChecking( boolean enableNonceCountChecking ) {

       this.enableNonceCountChecking = enableNonceCountChecking;

   }

}