From 13494baa4a298ef287d533ffdac24ecce9b86bb3 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Thu, 5 Oct 2023 17:08:11 -0400 Subject: [PATCH] GUACAMOLE-1289: Move AuthenticationSession components to guacamole-exit. --- .../guacamole/auth/sso/NonceService.java | 10 ++-------- .../saml/acs/SAMLAuthenticationSession.java | 2 +- .../acs/SAMLAuthenticationSessionManager.java | 2 +- .../guacamole/auth/saml/acs/SAMLService.java | 10 ++-------- .../auth/saml/conf/ConfigurationService.java | 1 - .../ssl/SSLAuthenticationEventListener.java | 6 ------ .../auth/ssl/SSLAuthenticationSession.java | 2 +- .../ssl/SSLAuthenticationSessionManager.java | 2 +- .../net/auth}/AuthenticationSession.java | 2 +- .../auth}/AuthenticationSessionManager.java | 18 ++++-------------- .../net/auth}/IdentifierGenerator.java | 12 +++++------- 11 files changed, 18 insertions(+), 49 deletions(-) rename {extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso => guacamole-ext/src/main/java/org/apache/guacamole/net/auth}/AuthenticationSession.java (97%) rename {extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso => guacamole-ext/src/main/java/org/apache/guacamole/net/auth}/AuthenticationSessionManager.java (94%) rename {extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso => guacamole-ext/src/main/java/org/apache/guacamole/net/auth}/IdentifierGenerator.java (92%) diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java index 5717794fd..d43a0047b 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java @@ -19,11 +19,11 @@ package org.apache.guacamole.auth.sso; -import com.google.inject.Inject; import java.util.Iterator; import java.util.Locale; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.guacamole.net.auth.IdentifierGenerator; /** * Service for generating and validating single-use random tokens (nonces). @@ -31,12 +31,6 @@ import java.util.concurrent.ConcurrentHashMap; */ public class NonceService { - /** - * Generator of arbitrary, unique, unpredictable identifiers. - */ - @Inject - private IdentifierGenerator idGenerator; - /** * Map of all generated nonces to their corresponding expiration timestamps. * This Map must be periodically swept of expired nonces to avoid growing @@ -107,7 +101,7 @@ public class NonceService { sweepExpiredNonces(); // Generate and store nonce, along with expiration timestamp - String nonce = idGenerator.generateIdentifier(NONCE_BITS, false); + String nonce = IdentifierGenerator.generateIdentifier(NONCE_BITS, false); nonces.put(nonce, System.currentTimeMillis() + maxAge); return nonce; diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSession.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSession.java index bbd74e2a9..f89502de4 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSession.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSession.java @@ -19,7 +19,7 @@ package org.apache.guacamole.auth.saml.acs; -import org.apache.guacamole.auth.sso.AuthenticationSession; +import org.apache.guacamole.net.auth.AuthenticationSession; /** * Representation of an in-progress SAML authentication attempt. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSessionManager.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSessionManager.java index 4adf82f2c..2371bb54d 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSessionManager.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLAuthenticationSessionManager.java @@ -20,7 +20,7 @@ package org.apache.guacamole.auth.saml.acs; import com.google.inject.Singleton; -import org.apache.guacamole.auth.sso.AuthenticationSessionManager; +import org.apache.guacamole.net.auth.AuthenticationSessionManager; /** * Manager service that temporarily stores SAML authentication attempts while diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLService.java index 2fe6da4c8..37d7fa920 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/acs/SAMLService.java @@ -36,7 +36,7 @@ import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.auth.saml.conf.ConfigurationService; -import org.apache.guacamole.auth.sso.IdentifierGenerator; +import org.apache.guacamole.net.auth.IdentifierGenerator; import org.xml.sax.SAXException; /** @@ -58,12 +58,6 @@ public class SAMLService { @Inject private SAMLAuthenticationSessionManager sessionManager; - /** - * Generator of arbitrary, unique, unpredictable identifiers. - */ - @Inject - private IdentifierGenerator idGenerator; - /** * Creates a new SAML request, beginning the overall authentication flow * that will ultimately result in an asserted user identity if the user is @@ -89,7 +83,7 @@ public class SAMLService { Auth auth = new Auth(samlSettings, null, null); // Generate a unique ID to use for the relay state - String identifier = idGenerator.generateIdentifier(); + String identifier = IdentifierGenerator.generateIdentifier(); // Create the request URL for the SAML IdP String requestUrl = auth.login( diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java index d2a73c46a..47ead8820 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java @@ -24,7 +24,6 @@ import com.onelogin.saml2.settings.IdPMetadataParser; import com.onelogin.saml2.settings.Saml2Settings; import com.onelogin.saml2.settings.SettingsBuilder; import com.onelogin.saml2.util.Constants; - import java.io.File; import java.io.IOException; import java.net.URI; diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationEventListener.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationEventListener.java index 26769ced9..2d353b58e 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationEventListener.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationEventListener.java @@ -20,14 +20,8 @@ package org.apache.guacamole.auth.ssl; import com.google.inject.Inject; -import com.google.inject.Singleton; -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.auth.ssl.SSLAuthenticationSessionManager; import org.apache.guacamole.auth.sso.SSOAuthenticationEventListener; import org.apache.guacamole.net.auth.Credentials; -import org.apache.guacamole.net.event.AuthenticationFailureEvent; -import org.apache.guacamole.net.event.AuthenticationSuccessEvent; -import org.apache.guacamole.net.event.listener.Listener; /** * A Listener that will reactivate or invalidate SSL auth sessions depending on diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSession.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSession.java index 4a4c9ce8f..41813a462 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSession.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSession.java @@ -19,7 +19,7 @@ package org.apache.guacamole.auth.ssl; -import org.apache.guacamole.auth.sso.AuthenticationSession; +import org.apache.guacamole.net.auth.AuthenticationSession; /** * Representation of an in-progress SSL/TLS authentication attempt. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSessionManager.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSessionManager.java index fc1b0842f..252a2c94e 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSessionManager.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationSessionManager.java @@ -20,7 +20,7 @@ package org.apache.guacamole.auth.ssl; import com.google.inject.Singleton; -import org.apache.guacamole.auth.sso.AuthenticationSessionManager; +import org.apache.guacamole.net.auth.AuthenticationSessionManager; /** * Manager service that temporarily stores SSL/TLS authentication attempts diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSession.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSession.java similarity index 97% rename from extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSession.java rename to guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSession.java index 89d75df70..8d13e6111 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSession.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSession.java @@ -17,7 +17,7 @@ * under the License. */ -package org.apache.guacamole.auth.sso; +package org.apache.guacamole.net.auth; /** * Representation of an in-progress authentication attempt. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSessionManager.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSessionManager.java similarity index 94% rename from extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSessionManager.java rename to guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSessionManager.java index 11ef307e2..d8a47f4ef 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSessionManager.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationSessionManager.java @@ -17,10 +17,7 @@ * under the License. */ -package org.apache.guacamole.auth.sso; - -import com.google.inject.Inject; -import com.google.inject.Singleton; +package org.apache.guacamole.net.auth; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -39,14 +36,7 @@ import java.util.concurrent.TimeUnit; * @param * The type of sessions managed by this session manager. */ -@Singleton -public class AuthenticationSessionManager { - - /** - * Generator of arbitrary, unique, unpredictable identifiers. - */ - @Inject - private IdentifierGenerator idGenerator; +public abstract class AuthenticationSessionManager { /** * Map of authentication session identifiers to their associated @@ -98,7 +88,7 @@ public class AuthenticationSessionManager { * token. */ public String generateInvalid() { - return idGenerator.generateIdentifier(); + return IdentifierGenerator.generateIdentifier(); } /** @@ -193,7 +183,7 @@ public class AuthenticationSessionManager { * given session when calling resume(). */ public String defer(T session) { - String identifier = idGenerator.generateIdentifier(); + String identifier = IdentifierGenerator.generateIdentifier(); sessions.put(identifier, session); return identifier; } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/IdentifierGenerator.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/IdentifierGenerator.java similarity index 92% rename from extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/IdentifierGenerator.java rename to guacamole-ext/src/main/java/org/apache/guacamole/net/auth/IdentifierGenerator.java index 82538c6a9..fcc365a9b 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/IdentifierGenerator.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/IdentifierGenerator.java @@ -17,10 +17,9 @@ * under the License. */ -package org.apache.guacamole.auth.sso; +package org.apache.guacamole.net.auth; import com.google.common.io.BaseEncoding; -import com.google.inject.Singleton; import java.math.BigInteger; import java.security.SecureRandom; @@ -29,14 +28,13 @@ import java.security.SecureRandom; * is an arbitrary, random string produced using a cryptographically-secure * random number generator. */ -@Singleton public class IdentifierGenerator { /** * Cryptographically-secure random number generator for generating unique * identifiers. */ - private final SecureRandom secureRandom = new SecureRandom(); + private static final SecureRandom secureRandom = new SecureRandom(); /** * Generates a unique and unpredictable identifier. Each identifier is at @@ -48,7 +46,7 @@ public class IdentifierGenerator { * A unique and unpredictable identifier with at least 256 bits of * entropy. */ - public String generateIdentifier() { + public static String generateIdentifier() { return generateIdentifier(256); } @@ -65,7 +63,7 @@ public class IdentifierGenerator { * A unique and unpredictable identifier with at least the given number * of bits of entropy. */ - public String generateIdentifier(int minBits) { + public static String generateIdentifier(int minBits) { return generateIdentifier(minBits, true); } @@ -87,7 +85,7 @@ public class IdentifierGenerator { * A unique and unpredictable identifier with at least the given number * of bits of entropy. */ - public String generateIdentifier(int minBits, boolean caseSensitive) { + public static String generateIdentifier(int minBits, boolean caseSensitive) { // Generate a base64 identifier if we're allowed to vary by case if (caseSensitive) {