/*
* Created on Aug 26, 2004
*
* TODO To change the template for this generated file go to
* Window - Preferences - Java - Code Style - Code Templates
*/
package net.reliableresponse.notification.broker.impl.sql;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Date;
import net.reliableresponse.notification.broker.AuthenticationBroker;
import net.reliableresponse.notification.broker.BrokerFactory;
import net.reliableresponse.notification.license.Coupon;
import net.reliableresponse.notification.license.Pricing;
import net.reliableresponse.notification.usermgmt.Account;
import net.reliableresponse.notification.usermgmt.Member;
import net.reliableresponse.notification.usermgmt.User;
import net.reliableresponse.notification.util.Base64;
/**
* @author drig
*
* Copyright 2004 - David Rudder
*/
public abstract class GenericSQLAuthenticationBroker implements
AuthenticationBroker {
public abstract Connection getConnection();
public String getPassphraseHash(String passphrase, String identifier) {
StringBuffer output = new StringBuffer();
String[] hashes = { "MD5", "SHA-1" };
for (int hashNum = 0; hashNum < hashes.length; hashNum++) {
try {
MessageDigest hash = MessageDigest.getInstance(hashes[hashNum]);
hash.update(identifier.getBytes());
hash.update(":".getBytes());
hash.update(passphrase.getBytes());
output.append(Base64.byteArrayToBase64(hash.digest()));
} catch (NoSuchAlgorithmException e) {
BrokerFactory.getLoggingBroker().logError(e);
}
}
return output.toString();
}
/* (non-Javadoc)
* @see net.reliableresponse.notification.broker.AuthenticationBroker#addUser(java.lang.String, java.lang.Object)
*/
public void addUser(String identifier, Object authenticationInformation, User user) {
PreparedStatement stmt = null;
Connection connection = getConnection();
String sql = "INSERT INTO authentication(passphrase, member, userinfo) values (?, ?, ?)";
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, getPassphraseHash(authenticationInformation
.toString(), identifier));
stmt.setString(2, user.getUuid());
stmt.setString(3, identifier);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
/* (non-Javadoc)
* @see net.reliableresponse.notification.broker.AuthenticationBroker#authenticate(java.lang.String, java.lang.Object)
*/
public User authenticate(String identifier,
Object authenticationInformation) {
String sql = "SELECT a.passphrase, a.userinfo, a.member FROM authentication a, member m WHERE m.deleted='N' AND a.member=m.uuid AND (a.userinfo=? OR a.member=?)";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, identifier);
stmt.setString(2, identifier);
rs = stmt.executeQuery();
if (rs.next()) {
String passphrase = rs.getString(1);
String userinfo = rs.getString(2);
String member = rs.getString(3);
boolean matches = getPassphraseHash(authenticationInformation.toString(), userinfo).equals(passphrase);
BrokerFactory.getLoggingBroker().logDebug(identifier+" did "+(matches?"":"not ")+" authenticate");
if (matches) {
return BrokerFactory.getUserMgmtBroker().getUserByUuid(member);
} else {
return null;
}
} else {
BrokerFactory.getLoggingBroker().logWarn("User "+identifier+" was not found in the database");
return null;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
return null;
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
public String getIdentifierByUser(User user) {
String sql = "SELECT userinfo FROM authentication WHERE member=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, user.getUuid());
rs = stmt.executeQuery();
if (rs.next()) {
return rs.getString(1);
} else {
return null;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
return null;
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
public User getUserByIdentifier(String identifier) {
String sql = "SELECT member FROM authentication WHERE userinfo=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, identifier);
rs = stmt.executeQuery();
if (rs.next()) {
return BrokerFactory.getUserMgmtBroker().getUserByUuid(rs.getString(1));
} else {
return null;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
return null;
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
private String getIdentifier(Member member) {
String sql = "SELECT userinfo FROM authentication WHERE member=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, member.getUuid());
rs = stmt.executeQuery();
if (rs.next()) {
return rs.getString(1);
} else {
return null;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
return null;
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
public void changePassword (String identifier, Object authenticationInfo) {
String sql = "UPDATE authentication SET passphrase=? WHERE userinfo=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, getPassphraseHash(authenticationInfo.toString(), identifier));
stmt.setString(2, identifier);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
public void changePassword (User user, Object authenticationInfo) {
String identifier = getIdentifier(user);
if (identifier == null) {
addUser (user.getEmailAddress(), authenticationInfo, user);
return;
}
String sql = "UPDATE authentication SET passphrase=? WHERE member=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, getPassphraseHash(authenticationInfo.toString(), identifier));
stmt.setString(2, user.getUuid());
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
/* (non-Javadoc)
* @see net.reliableresponse.notification.broker.AuthenticationBroker#removeUser(java.lang.String)
*/
public void removeUser(String identifier) {
removeGeneric("identifier", identifier);
}
public void removeUser(User user) {
removeGeneric("member", user.getUuid());
}
public void removeGeneric (String param, String identifier) {
String sql = "DELETE FROM authentication WHERE "+param+"=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, identifier);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
public String getPasswordChangeToken(Member user) {
String uuid = BrokerFactory.getUUIDBroker().getUUID(user.getUuid()+System.currentTimeMillis());
PreparedStatement stmt = null;
Connection connection = getConnection();
String sql = "UPDATE authentication SET resetkey=?, resettime=? WHERE member=?";
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, uuid);
stmt.setTimestamp(2, new Timestamp(System.currentTimeMillis()));
stmt.setString(3, user.getUuid());
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
return uuid;
}
public boolean supportsChangingPasswords() {
return true;
}
public User getUserByPasswordToken(String token) {
String uuid = null;
String sql = "SELECT member FROM authentication WHERE resetkey=? AND resettime>?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, token);
stmt.setTimestamp(2, new Timestamp (System.currentTimeMillis() - (60*60*1000*2)));
rs = stmt.executeQuery();
if (rs.next()) {
uuid = rs.getString(1);
if (uuid != null) {
User user = BrokerFactory.getUserMgmtBroker().getUserByUuid(uuid);
return user;
}
} else {
return null;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
return null;
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
return null;
}
public boolean supportsAddingUsers() {
return true;
}
public boolean supportsDeletingUsers() {
return true;
}
public void logAuthentication(boolean succeeded, String username,
User user, String originatingAddress, Date date) {
if (1==1) return;
PreparedStatement stmt = null;
Connection connection = getConnection();
String sql = "INSERT INTO loginlog(uuid, time, succeeded, username, originatingAddress) values (?, ?, ?, ?, ?)";
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
if (user != null) {
stmt.setString(1, user.getUuid());
} else {
stmt.setString (1, "");
}
stmt.setTimestamp(2, new Timestamp(date.getTime()));
stmt.setString(3, succeeded?"T":"F");
stmt.setString(4, username);
stmt.setString(5, originatingAddress);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
}