API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 25th, 2016
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 8.16 KB | None | 0 0
raw download clone embed print report
  1. package com.berbee.ipt.broadcastsystem.web;
  2.  
  3. import com.berbee.brlap.LogConfig;
  4. import com.berbee.brlap.model2.PageErrors;
  5. import com.berbee.brlap.model2.PageMessage;
  6. import com.berbee.ippaging.licensing.a;
  7. import com.berbee.ipt.broadcastsystem.security.BrlapSecurityProvider;
  8. import com.berbee.ipt.broadcastsystem.web.auth.LoginCommand;
  9. import com.berbee.ipt.broadcastsystem.web.auth.SecurityConfigurationId;
  10. import com.berbee.ipt.security.SecurityDomain;
  11. import com.berbee.ipt.security.SecurityDomainUser;
  12. import com.berbee.ipt.security.UserRole;
  13. import com.berbee.ipt.security.f;
  14. import com.berbee.ipt.security.j;
  15. import java.security.KeyFactory;
  16. import java.security.PublicKey;
  17. import java.security.Signature;
  18. import java.security.spec.X509EncodedKeySpec;
  19. import java.util.Arrays;
  20. import java.util.Collection;
  21. import java.util.Iterator;
  22. import java.util.List;
  23. import java.util.Random;
  24. import java.util.Set;
  25. import javax.servlet.http.HttpServletRequest;
  26. import javax.servlet.http.HttpServletResponse;
  27. import org.apache.log4j.Logger;
  28.  
  29. public class ResetAdminCommand
  30.   extends AbstractInformaCastCommand
  31. {
  32.   private static Logger jdField_a_of_type_OrgApacheLog4jLogger = Logger.getLogger(ResetAdminCommand.class);
  33.   private static PublicKey jdField_a_of_type_JavaSecurityPublicKey;
  34.  
  35.   public String execute(HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse)
  36.   {
  37.     ensureConfigured();
  38.     if (paramHttpServletRequest.getParameter("cancel.x") != null) {
  39.       return returnFromSubtask(paramHttpServletRequest, paramHttpServletResponse, null, "No changes made.");
  40.     }
  41.     String str = "view";
  42.     if (paramHttpServletRequest.getParameter("update.x") != null) {
  43.       str = "update";
  44.     }
  45.     if (b(paramHttpServletRequest, str)) {
  46.       return returnFromSubtask(paramHttpServletRequest, paramHttpServletResponse, null, "That action cannot be performed by an InformaCast subscriber.");
  47.     }
  48.     if ((paramHttpServletRequest.getParameter("update.x") != null) && (isCurrent(paramHttpServletRequest)))
  49.     {
  50.       LogConfig.LOGGER_AUDIT_TRAIL.info("A user is attempting to reset the administrative login");
  51.       if (a(paramHttpServletRequest))
  52.       {
  53.         a(paramHttpServletRequest);
  54.         return returnFromSubtask(paramHttpServletRequest, paramHttpServletResponse, null, "Administrative access was reset. You may now log in using the default admin credentials.");
  55.       }
  56.     }
  57.     paramHttpServletRequest.setAttribute("title", new PageMessage("InformaCast: Reset Admin Access"));
  58.     paramHttpServletRequest.setAttribute("longTitle", new PageMessage("Reset Administrative Access"));
  59.    
  60.     paramHttpServletRequest.setAttribute("challenge", new PageMessage(a()));
  61.    
  62.     LogConfig.LOGGER_AUDIT_TRAIL.info("The administrative reset interface has been viewed. Request address: " + paramHttpServletRequest
  63.       .getRemoteAddr());
  64.     jdField_a_of_type_OrgApacheLog4jLogger.info("The administrative reset interface has been viewed.");
  65.    
  66.     return "/WEB-INF/view/broadcast/reset_admin.jsp";
  67.   }
  68.  
  69.   private String a()
  70.   {
  71.     return b();
  72.   }
  73.  
  74.   private boolean a(HttpServletRequest paramHttpServletRequest)
  75.   {
  76.     if (requireParameter(paramHttpServletRequest, "authorization", null))
  77.     {
  78.       String str = a();
  79.       if (jdField_a_of_type_JavaSecurityPublicKey == null) {
  80.         a();
  81.       }
  82.       Signature localSignature = Signature.getInstance("SHA1withDSA");
  83.       localSignature.initVerify(jdField_a_of_type_JavaSecurityPublicKey);
  84.       localSignature.update(str.getBytes());
  85.      
  86.       PageErrors localPageErrors = PageErrors.getInstance(paramHttpServletRequest);
  87.       try
  88.       {
  89.         if (localSignature.verify(a.a(paramHttpServletRequest.getParameter("authorization")))) {
  90.           return true;
  91.         }
  92.         localPageErrors.recordFieldError("authorization", "Authorization code rejected");
  93.       }
  94.       catch (Exception localException)
  95.       {
  96.         localPageErrors.recordFieldError("authorization", "Authorization code not valid: " + localException);
  97.       }
  98.     }
  99.     LogConfig.LOGGER_AUDIT_TRAIL.warn("An attempt to reset administrative access has failed. Request address: " + paramHttpServletRequest
  100.       .getRemoteAddr());
  101.     jdField_a_of_type_OrgApacheLog4jLogger.warn("An attempt to reset administrative access has failed.");
  102.     return false;
  103.   }
  104.  
  105.   private static final List<String> jdField_a_of_type_JavaUtilList = Arrays.asList(new String[] { "messageSender", "messageSenderDNsRestricted", "schedAdjuster", "schedEditor" });
  106.  
  107.   private void a(HttpServletRequest paramHttpServletRequest)
  108.   {
  109.     SecurityConfigurationId localSecurityConfigurationId = LoginCommand.BUILTIN_SECURITY_CONFIG;
  110.     BrlapSecurityProvider localBrlapSecurityProvider = (BrlapSecurityProvider)localSecurityConfigurationId.getProvider();
  111.     SecurityDomain localSecurityDomain = localBrlapSecurityProvider.getDomainInstance(localSecurityConfigurationId.getConfiguration());
  112.     Object localObject1 = null;
  113.     for (Iterator localIterator = localSecurityDomain.getUsers().iterator(); localIterator.hasNext();)
  114.     {
  115.       localObject2 = (SecurityDomainUser)localIterator.next();
  116.       if (((SecurityDomainUser)localObject2).getLogin().equals("admin"))
  117.       {
  118.         localObject1 = localObject2;
  119.         break;
  120.       }
  121.     }
  122.     Object localObject2;
  123.     if (localObject1 == null)
  124.     {
  125.       localObject1 = localSecurityDomain.createUser("admin", "changeMe", "Temporary", "Administrator");
  126.       jdField_a_of_type_OrgApacheLog4jLogger.info("Created new default admin user");
  127.     }
  128.     else
  129.     {
  130.       ((SecurityDomainUser)localObject1).setPlaintextPassword("changeMe");
  131.       jdField_a_of_type_OrgApacheLog4jLogger.info("Reset admin user's password to default");
  132.     }
  133.     ((SecurityDomainUser)localObject1).getRoles().clear();
  134.     jdField_a_of_type_OrgApacheLog4jLogger.info("Cleared admin user's roles");
  135.     for (localIterator = f.a().a().a().iterator(); localIterator.hasNext();)
  136.     {
  137.       localObject2 = (UserRole)localIterator.next();
  138.       if (!jdField_a_of_type_JavaUtilList.contains(((UserRole)localObject2).getName()))
  139.       {
  140.         ((SecurityDomainUser)localObject1).getRoles().add(localObject2);
  141.         jdField_a_of_type_OrgApacheLog4jLogger.info("Added role " + localObject2 + " to admin user");
  142.       }
  143.     }
  144.     localSecurityDomain.updateUser((SecurityDomainUser)localObject1);
  145.    
  146.     jdField_a_of_type_OrgApacheLog4jLogger.warn("Administrative access has been reset to the default state.");
  147.     LogConfig.LOGGER_AUDIT_TRAIL.warn("Administrative access was reset to the default state. Request address: " + paramHttpServletRequest
  148.       .getRemoteAddr());
  149.    
  150.     new ay(this)
  151.    
  152.       .call();
  153.   }
  154.  
  155.   private String b()
  156.   {
  157.     try
  158.     {
  159.       String str = (String)new az(this).call();
  160.       return Integer.toHexString(Integer.parseInt(str));
  161.     }
  162.     catch (Exception localException)
  163.     {
  164.       Random localRandom = new Random();
  165.       int i = -1;
  166.       while (i < 0) {
  167.         i = localRandom.nextInt();
  168.       }
  169.       int j = i;
  170.      
  171.       new aA(this, j)
  172.      
  173.         .call();
  174.      
  175.       return Integer.toHexString(j);
  176.     }
  177.   }
  178.  
  179.   private void a()
  180.   {
  181.     jdField_a_of_type_OrgApacheLog4jLogger.debug("Setting up public key for signature verification");
  182.    
  183.     byte[] arrayOfByte = a.a("MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAJBB86oL1Qyy8XJOlsBb61Qn1N614bsJhbxmu7r2QW7sahdabgEjH2zD7r18vfYkjUuSgCijK3p/SOMg3Zv8u3CTM8beoA+pjShjRyXDx1P2QcYQAgjHAzgX1Njl/mERimsraZ1kN6SEYkKfb3ImZgMy3QEQ1BZUCZRpudQl0zQn");
  184.    
  185.     X509EncodedKeySpec localX509EncodedKeySpec = new X509EncodedKeySpec(arrayOfByte);
  186.    
  187.     KeyFactory localKeyFactory = KeyFactory.getInstance("DSA");
  188.     jdField_a_of_type_JavaSecurityPublicKey = localKeyFactory.generatePublic(localX509EncodedKeySpec);
  189.   }
  190. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!