helmi/fetmcplugin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add the ability to define multiple authentication services

Browse Source
This commit is contained in:
sebivh
2025-10-17 13:56:15 +02:00
parent 1fc848287e
commit a0157292cc
6 changed files with 97 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/de/sebastianvonhelmersen/authentication/Authenticator.java Normal file
View File

@@ -0,0 +1,8 @@
package de.sebastianvonhelmersen.authentication;
import de.sebastianvonhelmersen.User;
public interface Authenticator {
public boolean authenticate(String username, String token);
public User getUser(String username);
}

55
src/main/java/de/sebastianvonhelmersen/authentication/FetSite.java Normal file
View File

@@ -0,0 +1,55 @@
package de.sebastianvonhelmersen.authentication;
import de.sebastianvonhelmersen.User;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
public class FetSite implements Authenticator {
private final byte[] masterPassword;
private final MessageDigest digest;
public FetSite(String masterPassword) {
this.masterPassword = masterPassword.getBytes(StandardCharsets.UTF_8);
// Setup hashing Class
try {
this.digest = MessageDigest.getInstance("SHA-256");
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
/*
Token: base64(hash(<username>) XOR <masterpasswd>)
*/
public boolean authenticate(String username, String token) {
byte[] byteToken = token.getBytes(StandardCharsets.UTF_8);
// Hash username to make comparison
byte[] userNameHash = digest.digest(username.getBytes(StandardCharsets.UTF_8));
// Decode token
// Ensure both have the same length
int length = Math.min(byteToken.length, userNameHash.length);
byte[] result = new byte[length];
// XOR each byte
for (int i = 0; i < length; i++) {
result[i] = (byte) (byteToken[i] ^ this.masterPassword[i]);
}
byte[] dec_token = Base64.getDecoder().decode(result);
// Compare hash and decoded token
return Arrays.equals(dec_token, userNameHash);
}
public User getUser(String username) {
return new User("", "", "", 0, 0, username);
}
}

104
src/main/java/de/sebastianvonhelmersen/authentication/Ldap.java Normal file
View File

@@ -0,0 +1,104 @@
package de.sebastianvonhelmersen.authentication;
import de.sebastianvonhelmersen.User;
import de.sebastianvonhelmersen.user;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.*;
import java.util.Hashtable;
public class Ldap {
/*
private static final String LDAP_URL = "ldap://192.168.1.11:389";
private static final String BASE_DN = "dc=authentik,dc=vonhelmersen,dc=online";
private static final String ADMIN_DN = "cn=akadmin,ou=users,dc=authentik,dc=vonhelmersen,dc=online"; // service account
*/
private static final String LDAP_URL = "ldap://juri:389";
private static final String BASE_DN = "dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at";
private static final String ADMIN_DN = "cn=admin,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"; // service account
public static User authenticate(String username, String password) {
try {
// 1. Bind as admin/service account
Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, LDAP_URL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_DN);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASSWORD);
DirContext ctx = new InitialDirContext(env);
// 2. Search for user DN
String filter = "(uid=" + escapeLDAPSearchFilter(username) + ")";
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = ctx.search(BASE_DN, filter, controls);
if (!results.hasMore()) {
ctx.close();
return null; // user not found
}
/*
{
givenname=givenName: Sebastian,
sn=sn: Helmersen,
userpassword=userPassword: [B@2b6cb5b5,
loginshell=loginShell: /bin/bash,
gidnumber=gidNumber: 2000,
uidnumber=uidNumber: 1196,
mail=mail: helmi@fet.at,
objectclass=objectClass: posixAccount,
inetOrgPerson,
organizationalPerson,
person,
uid=uid: helmi,
cn=cn: Sebastian Helmersen,
homedirectory=homeDirectory: /home/helmi
}
*/
// System.out.println("Results: " + results.toString());
SearchResult result = results.next();
String userDN = result.getNameInNamespace();
ctx.close();
// 3. Try binding with userDN + password
Hashtable<String, String> authEnv = new Hashtable<>();
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, LDAP_URL);
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, userDN);
authEnv.put(Context.SECURITY_CREDENTIALS, password);
new InitialDirContext(authEnv).close(); // bind attempt
return new user(result.getAttributes()); // success
} catch (Exception e) {
e.printStackTrace();
return null; // failed (invalid credentials or LDAP error)
}
}
public static String escapeLDAPSearchFilter(String input) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < input.length(); i++) {
char c = input.charAt(i);
switch (c) {
case '\\': sb.append("\\5c"); break;
case '*': sb.append("\\2a"); break;
case '(': sb.append("\\28"); break;
case ')': sb.append("\\29"); break;
case '\u0000': sb.append("\\00"); break;
default: sb.append(c);
}
}
return sb.toString();
}
}