[GitHub] incubator-guacamole-client pull request #183: GUACAMOLE-362: Add support for...

Mon, 25 Sep 2017 19:29:54 -0700 

Github user necouchman commented on a diff in the pull request:

    
https://github.com/apache/incubator-guacamole-client/pull/183#discussion_r140944932
  
    --- Diff: 
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
 ---
    @@ -105,4 +146,59 @@ public AuthenticatedUser authenticateUser(Credentials 
credentials)
     
         }
     
    +    /**
    +     * Takes an encrypted string representing a password provided by
    +     * the CAS ClearPass service and decrypts it using the private
    +     * key configured for this extension.  Returns null if it is
    +     * unable to decrypt the password.
    +     *
    +     * @param encryptedPassword
    +     *     A string with the encrypted password provided by the
    +     *     CAS service.
    +     *
    +     * @return
    +     *     The decrypted password, or null if it is unable to
    +     *     decrypt the password.
    +     *
    +     * @throws GuacamoleException
    +     *     If unable to get Guacamole configuration data
    +     */
    +    private final String decryptPassword(String encryptedPassword)
    +            throws GuacamoleException {
    +
    +        // If we get nothing, we return nothing.
    +        if (encryptedPassword == null || encryptedPassword.isEmpty()) {
    +            logger.warn("No or empty encrypted password, no password will 
be available.");
    +            return null;
    +        }
    +
    +        final PrivateKey clearpassKey = confService.getClearpassKey();
    +        if (clearpassKey == null) {
    +            logger.warn("No private key available to decrypt password.");
    +            return null;
    +        }
    +
    +        try {
    +
    +            final Cipher cipher = 
Cipher.getInstance(clearpassKey.getAlgorithm());
    +
    +            if (cipher == null)
    +                throw new GuacamoleServerException("Failed to initialize 
cipher object with private key.");
    +
    +            // Initialize the Cipher in decrypt mode.
    +            cipher.init(Cipher.DECRYPT_MODE, clearpassKey);
    +
    +            // Decode and decrypt, and return a new string.
    +            final byte[] pass64 = 
DatatypeConverter.parseBase64Binary(encryptedPassword);
    +            final byte[] cipherData = cipher.doFinal(pass64);
    +            return new String(cipherData);
    +
    +        }
    +        catch (Throwable t) {
    --- End diff --
    
    I think the number of things I was catching individually was getting really 
long - after I hit 8, I think, I decided maybe just catching Throwable was 
easier than going through and catching them each individually.
    
    Is catching Throwable considered poor form (lazy, perhaps :-) vs. catching 
each item individually, particularly if they're all going to be re-thrown as 
GuacamoleServerExceptions, anyway?  I'll go back the other way if that's the 
proper way to do it...


---

Reply via email to