Search in sources :

Example 1 with ThreadLocalHostnameDelegatingTrustManager

use of ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager in project cyberduck by iterate-ch.

the class S3Session method login.

@Override
public void login(final Proxy proxy, final LoginCallback prompt, final CancelCallback cancel) throws BackgroundException {
    if (Scheme.isURL(host.getProtocol().getContext())) {
        try {
            final Credentials temporary = new AWSSessionCredentialsRetriever(trust, key, this, host.getProtocol().getContext()).get();
            client.setProviderCredentials(new AWSSessionCredentials(temporary.getUsername(), temporary.getPassword(), temporary.getToken()));
        } catch (ConnectionTimeoutException | ConnectionRefusedException | ResolveFailedException | NotfoundException | InteroperabilityException e) {
            log.warn(String.format("Failure to retrieve session credentials from . %s", e.getMessage()));
            throw new LoginFailureException(e.getDetail(false), e);
        }
    } else {
        final Credentials credentials;
        // Only for AWS
        if (isAwsHostname(host.getHostname())) {
            // Try auto-configure
            credentials = new STSCredentialsConfigurator(new ThreadLocalHostnameDelegatingTrustManager(trust, host.getHostname()), key, prompt).configure(host);
        } else {
            credentials = host.getCredentials();
        }
        if (StringUtils.isNotBlank(credentials.getToken())) {
            client.setProviderCredentials(credentials.isAnonymousLogin() ? null : new AWSSessionCredentials(credentials.getUsername(), credentials.getPassword(), credentials.getToken()));
        } else {
            client.setProviderCredentials(credentials.isAnonymousLogin() ? null : new AWSCredentials(credentials.getUsername(), credentials.getPassword()));
        }
    }
    if (host.getCredentials().isPassed()) {
        log.warn(String.format("Skip verifying credentials with previous successful authentication event for %s", this));
        return;
    }
    try {
        final Location.Name location = new S3PathStyleFallbackAdapter<>(this, new BackgroundExceptionCallable<Location.Name>() {

            @Override
            public Location.Name call() throws BackgroundException {
                return new S3LocationFeature(S3Session.this, client.getRegionEndpointCache()).getLocation(new DelegatingHomeFeature(new DefaultPathHomeFeature(host)).find());
            }
        }).call();
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieved region %s", location));
        }
        if (!Location.unknown.equals(location)) {
            client.getConfiguration().setProperty("storage-service.default-region", location.getIdentifier());
        }
    } catch (AccessDeniedException | InteroperabilityException e) {
        log.warn(String.format("Failure %s querying region", e));
        final Path home = new DefaultHomeFinderService(this).find();
        if (log.isDebugEnabled()) {
            log.debug(String.format("Retrieved %s", home));
        }
    }
}
Also used : Path(ch.cyberduck.core.Path) NotfoundException(ch.cyberduck.core.exception.NotfoundException) AccessDeniedException(ch.cyberduck.core.exception.AccessDeniedException) InteroperabilityException(ch.cyberduck.core.exception.InteroperabilityException) DelegatingHomeFeature(ch.cyberduck.core.shared.DelegatingHomeFeature) DefaultPathHomeFeature(ch.cyberduck.core.shared.DefaultPathHomeFeature) DefaultHomeFinderService(ch.cyberduck.core.shared.DefaultHomeFinderService) ConnectionRefusedException(ch.cyberduck.core.exception.ConnectionRefusedException) ResolveFailedException(ch.cyberduck.core.exception.ResolveFailedException) AWSCredentials(org.jets3t.service.security.AWSCredentials) BackgroundExceptionCallable(ch.cyberduck.core.threading.BackgroundExceptionCallable) ConnectionTimeoutException(ch.cyberduck.core.exception.ConnectionTimeoutException) LoginFailureException(ch.cyberduck.core.exception.LoginFailureException) AWSSessionCredentials(org.jets3t.service.security.AWSSessionCredentials) ThreadLocalHostnameDelegatingTrustManager(ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager) AWSSessionCredentialsRetriever(ch.cyberduck.core.auth.AWSSessionCredentialsRetriever) AWSCredentials(org.jets3t.service.security.AWSCredentials) Credentials(ch.cyberduck.core.Credentials) AWSSessionCredentials(org.jets3t.service.security.AWSSessionCredentials) STSCredentialsConfigurator(ch.cyberduck.core.sts.STSCredentialsConfigurator)

Example 2 with ThreadLocalHostnameDelegatingTrustManager

use of ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager in project cyberduck by iterate-ch.

the class FreenetAuthenticatedUrlProvider method toUrl.

@Override
public DescriptiveUrl toUrl(final Host bookmark) {
    try {
        // Run password flow
        final TokenResponse response;
        try {
            final Host target = new Host(new DAVSSLProtocol(), "oauth.freenet.de");
            final X509TrustManager trust = new KeychainX509TrustManager(new DisabledCertificateTrustCallback(), new DefaultTrustManagerHostnameCallback(target), CertificateStoreFactory.get());
            final X509KeyManager key = new KeychainX509KeyManager(new DisabledCertificateIdentityCallback(), target, CertificateStoreFactory.get());
            final CloseableHttpClient client = new HttpConnectionPoolBuilder(target, new ThreadLocalHostnameDelegatingTrustManager(trust, target.getHostname()), key, ProxyFactory.get()).build(ProxyFactory.get().find(new ProxyHostUrlProvider().get(target)), new DisabledTranscriptListener(), new DisabledLoginCallback()).setUserAgent(new FreenetUserAgentProvider().get()).build();
            final String username = bookmark.getCredentials().getUsername();
            final String password;
            if (StringUtils.isBlank(bookmark.getCredentials().getPassword())) {
                password = PasswordStoreFactory.get().findLoginPassword(bookmark);
            } else {
                password = bookmark.getCredentials().getPassword();
            }
            response = new PasswordTokenRequest(new ApacheHttpTransport(client), new GsonFactory(), new GenericUrl("https://oauth.freenet.de/oauth/token"), username, password).setClientAuthentication(new BasicAuthentication("desktop_client", "6LIGIHuOSkznLomu5xw0EPPBJOXb2jLp")).setRequestInitializer(new UserAgentHttpRequestInitializer(new FreenetUserAgentProvider())).set("world", new HostPreferences(bookmark).getProperty("world")).set("webLogin", Boolean.TRUE).execute();
            final FreenetTemporaryLoginResponse login = this.getLoginSession(client, response.getAccessToken());
            return new DescriptiveUrl(URI.create(login.urls.login), DescriptiveUrl.Type.authenticated);
        } catch (IOException e) {
            throw new HttpExceptionMappingService().map(e);
        }
    } catch (BackgroundException e) {
        log.warn(String.format("Failure %s retrieving authenticated URL for %s", e, bookmark));
        return DescriptiveUrl.EMPTY;
    }
}
Also used : UserAgentHttpRequestInitializer(ch.cyberduck.core.http.UserAgentHttpRequestInitializer) KeychainX509KeyManager(ch.cyberduck.core.ssl.KeychainX509KeyManager) DisabledCertificateIdentityCallback(ch.cyberduck.core.DisabledCertificateIdentityCallback) ProxyHostUrlProvider(ch.cyberduck.core.proxy.ProxyHostUrlProvider) GenericUrl(com.google.api.client.http.GenericUrl) DAVSSLProtocol(ch.cyberduck.core.dav.DAVSSLProtocol) KeychainX509TrustManager(ch.cyberduck.core.ssl.KeychainX509TrustManager) HttpExceptionMappingService(ch.cyberduck.core.http.HttpExceptionMappingService) HttpConnectionPoolBuilder(ch.cyberduck.core.http.HttpConnectionPoolBuilder) KeychainX509KeyManager(ch.cyberduck.core.ssl.KeychainX509KeyManager) X509KeyManager(ch.cyberduck.core.ssl.X509KeyManager) DisabledCertificateTrustCallback(ch.cyberduck.core.DisabledCertificateTrustCallback) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) GsonFactory(com.google.api.client.json.gson.GsonFactory) Host(ch.cyberduck.core.Host) IOException(java.io.IOException) DisabledTranscriptListener(ch.cyberduck.core.DisabledTranscriptListener) HostPreferences(ch.cyberduck.core.preferences.HostPreferences) DescriptiveUrl(ch.cyberduck.core.DescriptiveUrl) TokenResponse(com.google.api.client.auth.oauth2.TokenResponse) X509TrustManager(ch.cyberduck.core.ssl.X509TrustManager) KeychainX509TrustManager(ch.cyberduck.core.ssl.KeychainX509TrustManager) DisabledLoginCallback(ch.cyberduck.core.DisabledLoginCallback) ThreadLocalHostnameDelegatingTrustManager(ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager) DefaultTrustManagerHostnameCallback(ch.cyberduck.core.ssl.DefaultTrustManagerHostnameCallback) BasicAuthentication(com.google.api.client.http.BasicAuthentication) PasswordTokenRequest(com.google.api.client.auth.oauth2.PasswordTokenRequest) ApacheHttpTransport(com.google.api.client.http.apache.v2.ApacheHttpTransport) BackgroundException(ch.cyberduck.core.exception.BackgroundException)

Example 3 with ThreadLocalHostnameDelegatingTrustManager

use of ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager in project cyberduck by iterate-ch.

the class BrickPairingFeature method delete.

@Override
public void delete(final Host bookmark) throws BackgroundException {
    try {
        final String token = store.findLoginPassword(bookmark);
        if (StringUtils.isNotBlank(token)) {
            log.warn(String.format("Delete pairing for %s", bookmark));
            final X509TrustManager trust = new KeychainX509TrustManager(new DisabledCertificateTrustCallback(), new DefaultTrustManagerHostnameCallback(bookmark), CertificateStoreFactory.get());
            final X509KeyManager key = new KeychainX509KeyManager(new DisabledCertificateIdentityCallback(), bookmark, CertificateStoreFactory.get());
            final HttpConnectionPoolBuilder builder = new HttpConnectionPoolBuilder(bookmark, new ThreadLocalHostnameDelegatingTrustManager(trust, bookmark.getHostname()), key, ProxyFactory.get());
            final HttpClientBuilder configuration = builder.build(ProxyFactory.get().find(new ProxyHostUrlProvider().get(bookmark)), new DisabledTranscriptListener(), new DisabledLoginCallback());
            configuration.setDefaultAuthSchemeRegistry(RegistryBuilder.<AuthSchemeProvider>create().build());
            final CloseableHttpClient client = configuration.build();
            final HttpRequestBase resource = new HttpDelete(String.format("%s/api/rest/v1/api_key", new HostUrlProvider().withUsername(false).withPath(false).get(bookmark)));
            resource.setHeader("X-FilesAPI-Key", token);
            resource.setHeader(HttpHeaders.ACCEPT, "application/json");
            resource.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
            if (log.isInfoEnabled()) {
                log.info(String.format("Delete paring key %s", token));
            }
            client.execute(resource, new ResponseHandler<Void>() {

                @Override
                public Void handleResponse(final HttpResponse response) {
                    return null;
                }
            });
            client.close();
        }
    } catch (HttpResponseException e) {
        throw new DefaultHttpResponseExceptionMappingService().map(e);
    } catch (IOException e) {
        throw new DefaultIOExceptionMappingService().map(e);
    } finally {
        store.delete(bookmark);
    }
}
Also used : HttpRequestBase(org.apache.http.client.methods.HttpRequestBase) HttpDelete(org.apache.http.client.methods.HttpDelete) KeychainX509KeyManager(ch.cyberduck.core.ssl.KeychainX509KeyManager) DisabledCertificateIdentityCallback(ch.cyberduck.core.DisabledCertificateIdentityCallback) HttpResponseException(org.apache.http.client.HttpResponseException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) ProxyHostUrlProvider(ch.cyberduck.core.proxy.ProxyHostUrlProvider) KeychainX509TrustManager(ch.cyberduck.core.ssl.KeychainX509TrustManager) HttpConnectionPoolBuilder(ch.cyberduck.core.http.HttpConnectionPoolBuilder) KeychainX509KeyManager(ch.cyberduck.core.ssl.KeychainX509KeyManager) X509KeyManager(ch.cyberduck.core.ssl.X509KeyManager) DisabledCertificateTrustCallback(ch.cyberduck.core.DisabledCertificateTrustCallback) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) DefaultHttpResponseExceptionMappingService(ch.cyberduck.core.http.DefaultHttpResponseExceptionMappingService) ProxyHostUrlProvider(ch.cyberduck.core.proxy.ProxyHostUrlProvider) HostUrlProvider(ch.cyberduck.core.HostUrlProvider) HttpResponse(org.apache.http.HttpResponse) IOException(java.io.IOException) DisabledTranscriptListener(ch.cyberduck.core.DisabledTranscriptListener) X509TrustManager(ch.cyberduck.core.ssl.X509TrustManager) KeychainX509TrustManager(ch.cyberduck.core.ssl.KeychainX509TrustManager) DisabledLoginCallback(ch.cyberduck.core.DisabledLoginCallback) ThreadLocalHostnameDelegatingTrustManager(ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager) DefaultTrustManagerHostnameCallback(ch.cyberduck.core.ssl.DefaultTrustManagerHostnameCallback) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) DefaultIOExceptionMappingService(ch.cyberduck.core.DefaultIOExceptionMappingService)

Aggregations

ThreadLocalHostnameDelegatingTrustManager (ch.cyberduck.core.ssl.ThreadLocalHostnameDelegatingTrustManager)3 DisabledCertificateIdentityCallback (ch.cyberduck.core.DisabledCertificateIdentityCallback)2 DisabledCertificateTrustCallback (ch.cyberduck.core.DisabledCertificateTrustCallback)2 DisabledLoginCallback (ch.cyberduck.core.DisabledLoginCallback)2 DisabledTranscriptListener (ch.cyberduck.core.DisabledTranscriptListener)2 HttpConnectionPoolBuilder (ch.cyberduck.core.http.HttpConnectionPoolBuilder)2 ProxyHostUrlProvider (ch.cyberduck.core.proxy.ProxyHostUrlProvider)2 DefaultTrustManagerHostnameCallback (ch.cyberduck.core.ssl.DefaultTrustManagerHostnameCallback)2 KeychainX509KeyManager (ch.cyberduck.core.ssl.KeychainX509KeyManager)2 KeychainX509TrustManager (ch.cyberduck.core.ssl.KeychainX509TrustManager)2 X509KeyManager (ch.cyberduck.core.ssl.X509KeyManager)2 X509TrustManager (ch.cyberduck.core.ssl.X509TrustManager)2 Credentials (ch.cyberduck.core.Credentials)1 DefaultIOExceptionMappingService (ch.cyberduck.core.DefaultIOExceptionMappingService)1 DescriptiveUrl (ch.cyberduck.core.DescriptiveUrl)1 Host (ch.cyberduck.core.Host)1 HostUrlProvider (ch.cyberduck.core.HostUrlProvider)1 Path (ch.cyberduck.core.Path)1 AWSSessionCredentialsRetriever (ch.cyberduck.core.auth.AWSSessionCredentialsRetriever)1 DAVSSLProtocol (ch.cyberduck.core.dav.DAVSSLProtocol)1