Example 1 with SimpleClientCertificateKeyManager
use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class PlatformLayerAuthenticationClient method authenticateWithCertificate.
public PlatformlayerAuthenticationToken authenticateWithCertificate(String username, X509Certificate[] certificateChain, PrivateKey privateKey) throws PlatformlayerAuthenticationClientException {
if (username == null) {
throw new IllegalArgumentException();
}
CertificateCredentials certificateCredentials = new CertificateCredentials();
certificateCredentials.setUsername(username);
Auth auth = new Auth();
auth.setCertificateCredentials(certificateCredentials);
AuthenticateRequest request = new AuthenticateRequest();
request.setAuth(auth);
final KeyManager keyManager = new SimpleClientCertificateKeyManager(privateKey, certificateChain);
for (int i = 0; i < 2; i++) {
AuthenticateResponse response;
try {
RestfulRequest<AuthenticateResponse> httpRequest = httpClient.buildRequest(HttpMethod.POST, "api/tokens", HttpPayload.asXml(request), AuthenticateResponse.class);
httpRequest.setKeyManager(keyManager);
response = httpRequest.execute();
} catch (RestClientException e) {
throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
}
if (i == 0) {
if (response == null || response.getChallenge() == null) {
return null;
}
byte[] challenge = response.getChallenge();
byte[] challengeResponse = decrypt(privateKey, challenge);
certificateCredentials.setChallengeResponse(challengeResponse);
} else {
if (response == null || response.getAccess() == null) {
return null;
}
return new PlatformlayerAuthenticationToken(response.getAccess());
}
}
return null;
}
Also used :
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
AuthenticateResponse(org.platformlayer.auth.v1.AuthenticateResponse)
PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken)
PlatformlayerAuthenticationClientException(org.platformlayer.auth.PlatformlayerAuthenticationClientException)
AuthenticateRequest(org.platformlayer.auth.v1.AuthenticateRequest)
CertificateCredentials(org.platformlayer.auth.v1.CertificateCredentials)
Auth(org.platformlayer.auth.v1.Auth)
RestClientException(org.platformlayer.rest.RestClientException)
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 2 with SimpleClientCertificateKeyManager
use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method build.
public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
String cert = configuration.get("auth.system.tls.clientcert");
CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
HostnameVerifier hostnameVerifier = null;
KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
TrustManager trustManager = null;
String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
if (trustKeys != null) {
trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
hostnameVerifier = new AcceptAllHostnameVerifier();
}
if (log.isDebugEnabled() && certificateAndKey != null) {
X509Certificate[] chain = certificateAndKey.getCertificateChain();
log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
}
SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
return tokenValidator;
}
Also used :
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator)
RestfulClient(org.platformlayer.rest.RestfulClient)
JreRestfulClient(org.platformlayer.rest.JreRestfulClient)
X509Certificate(java.security.cert.X509Certificate)
AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManager(javax.net.ssl.TrustManager)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)
JreRestfulClient(org.platformlayer.rest.JreRestfulClient)
SslConfiguration(org.platformlayer.http.SslConfiguration)
CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 3 with SimpleClientCertificateKeyManager
use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class MetricClientImpl method buildHttpClient.
private HttpClient buildHttpClient(CertificateAndKey certificateAndKey, List<String> trustKeys) {
int port = metricBaseUrl.getPort();
if (port == -1) {
String scheme = metricBaseUrl.getScheme();
if (scheme.equals("https")) {
port = 443;
} else if (scheme.equals("http")) {
port = 80;
} else {
throw new IllegalArgumentException("Unknown scheme: " + scheme);
}
}
SchemeSocketFactory schemeSocketFactory;
try {
KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
TrustManager trustManager;
X509HostnameVerifier hostnameVerifier;
if (trustKeys != null) {
trustManager = new PublicKeyTrustManager(trustKeys);
hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
} else {
trustManager = null;
hostnameVerifier = SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
}
javax.net.ssl.SSLSocketFactory sslSocketFactory = SslHelpers.buildSslSocketFactory(keyManager, trustManager);
schemeSocketFactory = new SSLSocketFactory(sslSocketFactory, hostnameVerifier);
} catch (GeneralSecurityException e) {
throw new IllegalArgumentException("Error building SSL client", e);
}
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", port, schemeSocketFactory));
PoolingClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(connectionManager);
httpClient = new DecompressingHttpClient(httpClient);
return httpClient;
}
Also used :
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
PoolingClientConnectionManager(org.apache.http.impl.conn.PoolingClientConnectionManager)
Scheme(org.apache.http.conn.scheme.Scheme)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
SchemeSocketFactory(org.apache.http.conn.scheme.SchemeSocketFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
DecompressingHttpClient(org.apache.http.impl.client.DecompressingHttpClient)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
TrustManager(javax.net.ssl.TrustManager)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier)
SchemeRegistry(org.apache.http.conn.scheme.SchemeRegistry)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
DecompressingHttpClient(org.apache.http.impl.client.DecompressingHttpClient)
HttpClient(org.apache.http.client.HttpClient)
SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory)
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)3
KeyManager (javax.net.ssl.KeyManager)3
PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)2
TrustManager (javax.net.ssl.TrustManager)2
CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1
AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1
GeneralSecurityException (java.security.GeneralSecurityException)1
X509Certificate (java.security.cert.X509Certificate)1
HostnameVerifier (javax.net.ssl.HostnameVerifier)1
HttpClient (org.apache.http.client.HttpClient)1
Scheme (org.apache.http.conn.scheme.Scheme)1
SchemeRegistry (org.apache.http.conn.scheme.SchemeRegistry)1
SchemeSocketFactory (org.apache.http.conn.scheme.SchemeSocketFactory)1
SSLSocketFactory (org.apache.http.conn.ssl.SSLSocketFactory)1
X509HostnameVerifier (org.apache.http.conn.ssl.X509HostnameVerifier)1
DecompressingHttpClient (org.apache.http.impl.client.DecompressingHttpClient)1
DefaultHttpClient (org.apache.http.impl.client.DefaultHttpClient)1
PoolingClientConnectionManager (org.apache.http.impl.conn.PoolingClientConnectionManager)1
AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)1
PlatformlayerAuthenticationClientException (org.platformlayer.auth.PlatformlayerAuthenticationClientException)1
