use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class PlatformLayerAuthenticationClient method authenticateWithCertificate.
public PlatformlayerAuthenticationToken authenticateWithCertificate(String username, X509Certificate[] certificateChain, PrivateKey privateKey) throws PlatformlayerAuthenticationClientException {
if (username == null) {
throw new IllegalArgumentException();
}
CertificateCredentials certificateCredentials = new CertificateCredentials();
certificateCredentials.setUsername(username);
Auth auth = new Auth();
auth.setCertificateCredentials(certificateCredentials);
AuthenticateRequest request = new AuthenticateRequest();
request.setAuth(auth);
final KeyManager keyManager = new SimpleClientCertificateKeyManager(privateKey, certificateChain);
for (int i = 0; i < 2; i++) {
AuthenticateResponse response;
try {
RestfulRequest<AuthenticateResponse> httpRequest = httpClient.buildRequest(HttpMethod.POST, "api/tokens", HttpPayload.asXml(request), AuthenticateResponse.class);
httpRequest.setKeyManager(keyManager);
response = httpRequest.execute();
} catch (RestClientException e) {
throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
}
if (i == 0) {
if (response == null || response.getChallenge() == null) {
return null;
}
byte[] challenge = response.getChallenge();
byte[] challengeResponse = decrypt(privateKey, challenge);
certificateCredentials.setChallengeResponse(challengeResponse);
} else {
if (response == null || response.getAccess() == null) {
return null;
}
return new PlatformlayerAuthenticationToken(response.getAccess());
}
}
return null;
}
use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method build.
public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
String cert = configuration.get("auth.system.tls.clientcert");
CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
HostnameVerifier hostnameVerifier = null;
KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
TrustManager trustManager = null;
String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
if (trustKeys != null) {
trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
hostnameVerifier = new AcceptAllHostnameVerifier();
}
if (log.isDebugEnabled() && certificateAndKey != null) {
X509Certificate[] chain = certificateAndKey.getCertificateChain();
log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
}
SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
return tokenValidator;
}
use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.
the class MetricClientImpl method buildHttpClient.
private HttpClient buildHttpClient(CertificateAndKey certificateAndKey, List<String> trustKeys) {
int port = metricBaseUrl.getPort();
if (port == -1) {
String scheme = metricBaseUrl.getScheme();
if (scheme.equals("https")) {
port = 443;
} else if (scheme.equals("http")) {
port = 80;
} else {
throw new IllegalArgumentException("Unknown scheme: " + scheme);
}
}
SchemeSocketFactory schemeSocketFactory;
try {
KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
TrustManager trustManager;
X509HostnameVerifier hostnameVerifier;
if (trustKeys != null) {
trustManager = new PublicKeyTrustManager(trustKeys);
hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
} else {
trustManager = null;
hostnameVerifier = SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
}
javax.net.ssl.SSLSocketFactory sslSocketFactory = SslHelpers.buildSslSocketFactory(keyManager, trustManager);
schemeSocketFactory = new SSLSocketFactory(sslSocketFactory, hostnameVerifier);
} catch (GeneralSecurityException e) {
throw new IllegalArgumentException("Error building SSL client", e);
}
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", port, schemeSocketFactory));
PoolingClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(connectionManager);
httpClient = new DecompressingHttpClient(httpClient);
return httpClient;
}
Aggregations