Search in sources :

Example 1 with SimpleClientCertificateKeyManager

use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.

the class PlatformLayerAuthenticationClient method authenticateWithCertificate.

public PlatformlayerAuthenticationToken authenticateWithCertificate(String username, X509Certificate[] certificateChain, PrivateKey privateKey) throws PlatformlayerAuthenticationClientException {
    if (username == null) {
        throw new IllegalArgumentException();
    }
    CertificateCredentials certificateCredentials = new CertificateCredentials();
    certificateCredentials.setUsername(username);
    Auth auth = new Auth();
    auth.setCertificateCredentials(certificateCredentials);
    AuthenticateRequest request = new AuthenticateRequest();
    request.setAuth(auth);
    final KeyManager keyManager = new SimpleClientCertificateKeyManager(privateKey, certificateChain);
    for (int i = 0; i < 2; i++) {
        AuthenticateResponse response;
        try {
            RestfulRequest<AuthenticateResponse> httpRequest = httpClient.buildRequest(HttpMethod.POST, "api/tokens", HttpPayload.asXml(request), AuthenticateResponse.class);
            httpRequest.setKeyManager(keyManager);
            response = httpRequest.execute();
        } catch (RestClientException e) {
            throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
        }
        if (i == 0) {
            if (response == null || response.getChallenge() == null) {
                return null;
            }
            byte[] challenge = response.getChallenge();
            byte[] challengeResponse = decrypt(privateKey, challenge);
            certificateCredentials.setChallengeResponse(challengeResponse);
        } else {
            if (response == null || response.getAccess() == null) {
                return null;
            }
            return new PlatformlayerAuthenticationToken(response.getAccess());
        }
    }
    return null;
}
Also used : SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) AuthenticateResponse(org.platformlayer.auth.v1.AuthenticateResponse) PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken) PlatformlayerAuthenticationClientException(org.platformlayer.auth.PlatformlayerAuthenticationClientException) AuthenticateRequest(org.platformlayer.auth.v1.AuthenticateRequest) CertificateCredentials(org.platformlayer.auth.v1.CertificateCredentials) Auth(org.platformlayer.auth.v1.Auth) RestClientException(org.platformlayer.rest.RestClientException) SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 2 with SimpleClientCertificateKeyManager

use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.

the class PlatformLayerAuthAdminClient method build.

public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
    String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
    String cert = configuration.get("auth.system.tls.clientcert");
    CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
    HostnameVerifier hostnameVerifier = null;
    KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
    TrustManager trustManager = null;
    String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
    if (trustKeys != null) {
        trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
        hostnameVerifier = new AcceptAllHostnameVerifier();
    }
    if (log.isDebugEnabled() && certificateAndKey != null) {
        X509Certificate[] chain = certificateAndKey.getCertificateChain();
        log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
    }
    SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
    RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
    AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
    tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
    return tokenValidator;
}
Also used : SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) RestfulClient(org.platformlayer.rest.RestfulClient) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) X509Certificate(java.security.cert.X509Certificate) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) TrustManager(javax.net.ssl.TrustManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) SslConfiguration(org.platformlayer.http.SslConfiguration) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 3 with SimpleClientCertificateKeyManager

use of com.fathomdb.crypto.SimpleClientCertificateKeyManager in project platformlayer by platformlayer.

the class MetricClientImpl method buildHttpClient.

private HttpClient buildHttpClient(CertificateAndKey certificateAndKey, List<String> trustKeys) {
    int port = metricBaseUrl.getPort();
    if (port == -1) {
        String scheme = metricBaseUrl.getScheme();
        if (scheme.equals("https")) {
            port = 443;
        } else if (scheme.equals("http")) {
            port = 80;
        } else {
            throw new IllegalArgumentException("Unknown scheme: " + scheme);
        }
    }
    SchemeSocketFactory schemeSocketFactory;
    try {
        KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
        TrustManager trustManager;
        X509HostnameVerifier hostnameVerifier;
        if (trustKeys != null) {
            trustManager = new PublicKeyTrustManager(trustKeys);
            hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
        } else {
            trustManager = null;
            hostnameVerifier = SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        }
        javax.net.ssl.SSLSocketFactory sslSocketFactory = SslHelpers.buildSslSocketFactory(keyManager, trustManager);
        schemeSocketFactory = new SSLSocketFactory(sslSocketFactory, hostnameVerifier);
    } catch (GeneralSecurityException e) {
        throw new IllegalArgumentException("Error building SSL client", e);
    }
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("https", port, schemeSocketFactory));
    PoolingClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
    HttpClient httpClient = new DefaultHttpClient(connectionManager);
    httpClient = new DecompressingHttpClient(httpClient);
    return httpClient;
}
Also used : SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) PoolingClientConnectionManager(org.apache.http.impl.conn.PoolingClientConnectionManager) Scheme(org.apache.http.conn.scheme.Scheme) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) SchemeSocketFactory(org.apache.http.conn.scheme.SchemeSocketFactory) GeneralSecurityException(java.security.GeneralSecurityException) DecompressingHttpClient(org.apache.http.impl.client.DecompressingHttpClient) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) TrustManager(javax.net.ssl.TrustManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier) SchemeRegistry(org.apache.http.conn.scheme.SchemeRegistry) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) DecompressingHttpClient(org.apache.http.impl.client.DecompressingHttpClient) HttpClient(org.apache.http.client.HttpClient) SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory) SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) KeyManager(javax.net.ssl.KeyManager)

Aggregations

SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)3 KeyManager (javax.net.ssl.KeyManager)3 PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)2 TrustManager (javax.net.ssl.TrustManager)2 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1 AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1 GeneralSecurityException (java.security.GeneralSecurityException)1 X509Certificate (java.security.cert.X509Certificate)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 HttpClient (org.apache.http.client.HttpClient)1 Scheme (org.apache.http.conn.scheme.Scheme)1 SchemeRegistry (org.apache.http.conn.scheme.SchemeRegistry)1 SchemeSocketFactory (org.apache.http.conn.scheme.SchemeSocketFactory)1 SSLSocketFactory (org.apache.http.conn.ssl.SSLSocketFactory)1 X509HostnameVerifier (org.apache.http.conn.ssl.X509HostnameVerifier)1 DecompressingHttpClient (org.apache.http.impl.client.DecompressingHttpClient)1 DefaultHttpClient (org.apache.http.impl.client.DefaultHttpClient)1 PoolingClientConnectionManager (org.apache.http.impl.conn.PoolingClientConnectionManager)1 AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)1 PlatformlayerAuthenticationClientException (org.platformlayer.auth.PlatformlayerAuthenticationClientException)1