use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.
the class OA2MPService method getCert.
/**
* Note that this requires the identifier, not a token.
*
* @param id
* @return
*/
public OA2Asset getCert(String id) {
OA2Asset OA2Asset = (OA2Asset) getAssetStore().get(id);
AssetResponse assetResponse = getCert(OA2Asset.getAccessToken().getToken(), null);
OA2Asset.setCertificates(assetResponse.getX509Certificates());
OA2Asset.setUsername(assetResponse.getUsername());
getAssetStore().save(OA2Asset);
return OA2Asset;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.
the class OA2ReadyServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
if (request.getParameterMap().containsKey(OA2Constants.ERROR)) {
throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));
}
// Get the cert itself. The server itself does a redirect using the callback to this servlet
// (so it is the portal that actually is invoking this method after the authorization
// step.) The token and verifier are peeled off and used
// to complete the request.
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String state = request.getParameter(OA2Constants.STATE);
if (token == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + ".");
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, getCE().getErrorPagePath());
return;
}
info("2.a Token found.");
AuthorizationGrant grant = new AuthorizationGrantImpl(URI.create(token));
info("2.a. Getting the cert(s) from the service");
String identifier = clearCookie(request, response);
OA2Asset asset = null;
if (identifier == null) {
asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
if (asset != null) {
identifier = asset.getIdentifierString();
}
}
AssetResponse assetResponse = null;
OA2MPService oa2MPService = (OA2MPService) getOA4MPService();
UserInfo ui = null;
boolean getCerts = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
if (identifier == null) {
// Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
String msg = "Error: no cookie found. Cannot save certificates";
warn(msg);
debug("No cookie found");
// if(asset == null) asset = new OA2Asset(BasicIdentifier.newID())
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().toString());
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
} else {
asset = (OA2Asset) getCE().getAssetStore().get(identifier);
if (asset.getState() == null || !asset.getState().equals(state)) {
// Just a note: This is most likely to arise when the server's authorize-init.jsp has been
// changed or replaced and the hidden field for the state (passed to the form, then passed back
// and therefore not stored on the server anyplace) is missing.
warn("The expected state from the server was \"" + asset.getState() + "\", but instead \"" + state + "\" was returned. Transaction aborted.");
throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
}
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
// ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().getToken());
ui = oa2MPService.getUserInfo(identifier);
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
// The general case is to do the call with the identifier if you want the asset store managed.
// assetResponse = getOA4MPService().getCert(token, null, BasicIdentifier.newID(identifier));
}
// The work in this call
// Again, we take the first returned cert to peel off some information to display. This
// just proves we got a response.
info("2.b. Done! Displaying success page.");
if (getCerts) {
if (assetResponse.getX509Certificates() == null) {
request.setAttribute("certSubject", "(no cert returned)");
} else {
X509Certificate cert = assetResponse.getX509Certificates()[0];
// Rest of this is putting up something for the user to see
request.setAttribute("certSubject", cert.getSubjectDN());
request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
request.setAttribute("username", assetResponse.getUsername());
// FIX OAUTH-216. Note that this is displayed on the client's success page.
if (asset.getPrivateKey() != null) {
request.setAttribute("privateKey", KeyUtil.toPKCS1PEM(asset.getPrivateKey()));
} else {
request.setAttribute("privateKey", "(none)");
}
}
} else {
request.setAttribute("certSubject", "(no cert requested)");
}
if (ui != null) {
String output = JSONUtils.valueToString(ui.toJSon(), 4, 2);
request.setAttribute("userinfo", output);
} else {
request.setAttribute("userinfo", "no user info returned.");
}
// Fix in cases where the server request passes through Apache before going to Tomcat.
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
info("2.a. Completely finished with delegation.");
JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
return;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.
the class SimpleReadyServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
// Get the cert itself. The server itself does a redirect using the callback to this servlet
// (so it is the portal that actually is invoking this method after the authorization
// step.) The token and verifier are peeled off and used
// to complete the request.
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
if (token == null && verifier == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, getCE().getErrorPagePath());
return;
}
info("2.a Token found.");
info("2.a. Getting the cert(s) from the service");
String identifier = clearCookie(request, response);
if (identifier == null) {
Asset asset = getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
if (asset != null) {
identifier = asset.getIdentifierString();
}
}
AssetResponse assetResponse = null;
if (identifier == null) {
// Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
String msg = "Error: no cookie found. Cannot save certificates";
warn(msg);
debug("No cookie found");
assetResponse = getOA4MPService().getCert(token, verifier);
} else {
// The general case is to do the call with the identifier if you want the asset store managed.
assetResponse = getOA4MPService().getCert(token, verifier, BasicIdentifier.newID(identifier));
}
// The work in this call
// Again, we take the first returned cert to peel off some information to display. This
// just proves we got a response.
X509Certificate cert = assetResponse.getX509Certificates()[0];
info("2.b. Done! Displaying success page.");
// Rest of this is putting up something for the user to see
request.setAttribute("certSubject", cert.getSubjectDN());
request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
request.setAttribute("username", assetResponse.getUsername());
// Fix in cases where the server request passes through Apache before going to Tomcat.
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
info("2.a. Completely finished with delegation.");
JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
return;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.
the class OA2MPService method getCert.
public AssetResponse getCert(OA2Asset a, ATResponse2 atResponse2) {
KeyPair keyPair = getNextKeyPair();
MyPKCS10CertRequest certReq = null;
try {
certReq = CertUtil.createCertRequest(keyPair, a.getUsername());
} catch (Throwable e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
throw new GeneralException("Could no create cert request", e);
}
a.setPrivateKey(keyPair.getPrivate());
a.setCertReq(certReq);
Map<String, String> m1 = getAssetParameters(a);
preGetCert(a, m1);
if (MANUAL_TEST) {
return manualTest(a, m1);
}
DelegatedAssetResponse daResp = getEnvironment().getDelegationService().getCert(atResponse2, getEnvironment().getClient(), m1);
AssetResponse par = new AssetResponse();
MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset();
par.setX509Certificates(myX509Certificate.getX509Certificates());
postGetCert(a, par);
a.setCertificates(par.getX509Certificates());
getEnvironment().getAssetStore().save(a);
return par;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project airavata by apache.
the class CredentialStoreCallbackServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String gatewayName = request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
String portalUserName = request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
String durationParameter = request.getParameter(CredentialStoreConstants.DURATION_QUERY_PARAMETER);
String contactEmail = request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
String portalTokenId = request.getParameter(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED);
// TODO remove hard coded values, once passing query parameters is
// fixed in OA4MP client api
long duration = 864000;
if (durationParameter != null) {
duration = Long.parseLong(durationParameter);
}
if (portalTokenId == null) {
error("Token given by portal is invalid.");
GeneralException ge = new GeneralException("Error: The token presented by portal is null.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("Gateway name " + gatewayName);
info("Portal user name " + portalUserName);
info("Community user contact email " + contactEmail);
info("Token id presented " + portalTokenId);
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
if (token == null || verifier == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("2.a Token and verifier found.");
X509Certificate[] certificates;
AssetResponse assetResponse = null;
PrivateKey privateKey;
try {
PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
privateKey = privateKeyStore.getKey(portalTokenId);
if (privateKey != null) {
info("Found private key for token " + portalTokenId);
} else {
info("Could not find private key for token " + portalTokenId);
}
info("2.a. Getting the cert(s) from the service");
assetResponse = getOA4MPService().getCert(token, verifier);
certificates = assetResponse.getX509Certificates();
} catch (Throwable t) {
warn("2.a. Exception from the server: " + t.getCause().getMessage());
error("Exception while trying to get cert. message:" + t.getMessage());
request.setAttribute("exception", t);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("2.b. Done! Displaying success page.");
CertificateCredential certificateCredential = new CertificateCredential();
// TODO check this is correct
certificateCredential.setNotBefore(Utility.convertDateToString(certificates[0].getNotBefore()));
certificateCredential.setNotAfter(Utility.convertDateToString(certificates[0].getNotAfter()));
certificateCredential.setCertificates(certificates);
certificateCredential.setPrivateKey(privateKey);
certificateCredential.setCommunityUser(new CommunityUser(gatewayName, assetResponse.getUsername(), contactEmail));
certificateCredential.setPortalUserName(portalUserName);
certificateCredential.setLifeTime(duration);
certificateCredential.setToken(portalTokenId);
certificateCredentialWriter.writeCredentials(certificateCredential);
StringBuilder stringBuilder = new StringBuilder("Certificate for community user ");
stringBuilder.append(assetResponse.getUsername()).append(" successfully persisted.");
stringBuilder.append(" Certificate DN - ").append(certificates[0].getSubjectDN());
info(stringBuilder.toString());
if (isUrlInSameServer(configurationReader.getSuccessUrl())) {
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
request.setAttribute("tokenId", portalTokenId);
JSPUtil.fwd(request, response, configurationReader.getSuccessUrl());
} else {
String urlToRedirect = decorateUrlWithToken(configurationReader.getSuccessUrl(), portalTokenId);
info("Redirecting to url - " + urlToRedirect);
response.sendRedirect(urlToRedirect);
}
info("2.a. Completely finished with delegation.");
}
Aggregations