Search in sources :

Example 1 with AssetResponse

use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.

the class OA2MPService method getCert.

/**
 * Note that this requires the identifier, not a token.
 *
 * @param id
 * @return
 */
public OA2Asset getCert(String id) {
    OA2Asset OA2Asset = (OA2Asset) getAssetStore().get(id);
    AssetResponse assetResponse = getCert(OA2Asset.getAccessToken().getToken(), null);
    OA2Asset.setCertificates(assetResponse.getX509Certificates());
    OA2Asset.setUsername(assetResponse.getUsername());
    getAssetStore().save(OA2Asset);
    return OA2Asset;
}
Also used : AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)

Example 2 with AssetResponse

use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.

the class OA2ReadyServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    if (request.getParameterMap().containsKey(OA2Constants.ERROR)) {
        throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));
    }
    // Get the cert itself. The server itself does a redirect using the callback to this servlet
    // (so it is the portal that actually is invoking this method after the authorization
    // step.) The token and verifier are peeled off and used
    // to complete the request.
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String state = request.getParameter(OA2Constants.STATE);
    if (token == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + ".");
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, getCE().getErrorPagePath());
        return;
    }
    info("2.a Token found.");
    AuthorizationGrant grant = new AuthorizationGrantImpl(URI.create(token));
    info("2.a. Getting the cert(s) from the service");
    String identifier = clearCookie(request, response);
    OA2Asset asset = null;
    if (identifier == null) {
        asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
        if (asset != null) {
            identifier = asset.getIdentifierString();
        }
    }
    AssetResponse assetResponse = null;
    OA2MPService oa2MPService = (OA2MPService) getOA4MPService();
    UserInfo ui = null;
    boolean getCerts = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
    if (identifier == null) {
        // Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
        String msg = "Error: no cookie found. Cannot save certificates";
        warn(msg);
        debug("No cookie found");
        // if(asset == null) asset = new OA2Asset(BasicIdentifier.newID())
        ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
        ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().toString());
        if (getCerts) {
            assetResponse = oa2MPService.getCert(asset, atResponse2);
        }
    } else {
        asset = (OA2Asset) getCE().getAssetStore().get(identifier);
        if (asset.getState() == null || !asset.getState().equals(state)) {
            // Just a note: This is most likely to arise when the server's authorize-init.jsp has been
            // changed or replaced and the hidden field for the state (passed to the form, then passed back
            // and therefore not stored on the server anyplace) is missing.
            warn("The expected state from the server was \"" + asset.getState() + "\", but instead \"" + state + "\" was returned. Transaction aborted.");
            throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
        }
        ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
        // ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().getToken());
        ui = oa2MPService.getUserInfo(identifier);
        if (getCerts) {
            assetResponse = oa2MPService.getCert(asset, atResponse2);
        }
    // The general case is to do the call with the identifier if you want the asset store managed.
    // assetResponse = getOA4MPService().getCert(token, null, BasicIdentifier.newID(identifier));
    }
    // The work in this call
    // Again, we take the first returned cert to peel off some information to display. This
    // just proves we got a response.
    info("2.b. Done! Displaying success page.");
    if (getCerts) {
        if (assetResponse.getX509Certificates() == null) {
            request.setAttribute("certSubject", "(no cert returned)");
        } else {
            X509Certificate cert = assetResponse.getX509Certificates()[0];
            // Rest of this is putting up something for the user to see
            request.setAttribute("certSubject", cert.getSubjectDN());
            request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
            request.setAttribute("username", assetResponse.getUsername());
            // FIX OAUTH-216. Note that this is displayed on the client's success page.
            if (asset.getPrivateKey() != null) {
                request.setAttribute("privateKey", KeyUtil.toPKCS1PEM(asset.getPrivateKey()));
            } else {
                request.setAttribute("privateKey", "(none)");
            }
        }
    } else {
        request.setAttribute("certSubject", "(no cert requested)");
    }
    if (ui != null) {
        String output = JSONUtils.valueToString(ui.toJSon(), 4, 2);
        request.setAttribute("userinfo", output);
    } else {
        request.setAttribute("userinfo", "no user info returned.");
    }
    // Fix in cases where the server request passes through Apache before going to Tomcat.
    String contextPath = request.getContextPath();
    if (!contextPath.endsWith("/")) {
        contextPath = contextPath + "/";
    }
    request.setAttribute("action", contextPath);
    info("2.a. Completely finished with delegation.");
    JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
    return;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) OA2RedirectableError(edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError) AuthorizationGrantImpl(edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) UserInfo(edu.uiuc.ncsa.security.oauth_2_0.UserInfo) X509Certificate(java.security.cert.X509Certificate) ATResponse2(edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2) OA2MPService(edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService) AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant) OA2Asset(edu.uiuc.ncsa.oa4mp.oauth2.client.OA2Asset)

Example 3 with AssetResponse

use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.

the class SimpleReadyServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    // Get the cert itself. The server itself does a redirect using the callback to this servlet
    // (so it is the portal that actually is invoking this method after the authorization
    // step.) The token and verifier are peeled off and used
    // to complete the request.
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
    if (token == null && verifier == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, getCE().getErrorPagePath());
        return;
    }
    info("2.a Token found.");
    info("2.a. Getting the cert(s) from the service");
    String identifier = clearCookie(request, response);
    if (identifier == null) {
        Asset asset = getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
        if (asset != null) {
            identifier = asset.getIdentifierString();
        }
    }
    AssetResponse assetResponse = null;
    if (identifier == null) {
        // Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
        String msg = "Error: no cookie found. Cannot save certificates";
        warn(msg);
        debug("No cookie found");
        assetResponse = getOA4MPService().getCert(token, verifier);
    } else {
        // The general case is to do the call with the identifier if you want the asset store managed.
        assetResponse = getOA4MPService().getCert(token, verifier, BasicIdentifier.newID(identifier));
    }
    // The work in this call
    // Again, we take the first returned cert to peel off some information to display. This
    // just proves we got a response.
    X509Certificate cert = assetResponse.getX509Certificates()[0];
    info("2.b. Done! Displaying success page.");
    // Rest of this is putting up something for the user to see
    request.setAttribute("certSubject", cert.getSubjectDN());
    request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
    request.setAttribute("username", assetResponse.getUsername());
    // Fix in cases where the server request passes through Apache before going to Tomcat.
    String contextPath = request.getContextPath();
    if (!contextPath.endsWith("/")) {
        contextPath = contextPath + "/";
    }
    request.setAttribute("action", contextPath);
    info("2.a. Completely finished with delegation.");
    JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
    return;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) Asset(edu.uiuc.ncsa.myproxy.oa4mp.client.Asset) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) X509Certificate(java.security.cert.X509Certificate)

Example 4 with AssetResponse

use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project OA4MP by ncsa.

the class OA2MPService method getCert.

public AssetResponse getCert(OA2Asset a, ATResponse2 atResponse2) {
    KeyPair keyPair = getNextKeyPair();
    MyPKCS10CertRequest certReq = null;
    try {
        certReq = CertUtil.createCertRequest(keyPair, a.getUsername());
    } catch (Throwable e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        throw new GeneralException("Could no create cert request", e);
    }
    a.setPrivateKey(keyPair.getPrivate());
    a.setCertReq(certReq);
    Map<String, String> m1 = getAssetParameters(a);
    preGetCert(a, m1);
    if (MANUAL_TEST) {
        return manualTest(a, m1);
    }
    DelegatedAssetResponse daResp = getEnvironment().getDelegationService().getCert(atResponse2, getEnvironment().getClient(), m1);
    AssetResponse par = new AssetResponse();
    MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset();
    par.setX509Certificates(myX509Certificate.getX509Certificates());
    postGetCert(a, par);
    a.setCertificates(par.getX509Certificates());
    getEnvironment().getAssetStore().save(a);
    return par;
}
Also used : KeyPair(java.security.KeyPair) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) MyX509Certificates(edu.uiuc.ncsa.security.delegation.token.MyX509Certificates) MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)

Example 5 with AssetResponse

use of edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse in project airavata by apache.

the class CredentialStoreCallbackServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String gatewayName = request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
    String portalUserName = request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
    String durationParameter = request.getParameter(CredentialStoreConstants.DURATION_QUERY_PARAMETER);
    String contactEmail = request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
    String portalTokenId = request.getParameter(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED);
    // TODO remove hard coded values, once passing query parameters is
    // fixed in OA4MP client api
    long duration = 864000;
    if (durationParameter != null) {
        duration = Long.parseLong(durationParameter);
    }
    if (portalTokenId == null) {
        error("Token given by portal is invalid.");
        GeneralException ge = new GeneralException("Error: The token presented by portal is null.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("Gateway name " + gatewayName);
    info("Portal user name " + portalUserName);
    info("Community user contact email " + contactEmail);
    info("Token id presented " + portalTokenId);
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
    if (token == null || verifier == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("2.a Token and verifier found.");
    X509Certificate[] certificates;
    AssetResponse assetResponse = null;
    PrivateKey privateKey;
    try {
        PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
        privateKey = privateKeyStore.getKey(portalTokenId);
        if (privateKey != null) {
            info("Found private key for token " + portalTokenId);
        } else {
            info("Could not find private key for token " + portalTokenId);
        }
        info("2.a. Getting the cert(s) from the service");
        assetResponse = getOA4MPService().getCert(token, verifier);
        certificates = assetResponse.getX509Certificates();
    } catch (Throwable t) {
        warn("2.a. Exception from the server: " + t.getCause().getMessage());
        error("Exception while trying to get cert. message:" + t.getMessage());
        request.setAttribute("exception", t);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("2.b. Done! Displaying success page.");
    CertificateCredential certificateCredential = new CertificateCredential();
    // TODO check this is correct
    certificateCredential.setNotBefore(Utility.convertDateToString(certificates[0].getNotBefore()));
    certificateCredential.setNotAfter(Utility.convertDateToString(certificates[0].getNotAfter()));
    certificateCredential.setCertificates(certificates);
    certificateCredential.setPrivateKey(privateKey);
    certificateCredential.setCommunityUser(new CommunityUser(gatewayName, assetResponse.getUsername(), contactEmail));
    certificateCredential.setPortalUserName(portalUserName);
    certificateCredential.setLifeTime(duration);
    certificateCredential.setToken(portalTokenId);
    certificateCredentialWriter.writeCredentials(certificateCredential);
    StringBuilder stringBuilder = new StringBuilder("Certificate for community user ");
    stringBuilder.append(assetResponse.getUsername()).append(" successfully persisted.");
    stringBuilder.append(" Certificate DN - ").append(certificates[0].getSubjectDN());
    info(stringBuilder.toString());
    if (isUrlInSameServer(configurationReader.getSuccessUrl())) {
        String contextPath = request.getContextPath();
        if (!contextPath.endsWith("/")) {
            contextPath = contextPath + "/";
        }
        request.setAttribute("action", contextPath);
        request.setAttribute("tokenId", portalTokenId);
        JSPUtil.fwd(request, response, configurationReader.getSuccessUrl());
    } else {
        String urlToRedirect = decorateUrlWithToken(configurationReader.getSuccessUrl(), portalTokenId);
        info("Redirecting to url - " + urlToRedirect);
        response.sendRedirect(urlToRedirect);
    }
    info("2.a. Completely finished with delegation.");
}
Also used : CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) PrivateKey(java.security.PrivateKey) CommunityUser(org.apache.airavata.credential.store.credential.CommunityUser) PrivateKeyStore(org.apache.airavata.credential.store.util.PrivateKeyStore) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) X509Certificate(java.security.cert.X509Certificate)

Aggregations

AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)5 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)4 X509Certificate (java.security.cert.X509Certificate)3 Asset (edu.uiuc.ncsa.myproxy.oa4mp.client.Asset)1 OA2Asset (edu.uiuc.ncsa.oa4mp.oauth2.client.OA2Asset)1 OA2MPService (edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService)1 AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)1 MyX509Certificates (edu.uiuc.ncsa.security.delegation.token.MyX509Certificates)1 AuthorizationGrantImpl (edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl)1 OA2RedirectableError (edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError)1 UserInfo (edu.uiuc.ncsa.security.oauth_2_0.UserInfo)1 ATResponse2 (edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2)1 MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)1 KeyPair (java.security.KeyPair)1 PrivateKey (java.security.PrivateKey)1 CommunityUser (org.apache.airavata.credential.store.credential.CommunityUser)1 CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)1 PrivateKeyStore (org.apache.airavata.credential.store.util.PrivateKeyStore)1