Examples with Identifier edu.uiuc.ncsa.security.core.Identifier used on opensource projects

Example 1 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class SQLPermissionStore method getClients.

@Override
public List<Identifier> getClients(Identifier adminID) {
    ArrayList<Identifier> clients = new ArrayList<>();
    if (adminID == null)
        return clients;
    Connection c = getConnection();
    PermissionKeys permissionKeys = new PermissionKeys();
    try {
        PreparedStatement stmt = c.prepareStatement("select " + permissionKeys.clientID() + "  from " + getTable().getFQTablename() + " where " + permissionKeys.adminID() + "=?");
        stmt.setString(1, adminID.toString());
        // just execute() since executeQuery(x) would throw an exception regardless of content per JDBC spec.
        stmt.execute();
        ResultSet rs = stmt.getResultSet();
        while (rs.next()) {
            String clientID = rs.getString(permissionKeys.clientID());
            clients.add(BasicIdentifier.newID(clientID));
        }
        rs.close();
        stmt.close();
    } catch (SQLException e) {
        destroyConnection(c);
        throw new GeneralException("Error: could not get database object", e);
    } finally {
        releaseConnection(c);
    }
    return clients;
}

Example 2 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class ClientStoreCommands method update.

@Override
public boolean update(Identifiable identifiable) {
    Client client = (Client) identifiable;
    String newIdentifier = null;
    info("Starting client update for id = " + client.getIdentifierString());
    say("Update the values. A return accepts the existing or default value in []'s");
    newIdentifier = getInput("enter the identifier", client.getIdentifierString());
    boolean removeCurrentClient = false;
    Identifier oldID = client.getIdentifier();
    // no clean way to do this.
    client.setName(getInput("enter the name", client.getName()));
    client.setEmail(getInput("enter email", client.getEmail()));
    client.setErrorUri(getInput("enter error uri", client.getErrorUri()));
    client.setHomeUri(getInput("enter home uri", client.getHomeUri()));
    client.setProxyLimited(isOk(getInput("does this client require limited proxies?", client.isProxyLimited() ? "y" : "n")));
    // set file not found message.
    extraUpdates(client);
    sayi("here is the complete client:");
    longFormat(client);
    if (!newIdentifier.equals(client.getIdentifierString())) {
        sayi2(" remove client with id=\"" + client.getIdentifier() + "\" [y/n]? ");
        removeCurrentClient = isOk(readline());
        client.setIdentifier(BasicIdentifier.newID(newIdentifier));
    }
    sayi2("save [y/n]?");
    if (isOk(readline())) {
        // getStore().save(client);
        if (removeCurrentClient) {
            info("removing client with id = " + oldID);
            getStore().remove(client.getIdentifier());
            sayi("client with id " + oldID + " removed. Be sure to save any changes.");
        }
        sayi("client updated.");
        info("Client with id " + client.getIdentifierString() + " saving...");
        return true;
    }
    sayi("client not updated, losing changes...");
    info("User terminated updates for client with id " + client.getIdentifierString());
    return false;
}

Example 3 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class AssetStoreTest method storeTest.

/**
 * @param store
 * @return
 * @throws Exception
 */
public void storeTest(AssetStore store) throws Exception {
    if (store == null) {
        System.out.println("WARNING: no asset store configured, skipping test.");
        return;
    }
    int count = 10;
    ArrayList<Asset> assets = new ArrayList<>();
    SecureRandom secureRandom = new SecureRandom();
    long l = secureRandom.nextLong();
    String r = Long.toHexString(l);
    KeyPair kp = KeyUtil.generateKeyPair();
    PrivateKey privateKey = kp.getPrivate();
    MyPKCS10CertRequest cr = CertUtil.createCertRequest(kp);
    String rawCR = CertUtil.fromCertReqToString(cr);
    for (int i = 0; i < count; i++) {
        Identifier id = BasicIdentifier.newID("asset:id:/" + r + "/" + i);
        Asset asset = store.create();
        assert asset != null : "Error: The store is not producing valid assets when requested. A null was returned";
        assets.add(asset);
        asset.setIdentifier(id);
        String username = "testUser-" + r;
        URI redirect = URI.create("http://test.foo/test/" + r);
        asset.setPrivateKey(privateKey);
        asset.setUsername(username);
        asset.setRedirect(redirect);
        asset.setCertReq(cr);
        store.save(asset);
    }
    for (Asset asset : assets) {
        Asset asset2 = store.get(asset.getIdentifier());
        assert asset2 != null : "No asset found for identifier \"" + asset.getIdentifier() + "\" on iteration # ";
        assert asset.getIdentifier().equals(asset2.getIdentifier()) : "Identifiers on assets do not match. " + "Expected \"" + asset.getIdentifierString() + "\" but got \"" + asset2.getIdentifierString() + "\"";
        assert asset.getUsername().equals(asset2.getUsername()) : "Username on assets do not match. " + "Expected \"" + asset.getUsername() + "\" but got \"" + asset2.getUsername();
        assert asset.getPrivateKey().equals(asset2.getPrivateKey()) : "Private keys on assets do not match. " + "Expected \"" + asset.getPrivateKey() + "\" but got \"" + asset2.getPrivateKey();
        assert asset.getRedirect().equals(asset2.getRedirect()) : "Redirect on assets do not match. " + "Expected \"" + asset.getRedirect() + "\" but got \"" + asset2.getRedirect();
        // Special note: MySQL will truncate nanoseconds from dates so the best we can do is verify the milliseconds match.
        assert Math.abs(asset.getCreationTime().getTime() - asset2.getCreationTime().getTime()) < 1000 : "Timestamp on assets do not match. " + "Expected \"" + asset.getCreationTime() + "\" but got \"" + asset2.getCreationTime() + "\"";
        // the requests should be identical so we can compare them as strings. This is a data integrity test.
        assert rawCR.equals(CertUtil.fromCertReqToString(asset2.getCertReq())) : "Certification requests on assets do not match. " + "Expected \"" + asset.getCertReq() + "\" but got \"" + asset2.getCertReq();
        // Don't clutter up the store with test cases.
        store.remove(asset.getIdentifier());
    }
}

Example 4 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class AbstractOA4MPService method getCert.

/**
 * Performs the {@link #getCert(String, String)} call then updates the asset associated with
 * the given identifier. This throws an exception is there is no asset or if the asset store
 * is not enabled.
 *
 * @param tempToken
 * @param verifier
 * @param identifier
 * @return
 */
public AssetResponse getCert(String tempToken, String verifier, Identifier identifier) {
    Asset asset = null;
    Identifier realId = null;
    if (identifier == null) {
        // failsafe. Should only happen if user never specifies an identifier
        realId = makeb64Uri(tempToken);
    } else {
        // most common use case by far.
        realId = identifier;
    }
    if (realId == null) {
        throw new IllegalArgumentException("Error: no identifier found for this transaction. Cannot retrieve asset.");
    }
    asset = getAssetStore().get(realId);
    if (asset == null && tempToken != null) {
        asset = getAssetStore().getByToken(BasicIdentifier.newID(tempToken));
    }
    if (asset == null) {
        // If the asset is still null nothing is found, so demunge any identifier and throw an exception.
        String currentID = tempToken == null ? realId.toString() : tempToken;
        throw new IllegalArgumentException("Error:No asset with the given identifier \"" + currentID + "\" found. " + "You might need to clear your cookies and retry the entire request.");
    }
    AuthorizationGrant ag = getEnvironment().getTokenForge().getAuthorizationGrant(tempToken);
    Verifier v = null;
    if (verifier != null) {
        v = getEnvironment().getTokenForge().getVerifier(verifier);
    }
    return getCert(asset, ag, v);
}

Example 5 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class AssetRetentionPolicy method retain.

@Override
public boolean retain(Object key, Object value) {
    Identifier identifier = (Identifier) key;
    OA2Asset oa2Asset = (OA2Asset) value;
    RefreshToken rt = oa2Asset.getRefreshToken();
    if (rt == null || rt.getToken() == null) {
        return true;
    }
    // Now we have to check against the timestamp on the original and the expires in flag.
    Date creationTS = DateUtils.getDate(oa2Asset.getRefreshToken().getToken());
    if (creationTS.getTime() + oa2Asset.getRefreshToken().getExpiresIn() <= System.currentTimeMillis()) {
        return true;
    }
    return false;
}