Examples with Identifier edu.uiuc.ncsa.security.core.Identifier used on opensource projects

Example 11 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class PermissionServerTest method testGetAdmins.

public void testGetAdmins(CMTestStoreProvider tp2) throws Exception {
    int clientCount = 4;
    CC cc = setupClients(tp2);
    List<AdminClient> admins = new LinkedList<>();
    for (int i = 0; i < clientCount; i++) {
        AdminClient ac2 = getAdminClient(tp2.getAdminClientStore());
        Permission p = tp2.getPermissionStore().create();
        p.setDelete(true);
        p.setRead(true);
        p.setApprove(true);
        p.setCreate(true);
        p.setWrite(true);
        p.setAdminID(ac2.getIdentifier());
        p.setClientID(cc.client.getIdentifier());
        tp2.getPermissionStore().save(p);
        admins.add(ac2);
    }
    admins.add(cc.adminClient);
    // need this list of identifiers later for checking that the returned result is correct.
    List<Identifier> adminIDs = new LinkedList<>();
    for (AdminClient ac : admins) {
        adminIDs.add(ac.getIdentifier());
    }
    PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
    // ListAdminsRequest req = new ListAdminsRequest(cc.adminClient, cc.client);
    ListAdminsRequest req = (ListAdminsRequest) RequestFactory.createRequest(null, new TypePermission(), new ActionList(), cc.client, null);
    ListAdminsResponse resp = (ListAdminsResponse) permissionServer.process(req);
    // so add a bunch of admins for a single client and check that they all come back.
    List<AdminClient> returnedACs = resp.getAdmins();
    assert returnedACs.size() == admins.size();
    for (AdminClient x : returnedACs) {
        assert adminIDs.contains(x.getIdentifier());
    }
}

Example 12 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class OA2CertServlet method getClient.

/**
 * This looks for the information about the client and checks the secret.
 *
 * @param req
 * @return
 */
@Override
public Client getClient(HttpServletRequest req) {
    String rawID = req.getParameter(CONST(CONSUMER_KEY));
    String rawSecret = getFirstParameterValue(req, CLIENT_SECRET);
    // According to the spec. this must be in a Basic Authz header if it is not sent as parameter
    List<String> basicTokens = HeaderUtils.getAuthHeader(req, "Basic");
    if (2 < basicTokens.size()) {
        // too many tokens to unscramble
        throw new OA2GeneralError(OA2Errors.INVALID_TOKEN, "Error: Too many authorization tokens.", HttpStatus.SC_UNAUTHORIZED);
    // throw new GeneralException("Too many authorization tokens");
    }
    if (rawID == null) {
        for (String x : basicTokens) {
            try {
                // Here is some detective work. We get up to TWO basic Authz headers with the id and secret.
                // Since ids are valid URIs the idea here is anything that is uri must be an id and the other
                // one is the secret. This also handles the case that one of these is sent as a parameter
                // in the call and the other is in the header.
                URI test = URI.create(x);
                // be the secret.
                if (test.getScheme() != null) {
                    rawID = x;
                } else {
                    rawSecret = x;
                }
            } catch (Throwable t) {
                if (rawSecret == null) {
                    rawSecret = x;
                }
            }
        }
    }
    if (rawID == null) {
        throw new UnknownClientException("No client id");
    }
    Identifier id = BasicIdentifier.newID(rawID);
    OA2Client client = (OA2Client) getClient(id);
    if (client.isPublicClient()) {
        throw new GeneralException("Error: public clients not supported for this operation.");
    }
    if (rawSecret == null) {
        throw new GeneralException("Error: No secret. request refused.");
    }
    if (!client.getSecret().equals(DigestUtils.shaHex(rawSecret))) {
        throw new GeneralException("Error: Secret is incorrect. request refused.");
    }
    return client;
}

Example 13 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class MyProxyDelegationServlet method getClient.

public Client getClient(Identifier identifier) {
    if (identifier == null) {
        throw new UnknownClientException("no client id");
    }
    Client c = getServiceEnvironment().getClientStore().get(identifier);
    if (c == null) {
        DebugUtil.dbg(this, "client name is " + getServiceEnvironment().getClientStore().getClass().getSimpleName());
        DebugUtil.dbg(this, "client store is a " + getServiceEnvironment().getClientStore());
        if (getServiceEnvironment().getClientStore().size() == 0) {
            System.err.println("NO ENTRIES IN CLIENT STORE");
        } else {
            System.err.println("Store contains " + getServiceEnvironment().getClientStore().size() + " entries.");
        }
        System.err.println("printing identifiers...");
        for (Identifier x : getServiceEnvironment().getClientStore().keySet()) {
            System.err.println(x);
        }
        System.err.println("done!");
        String ww = "The client with identifier \"" + identifier.toString() + "\"  cannot be found.";
        warn(ww + " Client store is " + getServiceEnvironment().getClientStore());
        throw new UnknownClientException(ww + "  Is the value in the client config correct?", identifier);
    }
    checkClientApproval(c);
    return c;
}

Example 14 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class OA4MPServletInitializer method init.

@Override
public void init() throws ServletException {
    if (isInitRun)
        return;
    isInitRun = true;
    MyProxyDelegationServlet mps = (MyProxyDelegationServlet) getServlet();
    try {
        // mps.storeUpdates();
        mps.processStoreCheck(mps.getTransactionStore());
        mps.processStoreCheck(mps.getServiceEnvironment().getClientStore());
        mps.processStoreCheck(mps.getServiceEnvironment().getClientApprovalStore());
    } catch (IOException | SQLException e) {
        e.printStackTrace();
        throw new ServletException("Could not update table", e);
    }
    Cleanup transactionCleanup = MyProxyDelegationServlet.transactionCleanup;
    ServiceEnvironmentImpl env = (ServiceEnvironmentImpl) getEnvironment();
    MyLoggingFacade logger = env.getMyLogger();
    logger.info("Cleaning up incomplete client registrations");
    if (transactionCleanup == null) {
        transactionCleanup = new Cleanup<>(logger);
        // set it in the servlet
        MyProxyDelegationServlet.transactionCleanup = transactionCleanup;
        transactionCleanup.setStopThread(false);
        transactionCleanup.setMap(env.getTransactionStore());
        transactionCleanup.addRetentionPolicy(new ValidTimestampPolicy());
        transactionCleanup.start();
        logger.info("Starting transaction store cleanup thread");
    }
    Cleanup<Identifier, CachedObject> myproxyConnectionCleanup = MyProxyDelegationServlet.myproxyConnectionCleanup;
    if (myproxyConnectionCleanup == null) {
        myproxyConnectionCleanup = new Cleanup<Identifier, CachedObject>(logger) {

            @Override
            public List<CachedObject> age() {
                List<CachedObject> x = super.age();
                // is just trying to clean up afterwards.
                for (CachedObject co : x) {
                    Object mp = co.getValue();
                    if (mp instanceof MyProxyConnectable) {
                        try {
                            ((MyProxyConnectable) mp).close();
                        } catch (Throwable t) {
                        // don't care if it fails, get rid of it.
                        }
                    }
                }
                return x;
            }
        };
        // set it in the servlet
        MyProxyDelegationServlet.myproxyConnectionCleanup = myproxyConnectionCleanup;
        myproxyConnectionCleanup.setStopThread(false);
        Cache myproxyConnectionCache = MyProxyDelegationServlet.myproxyConnectionCache;
        if (myproxyConnectionCache == null) {
            myproxyConnectionCache = new Cache();
            // set it in the servlet
            MyProxyDelegationServlet.myproxyConnectionCache = myproxyConnectionCache;
        }
        myproxyConnectionCleanup.setMap(myproxyConnectionCache);
        myproxyConnectionCleanup.addRetentionPolicy(new ConnectionCacheRetentionPolicy(myproxyConnectionCache, env.getTransactionStore()));
        myproxyConnectionCleanup.start();
        logger.info("Starting myproxy connection cache cleanup thread");
    }
    AbstractCLIApprover.ClientApprovalThread caThread = MyProxyDelegationServlet.caThread;
    if (caThread != null && !caThread.isAlive()) {
        caThread.setStopThread(false);
        caThread.start();
    }
    KeyPairPopulationThread kpt = MyProxyDelegationServlet.kpt;
    if (kpt != null && !kpt.isAlive()) {
        kpt.setStopThread(false);
        kpt.start();
    }
    try {
        setupNotifiers();
    } catch (IOException e) {
        throw new GeneralException("Error: could not set up notifiers ", e);
    }
}

Example 15 with Identifier

use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.

the class OA2ATServlet method populateClaims.

protected Map<String, String> populateClaims(HttpServletRequest request, Map<String, String> p, OA2ServiceTransaction st) {
    OA2SE oa2se = (OA2SE) getServiceEnvironment();
    String issuer = null;
    // So in order
    // 1. get the issuer from the admin client
    List<Identifier> admins = oa2se.getPermissionStore().getAdmins(st.getClient().getIdentifier());
    for (Identifier adminID : admins) {
        AdminClient ac = oa2se.getAdminClientStore().get(adminID);
        if (ac != null) {
            if (ac.getIssuer() != null) {
                issuer = ac.getIssuer();
                break;
            }
        }
    }
    // 2. If the admin client does not have an issuer set, see if the client has one
    if (issuer == null) {
        issuer = ((OA2Client) st.getClient()).getIssuer();
    }
    // The discovery servlet will try to use the server default or construct the issuer
    if (issuer == null) {
        issuer = OA2DiscoveryServlet.getIssuer(request);
    }
    p.put(OA2Claims.ISSUER, issuer);
    p.put(OA2Claims.SUBJECT, st.getUsername());
    if (st.hasAuthTime()) {
        // convert the date to a time if needed.
        p.put(OA2Constants.AUTHORIZATION_TIME, Long.toString(st.getAuthTime().getTime() / 1000));
    }
    return p;
}