Example 31 with Identifier
use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.
the class AssetStoreTest method testUpdate.
public void testUpdate(AssetStore store) throws Exception {
if (store == null) {
System.out.println("WARNING: no asset store configured, skipping test.");
return;
}
SecureRandom secureRandom = new SecureRandom();
String r1 = Long.toHexString(secureRandom.nextLong());
KeyPair kp1 = KeyUtil.generateKeyPair();
PrivateKey privateKey1 = kp1.getPrivate();
MyPKCS10CertRequest cr1 = CertUtil.createCertRequest(kp1);
String rawCR1 = CertUtil.fromCertReqToString(cr1);
String username1 = "testUser-" + r1;
URI redirect1 = URI.create("http://test.foo/test/" + r1 + "/" + System.currentTimeMillis());
Identifier token1 = BasicIdentifier.newID("token:id:/" + r1 + "/" + System.currentTimeMillis());
Identifier id1 = BasicIdentifier.newID("asset:id:/" + r1 + "/" + System.currentTimeMillis());
Asset asset = store.create();
assert asset != null : "Error: The store is not producing valid assets when requested. A null was returned";
asset.setIdentifier(id1);
asset.setUsername(username1);
asset.setPrivateKey(privateKey1);
asset.setRedirect(redirect1);
asset.setToken(token1);
asset.setCertReq(cr1);
store.save(asset);
// Now try and update the identifier -- that should fail.
String r2 = Long.toHexString(secureRandom.nextLong());
Identifier id2 = BasicIdentifier.newID("asset:id:/" + r2 + "/" + System.currentTimeMillis());
asset.setIdentifier(id2);
// identifier means the object needs to be registered first.
try {
store.update(asset);
assert false : "Error: was able to update the identifier.";
} catch (UnregisteredObjectException t) {
assert true;
}
// ok, set the id back since that worked.
asset.setIdentifier(id1);
// now for everything else.
KeyPair kp2 = KeyUtil.generateKeyPair();
PrivateKey privateKey2 = kp2.getPrivate();
MyPKCS10CertRequest cr2 = CertUtil.createCertRequest(kp2);
String rawCR2 = CertUtil.fromCertReqToString(cr2);
String username2 = "testUser-" + r2;
URI redirect2 = URI.create("http://test.foo/test/" + r2 + "/" + System.currentTimeMillis());
Identifier token2 = BasicIdentifier.newID("token:id:/" + r1 + "/" + System.currentTimeMillis());
asset.setUsername(username2);
asset.setPrivateKey(privateKey2);
asset.setCertReq(cr2);
asset.setRedirect(redirect2);
asset.setToken(token2);
store.update(asset);
Asset asset2 = store.get(asset.getIdentifier());
assert asset2.getUsername().equals(username2);
assert asset2.getPrivateKey().equals(privateKey2);
assert CertUtil.fromCertReqToString(asset2.getCertReq()).equals(rawCR2);
assert asset2.getToken().equals(token2);
assert asset2.getRedirect().equals(redirect2);
store.remove(asset.getIdentifier());
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier)
Identifier(edu.uiuc.ncsa.security.core.Identifier)
UnregisteredObjectException(edu.uiuc.ncsa.security.core.exceptions.UnregisteredObjectException)
SecureRandom(java.security.SecureRandom)
Asset(edu.uiuc.ncsa.myproxy.oa4mp.client.Asset)
URI(java.net.URI)
MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)
Example 32 with Identifier
use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.
the class ClientServletInitializer method init.
@Override
public void init() throws ServletException {
if (hasRun)
return;
// run it once and only once.
hasRun = true;
MyLoggingFacade logger = getEnvironment().getMyLogger();
ClientEnvironment ce = (ClientEnvironment) getEnvironment();
// This next bit is a
if (ce.hasAssetStore()) {
if (ce.getAssetStore() instanceof SQLStore) {
SQLStore sqlStore = (SQLStore) ce.getAssetStore();
try {
sqlStore.checkTable();
sqlStore.checkColumns();
} catch (SQLException sqlX) {
logger.warn("Could not update store table:" + sqlX.getMessage());
}
}
Cleanup<Identifier, Asset> assetCleanup = ClientServlet.assetCleanup;
if (ce.isEnableAssetCleanup() && assetCleanup == null) {
assetCleanup = new Cleanup<Identifier, Asset>(logger);
assetCleanup.setStopThread(false);
assetCleanup.setMap(ce.getAssetStore());
assetCleanup.addRetentionPolicy(new ValidTimestampPolicy(ce.getMaxAssetLifetime()));
logger.info("Starting asset cleanup thread");
assetCleanup.start();
ClientServlet.assetCleanup = assetCleanup;
}
} else {
logger.info("No assets store, so no cleanup possible.");
}
}
Also used :
MyLoggingFacade(edu.uiuc.ncsa.security.core.util.MyLoggingFacade)
SQLStore(edu.uiuc.ncsa.security.storage.sql.SQLStore)
Identifier(edu.uiuc.ncsa.security.core.Identifier)
SQLException(java.sql.SQLException)
Asset(edu.uiuc.ncsa.myproxy.oa4mp.client.Asset)
ClientEnvironment(edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment)
ValidTimestampPolicy(edu.uiuc.ncsa.security.core.cache.ValidTimestampPolicy)
Example 33 with Identifier
use of edu.uiuc.ncsa.security.core.Identifier in project OA4MP by ncsa.
the class SimpleStartRequest method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
info("1.a. Starting transaction");
OA4MPResponse gtwResp = null;
// Drumroll please: here is the work for this call.
Identifier id = AssetStoreUtil.createID();
gtwResp = getOA4MPService().requestCert(id);
// if there is a store, store something in it.
Cookie cookie = new Cookie(OA4MP_CLIENT_REQUEST_ID, id.getUri().toString());
// 15 minutes
cookie.setMaxAge(15 * 60);
cookie.setSecure(true);
debug("id = " + id.getUri());
response.addCookie(cookie);
info("1.b. Got response. Creating page with redirect for " + gtwResp.getRedirect().getHost());
if (getCE().isShowRedirectPage()) {
request.setAttribute(REDIR, REDIR);
request.setAttribute("redirectUrl", gtwResp.getRedirect().toString());
request.setAttribute("privateKey", KeyUtil.toPKCS8PEM(gtwResp.getPrivateKey()));
request.setAttribute(ACTION_KEY, ACTION_KEY);
request.setAttribute("action", ACTION_REDIRECT_VALUE);
// Normally, we'd just do a redirect, but we will put up a page and show the redirect to the user.
// The client response contains the generated private key as well. It is a very bad idea to show the
// private key anywhere.
// This is a sample application -- all we need to do to complete the process is send along the redirect url.
info("1.b. Showing redirect page.");
JSPUtil.fwd(request, response, getCE().getRedirectPagePath());
return;
}
response.sendRedirect(gtwResp.getRedirect().toString());
}
Also used :
Cookie(javax.servlet.http.Cookie)
Identifier(edu.uiuc.ncsa.security.core.Identifier)
OA4MPResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse)
Aggregations
Identifier (edu.uiuc.ncsa.security.core.Identifier)33
BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)18
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)5
Client (edu.uiuc.ncsa.security.delegation.storage.Client)5
Asset (edu.uiuc.ncsa.myproxy.oa4mp.client.Asset)4
AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)4
Permission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)4
OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)4
URI (java.net.URI)4
SQLException (java.sql.SQLException)4
LinkedList (java.util.LinkedList)4
OA4MPResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse)3
TypePermission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)3
ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)3
PrivateKey (java.security.PrivateKey)3
Date (java.util.Date)3
ActionList (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList)2
ValidTimestampPolicy (edu.uiuc.ncsa.security.core.cache.ValidTimestampPolicy)2
UnknownClientException (edu.uiuc.ncsa.security.core.exceptions.UnknownClientException)2
MyLoggingFacade (edu.uiuc.ncsa.security.core.util.MyLoggingFacade)2
