Search in sources :

Example 1 with BasicIdentifier

use of edu.uiuc.ncsa.security.core.util.BasicIdentifier in project OA4MP by ncsa.

the class AbstractCLIApprover method doIt.

@Override
public void doIt() throws Exception {
    Set keys = se.getClientApprovalStore().keySet();
    LinkedList<ClientApproval> linkedList = new LinkedList<ClientApproval>();
    info("starting approval");
    int i = 0;
    for (Object k : keys) {
        ClientApproval ca = (ClientApproval) se.getClientApprovalStore().get(k);
        linkedList.add(ca);
        say((i++) + ". " + (ca.isApproved() ? "(A) " : "(D) ") + linkedList.getLast().getIdentifierString());
    }
    if (linkedList.isEmpty()) {
        say("(No entries found. You will need to manually enter the id.)");
    }
    boolean keepAsking = true;
    String inString;
    ClientApproval ca = null;
    while (keepAsking) {
        say("Enter the number of the client to approve or disapprove, OR, enter an id, starting with a " + ID_DELIMITER);
        inString = readline();
        if (inString.startsWith(ID_DELIMITER)) {
            ca = new ClientApproval(new BasicIdentifier(inString.substring(ID_DELIMITER.length())));
            keepAsking = false;
        } else {
            try {
                int index = Integer.parseInt(inString);
                if (0 <= index && index < linkedList.size()) {
                    ca = linkedList.get(index);
                    keepAsking = false;
                } else {
                    say("Sorry, that index is out of range. Try again.");
                }
            } catch (NumberFormatException xx) {
                boolean noInput = inString == null || inString.length() == 0;
                say("Woops. Didn't understand " + (noInput ? "(empty)" : "\"" + inString + "\"") + ". Try again.");
            }
        }
    }
    if (ca == null) {
        // future proof. Should never happen.
        warn("No client approval found. Aborting session");
        throw new GeneralException("Internal error: Somehow the client approval was not found. Fix that.");
    }
    Client client = (Client) se.getClientStore().get(ca.getIdentifier());
    if (client == null) {
        info("No client found for the given identifier. Aborting.");
        say("no client found for the id. You probably want to fix that.\nexiting...");
        return;
    } else {
        say("You have chosen the following client");
        say(formatClient(client));
    }
    say("Enter your approver name [" + ANONYMOUS + "]:");
    inString = readline();
    ca.setApproved(true);
    if (inString == null || 0 == inString.length()) {
        ca.setApprover(ANONYMOUS);
    } else {
        ca.setApprover(inString);
    }
    info("Approver is identifier as " + ca.getApprover());
    say("Enter Approve or Deny (A/D) [D]");
    inString = readline();
    if (inString != null && inString.toLowerCase().equals("a")) {
        ca.setApproved(true);
    }
    info("Approver " + (ca.isApproved() ? "denies" : "allows") + " approval.");
    say("Commit changes? (y/n)");
    inString = readline();
    if (!inString.toLowerCase().equals("y")) {
        info("Approval aborted manually. No changes saved.");
        say("You didn't explicitly say to save it -- operation aborted.\nexiting...");
        return;
    }
    // update timestamp to now.
    ca.setApprovalTimestamp(new Date());
    if (pollingDir != null) {
        // use polling
        File tempFile = File.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX, pollingDir);
        FileOutputStream fos = new FileOutputStream(tempFile);
        ObjectOutputStream oos = new ObjectOutputStream(fos);
        oos.writeObject(ca);
        fos.flush();
        fos.close();
    } else {
        // do the approval directly
        se.getClientApprovalStore().save(ca);
    }
    info("Approval for client with id \"" + ca.getIdentifierString() + "\" finished.");
}
Also used : Set(java.util.Set) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) LinkedList(java.util.LinkedList) Date(java.util.Date) ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval) Client(edu.uiuc.ncsa.security.delegation.storage.Client)

Example 2 with BasicIdentifier

use of edu.uiuc.ncsa.security.core.util.BasicIdentifier in project OA4MP by ncsa.

the class NewTransactionTest method testServiceTransaction.

public void testServiceTransaction(TransactionStore transactionStore, TokenForge tokenForge, ClientStore clientStore) throws Exception {
    OA4MPServiceTransaction OA4MPServiceTransaction = (OA4MPServiceTransaction) transactionStore.create();
    OA4MPServiceTransaction.setCallback(URI.create("http://callback"));
    // set lifetime to 10 hours (stored in ms!)
    OA4MPServiceTransaction.setLifetime(10 * 60 * 60 * 1000);
    OA4MPServiceTransaction.setUsername("FakeUserName");
    String mpUN = "myproxy username /with weird $$#@ in=it/#" + System.nanoTime();
    OA4MPServiceTransaction.setMyproxyUsername(mpUN);
    Client client = (Client) clientStore.create();
    client.setIdentifier(new BasicIdentifier(URI.create("test:client:1d/" + System.currentTimeMillis())));
    OA4MPServiceTransaction.setAuthorizationGrant(newAG(tokenForge));
    OA4MPServiceTransaction.setAuthGrantValid(false);
    client.setName("service test name #" + System.nanoTime());
    transactionStore.save(OA4MPServiceTransaction);
    assert transactionStore.containsKey(OA4MPServiceTransaction.getIdentifier());
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getIdentifier()));
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getAuthorizationGrant()));
    // now emulate doing oauth type transactions with it.
    // First leg sets the verifier and user
    String r = getRandomString(12);
    OA4MPServiceTransaction.setVerifier(newVerifier(tokenForge));
    transactionStore.save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getVerifier()));
    // next leg creates the access tokens and invalidates the temp credentials
    OA4MPServiceTransaction.setAccessToken(newAT(tokenForge));
    OA4MPServiceTransaction.setAuthGrantValid(false);
    OA4MPServiceTransaction.setAccessTokenValid(true);
    transactionStore.save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getIdentifier()));
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getAccessToken()));
    OA4MPServiceTransaction.setAccessTokenValid(false);
    transactionStore.save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(transactionStore.get(OA4MPServiceTransaction.getIdentifier()));
    // and we're done
    transactionStore.remove(OA4MPServiceTransaction.getIdentifier());
    assert !transactionStore.containsKey(OA4MPServiceTransaction.getIdentifier());
}
Also used : OA4MPServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) Client(edu.uiuc.ncsa.security.delegation.storage.Client)

Example 3 with BasicIdentifier

use of edu.uiuc.ncsa.security.core.util.BasicIdentifier in project OA4MP by ncsa.

the class OA2ATServlet method verifyAndGet.

@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    ATIResponse2 atResponse = (ATIResponse2) iResponse;
    TransactionStore transactionStore = getTransactionStore();
    BasicIdentifier basicIdentifier = new BasicIdentifier(atResponse.getParameters().get(OA2Constants.AUTHORIZATION_CODE));
    DebugUtil.dbg(this, "getting transaction for identifier=" + basicIdentifier);
    OA2ServiceTransaction transaction = (OA2ServiceTransaction) transactionStore.get(basicIdentifier);
    if (transaction == null) {
        // Then this request does not correspond to an previous one and must be rejected asap.
        throw new OA2ATException(OA2Errors.INVALID_REQUEST, "No pending transaction found for id=" + basicIdentifier);
    }
    if (!transaction.isAuthGrantValid()) {
        String msg = "Error: Attempt to use invalid authorization code.  Request rejected.";
        warn(msg);
        throw new GeneralException(msg);
    }
    URI uri = URI.create(atResponse.getParameters().get(OA2Constants.REDIRECT_URI));
    if (!transaction.getCallback().equals(uri)) {
        String msg = "Attempt to use alternate redirect uri rejected.";
        warn(msg);
        throw new OA2ATException(OA2Errors.INVALID_REQUEST, msg);
    }
    /* Now we have to determine which scopes to return
           The spec says we don't have to return anything if the requested scopes are the same as the
           supported scopes. Otherwise, return what scopes *are* supported.
         */
    ArrayList<String> targetScopes = new ArrayList<>();
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    // set true if something is requested we don't support
    boolean returnScopes = false;
    for (String s : transaction.getScopes()) {
        if (oa2SE.getScopes().contains(s)) {
            targetScopes.add(s);
        } else {
            returnScopes = true;
        }
    }
    if (returnScopes) {
        atResponse.setSupportedScopes(targetScopes);
    }
    atResponse.setScopeHandlers(setupScopeHandlers(transaction, oa2SE));
    atResponse.setServiceTransaction(transaction);
    atResponse.setJsonWebKey(oa2SE.getJsonWebKeys().getDefault());
    // return null;
    return transaction;
}
Also used : TransactionStore(edu.uiuc.ncsa.security.delegation.storage.TransactionStore) OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) ArrayList(java.util.ArrayList) URI(java.net.URI)

Example 4 with BasicIdentifier

use of edu.uiuc.ncsa.security.core.util.BasicIdentifier in project OA4MP by ncsa.

the class TransactionStoreTest method testServiceTransaction.

@Test
public void testServiceTransaction() throws Exception {
    OA4MPServiceTransaction OA4MPServiceTransaction = (OA4MPServiceTransaction) getStore().create();
    OA4MPServiceTransaction.setCallback(URI.create("http://callback"));
    // set lifetime to 10 hours (stored in ms!)
    OA4MPServiceTransaction.setLifetime(10 * 60 * 60 * 1000);
    OA4MPServiceTransaction.setUsername("FakeUserName");
    String mpUN = "myproxy username /with weird $$#@ in=it/#" + System.nanoTime();
    OA4MPServiceTransaction.setMyproxyUsername(mpUN);
    Client client = getTSProvider().getClientStore().create();
    client.setIdentifier(new BasicIdentifier(URI.create("test:client:1d/" + System.currentTimeMillis())));
    OA4MPServiceTransaction.setAuthorizationGrant(newAG());
    OA4MPServiceTransaction.setAuthGrantValid(false);
    client.setName("service test name #" + System.nanoTime());
    getStore().save(OA4MPServiceTransaction);
    assert getStore().containsKey(OA4MPServiceTransaction.getIdentifier());
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getIdentifier()));
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getAuthorizationGrant()));
    // now emulate doing oauth type transactions with it.
    // First leg sets the verifier and user
    String r = getRandomString(12);
    OA4MPServiceTransaction.setVerifier(newVerifier());
    getStore().save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getVerifier()));
    // next leg creates the access tokens and invalidates the temp credentials
    OA4MPServiceTransaction.setAccessToken(newAT());
    OA4MPServiceTransaction.setAuthGrantValid(false);
    OA4MPServiceTransaction.setAccessTokenValid(true);
    getStore().save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getIdentifier()));
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getAccessToken()));
    OA4MPServiceTransaction.setAccessTokenValid(false);
    getStore().save(OA4MPServiceTransaction);
    assert OA4MPServiceTransaction.equals(getStore().get(OA4MPServiceTransaction.getIdentifier()));
    // and we're done
    getStore().remove(OA4MPServiceTransaction.getIdentifier());
    assert !getStore().containsKey(OA4MPServiceTransaction.getIdentifier());
}
Also used : OA4MPServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) Client(edu.uiuc.ncsa.security.delegation.storage.Client) Test(org.junit.Test)

Example 5 with BasicIdentifier

use of edu.uiuc.ncsa.security.core.util.BasicIdentifier in project OA4MP by ncsa.

the class OA2ClientEnvironment method getClient.

@Override
public Client getClient() {
    if (client == null) {
        client = cp.get();
        client.setIdentifier(new BasicIdentifier(getClientId()));
        client.setSecret(secret);
    }
    return client;
}
Also used : BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier)

Aggregations

BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)6 Client (edu.uiuc.ncsa.security.delegation.storage.Client)3 OA4MPServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction)2 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1 ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)1 TransactionStore (edu.uiuc.ncsa.security.delegation.storage.TransactionStore)1 URI (java.net.URI)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 LinkedList (java.util.LinkedList)1 Set (java.util.Set)1 Test (org.junit.Test)1