Example 1 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class ACS2 method doDelegation.
protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
info("6.a. Starting to process cert request");
PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
String statusString = "client = " + paRequest.getClient().getIdentifier();
// The next call will pull the access token off of any parameters. The result may be null if there is
// no access token.
paRequest.setAccessToken(getAccessToken(httpServletRequest));
PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
debug("6.a. " + statusString);
ServiceTransaction t = verifyAndGet(paResponse);
Map params = httpServletRequest.getParameterMap();
if (t.getCertReq() == null) {
String rawCR = ((String[]) params.get(CONST(ServiceConstantKeys.CERT_REQUEST_KEY)))[0];
// CIL-409 fix -- fail immediately if the cert request is missing
if (!params.containsKey(CONST(ServiceConstantKeys.CERT_REQUEST_KEY))) {
throw new GeneralException("Error: Missing cert request parameter.");
}
// CIL-409 fix
if (isEmpty(rawCR)) {
throw new GeneralException("Error: Empty cert request.");
}
MyPKCS10CertRequest certReq;
try {
certReq = CertUtil.fromStringToCertReq(rawCR);
} catch (Throwable throwable) {
throwable.printStackTrace();
throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
}
t.setCertReq(certReq);
// The assumption at this point is that this value is in seconds, which is valid for OIDC clients.
if (params.containsKey(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY))) {
t.setLifetime(1000 * Long.parseLong(((String[]) params.get(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY)))[0]));
} else {
// set the default to 10 days if there is no certlifetime parameter passed in.
t.setLifetime(1000 * 10 * 24 * 3600);
}
getTransactionStore().save(t);
}
info("6.a. Processing request for transaction " + t.getIdentifier());
doRealCertRequest(t, statusString);
t.setAccessTokenValid(false);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + statusString);
HashMap<String, String> username = new HashMap<String, String>();
username.put("username", t.getUsername());
if (paResponse.getParameters() != null) {
username.putAll(paResponse.getParameters());
}
paResponse.setAdditionalInformation(username);
paResponse.setProtectedAsset(t.getProtectedAsset());
debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + statusString);
getTransactionStore().save(t);
info("6.b. Done with cert request " + statusString);
paResponse.write(httpServletResponse);
info("6.b. Completed transaction " + t.getIdentifierString() + ", " + statusString);
postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
HashMap(java.util.HashMap)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)
HashMap(java.util.HashMap)
Map(java.util.Map)
MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)
Example 2 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AbstractAccessTokenServlet method doDelegation.
protected IssuerTransactionState doDelegation(Client client, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable, ServletException {
printAllParameters(httpServletRequest);
info("5.a. Starting access token exchange");
Verifier v = getServiceEnvironment().getTokenForge().getVerifier(httpServletRequest);
AuthorizationGrant ag = getServiceEnvironment().getTokenForge().getAuthorizationGrant(httpServletRequest);
ATRequest atRequest = new ATRequest(httpServletRequest, client);
atRequest.setVerifier(v);
atRequest.setAuthorizationGrant(ag);
// FIXME!! make this configurable??
atRequest.setExpiresIn(DateUtils.MAX_TIMEOUT);
ATResponse atResp = (ATResponse) getATI().process(atRequest);
ServiceTransaction transaction = verifyAndGet(atResp);
String cc = "client=" + transaction.getClient();
info("5.a. got access token " + cc);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction));
debug("5.a. access token = " + atResp.getAccessToken() + " for verifier = " + v);
transaction.setAuthGrantValid(false);
transaction.setAccessToken(atResp.getAccessToken());
transaction.setAccessTokenValid(true);
try {
getTransactionStore().save(transaction);
info("5.a. updated transaction state for " + cc + ", sending response to client");
} catch (GeneralException e) {
throw new ServletException("Error saving transaction", e);
}
// atResp.write(httpServletResponse);
info("5.b. done with access token exchange with " + cc);
IssuerTransactionState transactionState = new IssuerTransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction, atResp);
postprocess(transactionState);
return transactionState;
}
Also used :
ServletException(javax.servlet.ServletException)
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
ATRequest(edu.uiuc.ncsa.security.delegation.server.request.ATRequest)
Verifier(edu.uiuc.ncsa.security.delegation.token.Verifier)
AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)
ATResponse(edu.uiuc.ncsa.security.delegation.server.request.ATResponse)
Example 3 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AbstractCertServlet method doDelegation.
protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
info("6.a. Starting to process cert request");
PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
String cc = "client = " + paRequest.getClient().getIdentifier();
paRequest.setAccessToken(getServiceEnvironment().getTokenForge().getAccessToken(httpServletRequest));
PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
AccessToken accessToken = paResponse.getAccessToken();
debug("6.a. " + cc);
ServiceTransaction t = verifyAndGet(paResponse);
info("6.a. Processing request for transaction " + t.getIdentifier());
t.setAccessTokenValid(false);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + cc);
HashMap<String, String> username = new HashMap<String, String>();
username.put("username", t.getUsername());
username.putAll(paResponse.getParameters());
paResponse.setAdditionalInformation(username);
paResponse.setProtectedAsset(t.getProtectedAsset());
debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + cc);
getTransactionStore().save(t);
info("6.b. Done with cert request " + cc);
paResponse.write(httpServletResponse);
info("6.b. Completed transaction " + t.getIdentifierString() + ", " + cc);
postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
HashMap(java.util.HashMap)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)
Example 4 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AbstractInitServlet method doDelegation.
/**
* Actual work call. This parses and returns the passed in parameters.
*
* @param req
* @param resp
* @return
* @throws java.io.IOException
* @throws javax.servlet.ServletException
*/
protected void doDelegation(HttpServletRequest req, HttpServletResponse resp) throws Throwable {
Client client = getClient(req);
try {
String cid = "client=" + client.getIdentifier();
info("2.a. Starting a new cert request: " + cid);
checkClientApproval(client);
AGResponse agResponse = (AGResponse) getAGI().process(new AGRequest(req, client));
agResponse.setClient(client);
ServiceTransaction transaction = verifyAndGet(agResponse);
transaction.setClient(client);
getTransactionStore().save(transaction);
info("Saved new transaction with id=" + transaction.getIdentifierString());
Map<String, String> params = agResponse.getParameters();
preprocess(new TransactionState(req, resp, params, transaction));
debug("saved transaction for " + cid + ", trans id=" + transaction.getIdentifierString());
agResponse.write(resp);
info("2.b finished initial request for token =\"" + transaction.getIdentifierString() + "\".");
postprocess(new IssuerTransactionState(req, resp, params, transaction, agResponse));
} catch (Throwable t) {
if (t instanceof UnapprovedClientException) {
warn("Unapproved client: " + client.getIdentifierString());
}
throw t;
}
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
AGRequest(edu.uiuc.ncsa.security.delegation.server.request.AGRequest)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AGResponse(edu.uiuc.ncsa.security.delegation.server.request.AGResponse)
UnapprovedClientException(edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)
Client(edu.uiuc.ncsa.security.delegation.storage.Client)
Example 5 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AuthorizedServlet method doIt.
// {
/* ProtocolParameters p = new ProtocolParameters();
String ag = request.getParameter(CONST(TOKEN_KEY));
ServiceTransaction trans = null;
say("starting request for token =" + ag);
if (ag == null) {
throw new GeneralException("Error: Invalid request -- no token. Request rejected.");
}
p.userId = request.getParameter(AUTHORIZATION_USER_NAME_KEY);
p.password = request.getParameter(AUTHORIZATION_PASSWORD_KEY);
String xUsername = getServiceEnvironment().getUsernameTransformer().createMyProxyUsername(request);
if (xUsername != null) {
p.userId = xUsername;
}
String lifetimeS = request.getParameter(AUTHORIZATION_CERT_LIFETIME_KEY);
p.lifetime = trans.getLifetime();
if (lifetimeS != null && 0 < lifetimeS.length()) {
try {
p.lifetime = Long.parseLong(lifetimeS);
} catch (Throwable t) {
// do nothing
}
}
return p;*/
// }
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
/**
* For the case that this is being used strictly as a back channel for authorized users.
* This will process the request and return a standard response that includes the redirect
* url. Applications calling this must parse the response and use it as per the spec., sending
* it as a redirect to the user's browser.
* @param request
* @param response
* @throws Throwable
*/
ProtocolParameters p = parseRequest(request);
ServiceTransaction trans = getAndCheckTransaction(p);
trans.setUsername(p.userId);
// keep the user name
getTransactionStore().save(trans);
createMPConnection(trans.getIdentifier(), p.userId, p.password, p.lifetime);
doRealCertRequest(trans, "");
writeResponse(response, trans);
}
Also used :
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
Aggregations
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)14
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)9
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)5
PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)4
AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4
AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)3
AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)2
ATResponse (edu.uiuc.ncsa.security.delegation.server.request.ATResponse)2
PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)2
Verifier (edu.uiuc.ncsa.security.delegation.token.Verifier)2
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)2
HashMap (java.util.HashMap)2
NoUsableMyProxyServerFoundException (edu.uiuc.ncsa.myproxy.NoUsableMyProxyServerFoundException)1
OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1
OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1
ConnectionException (edu.uiuc.ncsa.security.core.exceptions.ConnectionException)1
InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)1
TransactionNotFoundException (edu.uiuc.ncsa.security.core.exceptions.TransactionNotFoundException)1
UnapprovedClientException (edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)1
AGRequest (edu.uiuc.ncsa.security.delegation.server.request.AGRequest)1
