Search in sources :

Example 1 with PAResponse

use of edu.uiuc.ncsa.security.delegation.server.request.PAResponse in project OA4MP by ncsa.

the class ACS2 method doDelegation.

protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
    info("6.a. Starting to process cert request");
    PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
    String statusString = "client = " + paRequest.getClient().getIdentifier();
    // The next call will pull the access token off of any parameters. The result may be null if there is
    // no access token.
    paRequest.setAccessToken(getAccessToken(httpServletRequest));
    PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
    debug("6.a. " + statusString);
    ServiceTransaction t = verifyAndGet(paResponse);
    Map params = httpServletRequest.getParameterMap();
    if (t.getCertReq() == null) {
        String rawCR = ((String[]) params.get(CONST(ServiceConstantKeys.CERT_REQUEST_KEY)))[0];
        // CIL-409 fix -- fail immediately if the cert request is missing
        if (!params.containsKey(CONST(ServiceConstantKeys.CERT_REQUEST_KEY))) {
            throw new GeneralException("Error: Missing cert request parameter.");
        }
        // CIL-409 fix
        if (isEmpty(rawCR)) {
            throw new GeneralException("Error: Empty cert request.");
        }
        MyPKCS10CertRequest certReq;
        try {
            certReq = CertUtil.fromStringToCertReq(rawCR);
        } catch (Throwable throwable) {
            throwable.printStackTrace();
            throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
        }
        t.setCertReq(certReq);
        // The assumption at this point is that this value is in seconds, which is valid for OIDC clients.
        if (params.containsKey(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY))) {
            t.setLifetime(1000 * Long.parseLong(((String[]) params.get(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY)))[0]));
        } else {
            // set the default to 10 days if there is no certlifetime parameter passed in.
            t.setLifetime(1000 * 10 * 24 * 3600);
        }
        getTransactionStore().save(t);
    }
    info("6.a. Processing request for transaction " + t.getIdentifier());
    doRealCertRequest(t, statusString);
    t.setAccessTokenValid(false);
    preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
    debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + statusString);
    HashMap<String, String> username = new HashMap<String, String>();
    username.put("username", t.getUsername());
    if (paResponse.getParameters() != null) {
        username.putAll(paResponse.getParameters());
    }
    paResponse.setAdditionalInformation(username);
    paResponse.setProtectedAsset(t.getProtectedAsset());
    debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + statusString);
    getTransactionStore().save(t);
    info("6.b. Done with cert request " + statusString);
    paResponse.write(httpServletResponse);
    info("6.b. Completed transaction " + t.getIdentifierString() + ", " + statusString);
    postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used : TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) HashMap(java.util.HashMap) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse) PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest) HashMap(java.util.HashMap) Map(java.util.Map) MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)

Example 2 with PAResponse

use of edu.uiuc.ncsa.security.delegation.server.request.PAResponse in project OA4MP by ncsa.

the class AbstractCertServlet method doDelegation.

protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
    info("6.a. Starting to process cert request");
    PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
    String cc = "client = " + paRequest.getClient().getIdentifier();
    paRequest.setAccessToken(getServiceEnvironment().getTokenForge().getAccessToken(httpServletRequest));
    PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
    AccessToken accessToken = paResponse.getAccessToken();
    debug("6.a. " + cc);
    ServiceTransaction t = verifyAndGet(paResponse);
    info("6.a. Processing request for transaction " + t.getIdentifier());
    t.setAccessTokenValid(false);
    preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
    debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + cc);
    HashMap<String, String> username = new HashMap<String, String>();
    username.put("username", t.getUsername());
    username.putAll(paResponse.getParameters());
    paResponse.setAdditionalInformation(username);
    paResponse.setProtectedAsset(t.getProtectedAsset());
    debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + cc);
    getTransactionStore().save(t);
    info("6.b. Done with cert request " + cc);
    paResponse.write(httpServletResponse);
    info("6.b. Completed transaction " + t.getIdentifierString() + ", " + cc);
    postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used : TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) HashMap(java.util.HashMap) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse) PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)

Example 3 with PAResponse

use of edu.uiuc.ncsa.security.delegation.server.request.PAResponse in project OA4MP by ncsa.

the class ACS2Impl method verifyAndGet.

public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    PAResponse par = (PAResponse) iResponse;
    AccessToken accessToken = par.getAccessToken();
    ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
    if (t == null) {
        throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
    }
    if (!t.isAccessTokenValid()) {
        throw new GeneralException("Error: invalid access token. Request refused");
    }
    checkClientApproval(t.getClient());
    checkTimestamp(accessToken.getToken());
    return t;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)

Example 4 with PAResponse

use of edu.uiuc.ncsa.security.delegation.server.request.PAResponse in project OA4MP by ncsa.

the class CertServlet method verifyAndGet.

public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    PAResponse par = (PAResponse) iResponse;
    AccessToken accessToken = par.getAccessToken();
    ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
    if (t == null) {
        throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
    }
    if (!t.isAccessTokenValid()) {
        throw new GeneralException("Error: invalid access token. Request refused");
    }
    checkClientApproval(t.getClient());
    checkTimestamp(accessToken.getToken());
    return t;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)

Aggregations

ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)4 PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)4 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)3 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)3 PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)2 TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)2 HashMap (java.util.HashMap)2 MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)1 Map (java.util.Map)1