Examples with ClientApproval edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval used on opensource projects

Example 6 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class AbstractCLIApprover method doIt.

@Override
public void doIt() throws Exception {
    Set keys = se.getClientApprovalStore().keySet();
    LinkedList<ClientApproval> linkedList = new LinkedList<ClientApproval>();
    info("starting approval");
    int i = 0;
    for (Object k : keys) {
        ClientApproval ca = (ClientApproval) se.getClientApprovalStore().get(k);
        linkedList.add(ca);
        say((i++) + ". " + (ca.isApproved() ? "(A) " : "(D) ") + linkedList.getLast().getIdentifierString());
    }
    if (linkedList.isEmpty()) {
        say("(No entries found. You will need to manually enter the id.)");
    }
    boolean keepAsking = true;
    String inString;
    ClientApproval ca = null;
    while (keepAsking) {
        say("Enter the number of the client to approve or disapprove, OR, enter an id, starting with a " + ID_DELIMITER);
        inString = readline();
        if (inString.startsWith(ID_DELIMITER)) {
            ca = new ClientApproval(new BasicIdentifier(inString.substring(ID_DELIMITER.length())));
            keepAsking = false;
        } else {
            try {
                int index = Integer.parseInt(inString);
                if (0 <= index && index < linkedList.size()) {
                    ca = linkedList.get(index);
                    keepAsking = false;
                } else {
                    say("Sorry, that index is out of range. Try again.");
                }
            } catch (NumberFormatException xx) {
                boolean noInput = inString == null || inString.length() == 0;
                say("Woops. Didn't understand " + (noInput ? "(empty)" : "\"" + inString + "\"") + ". Try again.");
            }
        }
    }
    if (ca == null) {
        // future proof. Should never happen.
        warn("No client approval found. Aborting session");
        throw new GeneralException("Internal error: Somehow the client approval was not found. Fix that.");
    }
    Client client = (Client) se.getClientStore().get(ca.getIdentifier());
    if (client == null) {
        info("No client found for the given identifier. Aborting.");
        say("no client found for the id. You probably want to fix that.\nexiting...");
        return;
    } else {
        say("You have chosen the following client");
        say(formatClient(client));
    }
    say("Enter your approver name [" + ANONYMOUS + "]:");
    inString = readline();
    ca.setApproved(true);
    if (inString == null || 0 == inString.length()) {
        ca.setApprover(ANONYMOUS);
    } else {
        ca.setApprover(inString);
    }
    info("Approver is identifier as " + ca.getApprover());
    say("Enter Approve or Deny (A/D) [D]");
    inString = readline();
    if (inString != null && inString.toLowerCase().equals("a")) {
        ca.setApproved(true);
    }
    info("Approver " + (ca.isApproved() ? "denies" : "allows") + " approval.");
    say("Commit changes? (y/n)");
    inString = readline();
    if (!inString.toLowerCase().equals("y")) {
        info("Approval aborted manually. No changes saved.");
        say("You didn't explicitly say to save it -- operation aborted.\nexiting...");
        return;
    }
    // update timestamp to now.
    ca.setApprovalTimestamp(new Date());
    if (pollingDir != null) {
        // use polling
        File tempFile = File.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX, pollingDir);
        FileOutputStream fos = new FileOutputStream(tempFile);
        ObjectOutputStream oos = new ObjectOutputStream(fos);
        oos.writeObject(ca);
        fos.flush();
        fos.close();
    } else {
        // do the approval directly
        se.getClientApprovalStore().save(ca);
    }
    info("Approval for client with id \"" + ca.getIdentifierString() + "\" finished.");
}

Example 7 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class ClientServer method approve.

public ClientResponse approve(ApproveRequest request) {
    canApprove(request);
    Identifier id = request.getClient().getIdentifier();
    ClientApproval approval = null;
    OA2ClientApprovalKeys keys = new OA2ClientApprovalKeys();
    if (getClientApprovalStore().containsKey(id)) {
        approval = (ClientApproval) getClientApprovalStore().get(id);
    } else {
        approval = (ClientApproval) getClientApprovalStore().create();
        // approval ID must be the same as the client's
        approval.setIdentifier(id);
    }
    if (request.getAttributes() != null && request.getAttributes().containsKey(keys.approver())) {
        approval.setApprover(String.valueOf(request.getAttributes().get(keys.approver())));
    } else {
        approval.setApprover(request.getAdminClient().getIdentifierString());
    }
    approval.setApproved(true);
    getClientApprovalStore().save(approval);
    return new ClientResponse();
}

Example 8 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class OA2RegistrationServlet method addNewClient.

protected Client addNewClient(HttpServletRequest request, HttpServletResponse response, boolean fireClientEvents) throws Throwable {
    OA2Client client = (OA2Client) super.addNewClient(request, response);
    String rawCBs = getRequiredParam(request, CALLBACK_URI, client);
    String rawRTLifetime = getParameter(request, REFRESH_TOKEN_LIFETIME);
    String[] rawScopes = request.getParameterValues("chkScopes");
    if (rawScopes != null) {
        Collection<String> newScopes = new LinkedList<>();
        boolean hasDefaultScope = false;
        for (String scope : rawScopes) {
            if (OA2Scopes.SCOPE_OPENID.equals(scope))
                hasDefaultScope = true;
            newScopes.add(scope);
        }
        if (!hasDefaultScope) {
            // has to be there or all requests are rejected.
            newScopes.add(OA2Scopes.SCOPE_OPENID);
        }
        client.setScopes(newScopes);
    }
    String issuer = getParameter(request, ISSUER_NAME);
    String ldap = getParameter(request, LDAP_NAME);
    if (!isEmpty(issuer)) {
        client.setIssuer(issuer);
    }
    if (!isEmpty(ldap)) {
        try {
            JSON json = JSONObject.fromObject(ldap);
            Collection<LDAPConfiguration> ldapConfiguration = LDAPConfigurationUtil.fromJSON(json);
            client.setLdaps(ldapConfiguration);
        } catch (Throwable t) {
            warn("Could not parse LDAP string during client registration for \"" + client.getIdentifierString() + "\". Skipping...");
        }
    }
    try {
        URI.create(client.getHomeUri());
    } catch (Throwable t) {
        throw new ClientRegistrationRetryException("Error. The stated home uri is invalid: " + t.getMessage(), null, client);
    }
    if (rawRTLifetime == null || rawRTLifetime.length() == 0) {
        // This effectively means there is no refresh token set.
        // FIXES CIL-309 (partial)
        client.setRtLifetime(0);
    } else {
        long clientRtLifetime = 0L;
        boolean rtLifetimeOK = true;
        if (rawRTLifetime != null && 0 < rawRTLifetime.length()) {
            try {
                // The value is in seconds on the form
                clientRtLifetime = Long.parseLong(rawRTLifetime) * 1000;
                if (clientRtLifetime < 0) {
                    rtLifetimeOK = false;
                } else {
                    rtLifetimeOK = true;
                }
            } catch (Throwable t) {
                // do nix...
                rtLifetimeOK = false;
            }
            if (!rtLifetimeOK) {
                info("Client requested illegal value for refresh token lifetime at registration of \"" + rawRTLifetime + "\"");
            }
        }
        // FIX CIL-309 (partial)
        client.setRtLifetime(Math.min(getOA2SE().getMaxClientRefreshTokenLifetime(), clientRtLifetime));
    }
    // Now generate the client secret. We generate this here:
    byte[] bytes = new byte[getOA2SE().getClientSecretLength()];
    random.nextBytes(bytes);
    String secret64 = Base64.encodeBase64URLSafeString(bytes);
    // we have to return this to the client registration ok page and store a hash of it internally
    // so we don't have a copy of it any place but the client.
    // After this is displayed the secret is actually hashed and stored.
    client.setSecret(secret64);
    BufferedReader br = new BufferedReader(new StringReader(rawCBs));
    String x = br.readLine();
    LinkedList<String> uris = new LinkedList<>();
    while (x != null) {
        if (!x.toLowerCase().startsWith("https:")) {
            warn("Attempt to add bad callback uri for client " + client.getIdentifierString());
            throw new ClientRegistrationRetryException("The callback \"" + x + "\" is not secure.", null, client);
        }
        // passes here means it is a uri. All we want this to do is throw an exception if needed.
        URI.create(x);
        uris.add(x);
        // skip it.
        x = br.readLine();
    }
    br.close();
    client.setCallbackURIs(uris);
    // part of CIL-359, signing ID tokens.
    client.setSignTokens(true);
    // CIL-414 makes the approval record here so that we can get an accurate count later.
    ClientApproval approval = (ClientApproval) getOA2SE().getClientApprovalStore().create();
    approval.setApproved(false);
    approval.setIdentifier(client.getIdentifier());
    getOA2SE().getClientApprovalStore().save(approval);
    if (fireClientEvents) {
        fireNewClientEvent(client);
    }
    return client;
}

Example 9 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class ServiceConfigTest method testClientApprovalStoreProvider.

public void testClientApprovalStoreProvider() throws Exception {
    ConfigurationNode cn = getConfig("postgresql config");
    MultiDSClientApprovalStoreProvider dap = new MultiDSClientApprovalStoreProvider(cn, true, new MyLoggingFacade("test"), null, null);
    ClientApproverConverter cp = new ClientApproverConverter(new ClientApprovalProvider());
    dap.addListener(new DSFSClientApprovalStoreProvider(cn, cp));
    dap.addListener(new DSSQLClientApprovalStoreProvider(cn, new MySQLConnectionPoolProvider("oauth", "oauth"), MYSQL_STORE, cp));
    dap.addListener(new DSSQLClientApprovalStoreProvider(cn, new PGConnectionPoolProvider("oauth", "oauth"), POSTGRESQL_STORE, cp));
    ClientApprovalStore<ClientApproval> as = (ClientApprovalStore<ClientApproval>) dap.get();
}

Example 10 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class FSCAStoreTest method testPermissions.

public void testPermissions() throws Exception {
    File storeDirectory = File.createTempFile("fs-store", "-tmp");
    File indexDirectory = File.createTempFile("fs-index", "-tmp");
    storeDirectory.setWritable(false);
    indexDirectory.setWritable(false);
    assert !storeDirectory.canWrite();
    FSClientApprovalStore x = null;
    final ClientApprovalProvider caProvider = new ClientApprovalProvider();
    try {
        // Make sure that if someone creates a bad one, it blows up in the constructor.
        x = new FSClientApprovalStore(null, null, null, null) {

            @Override
            public Object put(Object key, Object value) {
                return null;
            }
        };
        assert false : "Could make a new object without being properly configured";
    } catch (MyConfigurationException xx) {
        assert true;
    }
    x = new DSFSClientApprovalStore(storeDirectory, indexDirectory, caProvider, new ClientApproverConverter(caProvider));
    try {
        // should bomb here.
        x.create();
        assert false;
    } catch (FilePermissionsException xx) {
        assert true;
    }
    // so make a new entry and then have retrieving it fail.
    storeDirectory.setWritable(true);
    indexDirectory.setWritable(true);
    ClientApproval ca = (ClientApproval) x.create();
    // fail for store directory un readable
    storeDirectory.setReadable(false);
    try {
        x.get(ca.getIdentifier());
        assert false;
    } catch (FilePermissionsException xx) {
        assert true;
    }
}