Search in sources :

Example 21 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class ClientApprovalStoreCommands method format.

@Override
protected String format(Identifiable identifiable) {
    if (identifiable == null)
        return "(null)";
    ClientApproval ca = (ClientApproval) identifiable;
    String statusString = "?";
    switch(ca.getStatus()) {
        case APPROVED:
            statusString = "A";
            break;
        case DENIED:
        case REVOKED:
            statusString = "D";
            break;
        case PENDING:
        case NONE:
    }
    String x = "(" + statusString + ") " + ca.getIdentifierString();
    if (ca.isApproved() || ca.getStatus() == ClientApproval.Status.APPROVED) {
        x = x + " by \"" + ca.getApprover() + "\" on " + ca.getApprovalTimestamp();
    }
    return x;
}
Also used : ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)

Example 22 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class AbstractRegistrationServlet method addNewClient.

protected Client addNewClient(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    // Assumption is that the request is in good order and we just have to pull stuff off it.
    Client client = getServiceEnvironment().getClientStore().create();
    info("creating entry for client=" + client.getIdentifierString());
    // Fill in as much info as we can before parsing public key.
    // We always store exactly what was given to us, though later we html escape it to
    // prevent against HTML injection attacks (fixes bug OAUTH-87).
    client.setName(getRequiredParam(request, CLIENT_NAME, client));
    client.setHomeUri(getRequiredParam(request, CLIENT_HOME_URL, client));
    String x = getRequiredParam(request, CLIENT_EMAIL, client);
    java.util.regex.Pattern p = java.util.regex.Pattern.compile(emailPattern);
    java.util.regex.Matcher m = p.matcher(x);
    if (!m.matches()) {
        throw new ClientRegistrationRetryException("The email address \"" + x + "\" is not valid.", null, client);
    }
    client.setEmail(x);
    client.setProxyLimited(getBooleanParam(request, CLIENT_PROXY_LIMITED));
    getServiceEnvironment().getClientStore().save(client);
    info("Adding approval record for client=" + client.getIdentifierString());
    ClientApproval clientApproval = new ClientApproval(client.getIdentifier());
    clientApproval.setApproved(false);
    info("done with client registration, client=" + client.getIdentifierString());
    // Failure to do so will turn off the ability to email new client registrations!
    return client;
}
Also used : ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval) Client(edu.uiuc.ncsa.security.delegation.storage.Client)

Example 23 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class OA2ClientCommands method longFormat.

@Override
protected void longFormat(Identifiable identifiable) {
    OA2Client client = (OA2Client) identifiable;
    say("Client name=" + (client.getName() == null ? "(no name)" : client.getName()));
    sayi("identifier=" + client.getIdentifier());
    sayi("email=" + client.getEmail());
    sayi("home uri=" + client.getHomeUri());
    sayi("error uri=" + client.getErrorUri());
    sayi("limited proxies? " + client.isProxyLimited());
    sayi("creation timestamp=" + client.getCreationTS());
    sayi("sign ID tokens?=" + client.isSignTokens());
    sayi("issuer=" + client.getIssuer());
    sayi("is public?=" + client.isPublicClient());
    if (getClientApprovalStore() != null) {
        ClientApproval clientApproval = null;
        try {
            clientApproval = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
        } catch (Throwable t) {
        // do nothing. If there is no approval record, this is equivalent to saying it is not approved.
        }
        if (clientApproval == null) {
            // if it is missing, then create on and mark it pending.
            clientApproval = (ClientApproval) getClientApprovalStore().create();
            // or it won't associate it with the client...
            clientApproval.setIdentifier(client.getIdentifier());
            clientApproval.setStatus(ClientApproval.Status.PENDING);
            clientApproval.setApproved(false);
            getClientApprovalStore().save(clientApproval);
        // sayi("no approval record exists.");
        }
        if (clientApproval.isApproved() && clientApproval.getStatus() != APPROVED) {
            clientApproval.setStatus(APPROVED);
        }
        switch(clientApproval.getStatus()) {
            case APPROVED:
                String approver = "(unknown)";
                if (clientApproval.getApprover() != null) {
                    approver = clientApproval.getApprover();
                }
                sayi("status=approved by " + approver);
                break;
            case NONE:
                sayi("status=none");
                break;
            case PENDING:
                sayi("status=pending");
                break;
            case DENIED:
                sayi("status=approval denied");
                break;
            case REVOKED:
                sayi("status=revoked");
        }
    }
    // end of approvals.
    if (client.getSecret() == null) {
        sayi("client secret: (none)");
    } else {
        sayi("client secret (hash):" + client.getSecret());
    }
    Collection<String> uris = client.getCallbackURIs();
    if (uris == null) {
        sayi("callback uris: (none)");
    } else {
        sayi("callback uris" + (uris.isEmpty() ? ":(none)" : ":"));
        for (String x : uris) {
            sayi("      " + x);
        }
    }
    Collection<String> scopes = client.getScopes();
    if (scopes == null) {
        sayi("scopes: (none)");
    } else {
        sayi("scopes" + (scopes.isEmpty() ? ":(none)" : ":"));
        for (String x : scopes) {
            sayi("      " + x);
        }
    }
    if (isRefreshTokensEnabled()) {
        sayi("refresh lifetime (sec): " + (client.isRTLifetimeEnabled() ? (client.getRtLifetime() / 1000) : "none"));
    }
    if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
        sayi("ldap:(none configured.)");
    } else {
        sayi("LDAPS:");
        LDAPConfigurationUtil.toJSON(client.getLdaps());
    }
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)

Example 24 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class BaseClientStoreCommands method format.

@Override
protected String format(Identifiable identifiable) {
    BaseClient client = (BaseClient) identifiable;
    String rc = null;
    ClientApproval ca = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
    if (ca == null) {
        rc = "(?) " + client.getIdentifier() + " ";
    } else {
        boolean isApproved = ca != null && ca.isApproved();
        rc = "(" + (isApproved ? "Y" : "N") + ") " + client.getIdentifier() + " ";
    }
    String name = (client.getName() == null ? "no name" : client.getName());
    if (20 < name.length()) {
        name = name.substring(0, 20) + "...";
    }
    rc = rc + "(" + name + ")";
    rc = rc + " created on " + Iso8601.date2String(client.getCreationTS());
    return rc;
}
Also used : ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval) BaseClient(edu.uiuc.ncsa.security.delegation.storage.BaseClient)

Example 25 with ClientApproval

use of edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval in project OA4MP by ncsa.

the class BaseClientStoreCommands method approve.

public void approve(InputLine inputLine) {
    if (showHelp(inputLine)) {
        showApproveHelp();
        return;
    }
    BaseClient client = (BaseClient) findItem(inputLine);
    ClientApproval ca = null;
    if (getClientApprovalStore().containsKey(client.getIdentifier())) {
        ca = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
    } else {
        ca = (ClientApproval) getClientApprovalStore().create();
        ca.setIdentifier(client.getIdentifier());
    }
    // now we have the right approval record for this identifier
    clientApprovalStoreCommands.approve(ca);
}
Also used : ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval) BaseClient(edu.uiuc.ncsa.security.delegation.storage.BaseClient)

Aggregations

ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)26 Client (edu.uiuc.ncsa.security.delegation.storage.Client)6 Date (java.util.Date)5 ClientApprovalProvider (edu.uiuc.ncsa.myproxy.oa4mp.server.ClientApprovalProvider)3 ClientApproverConverter (edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApproverConverter)3 Identifier (edu.uiuc.ncsa.security.core.Identifier)3 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)3 BaseClient (edu.uiuc.ncsa.security.delegation.storage.BaseClient)3 OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)3 LinkedList (java.util.LinkedList)3 TypeClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)2 DSFSClientApprovalStore (edu.uiuc.ncsa.myproxy.oa4mp.server.storage.filestore.DSFSClientApprovalStore)2 FilePermissionsException (edu.uiuc.ncsa.security.core.exceptions.FilePermissionsException)2 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)2 MyConfigurationException (edu.uiuc.ncsa.security.core.exceptions.MyConfigurationException)2 ClientApprovalStore (edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore)2 FSClientApprovalStore (edu.uiuc.ncsa.security.delegation.server.storage.impl.FSClientApprovalStore)2 OA2ClientApprovalKeys (edu.uiuc.ncsa.security.oauth_2_0.OA2ClientApprovalKeys)2 File (java.io.File)2 Set (java.util.Set)2