Examples with MyX509Certificates edu.uiuc.ncsa.security.delegation.token.MyX509Certificates used on opensource projects

Example 1 with MyX509Certificates

use of edu.uiuc.ncsa.security.delegation.token.MyX509Certificates in project OA4MP by ncsa.

the class CRServlet method doCertRequest.

protected void doCertRequest(ServiceTransaction trans, String statusString) throws Throwable {
    if (!hasMPConnection(trans)) {
        throw new ConnectionException("Error: There is no currently active MyProxy connection.");
    }
    MyPKCS10CertRequest localCertRequest = trans.getCertReq();
    KeyPair keyPair = null;
    if (trans.getClient().isProxyLimited()) {
        info("3.b. starting proxy limited for " + trans.getClient().getIdentifier() + ". Generating keypair and cert request.");
        try {
            keyPair = getServiceEnvironment().getKeyPair();
            localCertRequest = CertUtil.createCertRequest(keyPair);
        } catch (GeneralSecurityException e) {
            error("3.b. " + e.getMessage());
        }
    }
    LinkedList<X509Certificate> certs = getX509Certificates(trans, localCertRequest, statusString);
    debug("3.b. Got cert from server, count=" + certs.size());
    LinkedList<X509Certificate> certList = new LinkedList<>();
    // If it is a limited cert, sign it
    if (trans.getClient().isProxyLimited()) {
        info("3.b. Limited proxy for client " + trans.getClient().getIdentifier() + ", creating limited cert and signing it.");
        certList.addAll(certs);
        certList.addFirst(JGlobusUtil.createProxyCertificate(certs.getLast(), keyPair.getPrivate(), trans.getCertReq().getPublicKey(), (int) (trans.getLifetime() / 1000)));
        certs = certList;
    }
    debug("3.b. Preparing to return cert chain of " + certs.size() + " to client.");
    MyX509Certificates myCerts = new MyX509Certificates(certs);
    trans.setProtectedAsset(myCerts);
    String userName = trans.getUsername();
    if (getServiceEnvironment().getAuthorizationServletConfig().isReturnDnAsUsername()) {
        if (myCerts.getX509Certificates().length > 0) {
            X500Principal x500Principal = myCerts.getX509Certificates()[0].getSubjectX500Principal();
            userName = x500Principal.getName();
            if (getServiceEnvironment().getAuthorizationServletConfig().isConvertDNToGlobusID()) {
                userName = JGlobusUtil.toGlobusID(userName);
            }
            debug(statusString + ": USERNAME = " + userName);
        } else {
            userName = "no_certificates_found";
        }
        trans.setUsername(userName);
        info("3.c. Set username returned to client to first certificate's DN: " + userName);
    }
    // Fixes OAUTH-102 username might not be set in some cases, so just reset it here.
    trans.setUsername(userName);
    // Our response is a simple ok, since otherwise exceptions are thrown. No need to set this since that is the default.
    trans.setVerifier(MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getVerifier());
    getServiceEnvironment().getTransactionStore().save(trans);
    if (hasMPConnection(trans.getIdentifier())) {
        // It can happen (especially in cases of manual testing when there is considerable time between calls)
        // that the connection goes away. This prevents a bogus failure in that case.
        getMPConnection(trans.getIdentifier()).close();
    }
}

Example 2 with MyX509Certificates

use of edu.uiuc.ncsa.security.delegation.token.MyX509Certificates in project OA4MP by ncsa.

the class TransactionConverter method toMap.

@Override
public void toMap(V t, ConversionMap<String, Object> map) {
    super.toMap(t, map);
    if (t.getCertReq() == null) {
        map.put(getDSTK().certReq(), null);
    } else {
        map.put(getDSTK().certReq(), CertUtil.fromCertReqToString(t.getCertReq()));
    }
    MyX509Certificates myCert = (MyX509Certificates) t.getProtectedAsset();
    if (myCert == null || myCert.getX509Certificates() == null || myCert.getX509Certificates().length == 0) {
        map.put(getDSTK().cert(), null);
    } else {
        try {
            map.put(getDSTK().cert(), myCert.getX509CertificatesPEM());
        } catch (CertificateEncodingException e) {
            throw new GeneralException("Error: could not encode certificate", e);
        }
    }
    if (t.getClient() == null) {
        map.put(getDSTK().clientKey(), null);
    } else {
        map.put(getDSTK().clientKey(), t.getClient().getIdentifier());
    }
    if (t.getUsername() == null) {
        map.put(getDSTK().username(), null);
    } else {
        map.put(getDSTK().username(), t.getUsername());
    }
    if (t.getMyproxyUsername() == null) {
        map.put(getDSTK().myproxyUsername(), null);
    } else {
        map.put(getDSTK().myproxyUsername(), t.getMyproxyUsername());
    }
}

Example 3 with MyX509Certificates

use of edu.uiuc.ncsa.security.delegation.token.MyX509Certificates in project OA4MP by ncsa.

the class TransactionConverter method fromMap.

@Override
public V fromMap(ConversionMap<String, Object> map, V v) {
    V t = super.fromMap(map, v);
    String CertReqString = map.getString(getDSTK().certReq());
    if (CertReqString != null && 0 < CertReqString.length())
        t.setCertReq(CertUtil.fromStringToCertReq(CertReqString));
    String y = map.getString(getDSTK().cert());
    if (y != null && 0 < y.length()) {
        try {
            ByteArrayInputStream baos = new ByteArrayInputStream(y.getBytes("UTF-8"));
            MyX509Certificates myCert = new MyX509Certificates(fromPEM(baos));
            t.setProtectedAsset(myCert);
        } catch (CertificateException e) {
            throw new GeneralException("Error decoding certificate", e);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }
    Identifier clientKey = BasicIdentifier.newID(map.getString(getDSTK().clientKey()));
    if (clientKey != null) {
        t.setClient(clientStore.get(clientKey));
    }
    String uName = map.getString(getDSTK().username());
    if (uName != null) {
        t.setUsername(uName);
    }
    String myproxyUsername = map.getString(getDSTK().myproxyUsername());
    if (myproxyUsername != null) {
        t.setMyproxyUsername(myproxyUsername);
    }
    return t;
}

Example 4 with MyX509Certificates

use of edu.uiuc.ncsa.security.delegation.token.MyX509Certificates in project OA4MP by ncsa.

the class OA2MPService method getCert.

public AssetResponse getCert(OA2Asset a, ATResponse2 atResponse2) {
    KeyPair keyPair = getNextKeyPair();
    MyPKCS10CertRequest certReq = null;
    try {
        certReq = CertUtil.createCertRequest(keyPair, a.getUsername());
    } catch (Throwable e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        throw new GeneralException("Could no create cert request", e);
    }
    a.setPrivateKey(keyPair.getPrivate());
    a.setCertReq(certReq);
    Map<String, String> m1 = getAssetParameters(a);
    preGetCert(a, m1);
    if (MANUAL_TEST) {
        return manualTest(a, m1);
    }
    DelegatedAssetResponse daResp = getEnvironment().getDelegationService().getCert(atResponse2, getEnvironment().getClient(), m1);
    AssetResponse par = new AssetResponse();
    MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset();
    par.setX509Certificates(myX509Certificate.getX509Certificates());
    postGetCert(a, par);
    a.setCertificates(par.getX509Certificates());
    getEnvironment().getAssetStore().save(a);
    return par;
}

Example 5 with MyX509Certificates

use of edu.uiuc.ncsa.security.delegation.token.MyX509Certificates in project OA4MP by ncsa.

the class AbstractOA4MPService method getCert.

/**
 * Does the actual work getting the cert.
 *
 * @param asset
 * @param ag
 * @param v
 * @return
 */
protected AssetResponse getCert(Asset asset, AuthorizationGrant ag, Verifier v) {
    DelegatedAssetRequest dar = new DelegatedAssetRequest();
    dar.setAuthorizationGrant(ag);
    dar.setClient(getEnvironment().getClient());
    dar.setVerifier(v);
    dar.setParameters(getATParameters(asset, ag, v));
    Map<String, String> m1 = getAssetParameters(asset);
    preGetCert(asset, m1);
    dar.setAssetParameters(m1);
    DelegatedAssetResponse daResp = (DelegatedAssetResponse) getEnvironment().getDelegationService().process(dar);
    AssetResponse par = new AssetResponse();
    MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset();
    par.setX509Certificates(myX509Certificate.getX509Certificates());
    par.setUsername(daResp.getAdditionalInformation().get("username"));
    postGetCert(asset, par);
    asset.setUsername(par.getUsername());
    asset.setCertificates(par.getX509Certificates());
    getEnvironment().getAssetStore().save(asset);
    return par;
}