use of edu.uiuc.ncsa.security.oauth_2_0.UserInfo in project OA4MP by ncsa.
the class OA2ReadyServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
if (request.getParameterMap().containsKey(OA2Constants.ERROR)) {
throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));
}
// Get the cert itself. The server itself does a redirect using the callback to this servlet
// (so it is the portal that actually is invoking this method after the authorization
// step.) The token and verifier are peeled off and used
// to complete the request.
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String state = request.getParameter(OA2Constants.STATE);
if (token == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + ".");
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, getCE().getErrorPagePath());
return;
}
info("2.a Token found.");
AuthorizationGrant grant = new AuthorizationGrantImpl(URI.create(token));
info("2.a. Getting the cert(s) from the service");
String identifier = clearCookie(request, response);
OA2Asset asset = null;
if (identifier == null) {
asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
if (asset != null) {
identifier = asset.getIdentifierString();
}
}
AssetResponse assetResponse = null;
OA2MPService oa2MPService = (OA2MPService) getOA4MPService();
UserInfo ui = null;
boolean getCerts = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
if (identifier == null) {
// Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
String msg = "Error: no cookie found. Cannot save certificates";
warn(msg);
debug("No cookie found");
// if(asset == null) asset = new OA2Asset(BasicIdentifier.newID())
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().toString());
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
} else {
asset = (OA2Asset) getCE().getAssetStore().get(identifier);
if (asset.getState() == null || !asset.getState().equals(state)) {
// Just a note: This is most likely to arise when the server's authorize-init.jsp has been
// changed or replaced and the hidden field for the state (passed to the form, then passed back
// and therefore not stored on the server anyplace) is missing.
warn("The expected state from the server was \"" + asset.getState() + "\", but instead \"" + state + "\" was returned. Transaction aborted.");
throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
}
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
// ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().getToken());
ui = oa2MPService.getUserInfo(identifier);
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
// The general case is to do the call with the identifier if you want the asset store managed.
// assetResponse = getOA4MPService().getCert(token, null, BasicIdentifier.newID(identifier));
}
// The work in this call
// Again, we take the first returned cert to peel off some information to display. This
// just proves we got a response.
info("2.b. Done! Displaying success page.");
if (getCerts) {
if (assetResponse.getX509Certificates() == null) {
request.setAttribute("certSubject", "(no cert returned)");
} else {
X509Certificate cert = assetResponse.getX509Certificates()[0];
// Rest of this is putting up something for the user to see
request.setAttribute("certSubject", cert.getSubjectDN());
request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
request.setAttribute("username", assetResponse.getUsername());
// FIX OAUTH-216. Note that this is displayed on the client's success page.
if (asset.getPrivateKey() != null) {
request.setAttribute("privateKey", KeyUtil.toPKCS1PEM(asset.getPrivateKey()));
} else {
request.setAttribute("privateKey", "(none)");
}
}
} else {
request.setAttribute("certSubject", "(no cert requested)");
}
if (ui != null) {
String output = JSONUtils.valueToString(ui.toJSon(), 4, 2);
request.setAttribute("userinfo", output);
} else {
request.setAttribute("userinfo", "no user info returned.");
}
// Fix in cases where the server request passes through Apache before going to Tomcat.
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
info("2.a. Completely finished with delegation.");
JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
return;
}
use of edu.uiuc.ncsa.security.oauth_2_0.UserInfo in project OA4MP by ncsa.
the class LDAPSSLSocketFactory method main.
public static void main(String[] args) {
try {
DebugUtil.dbg(LDAPSSLSocketFactory.class, System.getProperty("java.home") + "/lib/security/cacerts");
DebugUtil.setIsEnabled(true);
// System.setProperty("javax.net.debug", "ssl");
JSONObject json = JSONObject.fromObject(ldap);
LDAPConfiguration ldapConfiguration = LDAPConfigurationUtil.fromJSON(json);
setLdapConfiguration(ldapConfiguration);
ldapConfiguration.setContextName("");
getSslConfiguration().setTlsVersion(SSLConfigurationUtil.TLS_1_2);
getSslConfiguration().setUseDefaultJavaTrustStore(false);
getSslConfiguration().setKeystoreType("JKS");
getSslConfiguration().setKeystorePassword("changeit");
getSslConfiguration().setKeystore("/home/ncsa/temp/java-certs/cacerts2");
getSslConfiguration().setTrustRootType("JKS");
getSslConfiguration().setTrustRootPassword("changeit");
getSslConfiguration().setTrustRootPath("/home/ncsa/temp/java-certs/cacerts2");
LDAPClaimsSource x = new LDAPClaimsSource(ldapConfiguration, null);
LDAPSSLSocketFactory.setLdapConfiguration(ldapConfiguration);
x.createConnection();
UserInfo userInfo = new UserInfo();
userInfo.getMap().putAll(x.simpleSearch(x.context, "http://cilogon.org/serverA/users/10376", ldapConfiguration.getSearchAttributes()));
System.out.println(userInfo);
} catch (Throwable t) {
t.printStackTrace();
}
}
use of edu.uiuc.ncsa.security.oauth_2_0.UserInfo in project OA4MP by ncsa.
the class LDAPClaimsSource method main.
public static void main(String[] args) {
try {
String rawLdap = "{\"ldap\":{\"failOnError\":\"false\"," + "\"address\":\"ldap.ncsa.illinois.edu\"," + "\"port\":636," + "\"enabled\":\"true\"," + "\"authorizationType\":\"none\"," + "\"searchName\":\"eppn\"," + "\"searchAttributes\":[{" + "\"name\":\"mail\"," + "\"returnAsList\":false," + "\"returnName\":\"mail\"}," + "{\"name\":\"cn\"," + "\"returnAsList\":false," + "\"returnName\":\"name\"}," + "{\"name\":\"memberOf\"," + "\"returnAsList\":false," + "\"isGroup\":true," + "\"returnName\":\"isMemberOf\"}]," + "\"searchBase\":\"ou=People,dc=ncsa,dc=illinois,dc=edu\"," + "\"contextName\":\"\"," + "\"ssl\":{\"tlsVersion\":\"TLS\",\"useJavaTrustStore\":true}}}";
String rawLdap2 = "{\"ldap\": {\n" + " \"address\": \"registry-test.cilogon.org\",\n" + " \"port\": 636,\n" + " \"enabled\": true,\n" + " \"authorizationType\": \"simple\",\n" + " \"failOnError\": false,\n" + " \"notifyOnFail\": false,\n" + " \"password\": \"Eavjofoop4gikpecUzbooljorUryikwu\",\n" + " \"principal\": \"uid=oa4mp_user,ou=system,o=ImPACT,dc=cilogon,dc=org\",\n" + " \"searchAttributes\": [\n" + " {\n" + " \"name\": \"isMemberOf\",\n" + " \"returnAsList\": true,\n" + " \"returnName\": \"isMemberOf\"\n" + " },\n" + " {\n" + " \"name\": \"employeeNumber\",\n" + " \"returnAsList\": false,\n" + " \"returnName\": \"employeeNumber\"\n" + " }\n" + " ],\n" + " \"searchBase\": \"ou=people,o=ImPACT,dc=cilogon,dc=org\",\n" + " \"searchName\": \"username\",\n" + " \"contextName\": \"\",\n" + " \"ssl\": {\n" + " \"keystore\": {},\n" + " \"useJavaTrustStore\": true,\n" + " \"password\": \"changeit\",\n" + " \"type\": \"jks\"\n" + " }\n" + "}}";
DebugUtil.setIsEnabled(true);
ServiceTransaction st = new ServiceTransaction(BasicIdentifier.newID("foo"));
st.setUsername("jbasney@ncsa.illinois.edu");
JSONObject json = JSONObject.fromObject(rawLdap);
LDAPConfiguration cfg = LDAPConfigurationUtil.fromJSON(json);
LDAPClaimsSource claimsSource = new LDAPClaimsSource(cfg, null);
UserInfo ui = new UserInfo();
ui.getMap().put("username", "jbasney@ncsa.illinois.edu");
ui.getMap().put("eppn", "jbasney@ncsa.illinois.edu");
UserInfo ui2 = claimsSource.process(ui, st);
System.out.println("Result of LDAP query:");
System.out.println(ui2.getMap());
// getGid(cfg, "lsst_users");
} catch (Throwable t) {
t.printStackTrace();
}
}
use of edu.uiuc.ncsa.security.oauth_2_0.UserInfo in project OA4MP by ncsa.
the class OA2TestCommands method getuserinfo.
public void getuserinfo(InputLine inputLine) throws Exception {
if (showHelp(inputLine)) {
getUIHelp();
return;
}
UserInfo userInfo = getOA2S().getUserInfo(dummyAsset.getIdentifier().toString());
say("user info:");
for (String key : userInfo.getMap().keySet()) {
say(" " + key + " = " + userInfo.getMap().get(key));
}
}
use of edu.uiuc.ncsa.security.oauth_2_0.UserInfo in project OA4MP by ncsa.
the class OA2MPService method getUserInfo.
public UserInfo getUserInfo(String identifier) {
OA2Asset asset = getAsset2(identifier);
if (asset == null || asset.getAccessToken() == null)
return null;
UIRequest uiRequest = new UIRequest(asset.getAccessToken());
uiRequest.setClient(getEnvironment().getClient());
DS2 ds2 = (DS2) getEnvironment().getDelegationService();
UIResponse resp = ds2.getUserInfo(uiRequest);
JSONObject json = JSONObject.fromObject(resp.getRawJSON());
UserInfo ui = new UserInfo();
// return everything, even specialized fields.
ui.setMap(json);
// UserInfo ui = (UserInfo) JSONObject.toBean(json, UserInfo.class);
return ui;
}
Aggregations