Example 11 with GuidInfo
use of edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo in project GNS by MobilityFirst.
the class LookupGuidRecord method execute.
@Override
public CommandResponse execute(InternalRequestHeader header, CommandPacket commandPacket, ClientRequestHandlerInterface handler) throws JSONException {
JSONObject json = commandPacket.getCommand();
String guid = json.getString(GNSProtocol.GUID.toString());
GuidInfo guidInfo;
if ((guidInfo = AccountAccess.lookupGuidInfoLocally(header, guid, handler)) == null) {
return new CommandResponse(ResponseCode.BAD_GUID_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_GUID.toString() + " " + guid);
}
if (guidInfo != null) {
try {
return new CommandResponse(ResponseCode.NO_ERROR, guidInfo.toJSONObject().toString());
} catch (JSONException e) {
return new CommandResponse(ResponseCode.JSON_PARSE_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.JSON_PARSE_ERROR.toString());
}
} else {
return new CommandResponse(ResponseCode.BAD_GUID_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_GUID.toString() + " " + guid);
}
}
Also used :
JSONObject(org.json.JSONObject)
JSONException(org.json.JSONException)
GuidInfo(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo)
CommandResponse(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.CommandResponse)
Example 12 with GuidInfo
use of edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo in project GNS by MobilityFirst.
the class AclAddSecured method execute.
@Override
public CommandResponse execute(InternalRequestHeader header, CommandPacket commandPacket, ClientRequestHandlerInterface handler) throws InvalidKeyException, InvalidKeySpecException, JSONException, NoSuchAlgorithmException, SignatureException, ParseException {
JSONObject json = commandPacket.getCommand();
String guid = json.getString(GNSProtocol.GUID.toString());
String field = json.getString(GNSProtocol.FIELD.toString());
// The guid that wants to access this field
String accesser = json.getString(GNSProtocol.ACCESSER.toString());
String accessType = json.getString(GNSProtocol.ACL_TYPE.toString());
// can be null on older client
Date timestamp = json.has(GNSProtocol.TIMESTAMP.toString()) ? Format.parseDateISO8601UTC(json.getString(GNSProtocol.TIMESTAMP.toString())) : null;
MetaDataTypeName access;
if ((access = MetaDataTypeName.valueOf(accessType)) == null) {
return new CommandResponse(ResponseCode.BAD_ACL_TYPE_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_ACL_TYPE.toString() + "Should be one of " + Arrays.toString(MetaDataTypeName.values()));
}
// Lookup the public key of the guid that we're giving access to the field.
String accessorPublicKey;
if (GNSProtocol.EVERYONE.toString().equals(accesser)) {
accessorPublicKey = GNSProtocol.EVERYONE.toString();
} else {
GuidInfo accessorGuidInfo;
if ((accessorGuidInfo = AccountAccess.lookupGuidInfoAnywhere(header, accesser, handler)) == null) {
return new CommandResponse(ResponseCode.BAD_GUID_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_GUID.toString() + " " + accesser);
} else {
accessorPublicKey = accessorGuidInfo.getPublicKey();
}
}
// This is where we update the ACL. Put the public key of the accessing guid in the appropriate ACL list.
ResponseCode responseCode;
if (!(responseCode = FieldMetaData.add(header, commandPacket, access, guid, field, accessorPublicKey, GNSProtocol.INTERNAL_QUERIER.toString(), //GNSConfig.getInternalOpSecret(),
null, null, timestamp, handler)).isExceptionOrError()) {
return new CommandResponse(ResponseCode.NO_ERROR, GNSProtocol.OK_RESPONSE.toString());
} else {
return new CommandResponse(responseCode, responseCode.getProtocolCode());
}
}
Also used :
ResponseCode(edu.umass.cs.gnscommon.ResponseCode)
JSONObject(org.json.JSONObject)
GuidInfo(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo)
CommandResponse(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.CommandResponse)
Date(java.util.Date)
MetaDataTypeName(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.MetaDataTypeName)
Example 13 with GuidInfo
use of edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo in project GNS by MobilityFirst.
the class AclRemoveSecured method execute.
@Override
public CommandResponse execute(InternalRequestHeader header, CommandPacket commandPacket, ClientRequestHandlerInterface handler) throws InvalidKeyException, InvalidKeySpecException, JSONException, NoSuchAlgorithmException, SignatureException, ParseException {
JSONObject json = commandPacket.getCommand();
String guid = json.getString(GNSProtocol.GUID.toString());
String field = json.getString(GNSProtocol.FIELD.toString());
// The guid that is losing access to this field
String accesser = json.getString(GNSProtocol.ACCESSER.toString());
String accessType = json.getString(GNSProtocol.ACL_TYPE.toString());
Date timestamp = json.has(GNSProtocol.TIMESTAMP.toString()) ? Format.parseDateISO8601UTC(json.getString(GNSProtocol.TIMESTAMP.toString())) : // can be null on older client
null;
MetaDataTypeName access;
if ((access = MetaDataTypeName.valueOf(accessType)) == null) {
return new CommandResponse(ResponseCode.BAD_ACL_TYPE_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_ACL_TYPE.toString() + "Should be one of " + Arrays.toString(MetaDataTypeName.values()));
}
ResponseCode responseCode;
// We need the public key
String accessorPublicKey;
if (GNSProtocol.EVERYONE.toString().equals(accesser)) {
accessorPublicKey = GNSProtocol.EVERYONE.toString();
} else {
GuidInfo accessorGuidInfo;
if ((accessorGuidInfo = AccountAccess.lookupGuidInfoAnywhere(header, accesser, handler)) == null) {
return new CommandResponse(ResponseCode.BAD_GUID_ERROR, GNSProtocol.BAD_RESPONSE.toString() + " " + GNSProtocol.BAD_GUID.toString() + " " + accesser);
} else {
accessorPublicKey = accessorGuidInfo.getPublicKey();
}
}
if (!(responseCode = FieldMetaData.removeValue(header, commandPacket, access, guid, accesser, field, accessorPublicKey, GNSProtocol.INTERNAL_QUERIER.toString(), //GNSConfig.getInternalOpSecret(),
null, null, timestamp, handler)).isExceptionOrError()) {
return new CommandResponse(ResponseCode.NO_ERROR, GNSProtocol.OK_RESPONSE.toString());
} else {
return new CommandResponse(responseCode, responseCode.getProtocolCode());
}
}
Also used :
ResponseCode(edu.umass.cs.gnscommon.ResponseCode)
JSONObject(org.json.JSONObject)
GuidInfo(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo)
CommandResponse(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.CommandResponse)
Date(java.util.Date)
MetaDataTypeName(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.MetaDataTypeName)
Example 14 with GuidInfo
use of edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo in project GNS by MobilityFirst.
the class NSAuthentication method aclCheck.
/**
* Check the acl to insure that {@code accessorGuid} can access {@code targetGuid}'s {@code field}.
*
* @param header
* @param targetGuid
* @param field
* @param accessorGuid
* @param access
* @param gnsApp
* @return acl check result
* @throws FailedDBOperationException
*/
public static AclCheckResult aclCheck(InternalRequestHeader header, String targetGuid, String field, String accessorGuid, MetaDataTypeName access, GNSApplicationInterface<String> gnsApp) throws FailedDBOperationException {
ClientSupportConfig.getLogger().log(Level.FINE, "@@@@@@@@@@@@@@@@ACL Check guid={0} key={1} accessor={2} access={3}", new Object[] { targetGuid, field, accessorGuid, access });
// This method attempts to look up the public key as well as check for ACL access.
String publicKey;
if (accessorGuid.equals(targetGuid)) {
// This handles the base case where we're accessing our own guid.
// Access to all of our fields is always allowed to our own guid so we just need to get
// the public key out of the guid - possibly from the cache.
publicKey = lookupPublicKeyLocallyWithCacheing(targetGuid, gnsApp);
// the guid must not be local which is a problem.
if (publicKey == null) {
return new AclCheckResult("", ResponseCode.BAD_GUID_ERROR);
}
} else {
/**
* In order to not fetch the entire record multiple times,
* we fetch it here and let lookupPublicKeyInACL to get the public key from it.
*/
JSONObject metaData = NSAccessSupport.getMataDataForACLCheck(targetGuid, gnsApp.getDB());
if (metaData == null) {
// this is a bad GUID as its meta data can not be fetched
ClientSupportConfig.getLogger().log(Level.WARNING, "User {0} access problem for {1}'s {2} field: no meta data exists", new Object[] { targetGuid, field, access.toString() });
return new AclCheckResult("", ResponseCode.BAD_GUID_ERROR);
}
// Otherwise we attempt to find the public key for the accessorGuid in the ACL of the guid being
// accesssed.
// Note that field can be GNSProtocol.ENTIRE_RECORD.toString() here
publicKey = lookupPublicKeyFromMetaData(header, targetGuid, field, accessorGuid, access, metaData, gnsApp);
}
// that group guid is in the ACL
if (publicKey == null) {
// First thing to do is to lookup the accessorGuid... possibly remotely.
GuidInfo accessorGuidInfo;
//TODO: Add a cache here
if ((accessorGuidInfo = AccountAccess.lookupGuidInfoAnywhere(header, accessorGuid, gnsApp.getRequestHandler())) != null) {
ClientSupportConfig.getLogger().log(Level.FINE, "================> Catchall lookup returned: {0}", accessorGuidInfo);
// Check all the ACLs in the tree for this field to see if there is a group guid that
// in there somewhere that has accessorGuid as a member
Set<String> groups;
if (!(groups = NSGroupAccess.lookupGroups(header, accessorGuid, gnsApp.getRequestHandler())).isEmpty()) {
if (NSAccessSupport.hierarchicalAccessGroupCheck(access, targetGuid, field, groups, gnsApp)) {
publicKey = accessorGuidInfo.getPublicKey();
}
}
}
}
// If we didn't find the public key return an ACCESS_ERROR
if (publicKey == null) {
return new AclCheckResult("", ResponseCode.ACCESS_ERROR);
} else {
return new AclCheckResult(publicKey, ResponseCode.NO_ERROR);
}
}
Also used :
JSONObject(org.json.JSONObject)
GuidInfo(edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo)
Example 15 with GuidInfo
use of edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo in project GNS by MobilityFirst.
the class NSAuthentication method lookupPublicKeyFromMetaData.
/**
* Attempts to look up the public key for a accessorGuid using the
* ACL of the guid for the given field.
* Will resort to a lookup on another server in certain circumstances.
* Like when an ACL uses the GNSProtocol.EVERYONE.toString() flag.
*
* @param guid
* @param field
* @param accessorGuid
* @param access
* @param gnsApp
* @param lnsAddress
* @return the public key
* @throws FailedDBOperationException
*/
private static String lookupPublicKeyFromMetaData(InternalRequestHeader header, String guid, String field, String accessorGuid, MetaDataTypeName access, JSONObject metaData, GNSApplicationInterface<String> gnsApp) throws FailedDBOperationException {
List<String> fields = null;
if (field.contains("."))
fields = Arrays.asList(field.split("."));
else
fields = Arrays.asList(field);
// Field could also be GNSProtocol.ENTIRE_RECORD.toString() here
JSONArray publicKeys = NSAccessSupport.lookupPublicKeysFromAcl(access, guid, fields, metaData);
String publicKey = SharedGuidUtils.findPublicKeyForGuid(accessorGuid, publicKeys);
ClientSupportConfig.getLogger().log(Level.FINE, "================> {0} lookup for {1} returned: {2} public keys={3}", new Object[] { access.toString(), field, publicKey, publicKeys });
// explicitly because it's not going to have an entry in the ACL
if (publicKey == null && NSAccessSupport.indexOfItemInJSONArray(publicKeys, GNSProtocol.EVERYONE.toString()) >= 0) {
GuidInfo accessorGuidInfo;
if ((accessorGuidInfo = AccountAccess.lookupGuidInfoAnywhere(header, accessorGuid, gnsApp.getRequestHandler())) != null) {
ClientSupportConfig.getLogger().log(Level.FINE, "================> {0} lookup for EVERYONE returned {1}", new Object[] { access.toString(), accessorGuidInfo });
publicKey = accessorGuidInfo.getPublicKey();
}
}
if (publicKey == null) {
ClientSupportConfig.getLogger().log(Level.FINE, "================> Public key not found: accessor={0} guid={1} field={2} public keys={3}", new Object[] { accessorGuid, guid, field, publicKeys });
}
return publicKey;
}Aggregations
GuidInfo (edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.GuidInfo)15
JSONObject (org.json.JSONObject)13
CommandResponse (edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.CommandResponse)11
AccountInfo (edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.AccountInfo)6
ResponseCode (edu.umass.cs.gnscommon.ResponseCode)4
MetaDataTypeName (edu.umass.cs.gnsserver.gnsapp.clientCommandProcessor.commandSupport.MetaDataTypeName)4
Date (java.util.Date)4
JSONArray (org.json.JSONArray)4
JSONException (org.json.JSONException)2
FailedDBOperationException (edu.umass.cs.gnscommon.exceptions.server.FailedDBOperationException)1
FieldNotFoundException (edu.umass.cs.gnscommon.exceptions.server.FieldNotFoundException)1
AbstractRecordCursor (edu.umass.cs.gnsserver.database.AbstractRecordCursor)1
AdminRequestPacket (edu.umass.cs.gnsserver.gnsapp.packet.admin.AdminRequestPacket)1
DumpRequestPacket (edu.umass.cs.gnsserver.gnsapp.packet.admin.DumpRequestPacket)1
NameRecord (edu.umass.cs.gnsserver.gnsapp.recordmap.NameRecord)1
IOException (java.io.IOException)1
ServerSocket (java.net.ServerSocket)1
Socket (java.net.Socket)1
UnknownHostException (java.net.UnknownHostException)1
ParseException (java.text.ParseException)1
