Search in sources :

Example 6 with X509Credential

use of eu.emi.security.authn.x509.X509Credential in project airavata by apache.

the class X509SecurityContext method getDefaultCredentials.

/**
 * Gets the default proxy certificate.
 * @return Default my proxy credentials.
 * @throws org.apache.airavata.common.exception.ApplicationSettingsException
 */
public X509Credential getDefaultCredentials() throws GFacException, ApplicationSettingsException {
    MyProxyLogon logon = new MyProxyLogon();
    logon.setValidator(dcValidator);
    logon.setHost(getRequestData().getMyProxyServerUrl());
    logon.setPort(getRequestData().getMyProxyPort());
    logon.setUsername(getRequestData().getMyProxyUserName());
    logon.setPassphrase(getRequestData().getMyProxyPassword().toCharArray());
    logon.setLifetime(getRequestData().getMyProxyLifeTime());
    try {
        logon.connect();
        logon.logon();
        logon.getCredentials();
        logon.disconnect();
        PrivateKey pk = logon.getPrivateKey();
        return new KeyAndCertCredential(pk, new X509Certificate[] { logon.getCertificate() });
    } catch (Exception e) {
        throw new GFacException("An error occurred while retrieving default security credentials.", e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) GFacException(org.apache.airavata.gfac.core.GFacException) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) GFacException(org.apache.airavata.gfac.core.GFacException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Example 7 with X509Credential

use of eu.emi.security.authn.x509.X509Credential in project airavata by apache.

the class UNICORESecurityContext method getDefaultConfiguration.

public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging, UserConfigurationDataModel userDataModel) throws GFacException, ApplicationSettingsException {
    X509Credential cred = null;
    try {
        boolean genCert = userDataModel.isGenerateCert();
        if (genCert) {
            String userDN = userDataModel.getUserDN();
            if (userDN == null || "".equals(userDN)) {
                log.warn("Cannot generate cert, falling back to GFAC configured MyProxy credentials");
                return getDefaultConfiguration(enableMessageLogging);
            } else {
                log.info("Generating X.509 certificate for: " + userDN);
                try {
                    String caCertPath = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
                    String caKeyPath = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
                    String caKeyPass = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
                    if (caCertPath.equals("") || caKeyPath.equals("")) {
                        throw new Exception("CA certificate or key file path missing in the properties file. " + "Please make sure " + BESConstants.PROP_CA_CERT_PATH + " or " + BESConstants.PROP_CA_KEY_PATH + " are not empty.");
                    }
                    if ("".equals(caKeyPass)) {
                        log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
                    }
                    cred = generateShortLivedCredential(userDN, caCertPath, caKeyPath, caKeyPass);
                } catch (Exception e) {
                    throw new GFacException("Error occured while generating a short lived credential for user:" + userDN, e);
                }
            }
        } else {
            return getDefaultConfiguration(enableMessageLogging);
        }
        secProperties = new DefaultClientConfiguration(dcValidator, cred);
        setExtraSettings();
    } catch (Exception e) {
        throw new GFacException(e.getMessage(), e);
    }
    secProperties.getETDSettings().setExtendTrustDelegation(true);
    if (enableMessageLogging)
        secProperties.setMessageLogging(true);
    // secProperties.setDoSignMessage(true);
    secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
    return secProperties;
}
Also used : X509Credential(eu.emi.security.authn.x509.X509Credential) GFacException(org.apache.airavata.gfac.core.GFacException) DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration) GFacException(org.apache.airavata.gfac.core.GFacException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Example 8 with X509Credential

use of eu.emi.security.authn.x509.X509Credential in project airavata by apache.

the class X509SecurityContext method getCredentialsFromStore.

/**
 * Reads the credentials from credential store.
 * @return If token is found in the credential store, will return a valid credential. Else returns null.
 * @throws Exception If an error occurred while retrieving credentials.
 */
public X509Credential getCredentialsFromStore() throws Exception {
    if (getCredentialReader() == null) {
        return null;
    }
    Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
    if (credential != null) {
        if (credential instanceof CertificateCredential) {
            log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
            CertificateCredential certificateCredential = (CertificateCredential) credential;
            X509Certificate[] certificates = certificateCredential.getCertificates();
            KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
            return keyAndCert;
        // return new GlobusGSSCredentialImpl(newCredential,
        // GSSCredential.INITIATE_AND_ACCEPT);
        } else {
            log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
        }
    } else {
        log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
    }
    return null;
}
Also used : CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) Credential(org.apache.airavata.credential.store.credential.Credential) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X509Credential(eu.emi.security.authn.x509.X509Credential) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X509Certificate(java.security.cert.X509Certificate)

Example 9 with X509Credential

use of eu.emi.security.authn.x509.X509Credential in project airavata by apache.

the class X509SecurityContext method getCredentialsFromStore.

/**
 * Reads the credentials from credential store.
 * @return If token is found in the credential store, will return a valid credential. Else returns null.
 * @throws Exception If an error occurred while retrieving credentials.
 */
public X509Credential getCredentialsFromStore() throws Exception {
    if (getCredentialReader() == null) {
        return null;
    }
    Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
    if (credential != null) {
        if (credential instanceof CertificateCredential) {
            log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
            CertificateCredential certificateCredential = (CertificateCredential) credential;
            X509Certificate[] certificates = certificateCredential.getCertificates();
            KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
            return keyAndCert;
        // return new GlobusGSSCredentialImpl(newCredential,
        // GSSCredential.INITIATE_AND_ACCEPT);
        } else {
            log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
        }
    } else {
        log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
    }
    return null;
}
Also used : CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) Credential(org.apache.airavata.credential.store.credential.Credential) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X509Credential(eu.emi.security.authn.x509.X509Credential) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X509Credential (eu.emi.security.authn.x509.X509Credential)6 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)6 GFacException (org.apache.airavata.gfac.core.GFacException)6 KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)4 DefaultClientConfiguration (eu.unicore.util.httpclient.DefaultClientConfiguration)4 IOException (java.io.IOException)2 InvalidKeyException (java.security.InvalidKeyException)2 PrivateKey (java.security.PrivateKey)2 X509Certificate (java.security.cert.X509Certificate)2 Credential (org.apache.airavata.credential.store.credential.Credential)2 CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)2 GFacProviderException (org.apache.airavata.gfac.core.provider.GFacProviderException)2 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1 MyProxyLogon (org.apache.airavata.gfac.bes.utils.MyProxyLogon)1 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1 X509Credential (org.opensaml.security.x509.X509Credential)1 SAMLException (org.pac4j.saml.exceptions.SAMLException)1