Examples with KeyAndCertCredential eu.emi.security.authn.x509.impl.KeyAndCertCredential used on opensource projects

Example 11 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class UNICORESecurityContext method getServerSignedConfiguration.

/**
 * Get server signed credentials. Each time it is invoked new certificate
 * is returned.
 *
 * @param userID
 * @param userDN
 * @param caCertPath
 * @param caKeyPath
 * @param caKeyPwd
 * @return
 * @throws GFacException
 */
public DefaultClientConfiguration getServerSignedConfiguration(String userID, String userDN, String caCertPath, String caKeyPath, String caKeyPwd) throws GFacException {
    try {
        KeyAndCertCredential cred = SecurityUtils.generateShortLivedCertificate(userDN, caCertPath, caKeyPath, caKeyPwd);
        secProperties = new DefaultClientConfiguration(dcValidator, cred);
        setExtraSettings();
    } catch (Exception e) {
        throw new GFacException(e.getMessage(), e);
    }
    return secProperties;
}

Example 12 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class X509SecurityContext method getCredentialsFromStore.

/**
 * Reads the credentials from credential store.
 * @return If token is found in the credential store, will return a valid credential. Else returns null.
 * @throws Exception If an error occurred while retrieving credentials.
 */
public X509Credential getCredentialsFromStore() throws Exception {
    if (getCredentialReader() == null) {
        return null;
    }
    Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
    if (credential != null) {
        if (credential instanceof CertificateCredential) {
            log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
            CertificateCredential certificateCredential = (CertificateCredential) credential;
            X509Certificate[] certificates = certificateCredential.getCertificates();
            KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
            return keyAndCert;
        // return new GlobusGSSCredentialImpl(newCredential,
        // GSSCredential.INITIATE_AND_ACCEPT);
        } else {
            log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
        }
    } else {
        log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
    }
    return null;
}

Example 13 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class SecurityUtils method getCACredential.

public static KeyAndCertCredential getCACredential(String caCertPath, String caKeyPath, String password) throws Exception {
    InputStream isKey = new FileInputStream(caKeyPath);
    PrivateKey pk = CertificateUtils.loadPrivateKey(isKey, Encoding.PEM, password.toCharArray());
    InputStream isCert = new FileInputStream(caCertPath);
    X509Certificate caCert = CertificateUtils.loadCertificate(isCert, Encoding.PEM);
    if (isKey != null)
        isKey.close();
    if (isCert != null)
        isCert.close();
    return new KeyAndCertCredential(pk, new X509Certificate[] { caCert });
}

Example 14 with KeyAndCertCredential

use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.

the class SecurityUtils method generateShortLivedCertificate.

public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    final String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    final String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}