Search in sources :

Example 6 with DefaultClientConfiguration

use of eu.unicore.util.httpclient.DefaultClientConfiguration in project airavata by apache.

the class UNICORESecurityContext method getDefaultConfiguration.

public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging, UserConfigurationDataModel userDataModel) throws GFacException, ApplicationSettingsException {
    X509Credential cred = null;
    try {
        boolean genCert = userDataModel.isGenerateCert();
        if (genCert) {
            String userDN = userDataModel.getUserDN();
            if (userDN == null || "".equals(userDN)) {
                log.warn("Cannot generate cert, falling back to GFAC configured MyProxy credentials");
                return getDefaultConfiguration(enableMessageLogging);
            } else {
                log.info("Generating X.509 certificate for: " + userDN);
                try {
                    String caCertPath = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
                    String caKeyPath = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
                    String caKeyPass = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
                    if (caCertPath.equals("") || caKeyPath.equals("")) {
                        throw new Exception("CA certificate or key file path missing in the properties file. " + "Please make sure " + BESConstants.PROP_CA_CERT_PATH + " or " + BESConstants.PROP_CA_KEY_PATH + " are not empty.");
                    }
                    if ("".equals(caKeyPass)) {
                        log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
                    }
                    cred = generateShortLivedCredential(userDN, caCertPath, caKeyPath, caKeyPass);
                } catch (Exception e) {
                    throw new GFacException("Error occured while generating a short lived credential for user:" + userDN, e);
                }
            }
        } else {
            return getDefaultConfiguration(enableMessageLogging);
        }
        secProperties = new DefaultClientConfiguration(dcValidator, cred);
        setExtraSettings();
    } catch (Exception e) {
        throw new GFacException(e.getMessage(), e);
    }
    secProperties.getETDSettings().setExtendTrustDelegation(true);
    if (enableMessageLogging)
        secProperties.setMessageLogging(true);
    // secProperties.setDoSignMessage(true);
    secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
    return secProperties;
}
Also used : X509Credential(eu.emi.security.authn.x509.X509Credential) GFacException(org.apache.airavata.gfac.core.GFacException) DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration) GFacException(org.apache.airavata.gfac.core.GFacException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Example 7 with DefaultClientConfiguration

use of eu.unicore.util.httpclient.DefaultClientConfiguration in project airavata by apache.

the class UNICORESecurityContext method getServerSignedConfiguration.

/**
 * Get server signed credentials. Each time it is invoked new certificate
 * is returned.
 *
 * @param userID
 * @param userDN
 * @param caCertPath
 * @param caKeyPath
 * @param caKeyPwd
 * @return
 * @throws GFacException
 */
public DefaultClientConfiguration getServerSignedConfiguration(String userID, String userDN, String caCertPath, String caKeyPath, String caKeyPwd) throws GFacException {
    try {
        KeyAndCertCredential cred = SecurityUtils.generateShortLivedCertificate(userDN, caCertPath, caKeyPath, caKeyPwd);
        secProperties = new DefaultClientConfiguration(dcValidator, cred);
        setExtraSettings();
    } catch (Exception e) {
        throw new GFacException(e.getMessage(), e);
    }
    return secProperties;
}
Also used : GFacException(org.apache.airavata.gfac.core.GFacException) DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) GFacException(org.apache.airavata.gfac.core.GFacException) GFacProviderException(org.apache.airavata.gfac.core.provider.GFacProviderException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)

Aggregations

DefaultClientConfiguration (eu.unicore.util.httpclient.DefaultClientConfiguration)7 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)7 GFacException (org.apache.airavata.gfac.core.GFacException)7 X509Credential (eu.emi.security.authn.x509.X509Credential)4 GFacProviderException (org.apache.airavata.gfac.core.provider.GFacProviderException)3 KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)2 UserConfigurationDataModel (org.apache.airavata.model.experiment.UserConfigurationDataModel)1 RegistryException (org.apache.airavata.registry.cpi.RegistryException)1