use of eu.unicore.util.httpclient.DefaultClientConfiguration in project airavata by apache.
the class UNICORESecurityContext method getDefaultConfiguration.
public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging, UserConfigurationDataModel userDataModel) throws GFacException, ApplicationSettingsException {
X509Credential cred = null;
try {
boolean genCert = userDataModel.isGenerateCert();
if (genCert) {
String userDN = userDataModel.getUserDN();
if (userDN == null || "".equals(userDN)) {
log.warn("Cannot generate cert, falling back to GFAC configured MyProxy credentials");
return getDefaultConfiguration(enableMessageLogging);
} else {
log.info("Generating X.509 certificate for: " + userDN);
try {
String caCertPath = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
String caKeyPath = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
String caKeyPass = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
if (caCertPath.equals("") || caKeyPath.equals("")) {
throw new Exception("CA certificate or key file path missing in the properties file. " + "Please make sure " + BESConstants.PROP_CA_CERT_PATH + " or " + BESConstants.PROP_CA_KEY_PATH + " are not empty.");
}
if ("".equals(caKeyPass)) {
log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
}
cred = generateShortLivedCredential(userDN, caCertPath, caKeyPath, caKeyPass);
} catch (Exception e) {
throw new GFacException("Error occured while generating a short lived credential for user:" + userDN, e);
}
}
} else {
return getDefaultConfiguration(enableMessageLogging);
}
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
secProperties.getETDSettings().setExtendTrustDelegation(true);
if (enableMessageLogging)
secProperties.setMessageLogging(true);
// secProperties.setDoSignMessage(true);
secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
return secProperties;
}
use of eu.unicore.util.httpclient.DefaultClientConfiguration in project airavata by apache.
the class UNICORESecurityContext method getServerSignedConfiguration.
/**
* Get server signed credentials. Each time it is invoked new certificate
* is returned.
*
* @param userID
* @param userDN
* @param caCertPath
* @param caKeyPath
* @param caKeyPwd
* @return
* @throws GFacException
*/
public DefaultClientConfiguration getServerSignedConfiguration(String userID, String userDN, String caCertPath, String caKeyPath, String caKeyPwd) throws GFacException {
try {
KeyAndCertCredential cred = SecurityUtils.generateShortLivedCertificate(userDN, caCertPath, caKeyPath, caKeyPwd);
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
return secProperties;
}
Aggregations