Example 1 with ApplicationIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.
the class SecurityManager method securityCheck.
public void securityCheck(String identity) throws SEPASecurityException {
logger.info("*** Security check ***");
// Add identity
addAuthorizedIdentity(new ApplicationIdentity(identity));
// Register
Response response = register(identity);
if (response.getClass().equals(RegistrationResponse.class)) {
RegistrationResponse ret = (RegistrationResponse) response;
String basicAuth = ret.getClientId() + ":" + ret.getClientSecret();
// Get token
String encodedCredentials = Base64.getEncoder().encodeToString(basicAuth.getBytes());
logger.debug("Authorization Basic " + encodedCredentials);
response = getToken(encodedCredentials);
if (response.getClass().equals(JWTResponse.class)) {
logger.debug("Access token: " + ((JWTResponse) response).getAccessToken());
// Validate token
ClientAuthorization authRet = validateToken(((JWTResponse) response).getAccessToken());
if (authRet.isAuthorized()) {
removeCredentials(new ApplicationIdentity(ret.getClientId()));
removeJwt(ret.getClientId());
logger.info("*** PASSED ***");
} else {
logger.error(authRet.getError());
logger.info("*** FAILED ***");
}
} else {
logger.debug(response.toString());
logger.info("*** FAILED ***");
}
} else {
logger.debug(response.toString());
logger.info("*** FAILED ***");
// Remove identity
removeAuthorizedIdentity(identity);
}
System.out.println("");
}
Also used :
Response(it.unibo.arces.wot.sepa.commons.response.Response)
RegistrationResponse(it.unibo.arces.wot.sepa.commons.response.RegistrationResponse)
ErrorResponse(it.unibo.arces.wot.sepa.commons.response.ErrorResponse)
JWTResponse(it.unibo.arces.wot.sepa.commons.response.JWTResponse)
ClientAuthorization(it.unibo.arces.wot.sepa.commons.security.ClientAuthorization)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
RegistrationResponse(it.unibo.arces.wot.sepa.commons.response.RegistrationResponse)
JWTResponse(it.unibo.arces.wot.sepa.commons.response.JWTResponse)
Example 2 with ApplicationIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.
the class LdapSecurityManager method getIdentity.
@Override
public DigitalIdentity getIdentity(String uid) throws SEPASecurityException {
logger.log(Level.getLevel("ldap"), "[LDAP] getIdentity " + uid + " uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)");
bind();
try {
cursor = ldap.search("uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)", SearchScope.OBJECT, "*");
if (!cursor.next())
throw new SEPASecurityException("uid=" + uid + ",ou=authorizedIndentities," + prop.getBase() + " NOT FOUND");
// SPARQL endpoint credentials are stored as Java Serialized Object
Credentials credentials = null;
if (cursor.get().contains("objectClass", "javaSerializedObject")) {
credentials = Credentials.deserialize(cursor.get().get("javaSerializedData").getBytes());
}
if (cursor.get().contains("objectClass", "device"))
return new DeviceIdentity(uid, credentials);
else if (cursor.get().contains("objectClass", "applicationProcess"))
return new ApplicationIdentity(uid, credentials);
else
throw new SEPASecurityException("Digital identity class NOT FOUND");
} catch (LdapException | CursorException e) {
logger.error("[LDAP] getIdentity exception " + e.getMessage());
throw new SEPASecurityException("getIdentity exception " + e.getMessage());
} finally {
unbind();
}
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)
Example 3 with ApplicationIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.
the class ACLManager method main.
public static void main(String[] args) {
Console console = System.console();
Scanner in = new Scanner(System.in);
System.out.println("********************");
System.out.println("* SEPA ACL Manager *");
System.out.println("********************");
LdapSecurityManager ldap;
String line;
while (true) {
System.out.print("Host (return for default: localhost): ");
line = in.nextLine();
if (!line.equals(""))
host = line;
System.out.print("Port (return for default: 10389): ");
line = in.nextLine();
if (!line.equals(""))
port = Integer.parseInt(line);
System.out.print("Base (return for default: dc=sepatest,dc=com): ");
line = in.nextLine();
if (!line.equals(""))
base = line;
System.out.print("User (return for default: uid=admin,ou=system): ");
line = in.nextLine();
if (!line.equals(""))
user = line;
if (console != null)
pwd = new String(console.readPassword("Password (default: secret):"));
else {
System.out.print("Password (default: secret):");
line = in.nextLine();
if (!line.equals(""))
pwd = line;
}
try {
ldap = new LdapSecurityManager(JKSUtil.getSSLContext("sepa.jks", "sepa2020"), JKSUtil.getRSAKey("sepa.jks", "sepa2020", "jwt", "sepa2020"), new LdapProperties(host, port, base, null, user, pwd, false));
} catch (SEPASecurityException e2) {
System.out.println(e2.getMessage());
continue;
}
break;
}
System.out.println("Connected to LDAP!");
System.out.println("Set SPARQL endpoint credentials");
System.out.print("User (return for default: SEPATest):");
line = in.nextLine();
String user = "SEPATest";
if (!line.equals(""))
user = line;
if (console != null)
pwd = new String(console.readPassword("Password (default: SEPATest):"));
else {
System.out.print("Password (default: SEPATest):");
line = in.nextLine();
pwd = line;
}
while (true) {
System.out.println("Available actions: ");
System.out.println("1 - Register application");
System.out.println("2 - Register device");
System.out.println("3 - Register user");
System.out.println("4 - Change SPARQL endpoint credentials");
System.out.println("5 - Show SPARQL endpoint credentials");
System.out.println("6 - Exit");
System.out.print("Select: ");
String action = in.nextLine();
if (action.equals("6"))
break;
DigitalIdentity identity = null;
String client_secret = null;
switch(action) {
case "1":
System.out.print("UID: ");
String uid = in.nextLine();
identity = new ApplicationIdentity(uid, new Credentials(user, pwd));
break;
case "2":
System.out.print("UID: ");
uid = in.nextLine();
identity = new DeviceIdentity(uid, new Credentials(user, pwd));
break;
case "3":
System.out.print("Name: ");
String cn = in.nextLine();
System.out.print("Surname: ");
String sn = in.nextLine();
System.out.print("email: ");
uid = in.nextLine();
identity = new UserIdentity(uid, cn, sn, new Credentials(user, pwd));
if (console != null)
client_secret = new String(console.readPassword("Password: "));
else {
System.out.print("Password: ");
line = in.nextLine();
client_secret = line;
}
break;
case "4":
System.out.println("Change SPARQL endpoint credentials");
System.out.print("User: ");
user = in.nextLine();
System.out.print("Password: ");
pwd = in.nextLine();
continue;
case "5":
System.out.println("SPARQL endpoint credentials");
System.out.println("---------------------------");
System.out.println("User: <" + user + ">");
System.out.println("Password: <" + pwd + ">");
System.out.println("---------------------------");
continue;
default:
System.out.println("Wrong selection: " + action);
continue;
}
try {
if (action.equals("3")) {
if (!ldap.storeCredentials(identity, client_secret)) {
System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
if (in.nextLine().toLowerCase().startsWith("n"))
continue;
ldap.removeCredentials(identity);
ldap.storeCredentials(identity, client_secret);
}
} else
ldap.addAuthorizedIdentity(identity);
} catch (SEPASecurityException e) {
try {
if (!action.equals("4")) {
System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
if (in.nextLine().toLowerCase().startsWith("n"))
continue;
ldap.removeAuthorizedIdentity(identity.getUid());
ldap.addAuthorizedIdentity(identity);
} else {
System.out.println("Failed to create entity: " + identity);
continue;
}
} catch (SEPASecurityException e1) {
System.out.println("Entity creation failed");
continue;
}
}
System.out.println("Entity created!");
}
in.close();
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
Scanner(java.util.Scanner)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
UserIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)
Console(java.io.Console)
SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)
DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)
Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)
Aggregations
ApplicationIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)3
SEPASecurityException (it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)2
Credentials (it.unibo.arces.wot.sepa.commons.security.Credentials)2
DeviceIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)2
ErrorResponse (it.unibo.arces.wot.sepa.commons.response.ErrorResponse)1
JWTResponse (it.unibo.arces.wot.sepa.commons.response.JWTResponse)1
RegistrationResponse (it.unibo.arces.wot.sepa.commons.response.RegistrationResponse)1
Response (it.unibo.arces.wot.sepa.commons.response.Response)1
ClientAuthorization (it.unibo.arces.wot.sepa.commons.security.ClientAuthorization)1
DigitalIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)1
UserIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)1
Console (java.io.Console)1
Scanner (java.util.Scanner)1
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1
