Search in sources :

Example 1 with ApplicationIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.

the class SecurityManager method securityCheck.

public void securityCheck(String identity) throws SEPASecurityException {
    logger.info("*** Security check ***");
    // Add identity
    addAuthorizedIdentity(new ApplicationIdentity(identity));
    // Register
    Response response = register(identity);
    if (response.getClass().equals(RegistrationResponse.class)) {
        RegistrationResponse ret = (RegistrationResponse) response;
        String basicAuth = ret.getClientId() + ":" + ret.getClientSecret();
        // Get token
        String encodedCredentials = Base64.getEncoder().encodeToString(basicAuth.getBytes());
        logger.debug("Authorization Basic " + encodedCredentials);
        response = getToken(encodedCredentials);
        if (response.getClass().equals(JWTResponse.class)) {
            logger.debug("Access token: " + ((JWTResponse) response).getAccessToken());
            // Validate token
            ClientAuthorization authRet = validateToken(((JWTResponse) response).getAccessToken());
            if (authRet.isAuthorized()) {
                removeCredentials(new ApplicationIdentity(ret.getClientId()));
                removeJwt(ret.getClientId());
                logger.info("*** PASSED ***");
            } else {
                logger.error(authRet.getError());
                logger.info("*** FAILED ***");
            }
        } else {
            logger.debug(response.toString());
            logger.info("*** FAILED ***");
        }
    } else {
        logger.debug(response.toString());
        logger.info("*** FAILED ***");
        // Remove identity
        removeAuthorizedIdentity(identity);
    }
    System.out.println("");
}
Also used : Response(it.unibo.arces.wot.sepa.commons.response.Response) RegistrationResponse(it.unibo.arces.wot.sepa.commons.response.RegistrationResponse) ErrorResponse(it.unibo.arces.wot.sepa.commons.response.ErrorResponse) JWTResponse(it.unibo.arces.wot.sepa.commons.response.JWTResponse) ClientAuthorization(it.unibo.arces.wot.sepa.commons.security.ClientAuthorization) ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity) RegistrationResponse(it.unibo.arces.wot.sepa.commons.response.RegistrationResponse) JWTResponse(it.unibo.arces.wot.sepa.commons.response.JWTResponse)

Example 2 with ApplicationIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.

the class LdapSecurityManager method getIdentity.

@Override
public DigitalIdentity getIdentity(String uid) throws SEPASecurityException {
    logger.log(Level.getLevel("ldap"), "[LDAP] getIdentity " + uid + " uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)");
    bind();
    try {
        cursor = ldap.search("uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)", SearchScope.OBJECT, "*");
        if (!cursor.next())
            throw new SEPASecurityException("uid=" + uid + ",ou=authorizedIndentities," + prop.getBase() + " NOT FOUND");
        // SPARQL endpoint credentials are stored as Java Serialized Object
        Credentials credentials = null;
        if (cursor.get().contains("objectClass", "javaSerializedObject")) {
            credentials = Credentials.deserialize(cursor.get().get("javaSerializedData").getBytes());
        }
        if (cursor.get().contains("objectClass", "device"))
            return new DeviceIdentity(uid, credentials);
        else if (cursor.get().contains("objectClass", "applicationProcess"))
            return new ApplicationIdentity(uid, credentials);
        else
            throw new SEPASecurityException("Digital identity class NOT FOUND");
    } catch (LdapException | CursorException e) {
        logger.error("[LDAP] getIdentity exception " + e.getMessage());
        throw new SEPASecurityException("getIdentity exception " + e.getMessage());
    } finally {
        unbind();
    }
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)

Example 3 with ApplicationIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity in project SEPA by arces-wot.

the class ACLManager method main.

public static void main(String[] args) {
    Console console = System.console();
    Scanner in = new Scanner(System.in);
    System.out.println("********************");
    System.out.println("* SEPA ACL Manager *");
    System.out.println("********************");
    LdapSecurityManager ldap;
    String line;
    while (true) {
        System.out.print("Host (return for default: localhost): ");
        line = in.nextLine();
        if (!line.equals(""))
            host = line;
        System.out.print("Port (return for default: 10389): ");
        line = in.nextLine();
        if (!line.equals(""))
            port = Integer.parseInt(line);
        System.out.print("Base (return for default: dc=sepatest,dc=com): ");
        line = in.nextLine();
        if (!line.equals(""))
            base = line;
        System.out.print("User (return for default: uid=admin,ou=system): ");
        line = in.nextLine();
        if (!line.equals(""))
            user = line;
        if (console != null)
            pwd = new String(console.readPassword("Password (default: secret):"));
        else {
            System.out.print("Password (default: secret):");
            line = in.nextLine();
            if (!line.equals(""))
                pwd = line;
        }
        try {
            ldap = new LdapSecurityManager(JKSUtil.getSSLContext("sepa.jks", "sepa2020"), JKSUtil.getRSAKey("sepa.jks", "sepa2020", "jwt", "sepa2020"), new LdapProperties(host, port, base, null, user, pwd, false));
        } catch (SEPASecurityException e2) {
            System.out.println(e2.getMessage());
            continue;
        }
        break;
    }
    System.out.println("Connected to LDAP!");
    System.out.println("Set SPARQL endpoint credentials");
    System.out.print("User (return for default: SEPATest):");
    line = in.nextLine();
    String user = "SEPATest";
    if (!line.equals(""))
        user = line;
    if (console != null)
        pwd = new String(console.readPassword("Password (default: SEPATest):"));
    else {
        System.out.print("Password (default: SEPATest):");
        line = in.nextLine();
        pwd = line;
    }
    while (true) {
        System.out.println("Available actions: ");
        System.out.println("1 - Register application");
        System.out.println("2 - Register device");
        System.out.println("3 - Register user");
        System.out.println("4 - Change SPARQL endpoint credentials");
        System.out.println("5 - Show SPARQL endpoint credentials");
        System.out.println("6 - Exit");
        System.out.print("Select: ");
        String action = in.nextLine();
        if (action.equals("6"))
            break;
        DigitalIdentity identity = null;
        String client_secret = null;
        switch(action) {
            case "1":
                System.out.print("UID: ");
                String uid = in.nextLine();
                identity = new ApplicationIdentity(uid, new Credentials(user, pwd));
                break;
            case "2":
                System.out.print("UID: ");
                uid = in.nextLine();
                identity = new DeviceIdentity(uid, new Credentials(user, pwd));
                break;
            case "3":
                System.out.print("Name: ");
                String cn = in.nextLine();
                System.out.print("Surname: ");
                String sn = in.nextLine();
                System.out.print("email: ");
                uid = in.nextLine();
                identity = new UserIdentity(uid, cn, sn, new Credentials(user, pwd));
                if (console != null)
                    client_secret = new String(console.readPassword("Password: "));
                else {
                    System.out.print("Password: ");
                    line = in.nextLine();
                    client_secret = line;
                }
                break;
            case "4":
                System.out.println("Change SPARQL endpoint credentials");
                System.out.print("User: ");
                user = in.nextLine();
                System.out.print("Password: ");
                pwd = in.nextLine();
                continue;
            case "5":
                System.out.println("SPARQL endpoint credentials");
                System.out.println("---------------------------");
                System.out.println("User: <" + user + ">");
                System.out.println("Password: <" + pwd + ">");
                System.out.println("---------------------------");
                continue;
            default:
                System.out.println("Wrong selection: " + action);
                continue;
        }
        try {
            if (action.equals("3")) {
                if (!ldap.storeCredentials(identity, client_secret)) {
                    System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
                    if (in.nextLine().toLowerCase().startsWith("n"))
                        continue;
                    ldap.removeCredentials(identity);
                    ldap.storeCredentials(identity, client_secret);
                }
            } else
                ldap.addAuthorizedIdentity(identity);
        } catch (SEPASecurityException e) {
            try {
                if (!action.equals("4")) {
                    System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
                    if (in.nextLine().toLowerCase().startsWith("n"))
                        continue;
                    ldap.removeAuthorizedIdentity(identity.getUid());
                    ldap.addAuthorizedIdentity(identity);
                } else {
                    System.out.println("Failed to create entity: " + identity);
                    continue;
                }
            } catch (SEPASecurityException e1) {
                System.out.println("Entity creation failed");
                continue;
            }
        }
        System.out.println("Entity created!");
    }
    in.close();
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) Scanner(java.util.Scanner) ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity) UserIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity) Console(java.io.Console) SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException) DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity) Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)

Aggregations

ApplicationIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)3 SEPASecurityException (it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)2 Credentials (it.unibo.arces.wot.sepa.commons.security.Credentials)2 DeviceIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)2 ErrorResponse (it.unibo.arces.wot.sepa.commons.response.ErrorResponse)1 JWTResponse (it.unibo.arces.wot.sepa.commons.response.JWTResponse)1 RegistrationResponse (it.unibo.arces.wot.sepa.commons.response.RegistrationResponse)1 Response (it.unibo.arces.wot.sepa.commons.response.Response)1 ClientAuthorization (it.unibo.arces.wot.sepa.commons.security.ClientAuthorization)1 DigitalIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)1 UserIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)1 Console (java.io.Console)1 Scanner (java.util.Scanner)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1