Search in sources :

Example 1 with DeviceIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.

the class SecurityManagerTest method userCredentials.

@Test
public void userCredentials() throws SEPASecurityException {
    assertFalse(auth.containsCredentials("xyz"));
    String uid = UUID.randomUUID().toString();
    DigitalIdentity device = new DeviceIdentity(uid);
    auth.storeCredentials(device, uid);
    assertFalse("Identity not registered", !auth.containsCredentials(uid));
    assertFalse("Failed to check password", !auth.checkCredentials(uid, uid));
    auth.removeCredentials(device);
    assertFalse("Identity removed: password check failed", auth.checkCredentials(uid, uid));
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity) Test(org.junit.Test)

Example 2 with DeviceIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.

the class SecurityManagerTest method tokens.

// @Test
public void tokens() throws SEPASecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, ParseException, IOException, JOSEException {
    String uid = UUID.randomUUID().toString();
    DigitalIdentity device = new DeviceIdentity(uid);
    auth.storeCredentials(device, uid);
    SignedJWT token = generateToken(device, uid);
    Date expirationDate = token.getJWTClaimsSet().getExpirationTime();
    auth.addJwt(uid, token);
    assertFalse("Failed to check token presence", !auth.containsJwt(uid));
    assertFalse("Failed to get expiring period", auth.getTokenExpiringPeriod(uid) != auth.getDeviceExpiringPeriod());
    assertFalse("Failed to get expiring date", !auth.getTokenExpiringDate(uid).equals(expirationDate));
    SignedJWT stored = auth.getJwt(uid);
    assertFalse("Token does not match", !stored.serialize().equals(token.serialize()));
    auth.setTokenExpiringPeriod(uid, 0);
    assertFalse("Failed to set expiring period", auth.getTokenExpiringPeriod(uid) != 0);
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) SignedJWT(com.nimbusds.jwt.SignedJWT) DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity) Date(java.util.Date)

Example 3 with DeviceIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.

the class LdapSecurityManager method getIdentity.

@Override
public DigitalIdentity getIdentity(String uid) throws SEPASecurityException {
    logger.log(Level.getLevel("ldap"), "[LDAP] getIdentity " + uid + " uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)");
    bind();
    try {
        cursor = ldap.search("uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)", SearchScope.OBJECT, "*");
        if (!cursor.next())
            throw new SEPASecurityException("uid=" + uid + ",ou=authorizedIndentities," + prop.getBase() + " NOT FOUND");
        // SPARQL endpoint credentials are stored as Java Serialized Object
        Credentials credentials = null;
        if (cursor.get().contains("objectClass", "javaSerializedObject")) {
            credentials = Credentials.deserialize(cursor.get().get("javaSerializedData").getBytes());
        }
        if (cursor.get().contains("objectClass", "device"))
            return new DeviceIdentity(uid, credentials);
        else if (cursor.get().contains("objectClass", "applicationProcess"))
            return new ApplicationIdentity(uid, credentials);
        else
            throw new SEPASecurityException("Digital identity class NOT FOUND");
    } catch (LdapException | CursorException e) {
        logger.error("[LDAP] getIdentity exception " + e.getMessage());
        throw new SEPASecurityException("getIdentity exception " + e.getMessage());
    } finally {
        unbind();
    }
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)

Example 4 with DeviceIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.

the class SecurityManagerTest method entitiesAuthorization.

// @Test
public void entitiesAuthorization() throws SEPASecurityException {
    String uid = UUID.randomUUID().toString();
    assertFalse("xyz is not authorized", auth.isAuthorized("xyz"));
    auth.addAuthorizedIdentity(new DeviceIdentity(uid));
    assertFalse("Failed to authorized", !auth.isAuthorized(uid));
    assertFalse("Failed to get identity", !auth.getIdentity(uid).getUid().equals(uid));
    auth.removeAuthorizedIdentity(uid);
    assertFalse(uid + " should not be authorized", auth.isAuthorized(uid));
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)

Example 5 with DeviceIdentity

use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.

the class ACLManager method main.

public static void main(String[] args) {
    Console console = System.console();
    Scanner in = new Scanner(System.in);
    System.out.println("********************");
    System.out.println("* SEPA ACL Manager *");
    System.out.println("********************");
    LdapSecurityManager ldap;
    String line;
    while (true) {
        System.out.print("Host (return for default: localhost): ");
        line = in.nextLine();
        if (!line.equals(""))
            host = line;
        System.out.print("Port (return for default: 10389): ");
        line = in.nextLine();
        if (!line.equals(""))
            port = Integer.parseInt(line);
        System.out.print("Base (return for default: dc=sepatest,dc=com): ");
        line = in.nextLine();
        if (!line.equals(""))
            base = line;
        System.out.print("User (return for default: uid=admin,ou=system): ");
        line = in.nextLine();
        if (!line.equals(""))
            user = line;
        if (console != null)
            pwd = new String(console.readPassword("Password (default: secret):"));
        else {
            System.out.print("Password (default: secret):");
            line = in.nextLine();
            if (!line.equals(""))
                pwd = line;
        }
        try {
            ldap = new LdapSecurityManager(JKSUtil.getSSLContext("sepa.jks", "sepa2020"), JKSUtil.getRSAKey("sepa.jks", "sepa2020", "jwt", "sepa2020"), new LdapProperties(host, port, base, null, user, pwd, false));
        } catch (SEPASecurityException e2) {
            System.out.println(e2.getMessage());
            continue;
        }
        break;
    }
    System.out.println("Connected to LDAP!");
    System.out.println("Set SPARQL endpoint credentials");
    System.out.print("User (return for default: SEPATest):");
    line = in.nextLine();
    String user = "SEPATest";
    if (!line.equals(""))
        user = line;
    if (console != null)
        pwd = new String(console.readPassword("Password (default: SEPATest):"));
    else {
        System.out.print("Password (default: SEPATest):");
        line = in.nextLine();
        pwd = line;
    }
    while (true) {
        System.out.println("Available actions: ");
        System.out.println("1 - Register application");
        System.out.println("2 - Register device");
        System.out.println("3 - Register user");
        System.out.println("4 - Change SPARQL endpoint credentials");
        System.out.println("5 - Show SPARQL endpoint credentials");
        System.out.println("6 - Exit");
        System.out.print("Select: ");
        String action = in.nextLine();
        if (action.equals("6"))
            break;
        DigitalIdentity identity = null;
        String client_secret = null;
        switch(action) {
            case "1":
                System.out.print("UID: ");
                String uid = in.nextLine();
                identity = new ApplicationIdentity(uid, new Credentials(user, pwd));
                break;
            case "2":
                System.out.print("UID: ");
                uid = in.nextLine();
                identity = new DeviceIdentity(uid, new Credentials(user, pwd));
                break;
            case "3":
                System.out.print("Name: ");
                String cn = in.nextLine();
                System.out.print("Surname: ");
                String sn = in.nextLine();
                System.out.print("email: ");
                uid = in.nextLine();
                identity = new UserIdentity(uid, cn, sn, new Credentials(user, pwd));
                if (console != null)
                    client_secret = new String(console.readPassword("Password: "));
                else {
                    System.out.print("Password: ");
                    line = in.nextLine();
                    client_secret = line;
                }
                break;
            case "4":
                System.out.println("Change SPARQL endpoint credentials");
                System.out.print("User: ");
                user = in.nextLine();
                System.out.print("Password: ");
                pwd = in.nextLine();
                continue;
            case "5":
                System.out.println("SPARQL endpoint credentials");
                System.out.println("---------------------------");
                System.out.println("User: <" + user + ">");
                System.out.println("Password: <" + pwd + ">");
                System.out.println("---------------------------");
                continue;
            default:
                System.out.println("Wrong selection: " + action);
                continue;
        }
        try {
            if (action.equals("3")) {
                if (!ldap.storeCredentials(identity, client_secret)) {
                    System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
                    if (in.nextLine().toLowerCase().startsWith("n"))
                        continue;
                    ldap.removeCredentials(identity);
                    ldap.storeCredentials(identity, client_secret);
                }
            } else
                ldap.addAuthorizedIdentity(identity);
        } catch (SEPASecurityException e) {
            try {
                if (!action.equals("4")) {
                    System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
                    if (in.nextLine().toLowerCase().startsWith("n"))
                        continue;
                    ldap.removeAuthorizedIdentity(identity.getUid());
                    ldap.addAuthorizedIdentity(identity);
                } else {
                    System.out.println("Failed to create entity: " + identity);
                    continue;
                }
            } catch (SEPASecurityException e1) {
                System.out.println("Entity creation failed");
                continue;
            }
        }
        System.out.println("Entity created!");
    }
    in.close();
}
Also used : DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity) Scanner(java.util.Scanner) ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity) UserIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity) Console(java.io.Console) SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException) DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity) Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)

Aggregations

DeviceIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)5 DigitalIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)3 SEPASecurityException (it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)2 Credentials (it.unibo.arces.wot.sepa.commons.security.Credentials)2 ApplicationIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)2 SignedJWT (com.nimbusds.jwt.SignedJWT)1 UserIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)1 Console (java.io.Console)1 Date (java.util.Date)1 Scanner (java.util.Scanner)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 Test (org.junit.Test)1