Example 1 with DeviceIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.
the class SecurityManagerTest method userCredentials.
@Test
public void userCredentials() throws SEPASecurityException {
assertFalse(auth.containsCredentials("xyz"));
String uid = UUID.randomUUID().toString();
DigitalIdentity device = new DeviceIdentity(uid);
auth.storeCredentials(device, uid);
assertFalse("Identity not registered", !auth.containsCredentials(uid));
assertFalse("Failed to check password", !auth.checkCredentials(uid, uid));
auth.removeCredentials(device);
assertFalse("Identity removed: password check failed", auth.checkCredentials(uid, uid));
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)
Test(org.junit.Test)
Example 2 with DeviceIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.
the class SecurityManagerTest method tokens.
// @Test
public void tokens() throws SEPASecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, ParseException, IOException, JOSEException {
String uid = UUID.randomUUID().toString();
DigitalIdentity device = new DeviceIdentity(uid);
auth.storeCredentials(device, uid);
SignedJWT token = generateToken(device, uid);
Date expirationDate = token.getJWTClaimsSet().getExpirationTime();
auth.addJwt(uid, token);
assertFalse("Failed to check token presence", !auth.containsJwt(uid));
assertFalse("Failed to get expiring period", auth.getTokenExpiringPeriod(uid) != auth.getDeviceExpiringPeriod());
assertFalse("Failed to get expiring date", !auth.getTokenExpiringDate(uid).equals(expirationDate));
SignedJWT stored = auth.getJwt(uid);
assertFalse("Token does not match", !stored.serialize().equals(token.serialize()));
auth.setTokenExpiringPeriod(uid, 0);
assertFalse("Failed to set expiring period", auth.getTokenExpiringPeriod(uid) != 0);
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)
Date(java.util.Date)
Example 3 with DeviceIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.
the class LdapSecurityManager method getIdentity.
@Override
public DigitalIdentity getIdentity(String uid) throws SEPASecurityException {
logger.log(Level.getLevel("ldap"), "[LDAP] getIdentity " + uid + " uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)");
bind();
try {
cursor = ldap.search("uid=" + uid + ",ou=authorizedIdentities," + prop.getBase(), "(objectclass=*)", SearchScope.OBJECT, "*");
if (!cursor.next())
throw new SEPASecurityException("uid=" + uid + ",ou=authorizedIndentities," + prop.getBase() + " NOT FOUND");
// SPARQL endpoint credentials are stored as Java Serialized Object
Credentials credentials = null;
if (cursor.get().contains("objectClass", "javaSerializedObject")) {
credentials = Credentials.deserialize(cursor.get().get("javaSerializedData").getBytes());
}
if (cursor.get().contains("objectClass", "device"))
return new DeviceIdentity(uid, credentials);
else if (cursor.get().contains("objectClass", "applicationProcess"))
return new ApplicationIdentity(uid, credentials);
else
throw new SEPASecurityException("Digital identity class NOT FOUND");
} catch (LdapException | CursorException e) {
logger.error("[LDAP] getIdentity exception " + e.getMessage());
throw new SEPASecurityException("getIdentity exception " + e.getMessage());
} finally {
unbind();
}
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)
Example 4 with DeviceIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.
the class SecurityManagerTest method entitiesAuthorization.
// @Test
public void entitiesAuthorization() throws SEPASecurityException {
String uid = UUID.randomUUID().toString();
assertFalse("xyz is not authorized", auth.isAuthorized("xyz"));
auth.addAuthorizedIdentity(new DeviceIdentity(uid));
assertFalse("Failed to authorized", !auth.isAuthorized(uid));
assertFalse("Failed to get identity", !auth.getIdentity(uid).getUid().equals(uid));
auth.removeAuthorizedIdentity(uid);
assertFalse(uid + " should not be authorized", auth.isAuthorized(uid));
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
Example 5 with DeviceIdentity
use of it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity in project SEPA by arces-wot.
the class ACLManager method main.
public static void main(String[] args) {
Console console = System.console();
Scanner in = new Scanner(System.in);
System.out.println("********************");
System.out.println("* SEPA ACL Manager *");
System.out.println("********************");
LdapSecurityManager ldap;
String line;
while (true) {
System.out.print("Host (return for default: localhost): ");
line = in.nextLine();
if (!line.equals(""))
host = line;
System.out.print("Port (return for default: 10389): ");
line = in.nextLine();
if (!line.equals(""))
port = Integer.parseInt(line);
System.out.print("Base (return for default: dc=sepatest,dc=com): ");
line = in.nextLine();
if (!line.equals(""))
base = line;
System.out.print("User (return for default: uid=admin,ou=system): ");
line = in.nextLine();
if (!line.equals(""))
user = line;
if (console != null)
pwd = new String(console.readPassword("Password (default: secret):"));
else {
System.out.print("Password (default: secret):");
line = in.nextLine();
if (!line.equals(""))
pwd = line;
}
try {
ldap = new LdapSecurityManager(JKSUtil.getSSLContext("sepa.jks", "sepa2020"), JKSUtil.getRSAKey("sepa.jks", "sepa2020", "jwt", "sepa2020"), new LdapProperties(host, port, base, null, user, pwd, false));
} catch (SEPASecurityException e2) {
System.out.println(e2.getMessage());
continue;
}
break;
}
System.out.println("Connected to LDAP!");
System.out.println("Set SPARQL endpoint credentials");
System.out.print("User (return for default: SEPATest):");
line = in.nextLine();
String user = "SEPATest";
if (!line.equals(""))
user = line;
if (console != null)
pwd = new String(console.readPassword("Password (default: SEPATest):"));
else {
System.out.print("Password (default: SEPATest):");
line = in.nextLine();
pwd = line;
}
while (true) {
System.out.println("Available actions: ");
System.out.println("1 - Register application");
System.out.println("2 - Register device");
System.out.println("3 - Register user");
System.out.println("4 - Change SPARQL endpoint credentials");
System.out.println("5 - Show SPARQL endpoint credentials");
System.out.println("6 - Exit");
System.out.print("Select: ");
String action = in.nextLine();
if (action.equals("6"))
break;
DigitalIdentity identity = null;
String client_secret = null;
switch(action) {
case "1":
System.out.print("UID: ");
String uid = in.nextLine();
identity = new ApplicationIdentity(uid, new Credentials(user, pwd));
break;
case "2":
System.out.print("UID: ");
uid = in.nextLine();
identity = new DeviceIdentity(uid, new Credentials(user, pwd));
break;
case "3":
System.out.print("Name: ");
String cn = in.nextLine();
System.out.print("Surname: ");
String sn = in.nextLine();
System.out.print("email: ");
uid = in.nextLine();
identity = new UserIdentity(uid, cn, sn, new Credentials(user, pwd));
if (console != null)
client_secret = new String(console.readPassword("Password: "));
else {
System.out.print("Password: ");
line = in.nextLine();
client_secret = line;
}
break;
case "4":
System.out.println("Change SPARQL endpoint credentials");
System.out.print("User: ");
user = in.nextLine();
System.out.print("Password: ");
pwd = in.nextLine();
continue;
case "5":
System.out.println("SPARQL endpoint credentials");
System.out.println("---------------------------");
System.out.println("User: <" + user + ">");
System.out.println("Password: <" + pwd + ">");
System.out.println("---------------------------");
continue;
default:
System.out.println("Wrong selection: " + action);
continue;
}
try {
if (action.equals("3")) {
if (!ldap.storeCredentials(identity, client_secret)) {
System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
if (in.nextLine().toLowerCase().startsWith("n"))
continue;
ldap.removeCredentials(identity);
ldap.storeCredentials(identity, client_secret);
}
} else
ldap.addAuthorizedIdentity(identity);
} catch (SEPASecurityException e) {
try {
if (!action.equals("4")) {
System.out.print("Entity already exists! Do you want to replace it? (y/n): ");
if (in.nextLine().toLowerCase().startsWith("n"))
continue;
ldap.removeAuthorizedIdentity(identity.getUid());
ldap.addAuthorizedIdentity(identity);
} else {
System.out.println("Failed to create entity: " + identity);
continue;
}
} catch (SEPASecurityException e1) {
System.out.println("Entity creation failed");
continue;
}
}
System.out.println("Entity created!");
}
in.close();
}
Also used :
DeviceIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)
Scanner(java.util.Scanner)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
UserIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)
Console(java.io.Console)
SEPASecurityException(it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)
DigitalIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)
Credentials(it.unibo.arces.wot.sepa.commons.security.Credentials)
Aggregations
DeviceIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DeviceIdentity)5
DigitalIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.DigitalIdentity)3
SEPASecurityException (it.unibo.arces.wot.sepa.commons.exceptions.SEPASecurityException)2
Credentials (it.unibo.arces.wot.sepa.commons.security.Credentials)2
ApplicationIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)2
SignedJWT (com.nimbusds.jwt.SignedJWT)1
UserIdentity (it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.UserIdentity)1
Console (java.io.Console)1
Date (java.util.Date)1
Scanner (java.util.Scanner)1
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1
Test (org.junit.Test)1
