Example 11 with CertificateCredential
use of org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential in project airavata by apache.
the class X509SecurityContext method getCredentialsFromStore.
/**
* Reads the credentials from credential store.
* @return If token is found in the credential store, will return a valid credential. Else returns null.
* @throws Exception If an error occurred while retrieving credentials.
*/
public X509Credential getCredentialsFromStore() throws Exception {
if (getCredentialReader() == null) {
return null;
}
Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
if (credential != null) {
if (credential instanceof CertificateCredential) {
log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
CertificateCredential certificateCredential = (CertificateCredential) credential;
X509Certificate[] certificates = certificateCredential.getCertificates();
KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
return keyAndCert;
// return new GlobusGSSCredentialImpl(newCredential,
// GSSCredential.INITIATE_AND_ACCEPT);
} else {
log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
}
} else {
log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
}
return null;
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
Credential(org.apache.airavata.credential.store.credential.Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Credential(eu.emi.security.authn.x509.X509Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Certificate(java.security.cert.X509Certificate)
Example 12 with CertificateCredential
use of org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential in project airavata by apache.
the class CredentialStoreCallbackServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String gatewayName = request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
String portalUserName = request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
String durationParameter = request.getParameter(CredentialStoreConstants.DURATION_QUERY_PARAMETER);
String contactEmail = request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
String portalTokenId = request.getParameter(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED);
// TODO remove hard coded values, once passing query parameters is
// fixed in OA4MP client api
long duration = 864000;
if (durationParameter != null) {
duration = Long.parseLong(durationParameter);
}
if (portalTokenId == null) {
error("Token given by portal is invalid.");
GeneralException ge = new GeneralException("Error: The token presented by portal is null.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("Gateway name " + gatewayName);
info("Portal user name " + portalUserName);
info("Community user contact email " + contactEmail);
info("Token id presented " + portalTokenId);
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
if (token == null || verifier == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("2.a Token and verifier found.");
X509Certificate[] certificates;
AssetResponse assetResponse = null;
PrivateKey privateKey;
try {
PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
privateKey = privateKeyStore.getKey(portalTokenId);
if (privateKey != null) {
info("Found private key for token " + portalTokenId);
} else {
info("Could not find private key for token " + portalTokenId);
}
info("2.a. Getting the cert(s) from the service");
assetResponse = getOA4MPService().getCert(token, verifier);
certificates = assetResponse.getX509Certificates();
} catch (Throwable t) {
warn("2.a. Exception from the server: " + t.getCause().getMessage());
error("Exception while trying to get cert. message:" + t.getMessage());
request.setAttribute("exception", t);
JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
return;
}
info("2.b. Done! Displaying success page.");
CertificateCredential certificateCredential = new CertificateCredential();
// TODO check this is correct
certificateCredential.setNotBefore(Utility.convertDateToString(certificates[0].getNotBefore()));
certificateCredential.setNotAfter(Utility.convertDateToString(certificates[0].getNotAfter()));
certificateCredential.setCertificates(certificates);
certificateCredential.setPrivateKey(privateKey);
certificateCredential.setCommunityUser(new CommunityUser(gatewayName, assetResponse.getUsername(), contactEmail));
certificateCredential.setPortalUserName(portalUserName);
certificateCredential.setLifeTime(duration);
certificateCredential.setToken(portalTokenId);
certificateCredentialWriter.writeCredentials(certificateCredential);
StringBuilder stringBuilder = new StringBuilder("Certificate for community user ");
stringBuilder.append(assetResponse.getUsername()).append(" successfully persisted.");
stringBuilder.append(" Certificate DN - ").append(certificates[0].getSubjectDN());
info(stringBuilder.toString());
if (isUrlInSameServer(configurationReader.getSuccessUrl())) {
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
request.setAttribute("tokenId", portalTokenId);
JSPUtil.fwd(request, response, configurationReader.getSuccessUrl());
} else {
String urlToRedirect = decorateUrlWithToken(configurationReader.getSuccessUrl(), portalTokenId);
info("Redirecting to url - " + urlToRedirect);
response.sendRedirect(urlToRedirect);
}
info("2.a. Completely finished with delegation.");
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
PrivateKey(java.security.PrivateKey)
CommunityUser(org.apache.airavata.credential.store.credential.CommunityUser)
PrivateKeyStore(org.apache.airavata.credential.store.util.PrivateKeyStore)
AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)
X509Certificate(java.security.cert.X509Certificate)
Example 13 with CertificateCredential
use of org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential in project airavata by apache.
the class CredentialReaderImpl method getAuditInfo.
public CertificateAuditInfo getAuditInfo(String gatewayName, String tokenId) throws CredentialStoreException {
Connection connection = getConnection();
CertificateAuditInfo certificateAuditInfo;
try {
CertificateCredential certificateCredential = (CertificateCredential) this.credentialsDAO.getCredential(gatewayName, tokenId, connection);
certificateAuditInfo = new CertificateAuditInfo();
CommunityUser retrievedUser = certificateCredential.getCommunityUser();
certificateAuditInfo.setCommunityUserName(retrievedUser.getUserName());
certificateAuditInfo.setCredentialLifeTime(certificateCredential.getLifeTime());
certificateAuditInfo.setCredentialsRequestedTime(certificateCredential.getCertificateRequestedTime());
certificateAuditInfo.setGatewayName(gatewayName);
certificateAuditInfo.setNotAfter(certificateCredential.getNotAfter());
certificateAuditInfo.setNotBefore(certificateCredential.getNotBefore());
certificateAuditInfo.setPortalUserName(certificateCredential.getPortalUserName());
} finally {
DBUtil.cleanup(connection);
}
return certificateAuditInfo;
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CommunityUser(org.apache.airavata.credential.store.credential.CommunityUser)
Connection(java.sql.Connection)
CertificateAuditInfo(org.apache.airavata.credential.store.credential.impl.certificate.CertificateAuditInfo)
Example 14 with CertificateCredential
use of org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential in project airavata by apache.
the class CredentialsDAOTest method testUpdateCredentials.
@Test
public void testUpdateCredentials() throws Exception {
addTestCredentials();
Connection connection = getConnection();
try {
CommunityUser communityUser = getCommunityUser("gw1", "tom");
CertificateCredential certificateCredential = new CertificateCredential();
certificateCredential.setToken("tom");
certificateCredential.setCommunityUser(communityUser);
certificateCredential.setCertificates(x509Certificates);
// certificateCredential.setPrivateKey(privateKey);
certificateCredential.setPortalUserName("test2");
certificateCredential.setLifeTime(50);
certificateCredential.setNotBefore("15 OCT 2012 5:34:23");
certificateCredential.setNotAfter("16 OCT 2012 5:34:23");
certificateCredential.setCredentialOwnerType(CredentialOwnerType.USER);
credentialsDAO.updateCredentials(communityUser.getGatewayName(), certificateCredential, connection);
certificateCredential = (CertificateCredential) credentialsDAO.getCredential("gw1", "tom", connection);
Assert.assertEquals("CN=Airavata Project, OU=IU, O=Indiana University, L=Bloomington, ST=IN, C=US", certificateCredential.getCertificates()[0].getIssuerDN().toString());
// Assert.assertNotNull(certificateCredential.getPrivateKey());
Assert.assertEquals("test2", certificateCredential.getPortalUserName());
Assert.assertEquals(CredentialOwnerType.USER, certificateCredential.getCredentialOwnerType());
} finally {
connection.close();
}
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CommunityUser(org.apache.airavata.credential.store.credential.CommunityUser)
Connection(java.sql.Connection)
Test(org.junit.Test)
Aggregations
CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)14
Connection (java.sql.Connection)7
Test (org.junit.Test)6
CommunityUser (org.apache.airavata.credential.store.credential.CommunityUser)4
PrivateKey (java.security.PrivateKey)3
X509Certificate (java.security.cert.X509Certificate)3
Credential (org.apache.airavata.credential.store.credential.Credential)3
X509Credential (eu.emi.security.authn.x509.X509Credential)2
KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)2
CredentialStoreException (org.apache.airavata.credential.store.store.CredentialStoreException)2
AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)1
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1
URL (java.net.URL)1
SQLException (java.sql.SQLException)1
ParseException (java.text.ParseException)1
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)1
CertificateAuditInfo (org.apache.airavata.credential.store.credential.impl.certificate.CertificateAuditInfo)1
EmailNotificationMessage (org.apache.airavata.credential.store.notifier.impl.EmailNotificationMessage)1
CredentialReader (org.apache.airavata.credential.store.store.CredentialReader)1
CredentialReaderImpl (org.apache.airavata.credential.store.store.impl.CredentialReaderImpl)1
