Examples with PrivateKeyStore - org.apache.airavata.credential.store.util.PrivateKeyStore

Example 1 with PrivateKeyStore

use of org.apache.airavata.credential.store.util.PrivateKeyStore in project airavata by apache.

the class CredentialStoreCallbackServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String gatewayName = request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
    String portalUserName = request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
    String durationParameter = request.getParameter(CredentialStoreConstants.DURATION_QUERY_PARAMETER);
    String contactEmail = request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
    String portalTokenId = request.getParameter(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED);
    // TODO remove hard coded values, once passing query parameters is
    // fixed in OA4MP client api
    long duration = 864000;
    if (durationParameter != null) {
        duration = Long.parseLong(durationParameter);
    }
    if (portalTokenId == null) {
        error("Token given by portal is invalid.");
        GeneralException ge = new GeneralException("Error: The token presented by portal is null.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("Gateway name " + gatewayName);
    info("Portal user name " + portalUserName);
    info("Community user contact email " + contactEmail);
    info("Token id presented " + portalTokenId);
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
    if (token == null || verifier == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("2.a Token and verifier found.");
    X509Certificate[] certificates;
    AssetResponse assetResponse = null;
    PrivateKey privateKey;
    try {
        PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
        privateKey = privateKeyStore.getKey(portalTokenId);
        if (privateKey != null) {
            info("Found private key for token " + portalTokenId);
        } else {
            info("Could not find private key for token " + portalTokenId);
        }
        info("2.a. Getting the cert(s) from the service");
        assetResponse = getOA4MPService().getCert(token, verifier);
        certificates = assetResponse.getX509Certificates();
    } catch (Throwable t) {
        warn("2.a. Exception from the server: " + t.getCause().getMessage());
        error("Exception while trying to get cert. message:" + t.getMessage());
        request.setAttribute("exception", t);
        JSPUtil.fwd(request, response, configurationReader.getErrorUrl());
        return;
    }
    info("2.b. Done! Displaying success page.");
    CertificateCredential certificateCredential = new CertificateCredential();
    // TODO check this is correct
    certificateCredential.setNotBefore(Utility.convertDateToString(certificates[0].getNotBefore()));
    certificateCredential.setNotAfter(Utility.convertDateToString(certificates[0].getNotAfter()));
    certificateCredential.setCertificates(certificates);
    certificateCredential.setPrivateKey(privateKey);
    certificateCredential.setCommunityUser(new CommunityUser(gatewayName, assetResponse.getUsername(), contactEmail));
    certificateCredential.setPortalUserName(portalUserName);
    certificateCredential.setLifeTime(duration);
    certificateCredential.setToken(portalTokenId);
    certificateCredentialWriter.writeCredentials(certificateCredential);
    StringBuilder stringBuilder = new StringBuilder("Certificate for community user ");
    stringBuilder.append(assetResponse.getUsername()).append(" successfully persisted.");
    stringBuilder.append(" Certificate DN - ").append(certificates[0].getSubjectDN());
    info(stringBuilder.toString());
    if (isUrlInSameServer(configurationReader.getSuccessUrl())) {
        String contextPath = request.getContextPath();
        if (!contextPath.endsWith("/")) {
            contextPath = contextPath + "/";
        }
        request.setAttribute("action", contextPath);
        request.setAttribute("tokenId", portalTokenId);
        JSPUtil.fwd(request, response, configurationReader.getSuccessUrl());
    } else {
        String urlToRedirect = decorateUrlWithToken(configurationReader.getSuccessUrl(), portalTokenId);
        info("Redirecting to url - " + urlToRedirect);
        response.sendRedirect(urlToRedirect);
    }
    info("2.a. Completely finished with delegation.");
}

Also used : CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) PrivateKey(java.security.PrivateKey) CommunityUser(org.apache.airavata.credential.store.credential.CommunityUser) PrivateKeyStore(org.apache.airavata.credential.store.util.PrivateKeyStore) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) X509Certificate(java.security.cert.X509Certificate)

Example 2 with PrivateKeyStore

use of org.apache.airavata.credential.store.util.PrivateKeyStore in project airavata by apache.

the class CredentialStoreStartServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String gatewayName = request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
    String portalUserName = request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
    String contactEmail = request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
    String associatedToken = TokenGenerator.generateToken(gatewayName, portalUserName);
    if (gatewayName == null) {
        JSPUtil.handleException(new RuntimeException("Please specify a gateway name."), request, response, configurationReader.getErrorUrl());
        return;
    }
    if (portalUserName == null) {
        JSPUtil.handleException(new RuntimeException("Please specify a portal user name."), request, response, configurationReader.getErrorUrl());
        return;
    }
    if (contactEmail == null) {
        JSPUtil.handleException(new RuntimeException("Please specify a contact email address for community" + " user account."), request, response, configurationReader.getErrorUrl());
        return;
    }
    log.info("1.a. Starting transaction");
    OA4MPResponse gtwResp;
    Map<String, String> queryParameters = new HashMap<String, String>();
    queryParameters.put(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER, gatewayName);
    queryParameters.put(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER, portalUserName);
    queryParameters.put(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER, contactEmail);
    queryParameters.put(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED, associatedToken);
    Map<String, String> additionalParameters = new HashMap<String, String>();
    if (getOA4MPService() == null) {
        loadEnvironment();
    }
    String modifiedCallbackUri = decorateURI(getOA4MPService().getEnvironment().getCallback(), queryParameters);
    info("The modified callback URI - " + modifiedCallbackUri);
    additionalParameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), modifiedCallbackUri);
    try {
        gtwResp = getOA4MPService().requestCert(additionalParameters);
        // Private key in store
        PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
        privateKeyStore.addKey(associatedToken, gtwResp.getPrivateKey());
    } catch (Throwable t) {
        JSPUtil.handleException(t, request, response, configurationReader.getErrorUrl());
        return;
    }
    log.info("1.b. Got response. Creating page with redirect for " + gtwResp.getRedirect().getHost());
    // Normally, we'd just do a redirect, but we will put up a page and show the redirect to the user.
    // The client response contains the generated private key as well
    // In a real application, the private key would be stored. This, however, exceeds the scope of this
    // sample application -- all we need to do to complete the process is send along the redirect url.
    request.setAttribute(REDIR, REDIR);
    request.setAttribute("redirectUrl", gtwResp.getRedirect().toString());
    request.setAttribute(ACTION_KEY, ACTION_KEY);
    request.setAttribute("action", ACTION_REDIRECT_VALUE);
    log.info("1.b. Showing redirect page.");
    JSPUtil.fwd(request, response, configurationReader.getPortalRedirectUrl());
}

Also used : HashMap(java.util.HashMap) PrivateKeyStore(org.apache.airavata.credential.store.util.PrivateKeyStore) OA4MPResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse)

Aggregations

PrivateKeyStore (org.apache.airavata.credential.store.util.PrivateKeyStore)2 AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)1 OA4MPResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse)1 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 CommunityUser (org.apache.airavata.credential.store.credential.CommunityUser)1 CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)1