Search in sources :

Example 1 with Caveat

use of org.dcache.macaroons.Caveat in project dcache by dCache.

the class MacaroonRequestHandler method buildMacaroon.

private String buildMacaroon(String target, Request request) throws ErrorResponseException {
    checkValidRequest(request.isSecure(), "Not secure transport");
    if (Subjects.isNobody(getSubject())) {
        throw new ErrorResponseException(SC_UNAUTHORIZED, "Authentication required");
    }
    MacaroonContext context = buildContext(target, request);
    MacaroonRequest macaroonRequest = parseJSON(request);
    try {
        List<Caveat> caveats = new ArrayList<>();
        List<Caveat> beforeCaveats = new ArrayList<>();
        for (String serialisedCaveat : macaroonRequest.getCaveats()) {
            Caveat caveat = new Caveat(serialisedCaveat);
            (caveat.hasType(BEFORE) ? beforeCaveats : caveats).add(caveat);
        }
        macaroonRequest.getValidity().map(Duration::parse).map(Instant.now()::plus).map(i -> new Caveat(BEFORE, i)).ifPresent(beforeCaveats::add);
        Instant expiry = calculateExpiry(context, beforeCaveats);
        MacaroonProcessor.MacaroonBuildResult result = _processor.buildMacaroon(expiry, context, caveats);
        request.setAttribute(MACAROON_ID_ATTRIBUTE, result.getId());
        return result.getMacaroon();
    } catch (DateTimeParseException e) {
        throw new ErrorResponseException(SC_BAD_REQUEST, "Bad validity value: " + e.getMessage());
    } catch (InvalidCaveatException e) {
        throw new ErrorResponseException(SC_BAD_REQUEST, "Bad requested caveat: " + e.getMessage());
    } catch (InternalErrorException e) {
        throw new ErrorResponseException(SC_INTERNAL_SERVER_ERROR, "Internal error: " + e.getMessage());
    }
}
Also used : Request(org.eclipse.jetty.server.Request) Restriction(org.dcache.auth.attributes.Restriction) Subjects(org.dcache.auth.Subjects) URISyntaxException(java.net.URISyntaxException) LoggerFactory(org.slf4j.LoggerFactory) Expiry(org.dcache.auth.attributes.Expiry) GsonBuilder(com.google.gson.GsonBuilder) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) AuthenticationHandler(org.dcache.http.AuthenticationHandler) JSONObject(org.json.JSONObject) CharStreams(com.google.common.io.CharStreams) PathMapper(org.dcache.http.PathMapper) Duration(java.time.Duration) URI(java.net.URI) CDC(dmg.cells.nucleus.CDC) PrintWriter(java.io.PrintWriter) ImmutableSet(com.google.common.collect.ImmutableSet) Collection(java.util.Collection) Caveat(org.dcache.macaroons.Caveat) Instant(java.time.Instant) MaxUploadSize(org.dcache.auth.attributes.MaxUploadSize) Objects(java.util.Objects) BEFORE(org.dcache.macaroons.CaveatType.BEFORE) DateTimeParseException(java.time.format.DateTimeParseException) List(java.util.List) InvalidCaveatException(org.dcache.macaroons.InvalidCaveatException) Optional(java.util.Optional) AccessController(java.security.AccessController) TRUE(java.lang.Boolean.TRUE) LoginAttribute(org.dcache.auth.attributes.LoginAttribute) JsonParseException(com.google.gson.JsonParseException) FsPath(diskCacheV111.util.FsPath) SC_INTERNAL_SERVER_ERROR(javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR) AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler) CellAddressCore(dmg.cells.nucleus.CellAddressCore) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) CellIdentityAware(dmg.cells.nucleus.CellIdentityAware) HomeDirectory(org.dcache.auth.attributes.HomeDirectory) MacaroonContext(org.dcache.macaroons.MacaroonContext) SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED) MacaroonProcessor(org.dcache.macaroons.MacaroonProcessor) InvalidCaveatException.checkCaveat(org.dcache.macaroons.InvalidCaveatException.checkCaveat) Logger(org.slf4j.Logger) PrefixRestriction(org.dcache.auth.attributes.PrefixRestriction) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) DenyActivityRestriction(org.dcache.auth.attributes.DenyActivityRestriction) Subject(javax.security.auth.Subject) NDC(org.dcache.util.NDC) Strings.emptyToNull(com.google.common.base.Strings.emptyToNull) ChronoUnit(java.time.temporal.ChronoUnit) RootDirectory(org.dcache.auth.attributes.RootDirectory) SC_BAD_REQUEST(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST) InternalErrorException(org.dcache.macaroons.InternalErrorException) Required(org.springframework.beans.factory.annotation.Required) Collections(java.util.Collections) InvalidCaveatException(org.dcache.macaroons.InvalidCaveatException) Caveat(org.dcache.macaroons.Caveat) InvalidCaveatException.checkCaveat(org.dcache.macaroons.InvalidCaveatException.checkCaveat) Instant(java.time.Instant) ArrayList(java.util.ArrayList) InternalErrorException(org.dcache.macaroons.InternalErrorException) MacaroonProcessor(org.dcache.macaroons.MacaroonProcessor) MacaroonContext(org.dcache.macaroons.MacaroonContext) DateTimeParseException(java.time.format.DateTimeParseException)

Aggregations

Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 Strings.emptyToNull (com.google.common.base.Strings.emptyToNull)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 CharStreams (com.google.common.io.CharStreams)1 GsonBuilder (com.google.gson.GsonBuilder)1 JsonParseException (com.google.gson.JsonParseException)1 FsPath (diskCacheV111.util.FsPath)1 CDC (dmg.cells.nucleus.CDC)1 CellAddressCore (dmg.cells.nucleus.CellAddressCore)1 CellIdentityAware (dmg.cells.nucleus.CellIdentityAware)1 IOException (java.io.IOException)1 PrintWriter (java.io.PrintWriter)1 TRUE (java.lang.Boolean.TRUE)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 AccessController (java.security.AccessController)1 Duration (java.time.Duration)1 Instant (java.time.Instant)1 DateTimeParseException (java.time.format.DateTimeParseException)1 ChronoUnit (java.time.temporal.ChronoUnit)1