Examples with RequestCredential org.dcache.srm.request.RequestCredential used on opensource projects
Example 1 with RequestCredential
use of org.dcache.srm.request.RequestCredential in project dcache by dCache.
the class SrmAuthorizer method getRequestCredential.
/**
* Obtain a RequestCredential containing the delegated credential for the current user with the
* specified role (primary FQAN). If an existing delegated credential already exists then this
* method will use the "best" available credential, where best is the credential that will
* remain valid for the longest. The method ensures the best credential is saved in the
* storage.
*/
public RequestCredential getRequestCredential() throws SRMAuthenticationException {
X509Certificate[] certificates = Axis.getCertificateChain().orElseThrow(() -> new SRMAuthenticationException("Client's certificate chain is missing from request"));
String dn = Axis.getDN().orElseThrow(() -> new SRMAuthenticationException("Failed to resolve DN"));
X509Credential credential = Axis.getDelegatedCredential().orElse(null);
FQAN role = getPrimary(validator.validate(certificates));
RequestCredential requestCredential = RequestCredential.newRequestCredential(dn, Objects.toString(role, null), storage);
requestCredential.keepBestDelegatedCredential(credential);
requestCredential.saveCredential();
return requestCredential;
}
Also used :
SRMAuthenticationException(org.dcache.srm.SRMAuthenticationException)
X509Credential(eu.emi.security.authn.x509.X509Credential)
RequestCredential(org.dcache.srm.request.RequestCredential)
FQAN(org.dcache.auth.FQAN)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with RequestCredential
use of org.dcache.srm.request.RequestCredential in project dcache by dCache.
the class SrmService method messageArrived.
public SrmResponse messageArrived(SrmRequest request) throws SRMException {
try {
CertPath certPath = getFirst(request.getSubject().getPublicCredentials(CertPath.class), null);
LoginReply login = new LoginReply(request.getSubject(), request.getLoginAttributes());
SRMUser user = userManager.persist(certPath, login);
String requestName = request.getRequestName();
Class<?> requestClass = request.getRequest().getClass();
String capitalizedRequestName = Character.toUpperCase(requestName.charAt(0)) + requestName.substring(1);
LOGGER.debug("About to call {} handler", requestName);
Constructor<?> handlerConstructor;
Object handler;
Method handleGetResponseMethod;
try {
Class<?> handlerClass = Class.forName("org.dcache.srm.handler." + capitalizedRequestName);
handlerConstructor = handlerClass.getConstructor(SRMUser.class, requestClass, AbstractStorageElement.class, SRM.class, String.class);
handler = handlerConstructor.newInstance(user, request.getRequest(), storage, srm, request.getRemoteHost());
if (handler instanceof CredentialAwareHandler) {
CredentialAwareHandler credentialAware = (CredentialAwareHandler) handler;
RequestCredential requestCredential = saveRequestCredential(request.getSubject(), request.getCredential());
credentialAware.setCredential(requestCredential);
}
handleGetResponseMethod = handlerClass.getMethod("getResponse");
} catch (ClassNotFoundException e) {
if (LOGGER.isDebugEnabled()) {
LOGGER.info("handler discovery and dynamic loading failed", e);
} else {
LOGGER.info("handler discovery and dynamic loading failed");
}
throw new SRMNotSupportedException(requestName + " is unsupported");
}
Object result = handleGetResponseMethod.invoke(handler);
return new SrmResponse(id, result);
} catch (CertificateEncodingException | KeyStoreException e) {
throw new SRMInternalErrorException("Failed to process certificate chain.", e);
} catch (InvocationTargetException | NoSuchMethodException | InstantiationException | IllegalAccessException | RuntimeException e) {
LOGGER.error("Please report this failure to support@dcache.org", e);
throw new SRMInternalErrorException("Internal error (server log contains additional information)");
}
}
Also used :
SRMUser(org.dcache.srm.SRMUser)
SRMNotSupportedException(org.dcache.srm.SRMNotSupportedException)
RequestCredential(org.dcache.srm.request.RequestCredential)
LoginReply(org.dcache.auth.LoginReply)
SRM(org.dcache.srm.SRM)
SRMInternalErrorException(org.dcache.srm.SRMInternalErrorException)
CertPath(java.security.cert.CertPath)
SrmResponse(org.dcache.srm.SrmResponse)
AbstractStorageElement(org.dcache.srm.AbstractStorageElement)
CredentialAwareHandler(org.dcache.srm.handler.CredentialAwareHandler)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Method(java.lang.reflect.Method)
KeyStoreException(java.security.KeyStoreException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 3 with RequestCredential
use of org.dcache.srm.request.RequestCredential in project dcache by dCache.
the class SrmService method saveRequestCredential.
private RequestCredential saveRequestCredential(Subject subject, X509Credential credential) {
String dn = Subjects.getDn(subject);
FQAN fqan = Subjects.getPrimaryFqan(subject);
RequestCredential requestCredential = RequestCredential.newRequestCredential(dn, Objects.toString(fqan, null), requestCredentialStorage);
requestCredential.keepBestDelegatedCredential(credential);
requestCredential.saveCredential();
return requestCredential;
}
Also used :
RequestCredential(org.dcache.srm.request.RequestCredential)
FQAN(org.dcache.auth.FQAN)
Example 4 with RequestCredential
use of org.dcache.srm.request.RequestCredential in project dcache by dCache.
the class SrmCredentialStore method get.
@Override
public X509Credential get(DelegationIdentity id) throws DelegationException {
RequestCredential credential = _store.getRequestCredential(nameFromId(id));
assertThat(credential != null, "no stored credential", id);
return credential.getDelegatedCredential();
}
Also used :
RequestCredential(org.dcache.srm.request.RequestCredential)
Example 5 with RequestCredential
use of org.dcache.srm.request.RequestCredential in project dcache by dCache.
the class SrmCredentialStore method getExpiry.
@Override
public Calendar getExpiry(DelegationIdentity id) throws DelegationException {
RequestCredential credential = _store.getRequestCredential(nameFromId(id));
assertThat(credential != null, "no credential", id);
Date expiry = new Date(credential.getDelegatedCredentialExpiration());
Calendar result = Calendar.getInstance();
result.setTime(expiry);
return result;
}
Also used :
RequestCredential(org.dcache.srm.request.RequestCredential)
Calendar(java.util.Calendar)
Date(java.util.Date)
Aggregations
RequestCredential (org.dcache.srm.request.RequestCredential)8
X509Credential (eu.emi.security.authn.x509.X509Credential)2
FQAN (org.dcache.auth.FQAN)2
SRMInternalErrorException (org.dcache.srm.SRMInternalErrorException)2
CacheException (diskCacheV111.util.CacheException)1
FileCorruptedCacheException (diskCacheV111.util.FileCorruptedCacheException)1
FileExistsCacheException (diskCacheV111.util.FileExistsCacheException)1
FileIsNewCacheException (diskCacheV111.util.FileIsNewCacheException)1
FileNotFoundCacheException (diskCacheV111.util.FileNotFoundCacheException)1
NotDirCacheException (diskCacheV111.util.NotDirCacheException)1
PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)1
TimeoutCacheException (diskCacheV111.util.TimeoutCacheException)1
IpProtocolInfo (diskCacheV111.vehicles.IpProtocolInfo)1
RemoteHttpDataTransferProtocolInfo (diskCacheV111.vehicles.RemoteHttpDataTransferProtocolInfo)1
RemoteHttpsDataTransferProtocolInfo (diskCacheV111.vehicles.RemoteHttpsDataTransferProtocolInfo)1
RemoteGsiftpTransferProtocolInfo (diskCacheV111.vehicles.transferManager.RemoteGsiftpTransferProtocolInfo)1
RemoteTransferManagerMessage (diskCacheV111.vehicles.transferManager.RemoteTransferManagerMessage)1
NoRouteToCellException (dmg.cells.nucleus.NoRouteToCellException)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
