Example 1 with BucketData
use of org.dcache.xrootd.plugins.authn.gsi.GSIBucketUtils.BucketData in project xrootd4j by dCache.
the class GSIClientAuthenticationHandler method sendAuthenticationRequest.
@Override
protected void sendAuthenticationRequest(ChannelHandlerContext ctx) throws XrootdException {
/*
* sendAuthenticationRequest is called by onLoginResponse first,
* then by onAuthenticationResponse. The request handler
* should be created on the login response.
*/
if (requestHandler == null) {
requestHandler = createRequestHandler();
}
ChannelId id = ctx.channel().id();
int streamId = client.getStreamId();
XrootdTpcInfo tpcInfo = client.getInfo();
OutboundAuthenticationRequest request;
InboundAuthenticationResponse response = client.getAuthResponse();
if (response != null) {
BucketData data = deserializeData(response);
serverStep = data.getStep();
if (!data.getProtocol().equals(PROTOCOL)) {
throw new XrootdException(kGSErrBadProtocol, "server replied " + "with incorrect protocol: " + data.getProtocol());
}
switch(serverStep) {
case kXGS_cert:
request = requestHandler.handleCertStep(response, data, ctx);
LOGGER.debug("sendAuthenticationRequest to {}, channel {}, " + "stream {}, step: cert.", tpcInfo.getSrc(), id, streamId);
break;
case kXGS_pxyreq:
/*
* This is a TPC client only. It tells the server
* it does not sign proxy requests. If this
* step is received here, we should reject it.
* Fall through to exception.
*/
default:
throw new XrootdException(kGSErrBadOpt, "client does not handle requested " + "authentication step " + getServerStep(serverStep) + ".");
}
} else {
request = requestHandler.handleCertReqStep();
LOGGER.debug("sendAuthenticationRequest to {}, channel {}, " + "stream {}, step: cert request.", tpcInfo.getSrc(), id, streamId);
}
requestHandler.updateLastRequest();
client.setExpectedResponse(kXR_auth);
client.setAuthResponse(null);
ctx.writeAndFlush(request, ctx.newPromise()).addListener(FIRE_EXCEPTION_ON_FAILURE);
client.startTimer(ctx);
}
Also used :
XrootdTpcInfo(org.dcache.xrootd.tpc.XrootdTpcInfo)
BucketData(org.dcache.xrootd.plugins.authn.gsi.GSIBucketUtils.BucketData)
OutboundAuthenticationRequest(org.dcache.xrootd.tpc.protocol.messages.OutboundAuthenticationRequest)
ChannelId(io.netty.channel.ChannelId)
XrootdException(org.dcache.xrootd.core.XrootdException)
InboundAuthenticationResponse(org.dcache.xrootd.tpc.protocol.messages.InboundAuthenticationResponse)
Example 2 with BucketData
use of org.dcache.xrootd.plugins.authn.gsi.GSIBucketUtils.BucketData in project xrootd4j by dCache.
the class GSIAuthenticationHandler method authenticate.
/**
* dispatcher function that initializes the diffie-hellman key agreement
* session, checks the request for the correct protocol and calls the
* actual handler functions.
*/
@Override
public XrootdResponse<AuthenticationRequest> authenticate(AuthenticationRequest request) throws XrootdException {
BucketData data = GSIBucketUtils.deserializeData(request);
/* check whether the protocol matches */
if (!PROTOCOL.equalsIgnoreCase(data.getProtocol())) {
requestHandler.cancelHandshake();
throw new XrootdException(kXR_InvalidRequest, "Specified Protocol " + data.getProtocol() + " is not the protocol that was negotiated.");
}
if (requestHandler == null) {
requestHandler = createRequestHandler(data.getVersion());
}
if (requestHandler.isRequestExpired()) {
requestHandler.cancelHandshake();
throw new XrootdException(kXR_InvalidRequest, "Client authentication request time expired.");
}
XrootdResponse<AuthenticationRequest> response;
switch(data.getStep()) {
case kXGC_none:
response = new OkResponse<>(request);
break;
case kXGC_certreq:
response = requestHandler.handleCertReqStep(request, data);
LOGGER.debug("authenticate, processed certreq step " + "for stream {}, session {}.", request.getStreamId(), request.getSession());
break;
case kXGC_cert:
response = requestHandler.handleCertStep(request, data);
finished = requestHandler.isFinished(data);
LOGGER.debug("authenticate, processed cert step " + "for stream {}, session {}.", request.getStreamId(), request.getSession());
break;
case kXGC_sigpxy:
response = requestHandler.handleSigPxyStep(request, data);
LOGGER.debug("authenticate, processed sigpxy step " + "for stream {}, session {}.", request.getStreamId(), request.getSession());
finished = requestHandler.isFinished(data);
;
break;
default:
requestHandler.cancelHandshake();
throw new XrootdException(kGSErrBadOpt, "Error during authentication, " + "unknown processing step: " + data.getStep());
}
requestHandler.updateLastRequest();
return response;
}
Also used :
BucketData(org.dcache.xrootd.plugins.authn.gsi.GSIBucketUtils.BucketData)
XrootdException(org.dcache.xrootd.core.XrootdException)
AuthenticationRequest(org.dcache.xrootd.protocol.messages.AuthenticationRequest)
Aggregations
XrootdException (org.dcache.xrootd.core.XrootdException)2
BucketData (org.dcache.xrootd.plugins.authn.gsi.GSIBucketUtils.BucketData)2
ChannelId (io.netty.channel.ChannelId)1
AuthenticationRequest (org.dcache.xrootd.protocol.messages.AuthenticationRequest)1
XrootdTpcInfo (org.dcache.xrootd.tpc.XrootdTpcInfo)1
InboundAuthenticationResponse (org.dcache.xrootd.tpc.protocol.messages.InboundAuthenticationResponse)1
OutboundAuthenticationRequest (org.dcache.xrootd.tpc.protocol.messages.OutboundAuthenticationRequest)1
