Examples with GlobusPrincipal org.globus.gsi.gssapi.jaas.GlobusPrincipal used on opensource projects

Search in sources :

Example 1 with GlobusPrincipal

use of org.globus.gsi.gssapi.jaas.GlobusPrincipal in project dcache by dCache.

the class GplazmaMultiMapFileTest method shouldFailWhenWrongMapFormatDN.

@Test
public void shouldFailWhenWrongMapFormatDN() throws Exception {
    givenConfig("dn:kermit@dcache.org    username:kermit");
    whenMapping(new GlobusPrincipal("\"dn:/C=DE/S=Hamburg/OU=desy.de/CN=Kermit The Frog\""));
    // REVISIT should warn of invalid DN syntax
    assertThat(mappedPrincipals, is(empty()));
}
Also used : GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) Test(org.junit.Test)

Example 2 with GlobusPrincipal

use of org.globus.gsi.gssapi.jaas.GlobusPrincipal in project dcache by dCache.

the class Subjects method toString.

/**
 * Provide a one-line description of argument.  This is ostensibly the same job as
 * Subject#toString.  In contrast, this method never includes any line-break characters,
 * provides a better description for X.509 proxy chains, and uses a more terse format.
 * <p>
 * Note: the resulting line may be quite long.
 *
 * @param subject the identity to print
 * @return a single line describing that identity
 */
public static String toString(Subject subject) {
    StringBuilder sb = new StringBuilder();
    for (Object credential : subject.getPublicCredentials()) {
        appendComma(sb);
        if (credential instanceof CertPath) {
            List<X509Certificate> certificates = (List<X509Certificate>) ((CertPath) credential).getCertificates();
            X509Certificate[] chain = certificates.toArray(X509Certificate[]::new);
            appendX509Array(sb, chain);
        } else if (credential instanceof X509Certificate[]) {
            appendX509Array(sb, (X509Certificate[]) credential);
        } else {
            appendOptionallyInQuotes(sb, credential.toString());
        }
    }
    for (Object credential : subject.getPrivateCredentials()) {
        appendComma(sb);
        if (credential instanceof PasswordCredential) {
            String description = ((PasswordCredential) credential).describeCredential();
            sb.append("username-with-password:");
            appendOptionallyInQuotes(sb, description);
        } else if (credential instanceof BearerTokenCredential) {
            String token = ((BearerTokenCredential) credential).describeToken();
            sb.append("bearer-token:");
            appendOptionallyInQuotes(sb, token);
        } else {
            appendOptionallyInQuotes(sb, credential.toString());
        }
    }
    for (Principal principal : subject.getPrincipals()) {
        appendComma(sb);
        if (principal instanceof GlobusPrincipal) {
            sb.append("dn:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof KerberosPrincipal) {
            sb.append("kerberos:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof FQANPrincipal) {
            sb.append("fqan:");
            String label = ((FQANPrincipal) principal).isPrimaryGroup() ? "!" + principal.getName() : principal.getName();
            appendOptionallyInQuotes(sb, label);
        } else if (principal instanceof LoginNamePrincipal) {
            sb.append("desired-username:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof Origin) {
            sb.append("origin:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof OidcSubjectPrincipal) {
            sb.append("oidc:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof EmailAddressPrincipal) {
            sb.append("email:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof UserNamePrincipal) {
            sb.append("user:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof GroupNamePrincipal) {
            sb.append("group:");
            String label = ((GroupNamePrincipal) principal).isPrimaryGroup() ? "!" + principal.getName() : principal.getName();
            appendOptionallyInQuotes(sb, label);
        } else if (principal instanceof UidPrincipal) {
            sb.append("uid:").append(((UidPrincipal) principal).getUid());
        } else if (principal instanceof GidPrincipal) {
            sb.append("gid:");
            if (((GidPrincipal) principal).isPrimaryGroup()) {
                sb.append('!');
            }
            sb.append(principal.getName());
        } else if (principal instanceof DesiredRole) {
            sb.append("desired-role:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof EntityDefinitionPrincipal) {
            sb.append("entity-defn:").append(principal.getName());
        } else if (principal instanceof FullNamePrincipal) {
            sb.append("full-name:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof IGTFPolicyPrincipal) {
            sb.append("IGTF-policy:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof IGTFStatusPrincipal) {
            sb.append("IGTF-status:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof LoAPrincipal) {
            sb.append("LoA:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof LoginGidPrincipal) {
            sb.append("desired-gid:").append(((LoginGidPrincipal) principal).getGid());
        } else if (principal instanceof LoginUidPrincipal) {
            sb.append("desired-uid:").append(((LoginUidPrincipal) principal).getUid());
        } else if (principal instanceof MacaroonPrincipal) {
            sb.append("macaroon:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof OpenIdGroupPrincipal) {
            sb.append("oidc-group:");
            appendOptionallyInQuotes(sb, principal.getName());
        } else if (principal instanceof Origin) {
            sb.append("origin:").append(principal.getName());
        } else {
            sb.append(principal.getClass().getSimpleName()).append(':');
            appendOptionallyInQuotes(sb, principal.getName());
        }
    }
    return "{" + sb + "}";
}
Also used : ArrayList(java.util.ArrayList) List(java.util.List) CertPath(java.security.cert.CertPath) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) X509Certificate(java.security.cert.X509Certificate) GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) UnixNumericGroupPrincipal(com.sun.security.auth.UnixNumericGroupPrincipal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) UnixNumericUserPrincipal(com.sun.security.auth.UnixNumericUserPrincipal) Principal(java.security.Principal)

Example 3 with GlobusPrincipal

use of org.globus.gsi.gssapi.jaas.GlobusPrincipal in project dcache by dCache.

the class Subjects method principalsFromArgs.

public static Set<Principal> principalsFromArgs(List<String> args) {
    Set<Principal> principals = new HashSet<>();
    boolean isPrimaryFqan = true;
    boolean isPrimaryGid = true;
    for (String arg : args) {
        int idx = arg.indexOf(':');
        if (idx == -1) {
            throw new IllegalArgumentException("format for principals is <type>:<value>");
        }
        String type = arg.substring(0, idx);
        String value = arg.substring(idx + 1);
        Principal principal;
        switch(type) {
            case "dn":
                principal = new GlobusPrincipal(value);
                break;
            case "gid":
                principal = new GidPrincipal(value, isPrimaryGid);
                isPrimaryGid = false;
                break;
            case "kerberos":
                principal = new KerberosPrincipal(value);
                break;
            case "fqan":
                principal = new FQANPrincipal(value, isPrimaryFqan);
                isPrimaryFqan = false;
                break;
            case "name":
                principal = new LoginNamePrincipal(value);
                break;
            case "origin":
                principal = new Origin(InetAddresses.forString(value));
                break;
            case "oidc":
                int atIndex = value.lastIndexOf('@');
                checkArgument(atIndex != -1, "format for 'oidc' principals is <value>@<OP>");
                String oidcClaim = value.substring(0, atIndex);
                String op = value.substring(atIndex + 1);
                principal = new OidcSubjectPrincipal(oidcClaim, op);
                break;
            case "email":
                principal = new EmailAddressPrincipal(value);
                break;
            case "uid":
                principal = new UidPrincipal(value);
                break;
            case "user":
                LOGGER.warn("Please use \"username:{}\" instead of \"{}\"", value, arg);
            // FALL THROUGH
            case "username":
                principal = new UserNamePrincipal(value);
                break;
            case "group":
                boolean isPrimary = value.startsWith("!");
                if (isPrimary) {
                    value = value.substring(1);
                }
                principal = new GroupNamePrincipal(value, isPrimary);
                break;
            default:
                try {
                    Class<? extends Principal> principalClass = Class.forName(type).asSubclass(Principal.class);
                    Constructor<? extends Principal> principalConstructor = principalClass.getConstructor(String.class);
                    principal = principalConstructor.newInstance(value);
                } catch (NoSuchMethodException e) {
                    throw new IllegalArgumentException("No matching constructor found: " + type + "(String)");
                } catch (ClassNotFoundException e) {
                    throw new IllegalArgumentException("No matching class found: " + type);
                } catch (InvocationTargetException e) {
                    throw new IllegalArgumentException("Invocation failed: " + e.toString());
                } catch (InstantiationException e) {
                    throw new IllegalArgumentException("Instantiation failed: " + e.toString());
                } catch (IllegalAccessException e) {
                    throw new IllegalArgumentException("Access Exception: " + e.toString());
                }
        }
        principals.add(principal);
    }
    return principals;
}
Also used : HashSet(java.util.HashSet) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) InvocationTargetException(java.lang.reflect.InvocationTargetException) GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) UnixNumericGroupPrincipal(com.sun.security.auth.UnixNumericGroupPrincipal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) UnixNumericUserPrincipal(com.sun.security.auth.UnixNumericUserPrincipal) Principal(java.security.Principal)

Example 4 with GlobusPrincipal

use of org.globus.gsi.gssapi.jaas.GlobusPrincipal in project dcache by dCache.

the class Subjects method getSubject.

/**
 * Maps a UserAuthBase to a Subject.  The Subject will contain the UID (UidPrincipal), GID
 * (GidPrincipal), user name (UserNamePrincipal), DN (GlobusPrincipal), and FQAN (FQANPrincipal)
 * principals.
 *
 * @param user    UserAuthBase to convert
 * @param primary Whether the groups of user are the primary groups
 */
public static final Subject getSubject(UserAuthBase user, boolean primary) {
    Subject subject = new Subject();
    Set<Principal> principals = subject.getPrincipals();
    principals.add(new UidPrincipal(user.UID));
    boolean isPrimary = primary;
    for (int gid : user.GIDs) {
        principals.add(new GidPrincipal(gid, isPrimary));
        isPrimary = false;
    }
    String name = user.Username;
    if (name != null && !name.isEmpty()) {
        principals.add(new UserNamePrincipal(name));
    }
    String dn = user.DN;
    if (dn != null && !dn.isEmpty()) {
        principals.add(new GlobusPrincipal(dn));
    }
    String fqan = user.getFqan().toString();
    if (fqan != null && !fqan.isEmpty()) {
        principals.add(new FQANPrincipal(fqan, primary));
    }
    return subject;
}
Also used : GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) Subject(javax.security.auth.Subject) GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) UnixNumericGroupPrincipal(com.sun.security.auth.UnixNumericGroupPrincipal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) UnixNumericUserPrincipal(com.sun.security.auth.UnixNumericUserPrincipal) Principal(java.security.Principal)

Example 5 with GlobusPrincipal

use of org.globus.gsi.gssapi.jaas.GlobusPrincipal in project dcache by dCache.

the class VoRoleMapPlugin method map.

@Override
public void map(Set<Principal> principals) throws AuthenticationException {
    List<FQANPrincipal> fqanPrincipals = Lists.newArrayList(filter(principals, FQANPrincipal.class));
    List<GlobusPrincipal> globusPrincipals = Lists.newArrayList(filter(principals, GlobusPrincipal.class));
    boolean hasPrimary = containsPrimaryGroupName(principals);
    boolean authorized = false;
    for (FQANPrincipal fqanPrincipal : fqanPrincipals) {
        boolean found = false;
        boolean isPrimary = fqanPrincipal.isPrimaryGroup() && !hasPrimary;
        FQAN fqan = fqanPrincipal.getFqan();
        do {
            for (GlobusPrincipal globusPrincipal : globusPrincipals) {
                if (addMappingFor(globusPrincipal, fqanPrincipal, fqan, isPrimary, principals)) {
                    authorized = true;
                    found = true;
                    hasPrimary |= isPrimary;
                }
            }
            fqan = fqan.getParent();
        } while (isPrimary && !found && fqan != null);
    }
    checkAuthentication(authorized, "no record");
}
Also used : GlobusPrincipal(org.globus.gsi.gssapi.jaas.GlobusPrincipal) FQAN(org.dcache.auth.FQAN) FQANPrincipal(org.dcache.auth.FQANPrincipal)

Aggregations

GlobusPrincipal (org.globus.gsi.gssapi.jaas.GlobusPrincipal)21 Test (org.junit.Test)9 Principal (java.security.Principal)7 Subject (javax.security.auth.Subject)6 Version (org.dcache.gplazma.util.IGTFInfo.Version)6 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)5 UnixNumericGroupPrincipal (com.sun.security.auth.UnixNumericGroupPrincipal)4 UnixNumericUserPrincipal (com.sun.security.auth.UnixNumericUserPrincipal)4 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 List (java.util.List)2 FQANPrincipal (org.dcache.auth.FQANPrincipal)2 LoAPrincipal (org.dcache.auth.LoAPrincipal)2 UserNamePrincipal (org.dcache.auth.UserNamePrincipal)2 IOException (java.io.IOException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 BigInteger (java.math.BigInteger)1 CertPath (java.security.cert.CertPath)1 CertificateException (java.security.cert.CertificateException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial