Example 1 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class UNICORESecurityContext method getDefaultConfiguration.
public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging, UserConfigurationData userData) throws GFacException, ApplicationSettingsException {
X509Credential cred = null;
try {
boolean genCert = userData.isGenerateCert();
if (genCert) {
String userDN = userData.getUserDN();
if (userDN == null && "".equals(userDN)) {
log.warn("Cannot generate cert, falling back to container configured MyProxy credentials");
return getDefaultConfiguration(enableMessageLogging);
} else {
log.info("Generating X.509 certificate for: " + userDN);
try {
String caCertPath = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
String caKeyPath = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
String caKeyPass = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
if (caCertPath.equals("") || caKeyPath.equals("")) {
throw new Exception("CA certificate or key file path missing in the properties file. " + "Please make sure " + BESConstants.PROP_CA_CERT_PATH + " or " + BESConstants.PROP_CA_KEY_PATH + " are not empty.");
}
if ("".equals(caKeyPass)) {
log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
}
cred = generateShortLivedCredential(userDN, caCertPath, caKeyPath, caKeyPass);
} catch (Exception e) {
throw new GFacProviderException("Error occured while generating a short lived credential for user:" + userDN, e);
}
}
} else {
return getDefaultConfiguration(enableMessageLogging);
}
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
secProperties.getETDSettings().setExtendTrustDelegation(true);
if (enableMessageLogging)
secProperties.setMessageLogging(true);
// secProperties.setDoSignMessage(true);
secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
return secProperties;
}
Also used :
X509Credential(eu.emi.security.authn.x509.X509Credential)
GFacException(org.apache.airavata.gfac.core.GFacException)
DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration)
GFacProviderException(org.apache.airavata.gfac.core.provider.GFacProviderException)
GFacException(org.apache.airavata.gfac.core.GFacException)
GFacProviderException(org.apache.airavata.gfac.core.provider.GFacProviderException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
Example 2 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class UNICORESecurityContext method getDefaultConfiguration.
/**
* Get client configuration from MyProxy credentials.
*
* @return an instance of the default client configuration
* @throws GFacException
* @throws ApplicationSettingsException
* @throws GFacException, ApplicationSettingsException
*/
public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging) throws GFacException, ApplicationSettingsException {
try {
X509Credential cred = getX509Credentials();
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
secProperties.getETDSettings().setExtendTrustDelegation(true);
if (enableMessageLogging)
secProperties.setMessageLogging(true);
// secProperties.setMessageLogging(true);
// secProperties.setDoSignMessage(true);
secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
return secProperties;
}
Also used :
X509Credential(eu.emi.security.authn.x509.X509Credential)
GFacException(org.apache.airavata.gfac.core.GFacException)
DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration)
GFacException(org.apache.airavata.gfac.core.GFacException)
GFacProviderException(org.apache.airavata.gfac.core.provider.GFacProviderException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
Example 3 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class UNICORESecurityContext method getDefaultConfiguration.
public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging) throws GFacException, ApplicationSettingsException {
try {
X509Credential cred = getX509Credentials();
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
if (enableMessageLogging)
secProperties.setMessageLogging(true);
return secProperties;
}
Also used :
X509Credential(eu.emi.security.authn.x509.X509Credential)
GFacException(org.apache.airavata.gfac.core.GFacException)
DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration)
GFacException(org.apache.airavata.gfac.core.GFacException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
Example 4 with X509Credential
use of org.opensaml.security.x509.X509Credential in project pac4j by pac4j.
the class KeyStoreCredentialProvider method getCredential.
@Override
public final Credential getCredential() {
try {
final CriteriaSet cs = new CriteriaSet();
final EntityIdCriterion criteria = new EntityIdCriterion(this.privateKey);
cs.add(criteria);
final X509Credential creds = (X509Credential) this.credentialResolver.resolveSingle(cs);
return creds;
} catch (final ResolverException e) {
throw new SAMLException("Can't obtain SP private key", e);
}
}
Also used :
X509Credential(org.opensaml.security.x509.X509Credential)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
SAMLException(org.pac4j.saml.exceptions.SAMLException)
Example 5 with X509Credential
use of org.opensaml.security.x509.X509Credential in project cas by apereo.
the class WsFederationConfiguration method getSigningCredential.
/**
* getSigningCredential loads up an X509Credential from a file.
*
* @param resource the signing certificate file
* @return an X509 credential
*/
private static Credential getSigningCredential(final Resource resource) {
try (InputStream inputStream = resource.getInputStream()) {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
final Credential publicCredential = new BasicX509Credential(certificate);
LOGGER.debug("Signing credential key retrieved from [{}].", resource);
return publicCredential;
} catch (final Exception ex) {
LOGGER.error(ex.getMessage(), ex);
}
return null;
}
Also used :
Credential(org.opensaml.security.credential.Credential)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
InputStream(java.io.InputStream)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Credential (eu.emi.security.authn.x509.X509Credential)6
DefaultClientConfiguration (eu.unicore.util.httpclient.DefaultClientConfiguration)4
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)4
GFacException (org.apache.airavata.gfac.core.GFacException)4
X509Certificate (java.security.cert.X509Certificate)3
KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)2
Credential (org.apache.airavata.credential.store.credential.Credential)2
CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)2
GFacProviderException (org.apache.airavata.gfac.core.provider.GFacProviderException)2
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)2
InputStream (java.io.InputStream)1
URI (java.net.URI)1
CertificateFactory (java.security.cert.CertificateFactory)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1
Test (org.junit.jupiter.api.Test)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
Response (org.opensaml.saml.saml2.core.Response)1
Credential (org.opensaml.security.credential.Credential)1
X509Credential (org.opensaml.security.x509.X509Credential)1
