Example 6 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class UNICORESecurityContext method getDefaultConfiguration.
public DefaultClientConfiguration getDefaultConfiguration(Boolean enableMessageLogging, UserConfigurationDataModel userDataModel) throws GFacException, ApplicationSettingsException {
X509Credential cred = null;
try {
boolean genCert = userDataModel.isGenerateCert();
if (genCert) {
String userDN = userDataModel.getUserDN();
if (userDN == null || "".equals(userDN)) {
log.warn("Cannot generate cert, falling back to GFAC configured MyProxy credentials");
return getDefaultConfiguration(enableMessageLogging);
} else {
log.info("Generating X.509 certificate for: " + userDN);
try {
String caCertPath = ServerSettings.getSetting(BESConstants.PROP_CA_CERT_PATH, "");
String caKeyPath = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PATH, "");
String caKeyPass = ServerSettings.getSetting(BESConstants.PROP_CA_KEY_PASS, "");
if (caCertPath.equals("") || caKeyPath.equals("")) {
throw new Exception("CA certificate or key file path missing in the properties file. " + "Please make sure " + BESConstants.PROP_CA_CERT_PATH + " or " + BESConstants.PROP_CA_KEY_PATH + " are not empty.");
}
if ("".equals(caKeyPass)) {
log.warn("Caution: CA key has no password. For security reasons it is highly recommended to set a CA key password");
}
cred = generateShortLivedCredential(userDN, caCertPath, caKeyPath, caKeyPass);
} catch (Exception e) {
throw new GFacException("Error occured while generating a short lived credential for user:" + userDN, e);
}
}
} else {
return getDefaultConfiguration(enableMessageLogging);
}
secProperties = new DefaultClientConfiguration(dcValidator, cred);
setExtraSettings();
} catch (Exception e) {
throw new GFacException(e.getMessage(), e);
}
secProperties.getETDSettings().setExtendTrustDelegation(true);
if (enableMessageLogging)
secProperties.setMessageLogging(true);
// secProperties.setDoSignMessage(true);
secProperties.getETDSettings().setIssuerCertificateChain(secProperties.getCredential().getCertificateChain());
return secProperties;
}
Also used :
X509Credential(eu.emi.security.authn.x509.X509Credential)
GFacException(org.apache.airavata.gfac.core.GFacException)
DefaultClientConfiguration(eu.unicore.util.httpclient.DefaultClientConfiguration)
GFacException(org.apache.airavata.gfac.core.GFacException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
Example 7 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class X509SecurityContext method getCredentialsFromStore.
/**
* Reads the credentials from credential store.
* @return If token is found in the credential store, will return a valid credential. Else returns null.
* @throws Exception If an error occurred while retrieving credentials.
*/
public X509Credential getCredentialsFromStore() throws Exception {
if (getCredentialReader() == null) {
return null;
}
Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
if (credential != null) {
if (credential instanceof CertificateCredential) {
log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
CertificateCredential certificateCredential = (CertificateCredential) credential;
X509Certificate[] certificates = certificateCredential.getCertificates();
KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
return keyAndCert;
// return new GlobusGSSCredentialImpl(newCredential,
// GSSCredential.INITIATE_AND_ACCEPT);
} else {
log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
}
} else {
log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
}
return null;
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
Credential(org.apache.airavata.credential.store.credential.Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Credential(eu.emi.security.authn.x509.X509Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Certificate(java.security.cert.X509Certificate)
Example 8 with X509Credential
use of org.opensaml.security.x509.X509Credential in project airavata by apache.
the class X509SecurityContext method getCredentialsFromStore.
/**
* Reads the credentials from credential store.
* @return If token is found in the credential store, will return a valid credential. Else returns null.
* @throws Exception If an error occurred while retrieving credentials.
*/
public X509Credential getCredentialsFromStore() throws Exception {
if (getCredentialReader() == null) {
return null;
}
Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
if (credential != null) {
if (credential instanceof CertificateCredential) {
log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
CertificateCredential certificateCredential = (CertificateCredential) credential;
X509Certificate[] certificates = certificateCredential.getCertificates();
KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
return keyAndCert;
// return new GlobusGSSCredentialImpl(newCredential,
// GSSCredential.INITIATE_AND_ACCEPT);
} else {
log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
}
} else {
log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
}
return null;
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
Credential(org.apache.airavata.credential.store.credential.Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Credential(eu.emi.security.authn.x509.X509Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Certificate(java.security.cert.X509Certificate)
Example 9 with X509Credential
use of org.opensaml.security.x509.X509Credential in project verify-hub by alphagov.
the class ExecuteAttributeQueryRequestTest method run_shouldThrowCertChainValidationExceptionOnResponse.
@Test
public void run_shouldThrowCertChainValidationExceptionOnResponse() throws Exception {
when(attributeQueryRequestClient.sendQuery(any(Element.class), anyString(), any(SessionId.class), any(URI.class))).thenReturn(matchingServiceResponse);
final BasicX509Credential x509Credential = new BasicX509Credential(new X509CertificateFactory().createCertificate(UNCHAINED_PUBLIC_CERT), new PrivateKeyFactory().createPrivateKey(Base64.getDecoder().decode(UNCHAINED_PRIVATE_KEY.getBytes())));
Response response = aResponse().withSigningCredential(x509Credential).withIssuer(anIssuer().withIssuerId("issuer-id").build()).build();
when(elementToResponseTransformer.apply(matchingServiceResponse)).thenReturn(response);
executeAttributeQueryRequest.execute(sessionId, attributeQueryContainerDto);
verify(matchingResponseSignatureValidator).validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
}
Also used :
X509CertificateFactory(uk.gov.ida.common.shared.security.X509CertificateFactory)
Response(org.opensaml.saml.saml2.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
PrivateKeyFactory(uk.gov.ida.common.shared.security.PrivateKeyFactory)
Element(org.w3c.dom.Element)
SessionId(uk.gov.ida.common.SessionId)
URI(java.net.URI)
Test(org.junit.jupiter.api.Test)
Aggregations
X509Credential (eu.emi.security.authn.x509.X509Credential)6
DefaultClientConfiguration (eu.unicore.util.httpclient.DefaultClientConfiguration)4
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)4
GFacException (org.apache.airavata.gfac.core.GFacException)4
X509Certificate (java.security.cert.X509Certificate)3
KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)2
Credential (org.apache.airavata.credential.store.credential.Credential)2
CertificateCredential (org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)2
GFacProviderException (org.apache.airavata.gfac.core.provider.GFacProviderException)2
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)2
InputStream (java.io.InputStream)1
URI (java.net.URI)1
CertificateFactory (java.security.cert.CertificateFactory)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1
Test (org.junit.jupiter.api.Test)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
Response (org.opensaml.saml.saml2.core.Response)1
Credential (org.opensaml.security.credential.Credential)1
X509Credential (org.opensaml.security.x509.X509Credential)1
