Search in sources :

Example 1 with AuthenticationTokenValidator

use of org.platformlayer.auth.AuthenticationTokenValidator in project platformlayer by platformlayer.

the class PlatformLayerAuthAdminClient method build.

public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
    String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
    String cert = configuration.get("auth.system.tls.clientcert");
    CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
    HostnameVerifier hostnameVerifier = null;
    KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
    TrustManager trustManager = null;
    String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
    if (trustKeys != null) {
        trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
        hostnameVerifier = new AcceptAllHostnameVerifier();
    }
    if (log.isDebugEnabled() && certificateAndKey != null) {
        X509Certificate[] chain = certificateAndKey.getCertificateChain();
        log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
    }
    SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
    RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
    AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
    tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
    return tokenValidator;
}
Also used : SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) RestfulClient(org.platformlayer.rest.RestfulClient) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) X509Certificate(java.security.cert.X509Certificate) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) TrustManager(javax.net.ssl.TrustManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) SslConfiguration(org.platformlayer.http.SslConfiguration) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 2 with AuthenticationTokenValidator

use of org.platformlayer.auth.AuthenticationTokenValidator in project platformlayer by platformlayer.

the class ProjectContext method getProjectCredentials.

public CertificateAndKey getProjectCredentials() throws OpsException {
    // OK... this is weird... we sign the project cert with the project cert.
    // It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
    ProjectId projectId = getProjectId();
    KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
    List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
    if (keyPair == null) {
        keyPair = RsaUtils.generateRsaKeyPair();
        privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
    }
    if (chain == null) {
        AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
        ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
        String projectKey = projectAuthorization.getName();
        if (!projectKey.equals(projectId.getKey())) {
            throw new IllegalStateException();
        }
        PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
        Csr csr = Csr.buildCsr(keyPair, getX500Principal());
        chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
        privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
    }
    return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used : KeyPair(java.security.KeyPair) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) ProjectId(org.platformlayer.ids.ProjectId) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X509Certificate (java.security.cert.X509Certificate)2 AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)2 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1 SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)1 SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)1 AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1 PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)1 KeyPair (java.security.KeyPair)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 KeyManager (javax.net.ssl.KeyManager)1 TrustManager (javax.net.ssl.TrustManager)1 PlatformLayerAuthAdminClient (org.platformlayer.auth.system.PlatformLayerAuthAdminClient)1 SslConfiguration (org.platformlayer.http.SslConfiguration)1 ProjectId (org.platformlayer.ids.ProjectId)1 ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1 JreRestfulClient (org.platformlayer.rest.JreRestfulClient)1 RestfulClient (org.platformlayer.rest.RestfulClient)1