Example 1 with AuthenticationTokenValidator
use of org.platformlayer.auth.AuthenticationTokenValidator in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method build.
public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
String cert = configuration.get("auth.system.tls.clientcert");
CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
HostnameVerifier hostnameVerifier = null;
KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
TrustManager trustManager = null;
String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
if (trustKeys != null) {
trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
hostnameVerifier = new AcceptAllHostnameVerifier();
}
if (log.isDebugEnabled() && certificateAndKey != null) {
X509Certificate[] chain = certificateAndKey.getCertificateChain();
log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
}
SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
return tokenValidator;
}
Also used :
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator)
RestfulClient(org.platformlayer.rest.RestfulClient)
JreRestfulClient(org.platformlayer.rest.JreRestfulClient)
X509Certificate(java.security.cert.X509Certificate)
AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManager(javax.net.ssl.TrustManager)
PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager)
AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)
JreRestfulClient(org.platformlayer.rest.JreRestfulClient)
SslConfiguration(org.platformlayer.http.SslConfiguration)
CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 2 with AuthenticationTokenValidator
use of org.platformlayer.auth.AuthenticationTokenValidator in project platformlayer by platformlayer.
the class ProjectContext method getProjectCredentials.
public CertificateAndKey getProjectCredentials() throws OpsException {
// OK... this is weird... we sign the project cert with the project cert.
// It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
ProjectId projectId = getProjectId();
KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
if (keyPair == null) {
keyPair = RsaUtils.generateRsaKeyPair();
privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
}
if (chain == null) {
AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
String projectKey = projectAuthorization.getName();
if (!projectKey.equals(projectId.getKey())) {
throw new IllegalStateException();
}
PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
Csr csr = Csr.buildCsr(keyPair, getX500Principal());
chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
}
return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used :
KeyPair(java.security.KeyPair)
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
ProjectId(org.platformlayer.ids.ProjectId)
ProjectAuthorization(org.platformlayer.model.ProjectAuthorization)
AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator)
PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Certificate (java.security.cert.X509Certificate)2
AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)2
CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1
SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)1
SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)1
AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1
PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)1
KeyPair (java.security.KeyPair)1
HostnameVerifier (javax.net.ssl.HostnameVerifier)1
KeyManager (javax.net.ssl.KeyManager)1
TrustManager (javax.net.ssl.TrustManager)1
PlatformLayerAuthAdminClient (org.platformlayer.auth.system.PlatformLayerAuthAdminClient)1
SslConfiguration (org.platformlayer.http.SslConfiguration)1
ProjectId (org.platformlayer.ids.ProjectId)1
ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1
JreRestfulClient (org.platformlayer.rest.JreRestfulClient)1
RestfulClient (org.platformlayer.rest.RestfulClient)1
