Example 1 with CertificateInfo
use of org.platformlayer.auth.model.CertificateInfo in project platformlayer by platformlayer.
the class RootResource method requireSystemAccess.
protected void requireSystemAccess() throws AuthenticatorException {
X509Certificate[] certChain = getCertificateChain();
if (certChain != null && certChain.length != 0) {
CertificateChainInfo chain = new CertificateChainInfo();
for (X509Certificate cert : certChain) {
CertificateInfo info = new CertificateInfo();
info.publicKey = Hex.toHex(cert.getPublicKey().getEncoded());
info.subjectDN = Certificates.getSubject(cert);
// Md5Hash hash = OpenSshUtils.getSignature(cert.getPublicKey());
// certificateInfo.setPublicKeyHash(hash.toHex());
chain.certificates.add(info);
}
ServiceAccount auth = systemAuthenticator.authenticate(chain);
if (auth != null) {
log.debug("Certificate authentication SUCCESS for " + chain);
return;
}
log.debug("Certificate authentication FAIL for " + chain);
} else {
log.debug("Certificate authentication FAIL (no certificate presented)");
}
throwUnauthorized();
// return myTokenInfo;
}
Also used :
ServiceAccount(org.platformlayer.auth.ServiceAccount)
CertificateChainInfo(org.platformlayer.auth.model.CertificateChainInfo)
CertificateInfo(org.platformlayer.auth.model.CertificateInfo)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CertificateInfo
use of org.platformlayer.auth.model.CertificateInfo in project platformlayer by platformlayer.
the class ClientCertificateSystemAuthenticator method authenticate.
@Override
public ServiceAccountEntity authenticate(CertificateChainInfo certChainInfo) throws AuthenticatorException {
if (certChainInfo.certificates.size() == 0) {
log.debug("Chain empty; can't authenticate");
return null;
}
// If it's a single cert; we check the cert.
// Otherwise, we assume a CA signed the tail cert, so we check the penultimate cert
CertificateInfo inspect;
if (certChainInfo.certificates.size() == 1) {
inspect = certChainInfo.certificates.get(0);
} else {
inspect = certChainInfo.certificates.get(1);
}
String subject = inspect.subjectDN;
if (Strings.isNullOrEmpty(inspect.publicKey)) {
throw new IllegalArgumentException();
}
byte[] publicKey = Hex.fromHex(inspect.publicKey);
ServiceAccountEntity auth;
try {
auth = repository.findServiceAccount(subject, publicKey);
} catch (RepositoryException e) {
throw new AuthenticatorException("Error while authenticating user", e);
}
if (auth == null) {
log.debug("Certificate validation failed (though the caller was authenticated)");
log.debug("Certificate validation failed - public key not recognized: " + Hex.toHex(publicKey));
log.debug("Certificate validation failed - chain: " + certChainInfo);
}
return auth;
}
Also used :
CertificateInfo(org.platformlayer.auth.model.CertificateInfo)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
ServiceAccountEntity(org.platformlayer.auth.ServiceAccountEntity)
RepositoryException(org.platformlayer.RepositoryException)
Aggregations
CertificateInfo (org.platformlayer.auth.model.CertificateInfo)2
X509Certificate (java.security.cert.X509Certificate)1
RepositoryException (org.platformlayer.RepositoryException)1
AuthenticatorException (org.platformlayer.auth.AuthenticatorException)1
ServiceAccount (org.platformlayer.auth.ServiceAccount)1
ServiceAccountEntity (org.platformlayer.auth.ServiceAccountEntity)1
CertificateChainInfo (org.platformlayer.auth.model.CertificateChainInfo)1
