Example 1 with RestClientException
use of org.platformlayer.rest.RestClientException in project platformlayer by platformlayer.
the class PlatformLayerAuthenticationClient method authenticateWithCertificate.
public PlatformlayerAuthenticationToken authenticateWithCertificate(String username, X509Certificate[] certificateChain, PrivateKey privateKey) throws PlatformlayerAuthenticationClientException {
if (username == null) {
throw new IllegalArgumentException();
}
CertificateCredentials certificateCredentials = new CertificateCredentials();
certificateCredentials.setUsername(username);
Auth auth = new Auth();
auth.setCertificateCredentials(certificateCredentials);
AuthenticateRequest request = new AuthenticateRequest();
request.setAuth(auth);
final KeyManager keyManager = new SimpleClientCertificateKeyManager(privateKey, certificateChain);
for (int i = 0; i < 2; i++) {
AuthenticateResponse response;
try {
RestfulRequest<AuthenticateResponse> httpRequest = httpClient.buildRequest(HttpMethod.POST, "api/tokens", HttpPayload.asXml(request), AuthenticateResponse.class);
httpRequest.setKeyManager(keyManager);
response = httpRequest.execute();
} catch (RestClientException e) {
throw new PlatformlayerAuthenticationClientException("Error authenticating", e);
}
if (i == 0) {
if (response == null || response.getChallenge() == null) {
return null;
}
byte[] challenge = response.getChallenge();
byte[] challengeResponse = decrypt(privateKey, challenge);
certificateCredentials.setChallengeResponse(challengeResponse);
} else {
if (response == null || response.getAccess() == null) {
return null;
}
return new PlatformlayerAuthenticationToken(response.getAccess());
}
}
return null;
}
Also used :
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
AuthenticateResponse(org.platformlayer.auth.v1.AuthenticateResponse)
PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken)
PlatformlayerAuthenticationClientException(org.platformlayer.auth.PlatformlayerAuthenticationClientException)
AuthenticateRequest(org.platformlayer.auth.v1.AuthenticateRequest)
CertificateCredentials(org.platformlayer.auth.v1.CertificateCredentials)
Auth(org.platformlayer.auth.v1.Auth)
RestClientException(org.platformlayer.rest.RestClientException)
SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 2 with RestClientException
use of org.platformlayer.rest.RestClientException in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method signCsr.
// This can actually be moved to the user-auth system
public List<X509Certificate> signCsr(String projectKey, CryptoKey projectSecret, String csr) {
String url = "pki/csr";
SignCertificateRequest request = new SignCertificateRequest();
request.setProject(projectKey);
request.setCsr(csr);
request.setProjectSecret(FathomdbCrypto.serialize(projectSecret));
try {
SignCertificateResponse response = doSimpleXmlRequest(HttpMethod.POST, url, request, SignCertificateResponse.class);
List<X509Certificate> certificates = Lists.newArrayList();
for (String cert : response.getCertificates()) {
certificates.addAll(CertificateUtils.fromPem(cert));
}
return certificates;
} catch (RestClientException e) {
throw new IllegalArgumentException("Error while signing certificate", e);
}
}
Also used :
SignCertificateRequest(org.platformlayer.auth.v1.SignCertificateRequest)
RestClientException(org.platformlayer.rest.RestClientException)
X509Certificate(java.security.cert.X509Certificate)
SignCertificateResponse(org.platformlayer.auth.v1.SignCertificateResponse)
Example 3 with RestClientException
use of org.platformlayer.rest.RestClientException in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method checkServiceAccess.
public String checkServiceAccess(CertificateChainInfo chain) {
String url = "services/check";
CheckServiceAccessRequest request = new CheckServiceAccessRequest();
request.setChain(chain);
try {
CheckServiceAccessResponse response = doSimpleXmlRequest(HttpMethod.POST, url, request, CheckServiceAccessResponse.class);
return response.getServiceAccount();
} catch (RestClientException e) {
throw new IllegalArgumentException("Error while checking service access", e);
}
}
Also used :
CheckServiceAccessRequest(org.platformlayer.auth.v1.CheckServiceAccessRequest)
RestClientException(org.platformlayer.rest.RestClientException)
CheckServiceAccessResponse(org.platformlayer.auth.v1.CheckServiceAccessResponse)
Example 4 with RestClientException
use of org.platformlayer.rest.RestClientException in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method validateToken.
@Override
public ProjectAuthorization validateToken(AuthenticationToken authToken, String projectId) {
// v2.0/tokens/{userToken}[?project={tenant}]
String tokenId = ((PlatformlayerAuthenticationToken) authToken).getAuthTokenValue();
tokenId = tokenId.trim();
String url = "v2.0/tokens/" + tokenId;
url += "?project=" + UrlUtils.urlEncode(projectId);
try {
ValidateTokenResponse response = doSimpleXmlRequest(HttpMethod.GET, url, null, ValidateTokenResponse.class);
ValidateAccess access = response.getAccess();
if (access == null) {
return null;
}
// ProjectValidation project = access.getProject();
// if (project == null || !Objects.equal(projectId, project.getId())) {
// return null;
// }
UserValidation userInfo = access.getUser();
if (userInfo == null) {
return null;
}
ProjectValidation projectInfo = access.getProject();
if (projectInfo == null) {
return null;
}
// List<String> roles = Lists.newArrayList();
// UserValidation userInfo = access.getUser();
// for (Role role : userInfo.getRoles()) {
// if (!role.getTenantId().equals(projectId)) {
// throw new IllegalStateException("Tenant mismatch: " + role.getTenantId() + " vs " + projectId);
// }
// roles.add(role.getName());
// }
// byte[] userSecret = userInfo.getSecret();
String userKey = userInfo.getName();
PlatformlayerUserAuthentication user = new PlatformlayerUserAuthentication(authToken, userKey);
PlatformlayerProjectAuthorization project = buildPlatformlayerProjectAuthorization(user, projectInfo);
return project;
} catch (RestClientException e) {
if (e.getHttpResponseCode() != null && e.getHttpResponseCode() == 404) {
// Not found => invalid token
return null;
}
log.warn("Error while validating token", e);
throw new IllegalArgumentException("Error while validating token", e);
}
}
Also used :
ValidateTokenResponse(org.platformlayer.auth.v1.ValidateTokenResponse)
UserValidation(org.platformlayer.auth.v1.UserValidation)
ProjectValidation(org.platformlayer.auth.v1.ProjectValidation)
ValidateAccess(org.platformlayer.auth.v1.ValidateAccess)
PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken)
RestClientException(org.platformlayer.rest.RestClientException)
Example 5 with RestClientException
use of org.platformlayer.rest.RestClientException in project platformlayer by platformlayer.
the class PlatformLayerAuthAdminClient method validateChain.
@Override
public ProjectAuthorization validateChain(X509Certificate[] chain, String projectKey) {
// v2.0/keychain[?project={projectKey}]
String url = "v2.0/keychain";
url += "?project=" + UrlUtils.urlEncode(projectKey);
CertificateChainInfo chainInfo = CertificateChains.toModel(chain);
try {
ValidateTokenResponse response = doSimpleXmlRequest(HttpMethod.POST, url, chainInfo, ValidateTokenResponse.class);
ValidateAccess access = response.getAccess();
if (access == null) {
return null;
}
UserValidation userInfo = access.getUser();
if (userInfo == null) {
return null;
}
ProjectValidation projectInfo = access.getProject();
if (projectInfo == null) {
return null;
}
String userKey = userInfo.getName();
PlatformlayerUserAuthentication user = new PlatformlayerUserAuthentication(null, userKey);
PlatformlayerProjectAuthorization project = buildPlatformlayerProjectAuthorization(user, projectInfo);
return project;
} catch (RestClientException e) {
if (e.getHttpResponseCode() != null && e.getHttpResponseCode() == 404) {
// Not found => invalid token
return null;
}
log.warn("Error while validating credentials", e);
throw new IllegalArgumentException("Error while validating credentials", e);
}
}
Also used :
ValidateTokenResponse(org.platformlayer.auth.v1.ValidateTokenResponse)
UserValidation(org.platformlayer.auth.v1.UserValidation)
ProjectValidation(org.platformlayer.auth.v1.ProjectValidation)
ValidateAccess(org.platformlayer.auth.v1.ValidateAccess)
CertificateChainInfo(org.platformlayer.auth.v1.CertificateChainInfo)
RestClientException(org.platformlayer.rest.RestClientException)
Aggregations
RestClientException (org.platformlayer.rest.RestClientException)7
PlatformlayerAuthenticationClientException (org.platformlayer.auth.PlatformlayerAuthenticationClientException)2
PlatformlayerAuthenticationToken (org.platformlayer.auth.PlatformlayerAuthenticationToken)2
Auth (org.platformlayer.auth.v1.Auth)2
AuthenticateRequest (org.platformlayer.auth.v1.AuthenticateRequest)2
AuthenticateResponse (org.platformlayer.auth.v1.AuthenticateResponse)2
ProjectValidation (org.platformlayer.auth.v1.ProjectValidation)2
UserValidation (org.platformlayer.auth.v1.UserValidation)2
ValidateAccess (org.platformlayer.auth.v1.ValidateAccess)2
ValidateTokenResponse (org.platformlayer.auth.v1.ValidateTokenResponse)2
SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)1
IOException (java.io.IOException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
X509Certificate (java.security.cert.X509Certificate)1
KeyManager (javax.net.ssl.KeyManager)1
HttpResponse (org.apache.http.HttpResponse)1
StatusLine (org.apache.http.StatusLine)1
HttpGet (org.apache.http.client.methods.HttpGet)1
URIBuilder (org.apache.http.client.utils.URIBuilder)1
