perfsonar-dev - perfsonar: r2475 - in trunk/perfsonar/src/org/perfsonar: commons/auxiliary commons/auxiliary/components/authn commons/auxiliary/components/authn/wssec service/commons/authn service/commons/authn/tokens service/commons/engine

Subject: perfsonar development work

List archive

perfsonar: r2475 - in trunk/perfsonar/src/org/perfsonar: commons/auxiliary commons/auxiliary/components/authn commons/auxiliary/components/authn/wssec service/commons/authn service/commons/authn/tokens service/commons/engine

From:
To:
Subject: perfsonar: r2475 - in trunk/perfsonar/src/org/perfsonar: commons/auxiliary commons/auxiliary/components/authn commons/auxiliary/components/authn/wssec service/commons/authn service/commons/authn/tokens service/commons/engine
Date: Mon, 18 Jun 2007 10:41:12 -0400

Author: rodriguez
Date: 2007-06-18 10:41:10 -0400 (Mon, 18 Jun 2007)
New Revision: 2475

Added:

trunk/perfsonar/src/org/perfsonar/commons/auxiliary/components/authn/AuthNComponent.java
trunk/perfsonar/src/org/perfsonar/commons/auxiliary/components/authn/wssec/

trunk/perfsonar/src/org/perfsonar/commons/auxiliary/components/authn/wssec/WSSecAuthNComponent.java
Modified:
trunk/perfsonar/src/org/perfsonar/commons/auxiliary/ComponentNames.java

trunk/perfsonar/src/org/perfsonar/service/commons/authn/AADispatchSOAPProtocol.java
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNRequest.java
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNResponse.java

trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenManager.java

trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenSOAPManager.java

trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecurityToken.java
trunk/perfsonar/src/org/perfsonar/service/commons/engine/ActionType.java
Log:
Added the library for service developers. It includes the authentication
component

Modified:
trunk/perfsonar/src/org/perfsonar/commons/auxiliary/ComponentNames.java
===================================================================
--- trunk/perfsonar/src/org/perfsonar/commons/auxiliary/ComponentNames.java
2007-06-18 10:39:24 UTC (rev 2474)
+++ trunk/perfsonar/src/org/perfsonar/commons/auxiliary/ComponentNames.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -16,5 +16,7 @@

public static final String REGISTRATOR = "registrator";

+ public static final String AUTHN = "authn";
+

} //ComponentNames

Added:
trunk/perfsonar/src/org/perfsonar/commons/auxiliary/components/authn/AuthNComponent.java

Added:
trunk/perfsonar/src/org/perfsonar/commons/auxiliary/components/authn/wssec/WSSecAuthNComponent.java

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AADispatchSOAPProtocol.java
===================================================================
---
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AADispatchSOAPProtocol.java
2007-06-18 10:39:24 UTC (rev 2474)
+++
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AADispatchSOAPProtocol.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -1,28 +1,51 @@
package org.perfsonar.service.commons.authn;

+import java.io.File;
+import java.io.StringWriter;
+import java.net.URL;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.soap.SOAPHeaderElement;
+
+import org.apache.axis.client.Call;
+import org.apache.axis.client.Service;
+import org.apache.axis.message.SOAPBodyElement;
+import org.apache.axis.message.SOAPEnvelope;
+import org.apache.axis.utils.XMLUtils;
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.ggf.ns.nmwg.base.v2_0.Message;
import org.perfsonar.commons.auxiliary.AuxiliaryComponentManager;
import org.perfsonar.commons.auxiliary.ComponentNames;
import
org.perfsonar.commons.auxiliary.components.configuration.ConfigurationComponent;
import org.perfsonar.commons.auxiliary.components.logger.LoggerComponent;
import org.perfsonar.service.commons.exceptions.PerfSONARException;
+import org.w3c.dom.Document;

public class AADispatchSOAPProtocol implements AADispatchProtocol {
- private final String AUTHN_DECISION = "service.authn.response";
+ private final String AS_POINT_PARAM = "service.as.point";
+ private final String FILE_AUTHN_PARAM = "service.as.authnRequest";
+ private final String SAX_PARSER_CONFIG = "service.sax_parser.config";
private LoggerComponent logger;
private ConfigurationComponent config;
- private boolean isAuthorized=false;
+ private String asPoint;
+ private String fileAuthnRequest;
+ private String saxParser;

public AADispatchSOAPProtocol() throws PerfSONARException {
try {
logger = (LoggerComponent)
AuxiliaryComponentManager.getInstance()
- .getComponent(ComponentNames.LOGGER);
+ .getComponent(ComponentNames.LOGGER);
} catch (PerfSONARException e) {
String m = "AADispatchSOAPProtocol: Can't obtain
Logger component ";
throw new PerfSONARException(m);
}
try {
config = (ConfigurationComponent)
AuxiliaryComponentManager
-
.getInstance().getComponent(ComponentNames.CONFIG);
+ .getInstance().getComponent(ComponentNames.CONFIG);
} catch (PerfSONARException e) {

String m = "AADispatchSOAPProtocol: Can't obtain
Config component ";
@@ -30,20 +53,103 @@
throw new PerfSONARException(m);
}
try {
- Boolean
b=Boolean.valueOf(config.getProperty(AUTHN_DECISION));
- isAuthorized=b.booleanValue();
+ asPoint=config.getProperty(AS_POINT_PARAM);
+ fileAuthnRequest=config.getProperty(FILE_AUTHN_PARAM);
+ saxParser=config.getProperty(SAX_PARSER_CONFIG);
} catch (Exception e) {
- isAuthorized=false;
+ String m = "AADispatchSOAPProtocol: Can't obtain
required parameters ";
+ logger.error(m);
+ throw new PerfSONARException(m);
}
}

+ public AADispatchSOAPProtocol(String asPoint, String
fileAuthnRequest, String saxParser) throws PerfSONARException {
+ try {
+ logger = (LoggerComponent)
AuxiliaryComponentManager.getInstance()
+ .getComponent(ComponentNames.LOGGER);
+ } catch (PerfSONARException e) {
+ String m = "AADispatchSOAPProtocol: Can't obtain
Logger component ";
+ throw new PerfSONARException(m);
+ }
+ this.asPoint=asPoint;
+ this.fileAuthnRequest=fileAuthnRequest;
+ this.saxParser=saxParser;
+ }
+
public AuthNResponse getAuthentication(AuthNRequest req) {
- // TODO Make a real response
AuthNResponse resp=new AuthNResponse();
- if (!isAuthorized)
- resp.setStatus(AuthNResponse.NOT_AUTHORIZED);
- else
- resp.setStatus(AuthNResponse.AUTHORIZED);
+ StringWriter outWriter = null;
+ // prepare to call - set service elements
+ try {
+ Service service = new Service();
+ Call call = (Call)service.createCall();
+ call.setTargetEndpointAddress(new URL(asPoint));
+ call.setOperationName(new
QName("http://soapinterop.org/","submit";));
+
+ // read the request into a org.w3c.DOM.Document
+ Document request = null;
+ DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ DocumentBuilder builder =
factory.newDocumentBuilder();
+ request = builder.parse(new File(fileAuthnRequest));
+
+ // build a SOAPBodyElement from the document
+ SOAPBodyElement requestMessage =
+ new
SOAPBodyElement(request.getDocumentElement());
+ SOAPEnvelope envelope = new SOAPEnvelope();
+ envelope.addBodyElement(requestMessage);
+ javax.xml.soap.SOAPHeader
header=(javax.xml.soap.SOAPHeader)req.getSecurityToken().getSecToken();
+ Iterator it=header.examineAllHeaderElements();
+ while (it.hasNext()) {
+ SOAPHeaderElement
he=(SOAPHeaderElement)it.next();
+ envelope.getHeader().addChildElement(he);
+ }
+
+ StringWriter sw=new StringWriter();
+
XMLUtils.PrettyElementToWriter(requestMessage.getAsDOM(),sw);
+
+ // call on the end point
+ Object resultObject = call.invoke(envelope);
+
+ SOAPEnvelope envelopeResult;
+ SOAPBodyElement resultSBE;
+ Document result = null;
+
+ envelopeResult= (SOAPEnvelope)resultObject;
+ resultSBE= envelopeResult.getFirstBody();
+
+ // change it to document - here is where validity
+ // can be checked..
+ result = resultSBE.getAsDocument();
+
+ // output it to a string
+ outWriter = new StringWriter();
+
+ OutputFormat format = new OutputFormat( result );
+ format.setIndent(4);
+ format.setIndenting(true);
+ format.setLineSeparator("\n");
+
+ XMLSerializer serial = new XMLSerializer(outWriter,
format );
+ serial.asDOMSerializer();
+ serial.serialize( result.getDocumentElement() );
+
+ outWriter.close();
+
+ Message responseNmwg =
org.perfsonar.commons.util.XMLUtils.convertToMessage(
+ result, saxParser);
+
+ resp=AuthNResponse.getAuthNResponse(responseNmwg);
+
+ } catch (ClassCastException e) {
+ e.printStackTrace();
+
System.out.println("AADispatchSOAPProtocol.getAuthentication: We didn't get a
Vector of SOAPBodyElements!");
+ } catch (Exception e) {
+
System.out.println("AADispatchSOAPProtocol.getAuthentication: General
exception while retrieving report");
+ e.printStackTrace();
+ }
+
return resp;
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNRequest.java
===================================================================
--- trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNRequest.java
2007-06-18 10:39:24 UTC (rev 2474)
+++ trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNRequest.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -1,15 +1,21 @@
package org.perfsonar.service.commons.authn;

+import org.ggf.ns.nmwg.base.v2_0.Message;
import org.perfsonar.service.commons.authn.tokens.SecurityToken;
+import org.perfsonar.service.commons.engine.ActionType;

public class AuthNRequest {
private SecurityToken st;
-
+ private Message message;
+
public AuthNRequest() {
st=null;
+ message=new Message();
+ message.setType(ActionType.AUTHN_CLIENT);
}
-
+
public AuthNRequest(SecurityToken st) {
+ this();
this.st=st;
}

@@ -20,4 +26,13 @@
public void setSecurityToken(SecurityToken st) {
this.st = st;
}
+
+ public Message getMessage() {
+ return message;
+ }
+
+ public void setMessage(Message message) {
+ this.message = message;
+ }
+
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNResponse.java
===================================================================
---
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNResponse.java
2007-06-18 10:39:24 UTC (rev 2474)
+++
trunk/perfsonar/src/org/perfsonar/service/commons/authn/AuthNResponse.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -1,12 +1,19 @@
package org.perfsonar.service.commons.authn;

+import org.ggf.ns.nmwg.base.v2_0.EventType;
+import org.ggf.ns.nmwg.base.v2_0.Message;
+import org.ggf.ns.nmwg.base.v2_0.Metadata;
+
public class AuthNResponse {
- public static final int AUTHORIZED=0;
- public static final int NOT_AUTHORIZED=1;
+ public static final int AUTHENTICATED=0;
+ public static final int NOT_AUTHENTICATED=1;

private int status;
+ private String resultCode;
+
public AuthNResponse() {
- status=AuthNResponse.NOT_AUTHORIZED;
+ status=AuthNResponse.NOT_AUTHENTICATED;
+ resultCode="";
}

public int getStatus() {
@@ -17,4 +24,29 @@
this.status = status;
}

+ public String getResultCode() {
+ return resultCode;
+ }
+
+ public void setResultCode(String codeResult) {
+ this.resultCode = codeResult;
+ }
+
+ public static AuthNResponse getAuthNResponse(Message message) {
+ AuthNResponse res=new AuthNResponse();
+
+ Metadata[] metadatas=message.getMetadataArray();
+ for (int i=0; i<metadatas.length; i++) {
+ EventType et=metadatas[i].getEventType();
+ res.setResultCode(et.getEventType());
+ if (et.getEventType().equals("success.as.authn")) {
+ res.setStatus(AuthNResponse.AUTHENTICATED);
+ }
+ else {
+
res.setStatus(AuthNResponse.NOT_AUTHENTICATED);
+ }
+ }
+
+ return res;
+ }
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenManager.java
===================================================================
---
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenManager.java
2007-06-18 10:39:24 UTC (rev 2474)
+++
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenManager.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -1,8 +1,9 @@
package org.perfsonar.service.commons.authn.tokens;

-import org.perfsonar.service.commons.exceptions.PerfSONARException;
+import org.perfsonar.service.commons.exceptions.PerfSONARException;;

public interface SecTokenManager {
public boolean hasSTInRequest() throws PerfSONARException;
public Object getSTFromRequest() throws PerfSONARException;
+ public Object getSTValue() throws PerfSONARException;
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenSOAPManager.java
===================================================================
---
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenSOAPManager.java
2007-06-18 10:39:24 UTC (rev 2474)
+++
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecTokenSOAPManager.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -1,13 +1,29 @@
package org.perfsonar.service.commons.authn.tokens;

+import java.io.ByteArrayInputStream;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+
+import javax.xml.namespace.NamespaceContext;
import javax.xml.soap.SOAPException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathFactory;

+import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.message.SOAPHeader;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.util.Base64;
import org.perfsonar.commons.auxiliary.AuxiliaryComponentManager;
import org.perfsonar.commons.auxiliary.ComponentNames;
+import org.perfsonar.commons.auxiliary.components.authn.DynamicCrypto;
import org.perfsonar.commons.auxiliary.components.logger.LoggerComponent;
import org.perfsonar.service.commons.exceptions.PerfSONARException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

public class SecTokenSOAPManager implements SecTokenManager {
@@ -20,7 +36,7 @@

if (logger == null) {
String m = "SecTokenSOAPManager: can't obtain Logger
object";
- throw new
PerfSONARException("error.authn.dependency", m);
+ throw new
PerfSONARException("error.common.no_logger", m);
}
}

@@ -29,13 +45,13 @@
return null;
MessageContext mc=MessageContext.getCurrentContext();
try {
- SOAPHeader
sh=(SOAPHeader)mc.getCurrentMessage().getSOAPHeader();
- NodeList
nl=sh.getElementsByTagNameNS(WSSECHEADER_NS,WSSECHEADER);
- return nl.item(0);
+ Message m=mc.getCurrentMessage();
+ SOAPHeader sh=(SOAPHeader)m.getSOAPHeader();
+ return sh;
} catch (SOAPException e) {
- String m = "Error checking the WS-SEC header";
+ String m = "Error getting the SOAP header";
logger.error(m);
- throw new PerfSONARException("error.authn.checking", m);
+ throw new PerfSONARException("error.authn.soap", m);
}
}

@@ -48,8 +64,59 @@
} catch (SOAPException e) {
String m = "Error checking the WS-SEC header";
logger.error(m);
- throw new PerfSONARException("error.authn.checking", m);
+ throw new PerfSONARException("error.authn.soap", m);
}
}

+ public Object getSTValue() throws PerfSONARException {
+ if (!hasSTInRequest())
+ return null;
+ SOAPHeader sh=(SOAPHeader)getSTFromRequest();
+
+ try {
+ Document doc=sh.getAsDocument();
+ Crypto crypto = new DynamicCrypto();
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ // If there is any problem validating the SOAP header, it
throws an exception
+ secEngine.processSecurityHeader(doc, null, null, crypto);
+
+ XPathFactory factory = XPathFactory.newInstance();
+ XPath xpath = factory.newXPath();
+ xpath.setNamespaceContext(new WSSENamespaceContext());
+ XPathExpression expr =
xpath.compile("//wsse:BinarySecurityToken");
+ Object result = expr.evaluate(doc, XPathConstants.NODESET);
+ NodeList nodes = (NodeList) result;
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Element e=(Element)nodes.item(i);
+ if
(e.getAttribute("ValueType").equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";))
{
+ byte[] bytes=Base64.decode(e.getTextContent());
+ ByteArrayInputStream bais=new
ByteArrayInputStream(bytes);
+ X509Certificate cert=crypto.loadCertificate(bais);
+ return cert;
+ }
+ }
+ } catch (Throwable t) {
+ String m = "SecTokenSOAPManager: "+t.getMessage();
+ logger.info(m);
+ throw new
PerfSONARException("error.authn.getting_sec_token",m);
+ }
+ return null;
+ }
+
+ class WSSENamespaceContext implements NamespaceContext {
+
+ public String getNamespaceURI(String prefix) {
+ return
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";;
+ }
+
+ // This method isn't necessary for XPath processing either.
+ public String getPrefix(String uri) {
+ throw new UnsupportedOperationException();
+ }
+
+ // This method isn't necessary for XPath processing either.
+ public Iterator<?> getPrefixes(String uri) {
+ throw new UnsupportedOperationException();
+ }
+ }
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecurityToken.java
===================================================================
---
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecurityToken.java
2007-06-18 10:39:24 UTC (rev 2474)
+++
trunk/perfsonar/src/org/perfsonar/service/commons/authn/tokens/SecurityToken.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -5,10 +5,12 @@
public class SecurityToken {
private SecTokenManager tm;
private Object secToken;
+ private Object secTokenValue;

public SecurityToken(SecTokenManager tm) {
this.tm=tm;
this.secToken=null;
+ this.secTokenValue=null;
}

public Object getSecToken() {
@@ -21,9 +23,18 @@

public void setSecTokenFromRequest() throws PerfSONARException {
setSecToken(tm.getSTFromRequest());
+ setSecTokenValue(tm.getSTValue());
}

public boolean hasSecTokenInRequest() throws PerfSONARException {
return tm.hasSTInRequest();
}
+
+ public Object getSecTokenValue() {
+ return secTokenValue;
+ }
+
+ public void setSecTokenValue(Object secTokenValue) {
+ this.secTokenValue = secTokenValue;
+ }
}

Modified:
trunk/perfsonar/src/org/perfsonar/service/commons/engine/ActionType.java
===================================================================
--- trunk/perfsonar/src/org/perfsonar/service/commons/engine/ActionType.java
2007-06-18 10:39:24 UTC (rev 2474)
+++ trunk/perfsonar/src/org/perfsonar/service/commons/engine/ActionType.java
2007-06-18 14:41:10 UTC (rev 2475)
@@ -116,6 +116,13 @@
*/
public static final String SETUP_DATA_DB = "SETUP_DATA_DB";

+ // ------------------------------------------ Authentication Service
Actions

+ /**
+ * Action type to request the authentication of the client/user
+ */

+ public static final String AUTHN_CLIENT = "AuthNClient";
+
+
} //ActionType

perfsonar: r2475 - in trunk/perfsonar/src/org/perfsonar: commons/auxiliary commons/auxiliary/components/authn commons/auxiliary/components/authn/wssec service/commons/authn service/commons/authn/tokens service/commons/engine, svnlog, 06/18/2007

List archive

perfsonar: r2475 - in trunk/perfsonar/src/org/perfsonar: commons/auxiliary commons/auxiliary/components/authn commons/auxiliary/components/authn/wssec service/commons/authn service/commons/authn/tokens service/commons/engine