perfsonar-dev - perfsonar: r4874 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/authn base2/service/authn/component/wssec base2/service/authn/tokens service/authService service/authService/auth/client
Subject: perfsonar development work
List archive
perfsonar: r4874 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/authn base2/service/authn/component/wssec base2/service/authn/tokens service/authService service/authService/auth/client
Chronological Thread
- From:
- To:
- Subject: perfsonar: r4874 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/authn base2/service/authn/component/wssec base2/service/authn/tokens service/authService service/authService/auth/client
- Date: Tue, 13 Jan 2009 10:34:38 -0500
Author: rodriguez
Date: 2009-01-13 10:34:38 -0500 (Tue, 13 Jan 2009)
New Revision: 4874
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchProtocol.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchSOAPProtocol.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/component/wssec/WSSecAuthNComponent.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/tokens/SecTokenSOAPManager.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AttrEERequestGenerator.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AuthREERequestGenerator.java
Log:
- The auth component and AS are more close to a stable state
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchProtocol.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchProtocol.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchProtocol.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -3,6 +3,7 @@
import org.perfsonar.base2.service.exceptions.PerfSONARException;
public interface AADispatchProtocol {
+ public void setAuthService(String uriAuthServer);
public AuthNResponse getAuthentication(AuthNRequest req) throws
PerfSONARException;
public AuthRResponse getAuthorization(AuthRRequest req) throws
PerfSONARException;
public AttrResponse getAttributes(AttrRequest req) throws
PerfSONARException;
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchSOAPProtocol.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchSOAPProtocol.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/AADispatchSOAPProtocol.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -39,10 +39,7 @@
public static final String
WSS_X509="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";;
public static final String
WSS_SAML="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";;
- private final String AS_POINT_PARAM = "service.as.point";
- private final String SAX_PARSER_CONFIG = "service.sax_parser.config";
private String asPoint;
- private String saxParser;
protected static final Logger logger =
Logger.getLogger(AADispatchSOAPProtocol.class.getName());
@@ -55,14 +52,26 @@
logger.error(m);
throw new PerfSONARException(m);
} */
+
+ this.asPoint = "";
}
- public AADispatchSOAPProtocol(String asPoint, String saxParser)
throws PerfSONARException {
+ public AADispatchSOAPProtocol(String asPoint) throws
PerfSONARException {
this.asPoint=asPoint;
- this.saxParser=saxParser;
}
+ public void setAuthService(String uriAuthServer) {
+ this.setAsPoint(uriAuthServer);
+ }
+ public String getAsPoint() {
+ return asPoint;
+ }
+
+ public void setAsPoint(String asPoint) {
+ this.asPoint = asPoint;
+ }
+
private String getClient(SecurityToken token) throws Exception {
Object stValue=token.getSecTokenValue();
if (SecTokenSOAPManager.isDelegated(token)) {
@@ -75,7 +84,7 @@
return "";
}
- private SOAPHeaderBlock updateSecurityTokenParameter(Message
requestMessage, SecurityToken token) throws PerfSONARException {
+ public SOAPHeaderBlock updateSecurityTokenParameter(Message
requestMessage, SecurityToken token) throws PerfSONARException {
Parameter parameter = null;
// get the parameter which specifies the format of the
security token
@@ -301,4 +310,5 @@
}
+
}
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/component/wssec/WSSecAuthNComponent.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/component/wssec/WSSecAuthNComponent.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/component/wssec/WSSecAuthNComponent.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -16,6 +16,7 @@
import org.perfsonar.base2.service.exceptions.PerfSONARException;
public class WSSecAuthNComponent extends AuthNComponent {
+ private final String AS_POINT = "as_endpoint";
private final String COMP_ID_SERVICE = "comp_id";
@Override
@@ -34,7 +35,9 @@
}
st.setSecTokenFromRequest();
AuthNRequest authnReq=new AuthNRequest(st);
- AADispatchManager aadm=new
AADispatchManager(AADispatchProtocolFactory.getDefaultAADispatchProtocol());
+ AADispatchProtocol aadp =
AADispatchProtocolFactory.getDefaultAADispatchProtocol();
+ aadp.setAuthService(getOption(AS_POINT).getValue());
+ AADispatchManager aadm=new AADispatchManager(aadp);
AuthNResponse authnRes=aadm.getAuthentication(authnReq);
if (authnRes.getStatus()!=AuthNResponse.AUTHENTICATED) {
logger.error("WSSecAuthNComponent: Authentication
failed ("+authnRes.getResultCode()+")");
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/tokens/SecTokenSOAPManager.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/tokens/SecTokenSOAPManager.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/authn/tokens/SecTokenSOAPManager.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -1,18 +1,15 @@
package org.perfsonar.base2.service.authn.tokens;
import java.io.ByteArrayInputStream;
-import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.NamespaceContext;
-import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPath;
@@ -26,8 +23,6 @@
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.description.AxisMessage;
-import org.apache.axis2.wsdl.SOAPHeaderMessage;
import org.apache.log4j.Logger;
import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSSecurityEngine;
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -1,26 +1,46 @@
package org.perfsonar.service.authService;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.PrintWriter;
+import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Iterator;
+import java.util.Properties;
import java.util.Vector;
+import net.geant.edugain.base.Configurator;
import net.geant.edugain.validation.ComponentID;
import net.geant.edugain.validation.Validator;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
import org.apache.log4j.Logger;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.message.token.Timestamp;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
+import org.perfsonar.base2.service.authn.component.DynamicCrypto;
import org.perfsonar.base2.service.authn.tokens.SecTokenManagerFactory;
import org.perfsonar.base2.service.authn.tokens.SecurityToken;
+import org.perfsonar.base2.service.configuration.Configuration;
+import org.perfsonar.base2.service.configuration.ConfigurationManager;
import org.perfsonar.base2.service.exceptions.PerfSONARException;
import org.perfsonar.base2.service.requesthandler.ServiceEngine;
import org.perfsonar.base2.service.requesthandler.ServiceMessage;
+import org.perfsonar.base2.service.util.ResultCodesUtil;
import org.perfsonar.base2.xml.nmwg.Message;
import org.perfsonar.base2.xml.nmwg.Metadata;
import org.perfsonar.base2.xml.nmwg.Parameter;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
public class AuthNServiceEngine extends GenericServiceEngine implements
ServiceEngine {
@@ -42,18 +62,96 @@
protected static String TYPE_RESPONSE = "AuthNEEResponse";
protected static String EVENT_TYPE_SUCCESS = "success.as.authn";
protected static String SEC_TOKEN_PARAM = "SecurityToken";
+
+ protected Configuration configuration;
+ protected ConfigurationManager configurationManager;
+ protected Properties props;
protected Validator val;
+ protected Configurator cfg;
+ protected Crypto tsCrypto;
// static final WSSecurityEngine secEngine = new WSSecurityEngine();
- public AuthNServiceEngine() {
-// RampartC
+ public AuthNServiceEngine() throws PerfSONARException {
+ //get configuration
+ configurationManager = ConfigurationManager.getInstance();
+ configuration = configurationManager.getConfiguration();
+
+ //init as
+ loadKeyStore();
+ loadConfiguration();
}
+ private void loadKeyStore() throws PerfSONARException {
+ try {
+ String truststoreFile =
configuration.getExtensionOption("auth-engine", "service.as.truststore_file");
+ String truststorePass =
configuration.getExtensionOption("auth-engine",
"service.as.truststore_password");
+ KeyStore ks = KeyStore.getInstance("jks");
+ ks.load(new FileInputStream(truststoreFile),
truststorePass.toCharArray());
+ tsCrypto=new DynamicCrypto(ks);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new PerfSONARException("error.as.crypto",e);
+ }
+
+ }
+
+ private void loadConfiguration() throws PerfSONARException {
+ props=new Properties();
+ String
maxTtlToken=configuration.getExtensionOption("auth-engine",
"service.as.maxttl");
+ if (maxTtlToken!=null) {
+ try {
+ int max=Integer.parseInt(maxTtlToken);
+ props.put("service.as.maxttl",
String.valueOf(max));
+ logger.debug("ASEngine: setting max ttl of
token to "+max);
+ } catch (NumberFormatException e) {
+ logger.error("ASEngine: value of the
parameter service.as.maxttl is not valid. Disabled this feature");
+ }
+ }
+ props.put("provider",
configuration.getExtensionOption("auth-engine", "service.as.crypt_provider"));
+ props.put(Configurator.PROPS_TRUSTSTORE_PASSWD,
configuration.getExtensionOption("auth-engine",
"service.as.truststore_password"));
+
props.put(Configurator.PROPS_TRUSTSTORE_FILE,configuration.getExtensionOption("auth-engine",
"service.as.truststore_file"));
+
props.put(Configurator.PROPS_VALID_COMPONENTS,configuration.getExtensionOption("auth-engine",
"service.as.valid_components"));
+ try {
+ logger.debug("ASEngine: getting the eduGAIN config
object...");
+ cfg = Configurator.getInstance(props);
+ logger.debug("ASEngine: getting the eduGAIN validator
object...");
+ val=new Validator(props);
+ } catch (Throwable e) {
+ e.printStackTrace();
+ String error="";
+ ByteArrayOutputStream baos=new
ByteArrayOutputStream();
+ PrintWriter pw=new PrintWriter(baos);
+ e.printStackTrace(pw);
+ error=baos.toString();
+ pw.close();
+ String m = "AuthNAction: There is a problem
initiating the eduGAIN environment: "+e.toString()+". Print Stack Trace:
"+error;
+ logger.fatal(m);
+ throw new PerfSONARException("error.authn.edugain",m);
+ }
+ }
+
public void takeAction(ServiceMessage serviceRequest, ServiceMessage
serviceResponse)
throws PerfSONARException {
+/*
+ MessageContext mc=MessageContext.getCurrentMessageContext();
+ SOAPEnvelope se = mc.getEnvelope();
+ Document doc = null;
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(se, true);
+ } catch (WSSecurityException e) {
+ doc = null;
+ } finally {
+ if (doc == null) {
+ String m = "AuthNServiceEngine: Cannot
process the Security Token";
+ logger.error(m);
+ throw new
PerfSONARException("error.authn.not_sectoken",m);
+ }
+ }
- /*
+ Message request = serviceRequest.getMessageElement();
+*/
+
//extract message
Message request = serviceRequest.getMessageElement();
@@ -71,20 +169,22 @@
logger.info("Security Token: "+sentSecToken);
if (sentSecToken!=null&&
sentSecToken!=null&&
-
sentSecToken.equals(AuthNAction.X509_ID)) {
+
sentSecToken.equals(AuthNServiceEngine.X509_ID)) {
checkWSSecHeader(tsCrypto);
checkTimeStampInfo();
if (processX509AuthN(request)) {
- return getValidAuthNMessage(request);
+ Message response =
getValidAuthNMessage(request);
+ serviceResponse.setElement(response);
}
}
else if (sentSecToken!=null&&
sentSecToken!=null&&
-
sentSecToken.equals(AuthNAction.SAML_ID)) {
+
sentSecToken.equals(AuthNServiceEngine.SAML_ID)) {
checkWSSecHeader(tsCrypto);
checkTimeStampInfo();
if (processSAMLAuthN(request)) {
- return getValidAuthNMessage(request);
+ Message response =
getValidAuthNMessage(request);
+ serviceResponse.setElement(response);
}
}
else {
@@ -95,19 +195,39 @@
}
String m = "AuthNAction: The request has not sent a valid
Security Token";
throw new PerfSONARException("error.authn.not_sectoken",m);
- */
}
-/* protected void checkTimeStampInfo() throws PerfSONARException {
+ protected void checkTimeStampInfo() throws PerfSONARException {
Calendar now=Calendar.getInstance();
- String maxttl=props.getProperty(ASEngine.MAX_TTL_TOKEN);
+ String maxttl=props.getProperty("service.as.maxttl");
if (maxttl!=null) {
int max=Integer.parseInt(maxttl);
+
+ MessageContext
mc=MessageContext.getCurrentMessageContext();
+ SOAPEnvelope se = mc.getEnvelope();
+ Document doc = null;
+ try {
+ doc =
Axis2Util.getDocumentFromSOAPEnvelope(se, true);
+ } catch (WSSecurityException e) {
+ doc = null;
+ } finally {
+ if (doc == null) {
+ String m = "AuthNServiceEngine:
Cannot process the Security Token";
+ logger.error(m);
+ throw new
PerfSONARException("error.authn.not_sectoken",m);
+ }
+ }
+
+/*
+
MessageContext mc=MessageContext.getCurrentContext();
+*/
try {
- org.apache.axis.Message
m=mc.getCurrentMessage();
+/*
+ * org.apache.axis.Message
m=mc.getCurrentMessage();
SOAPHeader sh=(SOAPHeader)m.getSOAPHeader();
- NodeList
nl=sh.getElementsByTagNameNS(WSSECHEADER_TIMESTAMP_NS,WSSECHEADER_TIMESTAMP);
+*/
+ NodeList
nl=doc.getElementsByTagNameNS(WSSECHEADER_TIMESTAMP_NS,WSSECHEADER_TIMESTAMP);
if (nl.getLength()>0) {
Element e=(Element)nl.item(0);
Timestamp ts=new Timestamp(e);
@@ -144,8 +264,11 @@
}
protected void checkWSSecHeader(Crypto tsCrypto) throws
PerfSONARException {
- MessageContext mc=MessageContext.getCurrentContext();
+ MessageContext mc=MessageContext.getCurrentMessageContext();
+// MessageContext mc=MessageContext.getCurrentContext();
try {
+ /*
+
org.apache.axis.Message m=mc.getCurrentMessage();
SOAPHeader sh=(SOAPHeader)m.getSOAPHeader();
NodeList
nl=sh.getElementsByTagNameNS(WSSECHEADER_NS,WSSECHEADER);
@@ -153,7 +276,16 @@
String actor=wssec.getAttributeNS(SOAPENV_NS,
WSSECHEADER_ACTOR);
SOAPEnvelope env=m.getSOAPEnvelope();
Document doc=env.getAsDocument();
- Vector result=secEngine.processSecurityHeader(doc,
actor, null, tsCrypto);
+ Vector result=secEngine.processSecurityHeader(doc,
actor, null, tsCrypto); */
+
+ SOAPEnvelope se = mc.getEnvelope();
+ Document
doc=Axis2Util.getDocumentFromSOAPEnvelope(se, true);
+ Crypto crypto = new DynamicCrypto();
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ // If there is any problem validating the SOAP
header, it throws an exception
+ Vector result = secEngine.processSecurityHeader(doc,
null, null, crypto);
+
+
logger.info("AuthNAction: result=
'"+(result!=null)+"'");
if (result==null) {
throw new
PerfSONARException("error.authn.wssec","Null response checking the
signature");
@@ -245,6 +377,16 @@
}
protected Message getValidAuthNMessage(Message request) {
+ Message response = new Message();
+ response.setType(TYPE_RESPONSE);
+ ResultCodesUtil.generateResultMessage(response,
+ new PerfSONARException(
+ EVENT_TYPE_SUCCESS,
+ "This is successful echo response from the service"));
+
+ return response;
+/*
+
Message response = new Message();
response.setType(TYPE_RESPONSE);
@@ -258,7 +400,7 @@
response.addChild(responseData);
response.setMetadata(responseMetadata);
- return response;
+ return response; */
}
-*/
+
}
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AttrEERequestGenerator.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AttrEERequestGenerator.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AttrEERequestGenerator.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -32,7 +32,8 @@
Parameters params = new Parameters();
params.setId(paramsId);
Parameter param = new Parameter();
- param.setParameter(paramKey, WSS_X509);
+ param.setParameter("name", paramKey);
+ param.setText(WSS_X509);
params.addParameter(param);
meta.setParameters(params);
@@ -55,7 +56,8 @@
Parameters params = new Parameters();
params.setId(paramsId);
Parameter param = new Parameter();
- param.setParameter(paramKey, secToken);
+ param.setParameter("name", paramKey);
+ param.setText(secToken);
params.addParameter(param);
meta.setParameters(params);
@@ -82,7 +84,8 @@
Parameters params = new Parameters();
params.setId(paramsId);
Parameter param = new Parameter();
- param.setParameter(paramKey, WSS_X509);
+ param.setParameter("name", paramKey);
+ param.setText(WSS_X509);
params.addParameter(param);
meta.setParameters(params);
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AuthREERequestGenerator.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AuthREERequestGenerator.java
2009-01-13 15:32:03 UTC (rev 4873)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/auth/client/AuthREERequestGenerator.java
2009-01-13 15:34:38 UTC (rev 4874)
@@ -22,7 +22,8 @@
Parameters params = new Parameters();
params.setId(paramsId);
Parameter param = new Parameter();
- param.setParameter(paramKey, WSS_X509);
+ param.setParameter("name", paramKey);
+ param.setText(WSS_X509);
params.addParameter(param);
meta.setParameters(params);
@@ -45,7 +46,8 @@
Parameters params = new Parameters();
params.setId(paramsId);
Parameter param = new Parameter();
- param.setParameter(paramKey, secToken);
+ param.setParameter("name", paramKey);
+ param.setText(secToken);
params.addParameter(param);
meta.setParameters(params);
- perfsonar: r4874 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/authn base2/service/authn/component/wssec base2/service/authn/tokens service/authService service/authService/auth/client, svnlog, 01/13/2009
Archive powered by MHonArc 2.6.16.