perfsonar-dev - perfsonar: r4903 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/util service/authService
Subject: perfsonar development work
List archive
perfsonar: r4903 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/util service/authService
Chronological Thread
- From:
- To:
- Subject: perfsonar: r4903 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/util service/authService
- Date: Fri, 23 Jan 2009 06:01:39 -0500
Author: rodriguez
Date: 2009-01-23 06:01:38 -0500 (Fri, 23 Jan 2009)
New Revision: 4903
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/util/ResultCodesUtil.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/GenericServiceEngine.java
Log:
- AuthNServiceEngine 100% functional for the AC & UbC profile
- Adding old fashion way for generating responses
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/util/ResultCodesUtil.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/util/ResultCodesUtil.java
2009-01-22 14:55:32 UTC (rev 4902)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/base2/service/util/ResultCodesUtil.java
2009-01-23 11:01:38 UTC (rev 4903)
@@ -32,7 +32,7 @@
meta.addChild(evt);
Data data = new Data("result-code-description", "result-code",
"nmwg");
- //Element datum = NMWGNamespaceFactory.getElement("datum", "nmwg");
+ //Element datum = NMWGNamespaceFactory.getElement("datum", "nmwg");
Element datum = new Element("datum", "nmwgr",
"http://ggf.org/ns/nmwg/result/2.0/";);
datum.setText(description);
data.addChild(datum);
@@ -40,6 +40,8 @@
message.addChild(meta);
message.addChild(data);
+ System.out.println(message.toString());
+
return message;
}
@@ -60,4 +62,42 @@
}
+ public static Message generateOldResultMessage(Message reqMessage,
String code, String description) {
+
+ Message message = reqMessage;
+
+ if (message == null)
+ message = new Message("ResultCode", "msg1");
+
+ Metadata meta = new Metadata("result-code", "nmwg");
+ EventType evt = new EventType(code, "nmwg");
+ meta.addChild(evt);
+
+ Data data = new Data("result-code-description", "result-code",
"nmwg");
+// Element datum = new Element("datum", "nmwgr",
"http://ggf.org/ns/nmwg/result/2.0/";);
+ // datum.setText(description);
+ // data.addChild(datum);
+
+ message.addChild(meta);
+ message.addChild(data);
+
+ return message;
+
+ }
+
+
+ public static Message generateOldResultMessage(Message reqMessage,
PerfSONARException ex) {
+ return generateOldResultMessage(reqMessage, ex.getResultCode(),
ex.getResultDescription());
+ }
+
+
+ public static Message generateOldResultMessage(String code, String
description) {
+ return generateOldResultMessage(null, code, description);
+ }
+
+
+ public static Message generateOldResultMessage(PerfSONARException ex) {
+ return generateOldResultMessage(null, ex.getResultCode(),
ex.getResultDescription());
+ }
+
}
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
2009-01-22 14:55:32 UTC (rev 4902)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/AuthNServiceEngine.java
2009-01-23 11:01:38 UTC (rev 4903)
@@ -5,23 +5,27 @@
import java.io.PrintWriter;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Properties;
import java.util.Vector;
+import javax.xml.namespace.QName;
+
import net.geant.edugain.base.Configurator;
import net.geant.edugain.validation.ComponentID;
import net.geant.edugain.validation.Validator;
+import org.apache.axiom.om.impl.llom.OMElementImpl;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.context.MessageContext;
import org.apache.log4j.Logger;
import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.message.token.Timestamp;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLStatement;
@@ -37,10 +41,7 @@
import org.perfsonar.base2.service.util.ResultCodesUtil;
import org.perfsonar.base2.xml.nmwg.Message;
import org.perfsonar.base2.xml.nmwg.Metadata;
-import org.perfsonar.base2.xml.nmwg.Parameter;
import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
public class AuthNServiceEngine extends GenericServiceEngine implements
ServiceEngine {
@@ -70,7 +71,7 @@
protected Configurator cfg;
protected Crypto tsCrypto;
-// static final WSSecurityEngine secEngine = new WSSecurityEngine();
+ static final WSSecurityEngine secEngine = new WSSecurityEngine();
public AuthNServiceEngine() throws PerfSONARException {
//get configuration
@@ -78,8 +79,8 @@
configuration = configurationManager.getConfiguration();
//init as
- loadKeyStore();
loadConfiguration();
+ loadKeyStore();
}
private void loadKeyStore() throws PerfSONARException {
@@ -103,9 +104,9 @@
try {
int max=Integer.parseInt(maxTtlToken);
props.put("service.as.maxttl",
String.valueOf(max));
- logger.debug("ASEngine: setting max ttl of
token to "+max);
+ logger.debug("AuthNServiceEngine: setting max
ttl of token to "+max);
} catch (NumberFormatException e) {
- logger.error("ASEngine: value of the
parameter service.as.maxttl is not valid. Disabled this feature");
+ logger.error("AuthNServiceEngine: value of
the parameter service.as.maxttl is not valid. Disabled this feature");
}
}
props.put("provider",
configuration.getExtensionOption("auth-engine", "service.as.crypt_provider"));
@@ -113,9 +114,9 @@
props.put(Configurator.PROPS_TRUSTSTORE_FILE,configuration.getExtensionOption("auth-engine",
"service.as.truststore_file"));
props.put(Configurator.PROPS_VALID_COMPONENTS,configuration.getExtensionOption("auth-engine",
"service.as.valid_components"));
try {
- logger.debug("ASEngine: getting the eduGAIN config
object...");
+ logger.debug("AuthNServiceEngine: getting the eduGAIN
config object...");
cfg = Configurator.getInstance(props);
- logger.debug("ASEngine: getting the eduGAIN validator
object...");
+ logger.debug("AuthNServiceEngine: getting the eduGAIN
validator object...");
val=new Validator(props);
} catch (Throwable e) {
e.printStackTrace();
@@ -133,25 +134,6 @@
public void takeAction(ServiceMessage serviceRequest, ServiceMessage
serviceResponse)
throws PerfSONARException {
-/*
- MessageContext mc=MessageContext.getCurrentMessageContext();
- SOAPEnvelope se = mc.getEnvelope();
- Document doc = null;
- try {
- doc = Axis2Util.getDocumentFromSOAPEnvelope(se, true);
- } catch (WSSecurityException e) {
- doc = null;
- } finally {
- if (doc == null) {
- String m = "AuthNServiceEngine: Cannot
process the Security Token";
- logger.error(m);
- throw new
PerfSONARException("error.authn.not_sectoken",m);
- }
- }
-
- Message request = serviceRequest.getMessageElement();
-*/
-
//extract message
Message request = serviceRequest.getMessageElement();
@@ -193,8 +175,6 @@
throw new
PerfSONARException("error.authn.wrong_params",m);
}
}
- String m = "AuthNAction: The request has not sent a valid
Security Token";
- throw new PerfSONARException("error.authn.not_sectoken",m);
}
protected void checkTimeStampInfo() throws PerfSONARException {
@@ -218,37 +198,51 @@
}
}
-/*
-
- MessageContext mc=MessageContext.getCurrentContext();
-*/
try {
-/*
- * org.apache.axis.Message
m=mc.getCurrentMessage();
- SOAPHeader sh=(SOAPHeader)m.getSOAPHeader();
-*/
- NodeList
nl=doc.getElementsByTagNameNS(WSSECHEADER_TIMESTAMP_NS,WSSECHEADER_TIMESTAMP);
- if (nl.getLength()>0) {
- Element e=(Element)nl.item(0);
- Timestamp ts=new Timestamp(e);
- long
start=ts.getCreated().getTimeInMillis();
- long
end=ts.getExpires().getTimeInMillis();
- if
(now.before(ts.getCreated())||now.after(ts.getExpires())) {
- logger.error("AuthNAction:
security token not valid. The token was created before or after right now");
- logger.error("AuthNAction:
**** Security token
("+ts.getCreated().getTimeInMillis()+","+ts.getExpires().getTimeInMillis()+")
vs now ("+now.getTimeInMillis()+")");
- if
(now.before(ts.getCreated())) {
- throw new
PerfSONARException("error.authn.timestamp","Security token not valid. The
token was created after right now");
+ boolean found = false;
+ ArrayList<?> list =
se.getHeader().getHeaderBlocksWithNSURI(WSSECHEADER_NS);
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) list.get(0);
+ Iterator<?> it = shb.getChildrenWithName(new
QName(WSSECHEADER_TIMESTAMP_NS, WSSECHEADER_TIMESTAMP));
+ while (it.hasNext()) {
+ OMElementImpl node =
(OMElementImpl)it.next();
+ if
(node.getLocalName().equals(WSSECHEADER_TIMESTAMP)) {
+ found = true;
+ long start = 0;
+ long end = 0;
+ Iterator<?> it2 =
node.getChildrenWithName(new QName(WSSECHEADER_TIMESTAMP_NS,"Created"));
+ if (it2.hasNext()) {
+ OMElementImpl node2 =
(OMElementImpl) it2.next();
+ java.text.DateFormat
df = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
+
df.setTimeZone(java.util.TimeZone.getTimeZone("Zulu"));
+ java.util.Date date =
df.parse(node2.getText());
+ start =
date.getTime();
+
}
- else {
- throw new
PerfSONARException("error.authn.timestamp","Security token not valid. The
token was expired before right now");
+ it2 =
node.getChildrenWithName(new QName(WSSECHEADER_TIMESTAMP_NS,"Expires"));
+ if (it2.hasNext()) {
+ OMElementImpl node2 =
(OMElementImpl) it2.next();
+ java.text.DateFormat
df = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
+
df.setTimeZone(java.util.TimeZone.getTimeZone("Zulu"));
+ java.util.Date date =
df.parse(node2.getText());
+ end = date.getTime();
}
+ if
(now.before(start)||now.after(end)) {
+
logger.error("AuthNAction: security token not valid. The token was created
before or after right now");
+
logger.error("AuthNAction: **** Security token ("+start+","+end+") vs now
("+now.getTimeInMillis()+")");
+ if
(now.before(start)) {
+ throw new
PerfSONARException("error.authn.timestamp","Security token not valid. The
token was created after right now");
+ }
+ else {
+ throw new
PerfSONARException("error.authn.timestamp","Security token not valid. The
token was expired before right now");
+ }
+ }
+ if ((end-start)>max) {
+
logger.error("AuthNAction: security token not valid. The valid period of time
of the token is too long. Max allowed is "+max);
+ throw new
PerfSONARException("error.authn.timestamp","The valid period of time of the
token is too long. Max allowed is "+max);
+ }
}
- if ((end-start)>max) {
- logger.error("AuthNAction:
security token not valid. The valid period of time of the token is too long.
Max allowed is "+max);
- throw new
PerfSONARException("error.authn.timestamp","The valid period of time of the
token is too long. Max allowed is "+max);
- }
}
- else {
+ if (found==false) {
logger.error("AuthNAction: security
token not valid. It's not included the timestamp information");
throw new
PerfSONARException("error.authn.timestamp","AuthNAction: It's not included
the timestamp information");
}
@@ -265,27 +259,15 @@
protected void checkWSSecHeader(Crypto tsCrypto) throws
PerfSONARException {
MessageContext mc=MessageContext.getCurrentMessageContext();
-// MessageContext mc=MessageContext.getCurrentContext();
try {
- /*
-
- org.apache.axis.Message m=mc.getCurrentMessage();
- SOAPHeader sh=(SOAPHeader)m.getSOAPHeader();
- NodeList
nl=sh.getElementsByTagNameNS(WSSECHEADER_NS,WSSECHEADER);
- Element wssec=(Element)nl.item(0);
- String actor=wssec.getAttributeNS(SOAPENV_NS,
WSSECHEADER_ACTOR);
- SOAPEnvelope env=m.getSOAPEnvelope();
- Document doc=env.getAsDocument();
- Vector result=secEngine.processSecurityHeader(doc,
actor, null, tsCrypto); */
-
SOAPEnvelope se = mc.getEnvelope();
Document
doc=Axis2Util.getDocumentFromSOAPEnvelope(se, true);
Crypto crypto = new DynamicCrypto();
- WSSecurityEngine secEngine = new WSSecurityEngine();
- // If there is any problem validating the SOAP
header, it throws an exception
- Vector result = secEngine.processSecurityHeader(doc,
null, null, crypto);
+ ArrayList<?> list =
se.getHeader().getHeaderBlocksWithNSURI(WSSECHEADER_NS);
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) list.get(0);
+ String actor=shb.getAttribute(new QName(SOAPENV_NS,
WSSECHEADER_ACTOR)).getAttributeValue();
+ Vector result = secEngine.processSecurityHeader(doc,
actor, null, crypto);
-
logger.info("AuthNAction: result=
'"+(result!=null)+"'");
if (result==null) {
throw new
PerfSONARException("error.authn.wssec","Null response checking the
signature");
@@ -349,7 +331,6 @@
}
protected boolean processX509AuthN(Message request) throws
PerfSONARException {
- logger.debug("AuthNAction: Processing the authN using the
X509 certificate");
SecurityToken st=new
SecurityToken(SecTokenManagerFactory.getDefaultSecTokenManager());
st.setSecTokenFromRequest();
Object stValue=st.getSecTokenValue();
@@ -379,28 +360,9 @@
protected Message getValidAuthNMessage(Message request) {
Message response = new Message();
response.setType(TYPE_RESPONSE);
- ResultCodesUtil.generateResultMessage(response,
- new PerfSONARException(
- EVENT_TYPE_SUCCESS,
- "This is successful echo response from the service"));
+
ResultCodesUtil.generateOldResultMessage(response,EVENT_TYPE_SUCCESS,"");
return response;
-/*
-
- Message response = new Message();
- response.setType(TYPE_RESPONSE);
-
- Metadata responseMetadata=new Metadata();
- EventType et=new EventType();
- responseMetadata.setEventType(et);
- et.setEventType(EVENT_TYPE_SUCCESS);
-
- Data responseData = new Data();
- responseData.setMetadataIdRef(responseMetadata.getId());
- response.addChild(responseData);
- response.setMetadata(responseMetadata);
-
- return response; */
}
}
Modified:
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/GenericServiceEngine.java
===================================================================
---
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/GenericServiceEngine.java
2009-01-22 14:55:32 UTC (rev 4902)
+++
branches/simple-service-with-base2/src/main/java/org/perfsonar/service/authService/GenericServiceEngine.java
2009-01-23 11:01:38 UTC (rev 4903)
@@ -45,41 +45,24 @@
*
<!-- lsKey to be updated -->
- <nmwg:key>
- <nmwg:parameters id="param1">
- <nmwg:parameter
name="lsKey">http://shower.fr:8080/axis/services/MeasurementArchiveService</nmwg:parameter>
- </nmwg:parameters>
- </nmwg:key>
-
+ <nmwg:parameters id="keys">
+ <nmwg:parameter
name="SecurityToken">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</nmwg:parameter>
+ </nmwg:parameters>
*/
protected String getParameterFromKey(
Metadata requestMetadata, String parameterName) {
- for (Element key : requestMetadata.getChildren("key")) {
- for (Element params : key.getChildren("parameters")) {
+ for (Element params : requestMetadata.getChildren("parameters"))
{
for (Element p : params.getChildren("parameter")) {
- String parameterValue = extractParameterValue(p);
- if (parameterName.equals(p.getName()))
+ String nameAttr = p.getAttribute("name");
+ if (nameAttr.equals(parameterName)) {
+ String parameterValue = p.getText().trim();
return parameterValue; //if key has keyId and
+ }
}
}
- }
return null;
}
- /**
- * Extract parameter value if value attribute not null or text content
- * @param p
- * @return
- */
- protected String extractParameterValue(Element p) {
- String val = p.getAttribute("value");
- if (val != null) return val;
- try {
- String txt = p.getText().trim();
- return txt;
- } catch (Exception e) {}
- return null;
- }
}
- perfsonar: r4903 - in branches/simple-service-with-base2/src/main/java/org/perfsonar: base2/service/util service/authService, svnlog, 01/23/2009
Archive powered by MHonArc 2.6.16.