perfsonar-dev - perfsonar: r5014 - in trunk/perfsonar_base: . ant src/main/java/org/perfsonar/base/ant src/main/java/org/perfsonar/base/auxiliary/components/authn src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec src/main/java/org/perfsonar/client/base/requests/authService src/main/java/org/perfsonar/client/testHarness src/main/java/org/perfsonar/service/base/authn src/main/java/org/perfsonar/service/base/authn/tokens src/main/java/org/perfsonar/service/base/engine src/main/java/org/perfsonar/service/base/messages src/main/java/org/perfsonar/service/base/web

Subject: perfsonar development work

List archive

perfsonar: r5014 - in trunk/perfsonar_base: . ant src/main/java/org/perfsonar/base/ant src/main/java/org/perfsonar/base/auxiliary/components/authn src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec src/main/java/org/perfsonar/client/base/requests/authService src/main/java/org/perfsonar/client/testHarness src/main/java/org/perfsonar/service/base/authn src/main/java/org/perfsonar/service/base/authn/tokens src/main/java/org/perfsonar/service/base/engine src/main/java/org/perfsonar/service/base/messages src/main/java/org/perfsonar/service/base/web

From:
To:
Subject: perfsonar: r5014 - in trunk/perfsonar_base: . ant src/main/java/org/perfsonar/base/ant src/main/java/org/perfsonar/base/auxiliary/components/authn src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec src/main/java/org/perfsonar/client/base/requests/authService src/main/java/org/perfsonar/client/testHarness src/main/java/org/perfsonar/service/base/authn src/main/java/org/perfsonar/service/base/authn/tokens src/main/java/org/perfsonar/service/base/engine src/main/java/org/perfsonar/service/base/messages src/main/java/org/perfsonar/service/base/web
Date: Wed, 4 Mar 2009 07:55:16 -0500

Author: rodriguez
Date: 2009-03-04 07:55:15 -0500 (Wed, 04 Mar 2009)
New Revision: 5014

Added:

trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/requests/authService/AttrEERequestGenerator.java

trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/requests/authService/AuthREERequestGenerator.java

trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPUbCClient.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AttrRequest.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AttrResponse.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AuthRRequest.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AuthRResponse.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/messages/AttrEERequest.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/messages/AuthREERequest.java
Modified:
trunk/perfsonar_base/ant/build.xml
trunk/perfsonar_base/ant/const.properties
trunk/perfsonar_base/pom.xml
trunk/perfsonar_base/src/main/java/org/perfsonar/base/ant/antlib.xml

trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/AuthNComponent.java

trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec/WSSecAuthNComponent.java

trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/UbCSaslTest.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchManager.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchProtocol.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchSOAPProtocol.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/tokens/SecTokenSOAPManager.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/engine/ActionType.java

trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/web/RequestHandler.java
Log:
- Adding authr & attr support to pSbase 1
- Adding the authr component within pSbase 1

Modified: trunk/perfsonar_base/ant/build.xml
===================================================================
--- trunk/perfsonar_base/ant/build.xml 2009-03-04 10:30:46 UTC (rev 5013)
+++ trunk/perfsonar_base/ant/build.xml 2009-03-04 12:55:15 UTC (rev 5014)
@@ -82,7 +82,8 @@
<psbase:init-lib-dependencies
localRepositoryPath="lib/repository"

remoteRepositoryUri1="http://anonsvn.internet2.edu/svn/perfsonar/trunk/jar-repository/";
- remoteRepositoryUri2="http://www.ibiblio.org/maven2"/>
+ remoteRepositoryUri2="http://www.ibiblio.org/maven2";
+
remoteRepositoryUri3="http://anonsvn.internet2.edu/svn/perfsonar/trunk/jar-repository/"/>
</target>

Modified: trunk/perfsonar_base/ant/const.properties
===================================================================
--- trunk/perfsonar_base/ant/const.properties 2009-03-04 10:30:46 UTC (rev
5013)
+++ trunk/perfsonar_base/ant/const.properties 2009-03-04 12:55:15 UTC (rev
5014)
@@ -13,4 +13,4 @@
# name of jar file to be created
jarfilename=perfsonar-base
# version of the product (will be included in the final name of jar file)
-version=1.0.20090210
+version=1.0.20090304

Modified: trunk/perfsonar_base/pom.xml
===================================================================
--- trunk/perfsonar_base/pom.xml 2009-03-04 10:30:46 UTC (rev 5013)
+++ trunk/perfsonar_base/pom.xml 2009-03-04 12:55:15 UTC (rev 5014)
@@ -9,8 +9,8 @@
<name>Perfsonar Base package</name>
<version>1.0.20090210</version>
<description>
- The perfSONAR base provides a number of common, shared
classes which can be used by
- MA, MP and Clients.
+ The perfSONAR base provides a number of common, shared
classes which can be used by
+ MA, MP and Clients.
</description>
<url>
http://wiki.perfsonar.net/
@@ -73,7 +73,7 @@
<artifactId>nmwg</artifactId>
<version>1.0.20090210</version>
</dependency>
-
+
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis</artifactId>
@@ -166,7 +166,7 @@
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
-
+
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
@@ -177,14 +177,14 @@
<artifactId>mail</artifactId>
<version>1.3.2</version>
</dependency>
-
+
<dependency>
<groupId>tomcat</groupId>
<artifactId>servlet-api</artifactId>
<version>5.0.28</version>
<scope>provided</scope>
</dependency>
-
+
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
@@ -217,7 +217,7 @@
<artifactId>antlr</artifactId>
<version>2.7.7</version>
</dependency>
-
+
<dependency>
<groupId>xml-security</groupId>
<artifactId>xmlsec</artifactId>
@@ -275,7 +275,7 @@
<artifactId>ibatis-common</artifactId>
<version>2.1.7.597</version>
</dependency>
-
+
<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>saxon</artifactId>
@@ -290,11 +290,11 @@
<groupId>net.sf.saxon</groupId>
<artifactId>saxon-dom</artifactId>
<version>8.7</version>
- </dependency>
+ </dependency>
<dependency>
<groupId>edugain</groupId>
<artifactId>edugain</artifactId>
- <version>1.0-RC2</version>
+ <version>1.0</version>
<optional>false</optional>
</dependency>
</dependencies>
@@ -345,7 +345,7 @@
<minimumTokens>100</minimumTokens>
<targetJdk>1.5</targetJdk>
</configuration>
- </plugin>
+ </plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
@@ -355,7 +355,7 @@
<xmlOutput>true</xmlOutput>
</configuration>
</plugin>
- 

-

+
<macrodef name="init-lib-dependencies"
xmlns:artifact="urn:maven-artifact-ant">
<attribute name="localRepositoryPath"/>
<attribute name="remoteRepositoryUri1"/>
<attribute name="remoteRepositoryUri2"/>
+ <attribute name="remoteRepositoryUri3"/>
<sequential>
<path id="maven.classpath">
<pathelement
location="${basedir}/lib/misc/maven-artifact-ant-2.0.4-dep.jar" />
</path>
- <typedef resource="org/apache/maven/artifact/ant/antlib.xml"
+ <typedef resource="org/apache/maven/artifact/ant/antlib.xml"
uri="urn:maven-artifact-ant">
<classpath refid="maven.classpath"/>
</typedef>
@@ -155,6 +156,8 @@
url="@{remoteRepositoryUri1}"/>
<artifact:remoteRepository id="remote.repository.2"
url="@{remoteRepositoryUri2}"/>
+ <artifact:remoteRepository id="remote.repository.3"
+ url="@{remoteRepositoryUri3}"/>
</sequential>
</macrodef>

@@ -200,12 +203,14 @@
<dependency groupId="bouncycastle" artifactId="bcprov-jdk15"
version="124"/>
<dependency groupId="wss4j" artifactId="wss4j"
version="1.5.1"/>
<dependency groupId="javolution" artifactId="javolution"
version="3.7"/>
- <dependency groupId="opensaml" artifactId="opensaml"
version="2.0-TP2-jdk-1.5"/>
- <dependency groupId="xmltooling" artifactId="xmltooling"
version="1.0-TP2-jdk-1.5"/>
+ <dependency groupId="opensaml"
artifactId="opensaml" version="2.2.3"/>
+ <dependency groupId="xmltooling"
artifactId="xmltooling" version="1.2.0"/>
<dependency groupId="opensaml" artifactId="opensaml1"
version="1.1"/>
- <dependency groupId="edugain" artifactId="edugain"
version="0.6"/>
+ <dependency groupId="edugain" artifactId="edugain"
version="1.0"/>
<dependency groupId="sasl-ca" artifactId="sasl-ca"
version="1.0"/>
<dependency groupId="codec" artifactId="codec"
version="1.0"/>
+ <dependency groupId="perfsonar"
artifactId="perfsonar-authr" version="0.5"/>
+ <dependency groupId="com.sun.xacml" artifactId="sunxacml"
version="1.2"/>

<dependency groupId="joda-time" artifactId="joda-time"
version="1.4"/>

@@ -404,8 +409,8 @@



-

+
<macrodef name="create-ggf-objects-config">
<attribute name="nmwg-directory"/>
<sequential>
@@ -736,12 +741,14 @@
<copy
file="${basedir}/lib/repository/bouncycastle/bcprov-jdk15/124/bcprov-jdk15-124.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
<copy
file="${basedir}/lib/repository/wss4j/wss4j/1.5.1/wss4j-1.5.1.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
<copy
file="${basedir}/lib/repository/javolution/javolution/3.7/javolution-3.7.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
- <copy
file="${basedir}/lib/repository/opensaml/opensaml/2.0-TP2-jdk-1.5/opensaml-2.0-TP2-jdk-1.5.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
- <copy
file="${basedir}/lib/repository/xmltooling/xmltooling/1.0-TP2-jdk-1.5/xmltooling-1.0-TP2-jdk-1.5.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
+ <copy
file="${basedir}/lib/repository/opensaml/opensaml/2.2.3/opensaml-2.2.3.jar"

todir="@{dest-jars-path}/WEB-INF/lib"/>
+ <copy
file="${basedir}/lib/repository/xmltooling/xmltooling/1.2.0/xmltooling-1.2.0.jar"

todir="@{dest-jars-path}/WEB-INF/lib"/>
<copy
file="${basedir}/lib/repository/opensaml/opensaml1/1.1/opensaml1-1.1.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
- <copy
file="${basedir}/lib/repository/edugain/edugain/0.6/edugain-0.6.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
+ <copy
file="${basedir}/lib/repository/edugain/edugain/1.0/edugain-1.0.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
<copy
file="${basedir}/lib/repository/sasl-ca/sasl-ca/1.0/sasl-ca-1.0.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
<copy file="${basedir}/lib/repository/codec/codec/1.0/codec-1.0.jar"

todir="@{dest-jars-path}/WEB-INF/lib"/>
+ <copy
file="${basedir}/lib/repository/perfsonar/perfsonar-authr/0.5/perfsonar-authr-0.5.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>
+ <copy
file="${basedir}/lib/repository/com/sun/xacml/sunxacml/1.2/sunxacml-1.2.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>

<copy
file="${basedir}/lib/repository/joda-time/joda-time/1.4/joda-time-1.4.jar"
todir="@{dest-jars-path}/WEB-INF/lib"/>

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/AuthNComponent.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/AuthNComponent.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/AuthNComponent.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -6,6 +6,12 @@
public static final String CHECK_AUTHN_PARAM =
"service.as.authn_active";
public static final String YES_CHECK_AUTHN = "on";
public static final String LIST_MSG_AUTHN =
"service.as.authn_for_msg_types";
+
+ public static final String CHECK_AUTHR_PARAM =
"service.as.authr_active";
+ public static final String YES_CHECK_AUTHR = "on";
+ public static final String LIST_MSG_AUTHR =
"service.as.authr_for_msg_types";

public void requestAuthN(String messageType) throws
PerfSONARException;
+
+ public void requestAuthR(String messageType,String eventType) throws
PerfSONARException;
}

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec/WSSecAuthNComponent.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec/WSSecAuthNComponent.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec/WSSecAuthNComponent.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -1,5 +1,6 @@
package org.perfsonar.base.auxiliary.components.authn.wssec;

+import java.net.URLEncoder;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;
@@ -12,22 +13,34 @@
import org.perfsonar.base.auxiliary.components.logger.LoggerComponent;
import org.perfsonar.base.exceptions.PerfSONARException;
import org.perfsonar.service.base.authn.AADispatchManager;
+import org.perfsonar.service.base.authn.AADispatchProtocol;
import org.perfsonar.service.base.authn.AADispatchProtocolFactory;
import org.perfsonar.service.base.authn.AuthNRequest;
import org.perfsonar.service.base.authn.AuthNResponse;
+import org.perfsonar.service.base.authn.AuthRRequest;
+import org.perfsonar.service.base.authn.AuthRResponse;
import org.perfsonar.service.base.authn.tokens.SecTokenManagerFactory;
+import org.perfsonar.service.base.authn.tokens.SecTokenSOAPManager;
import org.perfsonar.service.base.authn.tokens.SecurityToken;

public class WSSecAuthNComponent implements AuthNComponent,
AuxiliaryComponent {
+ private final String COMP_ID_SERVICE = "service.as.comp_id";
private String componentName = null;
private LoggerComponent logger;
private ConfigurationComponent configuration;
+
private boolean checkAuthN;
- private Set<String> messageTypes;
+ private Set<String> messageTypesAuthN;

+ private boolean checkAuthR;
+ private Set<String> messageTypesAuthR;
+
public WSSecAuthNComponent() {
checkAuthN = false;
- messageTypes = new HashSet<String>();
+ messageTypesAuthN = new HashSet<String>();
+
+ checkAuthR = false;
+ messageTypesAuthR = new HashSet<String>();
}

public String getComponentName() {
@@ -51,20 +64,35 @@
}
try {
String checkAuthNParam=null;
+ String checkAuthRParam=null;
try {

checkAuthNParam=configuration.getProperty(AuthNComponent.CHECK_AUTHN_PARAM);
} catch (PerfSONARException e) {
checkAuthNParam=null;
}
+ try {
+
checkAuthRParam=configuration.getProperty(AuthNComponent.CHECK_AUTHR_PARAM);
+ } catch (PerfSONARException e) {
+ checkAuthRParam=null;
+ }
if
(checkAuthNParam!=null&&checkAuthNParam.equals(AuthNComponent.YES_CHECK_AUTHN))
{
checkAuthN = true;
String
listMsgsParam=configuration.getProperty(AuthNComponent.LIST_MSG_AUTHN);
StringTokenizer st=new
StringTokenizer(listMsgsParam,",");
while (st.hasMoreTokens()) {
String msg=st.nextToken();
- messageTypes.add(msg);
+ messageTypesAuthN.add(msg);
}
}
+ if
(checkAuthRParam!=null&&checkAuthRParam.equals(AuthNComponent.YES_CHECK_AUTHR))
{
+ checkAuthR = true;
+ String
listMsgsParam=configuration.getProperty(AuthNComponent.LIST_MSG_AUTHR);
+ StringTokenizer st=new
StringTokenizer(listMsgsParam,",");
+ while (st.hasMoreTokens()) {
+ String msg=st.nextToken();
+ messageTypesAuthR.add(msg);
+ }
+ }
} catch (Exception e) {
checkAuthN=false;
}
@@ -78,9 +106,13 @@
return checkAuthN;
}

+ public boolean isRequiredAuthR() {
+ return checkAuthR;
+ }
+
public void requestAuthN(String messageType) throws
PerfSONARException {
if (isRequiredAuthN()) {
- if (messageTypes.contains(messageType)) {
+ if (messageTypesAuthN.contains(messageType)) {
SecurityToken st=new
SecurityToken(SecTokenManagerFactory.getDefaultSecTokenManager());
if (!st.hasSecTokenInRequest()) {
throw new
PerfSONARException("error.authn.not_sectoken","WSSecAuthNComponent: It has
not sent any Security Token");
@@ -96,4 +128,47 @@
}
}
}
+
+ private String getResource() throws PerfSONARException {
+ String res=configuration.getProperty(COMP_ID_SERVICE);
+ if (res==null) {
+ throw new
PerfSONARException("error.as.edugain","Component ID not configured");
+ }
+ return res;
+ }
+
+ public void requestAuthR(String messageType,String eventType) throws
PerfSONARException {
+ boolean authr=false;
+ if (isRequiredAuthR()) {
+ if (messageTypesAuthR.contains(messageType)) {
+ authr=true;
+ SecurityToken st=new
SecurityToken(SecTokenManagerFactory.getDefaultSecTokenManager());
+ if (!st.hasSecTokenInRequest()) {
+ throw new
PerfSONARException("error.authn.not_sectoken","WSSecAuthNComponent: It has
not sent any Security Token");
+ }
+ st.setSecTokenFromRequest();
+ AuthRRequest authrReq=new AuthRRequest(st,
messageType);
+ authrReq.setResource(getResource());
+ if (!(eventType==null||eventType.equals("")))
{
+
authrReq.setAction(URLEncoder.encode(messageType)+":"+URLEncoder.encode(eventType));
+ }
+ try {
+
authrReq.setSubject(SecTokenSOAPManager.getSubject(st));
+ } catch (Exception e) {
+ throw new
PerfSONARException("error.authn.not_sectoken","WSSecAuthNComponent: Cannot
get authR data from the Security Token");
+ }
+
+ AADispatchProtocol
prot=AADispatchProtocolFactory.getDefaultAADispatchProtocol();
+ AADispatchManager aadm=new
AADispatchManager(prot);
+ AuthRResponse
authrRes=aadm.getAuthorization(authrReq);
+ if
(authrRes.getStatus()!=AuthNResponse.AUTHENTICATED) {
+ logger.debug("WSSecAuthNComponent:
Authentication failed ("+authrRes.getResultCode()+")");
+ throw new
PerfSONARException(authrRes.getResultCode(),"Authentication failed");
+ }
+ }
+ }
+ if (!authr) {
+ requestAuthN(messageType);
+ }
+ }
}

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/requests/authService/AttrEERequestGenerator.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/base/requests/authService/AuthREERequestGenerator.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/SOAPUbCClient.java

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/UbCSaslTest.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/UbCSaslTest.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/client/testHarness/UbCSaslTest.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -13,6 +13,7 @@
import java.text.DateFormat;
import java.util.Collection;
import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
import java.util.Vector;

@@ -20,6 +21,9 @@
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;

+import net.geant.authr.pep.RequestFactory;
+import net.geant.authr.pep.SimpleRequest;
+
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import org.apache.axis.message.SOAPBodyElement;
@@ -35,13 +39,21 @@
import org.apache.xml.serialize.XMLSerializer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.ggf.ns.nmwg.base.v2_0.Message;
+import org.ggf.ns.nmwg.tools.org.perfsonar.service.as.authr.v1_0.Subject;
import org.perfsonar.base.auxiliary.components.authn.DynamicCrypto;
import org.perfsonar.base.auxiliary.components.authn.SOAPUtil;
import org.perfsonar.base.exceptions.PerfSONARException;
+import org.perfsonar.base.util.XMLUtils;
+import org.perfsonar.client.base.authn.AuthNDataFactory;
+import org.perfsonar.client.base.authn.AuthNX509Data;
import org.perfsonar.client.base.authn.saslca.SASLCAClient;
import org.perfsonar.client.base.authn.saslca.SASLCAClientConfiguration;
import org.perfsonar.client.base.authn.saslca.UserID;
+import org.perfsonar.client.base.requests.authService.AttrEERequestGenerator;
import
org.perfsonar.client.base.requests.authService.AuthNEERequestGenerator;
+import
org.perfsonar.client.base.requests.authService.AuthREERequestGenerator;
+import org.perfsonar.service.base.authn.AttrRequest;
+import org.perfsonar.service.base.authn.AuthRRequest;
import org.w3c.dom.Document;

public class UbCSaslTest {
@@ -87,7 +99,7 @@
System.out.println("Password: " + userpassword);
System.out.println("Operation: " + oper);
System.out.println("End Point: " + endPoint);
-
+
System.setProperty("javax.net.ssl.trustStore",
tsFile);

System.setProperty("javax.net.ssl.trustStorePassword", tsPassword);
System.setProperty("javax.net.ssl.trustStoreType",
tsType);
@@ -103,6 +115,12 @@
else if (oper.equals("authn")) {
sendAuthNEERequest(keyPair,endPoint);
}
+ else if (oper.equals("authr")) {
+ sendAuthREERequest(keyPair,endPoint);
+ }
+ else if (oper.equals("attr")) {
+ sendAttrEERequest(keyPair, endPoint);
+ }

} catch (PerfSONARException e) {
e.printStackTrace();
@@ -110,7 +128,7 @@
e.printStackTrace();
}
}
-
+
public void checkCertificate(KeyPair keyPair) throws
CertificateParsingException, PerfSONARException {
X509Certificate certificate = client.getCertficate(keyPair);
System.out.println("Issuer DN:
"+certificate.getIssuerDN().toString());
@@ -129,7 +147,7 @@
System.out.println("Valid from:
"+DateFormat.getInstance().format(certificate.getNotBefore()));
System.out.println("Valid until:
"+DateFormat.getInstance().format(certificate.getNotAfter()));
}
-
+
public void sendAuthNEERequest(KeyPair keyPair,String endPoint)
throws PerfSONARException {
try {
// prepare to call - set service elements
@@ -157,7 +175,7 @@
// add the security provider
BouncyCastleProvider bcp = new BouncyCastleProvider();
java.security.Security.addProvider((Provider)bcp);
-
+
Crypto crypto = new DynamicCrypto();
KeyStore ks=crypto.getKeyStore();

@@ -184,7 +202,7 @@
WSSecHeader secHeader = new WSSecHeader();
secHeader.setActor("test");
secHeader.insertSecurityHeader(doc);
-
+
// Signing the message
Document signedDoc = sec509.build(doc, crypto, secHeader);

@@ -212,7 +230,7 @@
// change it to document - here is where validity
// can be checked..
result = resultSBE.getAsDocument();
-
+
// output it to a string
StringWriter outWriter = new StringWriter();

@@ -226,7 +244,7 @@
serial.serialize( result.getDocumentElement() );

outWriter.close();
-
+
System.out.println("---- Response message");
System.out.println(outWriter.toString());
System.out.println("---------------------");
@@ -235,6 +253,202 @@
}
}

+ public void sendAttrEERequest(KeyPair keyPair,String endPoint) throws
PerfSONARException {
+ try {
+ checkCertificate(keyPair);
+
+ PrivateKey privateKey=keyPair.getPrivate();
+ X509Certificate cert = client.getCertficate(keyPair);
+
+ AttrRequest attrReq = new AttrRequest();
+ attrReq.setIssuer("Issuer");
+
attrReq.setSubject("urn:geant:edugain:component:be:gidp:user:first_candido-perfSONAR.net");
+ List<String> listValues = new LinkedList<String>();
+ listValues.add("perfSONAR.net");
+ attrReq.addAttribute("urn:oid:1.3.6.1.4.1.25178.1.2.9",
"schacHomeOrganization", listValues);
+
+ // prepare to call - set service elements
+ Service service = new Service();
+ Call call = (Call)service.createCall();
+ call.setTargetEndpointAddress(new URL(endPoint));
+ call.setOperationName(new
QName("http://soapinterop.org/","submit";));
+
+ // read the request into a org.w3c.DOM.Document
+ DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ AttrEERequestGenerator rg = new AttrEERequestGenerator();
+ Message rm=rg.generateRequestMessage(attrReq);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document request = builder.newDocument();
+ request = rm.getDOM(request);
+ System.out.println("++++++++++++++++");
+ System.out.println(XMLUtils.serializeDOM(request));
+
+ // build a SOAPBodyElement from the document
+ SOAPBodyElement requestMessage =
+ new SOAPBodyElement(request.getDocumentElement());
+
+ AuthNX509Data
authnData=AuthNDataFactory.getDefaultAuthNX509Data();
+ Object reqRaw=authnData.addX509STInMessage(requestMessage,
privateKey, cert);
+ SOAPEnvelope envelope = (SOAPEnvelope)reqRaw;
+
+ Document signedDoc = envelope.getAsDocument();
+ System.out.println("&&&&&&&&&&&&&");
+ System.out.println(XMLUtils.serializeDOM(signedDoc));
+
+ org.apache.axis.Message signedMsg = (org.apache.axis.Message)
SOAPUtil.toSOAPMessage(signedDoc);
+ envelope = signedMsg.getSOAPEnvelope();
+
+ // get a timestamp.
+ double startTime =
+ new Long(System.currentTimeMillis()).doubleValue();
+
+ // call on the end point
+ Object resultObject = call.invoke(envelope);
+
+ // get another timestamp
+ double endTime =
+ new Long(System.currentTimeMillis()).doubleValue();
+
+ SOAPEnvelope envelopeResult;
+ SOAPBodyElement resultSBE;
+ Document result = null;
+
+ envelopeResult= (SOAPEnvelope)resultObject;
+ resultSBE= envelopeResult.getFirstBody();
+
+ // change it to document - here is where validity
+ // can be checked..
+ result = resultSBE.getAsDocument();
+
+ // output it to a string
+ StringWriter outWriter = new StringWriter();
+
+ OutputFormat format = new OutputFormat( result );
+ format.setIndent(4);
+ format.setIndenting(true);
+ format.setLineSeparator("\n");
+
+ XMLSerializer serial = new XMLSerializer(outWriter,
format );
+ serial.asDOMSerializer();
+ serial.serialize( result.getDocumentElement() );
+
+ outWriter.close();
+
+ System.out.println("---- Response message");
+ System.out.println(outWriter.toString());
+ System.out.println("---------------------");
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new PerfSONARException(e.getMessage());
+ }
+ }
+
+ public void sendAuthREERequest(KeyPair keyPair,String endPoint)
throws PerfSONARException {
+ try {
+ checkCertificate(keyPair);
+
+ PrivateKey privateKey=keyPair.getPrivate();
+ X509Certificate cert = client.getCertficate(keyPair);
+
+ AuthRRequest authrReq = new AuthRRequest();
+ authrReq.setAction("EchoRequest");
+
authrReq.setSubject("urn:geant:edugain:component:be:gidp:user:first_candido-perfSONAR.net");
+
authrReq.setResource("urn:geant:edugain:component:perfsonarresource:rediris:geant2-java-sql-ma-1.0:http%3A//localhost%3A8889/geant2-java-sql-ma/services/measurementArchiveService");
+
+ Message authrRequest = new
AuthREERequestGenerator().generateRequestMessage();
+
+ SimpleRequest simpleRequest = null;
+ simpleRequest =
RequestFactory.getDefaultSimpleRequest();
+ simpleRequest.setResource(authrReq.getResource());
+ simpleRequest.setAction(authrReq.getAction());
+ simpleRequest.setSubject(authrReq.getSubject());
+ String reqString=simpleRequest.getMessage();
+ reqString = reqString.replaceAll("\n", "");
+ reqString = reqString.replaceAll("\r", "");
+ reqString = reqString.replaceAll("\t", "");
+ reqString = reqString.replaceAll(" ", "");
+ Subject authrElement = new Subject();
+ authrElement.setSubject(reqString);
+
authrRequest.getMetadata("authRmetadata").setSubject(authrElement);
+
+ // prepare to call - set service elements
+ Service service = new Service();
+ Call call = (Call)service.createCall();
+ call.setTargetEndpointAddress(new URL(endPoint));
+ call.setOperationName(new
QName("http://soapinterop.org/","submit";));
+
+ // read the request into a org.w3c.DOM.Document
+ DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document request = builder.newDocument();
+ request = authrRequest.getDOM(request);
+ System.out.println("++++++++++++++++");
+ System.out.println(XMLUtils.serializeDOM(request));
+
+ // build a SOAPBodyElement from the document
+ SOAPBodyElement requestMessage =
+ new SOAPBodyElement(request.getDocumentElement());
+
+ AuthNX509Data
authnData=AuthNDataFactory.getDefaultAuthNX509Data();
+ Object reqRaw=authnData.addX509STInMessage(requestMessage,
privateKey, cert);
+ SOAPEnvelope envelope = (SOAPEnvelope)reqRaw;
+
+ Document signedDoc = envelope.getAsDocument();
+ System.out.println("&&&&&&&&&&&&&");
+ System.out.println(XMLUtils.serializeDOM(signedDoc));
+
+ org.apache.axis.Message signedMsg = (org.apache.axis.Message)
SOAPUtil.toSOAPMessage(signedDoc);
+ envelope = signedMsg.getSOAPEnvelope();
+
+ // get a timestamp.
+ double startTime =
+ new Long(System.currentTimeMillis()).doubleValue();
+
+ // call on the end point
+ Object resultObject = call.invoke(envelope);
+
+ // get another timestamp
+ double endTime =
+ new Long(System.currentTimeMillis()).doubleValue();
+
+ SOAPEnvelope envelopeResult;
+ SOAPBodyElement resultSBE;
+ Document result = null;
+
+ envelopeResult= (SOAPEnvelope)resultObject;
+ resultSBE= envelopeResult.getFirstBody();
+
+ // change it to document - here is where validity
+ // can be checked..
+ result = resultSBE.getAsDocument();
+
+ // output it to a string
+ StringWriter outWriter = new StringWriter();
+
+ OutputFormat format = new OutputFormat( result );
+ format.setIndent(4);
+ format.setIndenting(true);
+ format.setLineSeparator("\n");
+
+ XMLSerializer serial = new XMLSerializer(outWriter,
format );
+ serial.asDOMSerializer();
+ serial.serialize( result.getDocumentElement() );
+
+ outWriter.close();
+
+ System.out.println("---- Response message");
+ System.out.println(outWriter.toString());
+ System.out.println("---------------------");
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new PerfSONARException(e.getMessage());
+ }
+ }
+
public static void main(String[] args) {
UbCSaslTest ubcSasl = new UbCSaslTest();
ubcSasl.test(args);

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchManager.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchManager.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchManager.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -12,4 +12,8 @@
public AuthNResponse getAuthentication(AuthNRequest req) throws
PerfSONARException {
return protocol.getAuthentication(req);
}
+
+ public AuthRResponse getAuthorization(AuthRRequest req) throws
PerfSONARException {
+ return protocol.getAuthorization(req);
+ }
}

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchProtocol.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchProtocol.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchProtocol.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -4,4 +4,6 @@

public interface AADispatchProtocol {
public AuthNResponse getAuthentication(AuthNRequest req) throws
PerfSONARException;
+ public AuthRResponse getAuthorization(AuthRRequest req) throws
PerfSONARException;
+ public AttrResponse getAttributes(AttrRequest req) throws
PerfSONARException;
}

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchSOAPProtocol.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchSOAPProtocol.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AADispatchSOAPProtocol.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -1,7 +1,5 @@
package org.perfsonar.service.base.authn;

-import java.io.File;
-import java.io.FileNotFoundException;
import java.io.StringWriter;
import java.net.URL;
import java.util.Iterator;
@@ -10,7 +8,12 @@
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.transform.TransformerException;

+import net.geant.authr.pep.RequestFactory;
+import net.geant.authr.pep.SimpleDelegatedRequest;
+import net.geant.authr.pep.SimpleRequest;
+
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import org.apache.axis.message.SOAPBodyElement;
@@ -20,12 +23,18 @@
import org.ggf.ns.nmwg.base.v2_0.Metadata;
import org.ggf.ns.nmwg.base.v2_0.Parameter;
import org.ggf.ns.nmwg.base.v2_0.Parameters;
+import org.ggf.ns.nmwg.tools.org.perfsonar.service.as.authr.v1_0.Subject;
+import org.opensaml.SAMLAssertion;
import org.perfsonar.base.auxiliary.AuxiliaryComponentManager;
import org.perfsonar.base.auxiliary.ComponentNames;
import
org.perfsonar.base.auxiliary.components.configuration.ConfigurationComponent;
import org.perfsonar.base.auxiliary.components.logger.LoggerComponent;
import org.perfsonar.base.exceptions.PerfSONARException;
+import org.perfsonar.client.base.requests.authService.AttrEERequestGenerator;
import
org.perfsonar.client.base.requests.authService.AuthNEERequestGenerator;
+import
org.perfsonar.client.base.requests.authService.AuthREERequestGenerator;
+import org.perfsonar.service.base.authn.tokens.SecTokenSOAPManager;
+import org.perfsonar.service.base.authn.tokens.SecurityToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -33,6 +42,7 @@
public class AADispatchSOAPProtocol implements AADispatchProtocol {
public static final String
WSS_X509="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";;
public static final String
WSS_SAML="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";;
+
private final String AS_POINT_PARAM = "service.as.point";
private final String SAX_PARSER_CONFIG = "service.sax_parser.config";
private LoggerComponent logger;
@@ -59,7 +69,7 @@
}
try {
asPoint=config.getProperty(AS_POINT_PARAM);
- saxParser=attemptSaxParserConfigLookup();
+ saxParser=config.getProperty(SAX_PARSER_CONFIG);
} catch (Exception e) {
String m = "AADispatchSOAPProtocol: Can't obtain
required parameters ";
logger.error(m);
@@ -78,86 +88,119 @@
this.asPoint=asPoint;
this.saxParser=saxParser;
}
+

- public AuthNResponse getAuthentication(AuthNRequest req) throws
PerfSONARException {
- AuthNResponse resp=new AuthNResponse();
- // prepare to call - set service elements
- try {
- Service service = new Service();
- Call call = (Call)service.createCall();
- call.setTargetEndpointAddress(new URL(asPoint));
- call.setOperationName(new
QName("http://soapinterop.org/","submit";));
-
- // read the request into a org.w3c.DOM.Document
- DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
-
- DocumentBuilder builder =
factory.newDocumentBuilder();
- Document request = builder.newDocument();
- Message authnRequest = new
AuthNEERequestGenerator().generateRequestMessage();
+ private String getClient(SecurityToken token) throws Exception {
+ Object stValue=token.getSecTokenValue();
+ if (SecTokenSOAPManager.isDelegated(token)) {
+ SAMLAssertion assertion=(SAMLAssertion)stValue;
+ String clientIssuer=assertion.getIssuer();

- // get the parameter which specifies the format of
the security token
- Parameters params=null;
- Parameter parameter=null;
- Metadata[] mds=authnRequest.getMetadataArray();
- for (int i=0; i<mds.length; i++) {
- params=mds[i].getParameters();
- Parameter[] pars=params.getParameterArray();
- for (int j=0; j<pars.length; j++) {
- if
(pars[j].getParameterName().equals("SecurityToken")) {
- parameter=pars[j];
- }
+ return clientIssuer;
+ }
+
+ return "";
+ }
+
+ private Document updateSecurityTokenParameter(Document request,
Message requestMessage, SecurityToken token) throws TransformerException {
+ // get the parameter which specifies the format of the
security token
+ Parameters params=null;
+ Parameter parameter=null;
+ Metadata[] mds=requestMessage.getMetadataArray();
+ for (int i=0; i<mds.length; i++) {
+ params=mds[i].getParameters();
+ Parameter[] pars=params.getParameterArray();
+ for (int j=0; j<pars.length; j++) {
+ if
(pars[j].getParameterName().equals("SecurityToken")) {
+ parameter=pars[j];
}
}
+ }

- javax.xml.soap.SOAPHeader
header=(javax.xml.soap.SOAPHeader)req.getSecurityToken().getSecToken();
- Iterator<?> it=header.examineAllHeaderElements();
- while (it.hasNext()) {
- SOAPHeaderElement
he=(SOAPHeaderElement)it.next();
-
- // if there is any assertion, it should be a
saml security token
- NodeList nodelist2 =
org.apache.xpath.XPathAPI.selectNodeList(he, "//wsse:BinarySecurityToken");
- for (int i = 0; i < nodelist2.getLength();
i++) {
- Element e=(Element)nodelist2.item(i);
- if
(e.getAttribute("ValueType").equals("#SAMLBase64Binary")) {
-
parameter.setParameterValue(AADispatchSOAPProtocol.WSS_SAML);
- }
+ javax.xml.soap.SOAPHeader
header=(javax.xml.soap.SOAPHeader)token.getSecToken();
+ Iterator<?> it=header.examineAllHeaderElements();
+ while (it.hasNext()) {
+ SOAPHeaderElement he=(SOAPHeaderElement)it.next();
+
+ // if there is any assertion, it should be a saml
security token
+ NodeList nodelist2 =
org.apache.xpath.XPathAPI.selectNodeList(he, "//wsse:BinarySecurityToken");
+ for (int i = 0; i < nodelist2.getLength(); i++) {
+ Element e=(Element)nodelist2.item(i);
+ if
(e.getAttribute("ValueType").equals("#SAMLBase64Binary")) {
+
parameter.setParameterValue(AADispatchSOAPProtocol.WSS_SAML);
}
}
+ }

- request = authnRequest.getDOM(request);
+ return requestMessage.getDOM(request);
+ }
+
+ private Message sendMessage(String point,Message requestMessage,
SecurityToken token) throws Exception {
+ Service service = new Service();
+ Call call = (Call)service.createCall();
+ call.setTargetEndpointAddress(new URL(point));
+ call.setOperationName(new
QName("http://soapinterop.org/","submit";));

- SOAPBodyElement requestMessage =
- new
SOAPBodyElement(request.getDocumentElement());
- SOAPEnvelope envelope = new SOAPEnvelope();
- envelope.addBodyElement(requestMessage);
- it=header.examineAllHeaderElements();
- while (it.hasNext()) {
- SOAPHeaderElement
he=(SOAPHeaderElement)it.next();
- envelope.getHeader().addChildElement(he);
- }
-
- StringWriter sw=new StringWriter();
-
XMLUtils.PrettyElementToWriter(requestMessage.getAsDOM(),sw);
+ // read the request into a org.w3c.DOM.Document
+ DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);

- // call on the end point
- Object resultObject = call.invoke(envelope);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document request = builder.newDocument();

- SOAPEnvelope envelopeResult;
- SOAPBodyElement resultSBE;
- Document result = null;
+ request = updateSecurityTokenParameter(request,
requestMessage, token);

- envelopeResult= (SOAPEnvelope)resultObject;
- resultSBE= envelopeResult.getFirstBody();
+ SOAPBodyElement requestSOAPMessage =
+ new SOAPBodyElement(request.getDocumentElement());
+ SOAPEnvelope envelope = new SOAPEnvelope();
+ envelope.addBodyElement(requestSOAPMessage);
+
+ javax.xml.soap.SOAPHeader
header=(javax.xml.soap.SOAPHeader)token.getSecToken();
+ Iterator<?> it=header.examineAllHeaderElements();
+ while (it.hasNext()) {
+ SOAPHeaderElement he=(SOAPHeaderElement)it.next();
+ envelope.getHeader().addChildElement(he);
+ }
+
+ StringWriter sw=new StringWriter();
+
XMLUtils.PrettyElementToWriter(requestSOAPMessage.getAsDOM(),sw);
+ logger.debug("------- Sending message >>>>>>>");
+ logger.debug(sw.toString());
+ logger.debug("<<<<<<< Sending message -------");

- // change it to document - here is where validity
- // can be checked..
- result = resultSBE.getAsDocument();
+ // call on the end point
+ Object resultObject = call.invoke(envelope);

- Message responseNmwg =
org.perfsonar.base.util.XMLUtils.convertToMessage(
- result, saxParser);
+ SOAPEnvelope envelopeResult;
+ SOAPBodyElement resultSBE;
+ Document result = null;

- resp=AuthNResponse.getAuthNResponse(responseNmwg);
+ envelopeResult= (SOAPEnvelope)resultObject;
+ resultSBE= envelopeResult.getFirstBody();
+
+ // change it to document - here is where validity
+ // can be checked..
+ result = resultSBE.getAsDocument();
+
+ logger.debug("------- Receiving message >>>>>>>");
+ logger.debug(XMLUtils.PrettyDocumentToString(result));
+ logger.debug("<<<<<<< Receiving message -------");
+
+ Message responseNmwg =
org.perfsonar.base.util.XMLUtils.convertToMessage(
+ result, saxParser);
+
+ return responseNmwg;
+ }
+
+ public AuthNResponse getAuthentication(AuthNRequest req) throws
PerfSONARException {
+ AuthNResponse resp=new AuthNResponse();
+ // prepare to call - set service elements
+ try {
+
+ Message authnRequest = new
AuthNEERequestGenerator().generateRequestMessage();
+ Message response = sendMessage(asPoint, authnRequest,
req.getSecurityToken());
+
+ resp=AuthNResponse.getAuthNResponse(response);
logger.debug("Authentication response:
("+resp.getResultCode()+","+resp.getStatus()+")");

} catch (ClassCastException e) {
@@ -165,11 +208,6 @@
String m = "AADispatchSOAPProtocol.getAuthentication:
We didn't get a Vector of SOAPBodyElements!";
System.out.println(m);
throw new PerfSONARException("error.as.body",m);
- } catch (FileNotFoundException e2) {
- e2.printStackTrace();
- String m = "AADispatchSOAPProtocol.getAuthentication:
Authentication request file not found";
- System.out.println(m);
- throw new PerfSONARException("error.as.query",m);
} catch (Exception e) {
e.printStackTrace();
String m="AADispatchSOAPProtocol.getAuthentication:
General exception while retrieving report";
@@ -180,24 +218,77 @@
return resp;
}

- private String attemptSaxParserConfigLookup() throws
PerfSONARException {
- String saxConfig;
-
+ public AuthRResponse getAuthorization(AuthRRequest req) throws
PerfSONARException {
+ // prepare to call - set service elements
try {
- saxConfig = config.getProperty(SAX_PARSER_CONFIG);
- } catch (PerfSONARException e) {
- logger.error("Sax parser config could not be found.
(service.sax_parser.config not specified.)");
- throw e;
+
+ Message authrRequest = new
AuthREERequestGenerator().generateRequestMessage();
+
+ SimpleRequest simpleRequest = null;
+ if
(SecTokenSOAPManager.isDelegated(req.getSecurityToken())) {
+ simpleRequest =
RequestFactory.getDefaultSimpleDelegatedRequest();
+ }
+ else {
+ simpleRequest =
RequestFactory.getDefaultSimpleRequest();
+ }
+ simpleRequest.setResource(req.getResource());
+ simpleRequest.setAction(req.getAction());
+ simpleRequest.setSubject(req.getSubject());
+ if
(SecTokenSOAPManager.isDelegated(req.getSecurityToken())) {
+ SimpleDelegatedRequest
sdr=(SimpleDelegatedRequest)simpleRequest;
+
sdr.setClient(getClient(req.getSecurityToken()));
+ }
+ String reqString=simpleRequest.getMessage();
+ Subject authrElement=new Subject();
+ authrElement.setSubject(reqString);
+
authrRequest.getMetadata("authRmetadata").setSubject(authrElement);
+
+ Message response = sendMessage(asPoint, authrRequest,
req.getSecurityToken());
+
+ AuthRResponse
respAuth=AuthRResponse.getAuthRResponse(response);
+ logger.debug("Authorization response:
("+respAuth.getResultCode()+","+respAuth.getStatus()+")");
+
+ return respAuth;
+ } catch (ClassCastException e) {
+ e.printStackTrace();
+ String m = "AADispatchSOAPProtocol.getAuthorization:
We didn't get a Vector of SOAPBodyElements!";
+ System.out.println(m);
+ throw new PerfSONARException("error.as.body",m);
+ } catch (Exception e) {
+ e.printStackTrace();
+ String m="AADispatchSOAPProtocol.getAuthorization:
General exception while retrieving report";
+ System.out.println(m);
+ throw new PerfSONARException("error.as.query",m);
}
+
+ }
+
+ public AttrResponse getAttributes(AttrRequest req) throws
PerfSONARException {
+ // prepare to call - set service elements
+ try {
+
+ Message attrRequest = new
AttrEERequestGenerator().generateRequestMessage();
+
+
+ Message response = sendMessage(asPoint, attrRequest,
req.getSecurityToken());
+
+ AttrResponse
respAuth=AttrResponse.getAttrResponse(response);
+ logger.debug("Attribte response:
("+respAuth.getResultCode()+","+respAuth.getStatus()+")");
+
+ return respAuth;
+
+ } catch (ClassCastException e) {
+ e.printStackTrace();
+ String m = "AADispatchSOAPProtocol.getAttributes: We
didn't get a Vector of SOAPBodyElements!";
+ System.out.println(m);
+ throw new PerfSONARException("error.as.body",m);
+ } catch (Exception e) {
+ e.printStackTrace();
+ String m="AADispatchSOAPProtocol.getAttributes:
General exception while retrieving report";
+ System.out.println(m);
+ throw new PerfSONARException("error.as.query",m);
+ }
+

- File file = AuxiliaryComponentManager.lookupFile(saxConfig);
- if(file!=null) {
- return file.getAbsolutePath();
- }
- logger.error("Sax parser config could not be found. (lookup
failed for: "+saxConfig+" )");
- throw new PerfSONARException(
- "error.common.no_configuration",
- "specified service.sax_parser.config not found"
- );
}
}

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AttrRequest.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AttrResponse.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AuthRRequest.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/AuthRResponse.java

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/tokens/SecTokenSOAPManager.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/tokens/SecTokenSOAPManager.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/authn/tokens/SecTokenSOAPManager.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -1,23 +1,38 @@
package org.perfsonar.service.base.authn.tokens;

import java.io.ByteArrayInputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
+import java.util.Collection;
import java.util.Iterator;
+import java.util.List;

import javax.xml.namespace.NamespaceContext;
import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;

+import net.geant.edugain.base.BaseDefinitions;
+
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.message.SOAPHeader;
+import org.apache.axis.utils.XMLUtils;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.Base64;
import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAuthenticationStatement;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLStatement;
+import org.opensaml.SAMLSubject;
import org.perfsonar.base.auxiliary.AuxiliaryComponentManager;
import org.perfsonar.base.auxiliary.ComponentNames;
import org.perfsonar.base.auxiliary.components.authn.DynamicCrypto;
@@ -30,6 +45,8 @@
public class SecTokenSOAPManager implements SecTokenManager {
private final String
WSSECHEADER_NS="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";;
private final String WSSECHEADER="Security";
+ private static final String URN_USER_FED = ":user:";
+
private LoggerComponent logger = null;

public SecTokenSOAPManager() throws PerfSONARException {
@@ -129,6 +146,64 @@
return res;
}

+ public static boolean isDelegated(SecurityToken token) throws
TransformerException {
+ boolean isDelegated=false;
+
+ javax.xml.soap.SOAPHeader
header=(javax.xml.soap.SOAPHeader)token.getSecToken();
+ Iterator<?> it=header.examineAllHeaderElements();
+ while (it.hasNext()) {
+ SOAPHeaderElement he=(SOAPHeaderElement)it.next();
+ NodeList nodelist2 =
org.apache.xpath.XPathAPI.selectNodeList(he, "//wsse:BinarySecurityToken");
+ for (int i = 0; i < nodelist2.getLength(); i++) {
+ Element e=(Element)nodelist2.item(i);
+ if
(e.getAttribute("ValueType").equals("#SAMLBase64Binary")) {
+ isDelegated = true;
+ }
+ }
+ }
+
+ return isDelegated;
+ }
+
+ public static String getSubject(SecurityToken token) throws
TransformerException, CertificateParsingException,
UnsupportedEncodingException, SAMLException {
+ Object stValue=token.getSecTokenValue();
+ if (!isDelegated(token)) {
+ X509Certificate cert=(X509Certificate)stValue;
+ Collection subjectAltNames =
cert.getSubjectAlternativeNames();
+ if (subjectAltNames != null) {
+ Iterator names = subjectAltNames.iterator();
+ while (names.hasNext()) {
+ List<?> values = (List<?>)names.next();
+ if (values.size() == 2) {
+ Integer type = (Integer)values.get(0);
+ String name = (String)values.get(1);
+ if ((type == 6) &&
(name.startsWith(BaseDefinitions.EDUGAIN_CID_RESOLVER))) {
+ return
URLDecoder.decode(name.substring(name.indexOf('=')+1),"UTF-8");
+ }
+ }
+ }
+ }
+ }
+ else {
+ SAMLAssertion assertion=(SAMLAssertion)stValue;
+ Iterator it=assertion.getStatements();
+ while (it.hasNext()) {
+ SAMLStatement
statement=(SAMLStatement)it.next();
+ if (statement instanceof
SAMLAuthenticationStatement) {
+ SAMLAuthenticationStatement
authSt=(SAMLAuthenticationStatement)statement;
+ SAMLSubject
subject=authSt.getSubject();
+
+ Element
confData=subject.getConfirmationData();
+ SAMLAssertion relayed=new
SAMLAssertion((Element)confData.getFirstChild());
+
+ return
relayed.getIssuer()+SecTokenSOAPManager.URN_USER_FED+subject.getNameIdentifier().getName();
+ }
+ }
+ }
+
+ return "";
+ }
+
class WSSENamespaceContext implements NamespaceContext {

public String getNamespaceURI(String prefix) {

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/engine/ActionType.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/engine/ActionType.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/engine/ActionType.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -133,6 +133,17 @@

public static final String AUTHN_EE_REQUEST = "AuthNEERequest";

+ /**
+ * Action type to request the authorization of the client/user
+ */

+ public static final String AUTHR_EE_REQUEST = "AuthREERequest";

+ /**
+ * Action type to request attributes of the client/user
+ */
+
+ public static final String ATTR_EE_REQUEST = "AttrEERequest";
+
+
} //ActionType

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/messages/AttrEERequest.java

Added:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/messages/AuthREERequest.java

Modified:
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/web/RequestHandler.java
===================================================================
---
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/web/RequestHandler.java
2009-03-04 10:30:46 UTC (rev 5013)
+++
trunk/perfsonar_base/src/main/java/org/perfsonar/service/base/web/RequestHandler.java
2009-03-04 12:55:15 UTC (rev 5014)
@@ -196,24 +196,39 @@
}

protected void assertAuthentication(Message requestMessage) throws
PerfSONARException {
- // Check if it's needed authentication for this type of message
- String checkAuthNParam=null;
+ // Check if it's needed authorization for this type of message
+ String checkAuthRParam=null;
try {
-
checkAuthNParam=configuration.getProperty(AuthNComponent.CHECK_AUTHN_PARAM);
+
checkAuthRParam=configuration.getProperty(AuthNComponent.CHECK_AUTHR_PARAM);
} catch (PerfSONARException e) {
- /* ignore */
+ checkAuthRParam=null;
}
- if
(checkAuthNParam!=null&&checkAuthNParam.equals(AuthNComponent.YES_CHECK_AUTHN))
{
- logger.debug("RequestHandler: Authenticating the
message");
+ if
(checkAuthRParam!=null&&checkAuthRParam.equals(AuthNComponent.YES_CHECK_AUTHN))
{
+ logger.debug("RequestHandler: Authorizating the
message");
if (authnComponent == null) {
authnComponent =
(AuthNComponent)componentManager.getComponent(ComponentNames.AUTHN);
- if(authnComponent == null)
logger.error("RequestHandler.assertAuthentication: authComponent wasn't
loaded!");
}
- authnComponent.requestAuthN(requestMessage.getType());
+
authnComponent.requestAuthR(requestMessage.getType(),null);
} else {
- logger.debug("RequestHandler: Automated
authentication not required");
+ // Check if it's needed authentication for this type of
message
+ String checkAuthNParam=null;
+ try {
+
checkAuthNParam=configuration.getProperty(AuthNComponent.CHECK_AUTHN_PARAM);
+ } catch (PerfSONARException e) {
+ checkAuthNParam=null;
+ }
+ if
(checkAuthNParam!=null&&checkAuthNParam.equals(AuthNComponent.YES_CHECK_AUTHN))
{
+ logger.debug("RequestHandler: Authenticating
the message");
+ if (authnComponent == null) {
+ authnComponent =
(AuthNComponent)componentManager.getComponent(ComponentNames.AUTHN);
+ }
+
authnComponent.requestAuthN(requestMessage.getType());
+ } else {
+ logger.debug("RequestHandler: Automated
authentication not required");
+ }
}
}
+
/**
* Converts a Document to a Message
* @param request

perfsonar: r5014 - in trunk/perfsonar_base: . ant src/main/java/org/perfsonar/base/ant src/main/java/org/perfsonar/base/auxiliary/components/authn src/main/java/org/perfsonar/base/auxiliary/components/authn/wssec src/main/java/org/perfsonar/client/base/requests/authService src/main/java/org/perfsonar/client/testHarness src/main/java/org/perfsonar/service/base/authn src/main/java/org/perfsonar/service/base/authn/tokens src/main/java/org/perfsonar/service/base/engine src/main/java/org/perfsonar/service/base/messages src/main/java/org/perfsonar/service/base/web, svnlog, 03/04/2009

List archive