Loading cadcAccessControl/build.xml +1 −1 Original line number Original line Diff line number Diff line Loading @@ -117,7 +117,7 @@ <target name="setup-test"> <target name="setup-test"> <copy overwrite="true" <copy overwrite="true" file="${env.CADC_PREFIX}/etc/LocalAuthority.properties" file="${env.A}/etc/LocalAuthority.properties" tofile="${build}/class/LocalAuthority.properties"/> tofile="${build}/class/LocalAuthority.properties"/> </target> </target> Loading cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java +54 −56 Original line number Original line Diff line number Diff line Loading @@ -90,6 +90,7 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory; import javax.security.auth.Subject; import javax.security.auth.Subject; import ca.nrc.cadc.reg.Standards; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; Loading Loading @@ -124,50 +125,24 @@ public class GMSClient implements TransferListener { { private static final Logger log = Logger.getLogger(GMSClient.class); private static final Logger log = Logger.getLogger(GMSClient.class); private static final String GROUPS = "groups"; private static final String SEARCH = "search"; // socket factory to use when connecting // socket factory to use when connecting private SSLSocketFactory sslSocketFactory; private SSLSocketFactory sslSocketFactory; private SSLSocketFactory mySocketFactory; private SSLSocketFactory mySocketFactory; private RegistryClient registryClient; private URI serviceID; private URI gmsServiceURI; private URI groupsURI; private URI searchURI; public GMSClient(URI serviceURI) { this(serviceURI, new RegistryClient()); } /** /** * Slightly more complete constructor. Tests can override the * Constructor. * RegistryClient. * * * @param serviceURI The service URI. * @param serviceID The service ID. * @param registryClient The Registry Client. */ */ public GMSClient(URI serviceURI, RegistryClient registryClient) public GMSClient(URI serviceID) { { if (serviceURI == null) if (serviceID == null) throw new IllegalArgumentException("invalid serviceURI: " + serviceURI); throw new IllegalArgumentException("invalid serviceID: " + serviceID); if (serviceURI.getFragment() != null) if (serviceID.getFragment() != null) throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI); throw new IllegalArgumentException("invalid serviceID (fragment not allowed): " + serviceID); this.serviceID = serviceID; this.registryClient = registryClient; try { this.gmsServiceURI = serviceURI; this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS); this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH); } catch(URISyntaxException ex) { throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex); } } } public void transferEvent(TransferEvent te) public void transferEvent(TransferEvent te) Loading @@ -192,7 +167,6 @@ public class GMSClient implements TransferListener throw new UnsupportedOperationException("Not yet implemented"); throw new UnsupportedOperationException("Not yet implemented"); } } /** /** * Create a new group. * Create a new group. * * Loading @@ -208,7 +182,8 @@ public class GMSClient implements TransferListener throws GroupAlreadyExistsException, AccessControlException, throws GroupAlreadyExistsException, AccessControlException, UserNotFoundException, WriterException, IOException UserNotFoundException, WriterException, IOException { { URL createGroupURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT); URL createGroupURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); log.debug("createGroupURL request to " + createGroupURL.toString()); log.debug("createGroupURL request to " + createGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -279,12 +254,13 @@ public class GMSClient implements TransferListener public Group getGroup(String groupName) public Group getGroup(String groupName) throws GroupNotFoundException, AccessControlException, IOException throws GroupNotFoundException, AccessControlException, IOException { { URL groupsURL = getRegistryClient() URL getGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT); .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName); log.debug("getGroup request to " + getGroupURL.toString()); log.debug("getGroup request to " + getGroupURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(getGroupURL, out); HttpDownload transfer = new HttpDownload(getGroupURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -334,7 +310,8 @@ public class GMSClient implements TransferListener public List<String> getGroupNames() public List<String> getGroupNames() throws AccessControlException, IOException throws AccessControlException, IOException { { URL getGroupNamesURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT); URL getGroupNamesURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); log.debug("getGroupNames request to " + getGroupNamesURL.toString()); log.debug("getGroupNames request to " + getGroupNamesURL.toString()); Loading Loading @@ -411,7 +388,9 @@ public class GMSClient implements TransferListener throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException, throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException, AccessControlException, WriterException, IOException AccessControlException, WriterException, IOException { { URL updateGroupURL = registryClient.getServiceURL(groupsURI, "https", group.getID(), AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID()); log.debug("updateGroup request to " + updateGroupURL.toString()); log.debug("updateGroup request to " + updateGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -478,7 +457,9 @@ public class GMSClient implements TransferListener public void deleteGroup(String groupName) public void deleteGroup(String groupName) throws GroupNotFoundException, AccessControlException, IOException throws GroupNotFoundException, AccessControlException, IOException { { URL deleteGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName); log.debug("deleteGroup request to " + deleteGroupURL.toString()); log.debug("deleteGroup request to " + deleteGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -545,7 +526,9 @@ public class GMSClient implements TransferListener { { String path = targetGroupName + "/groupMembers/" + groupMemberName; String path = targetGroupName + "/groupMembers/" + groupMemberName; URL addGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("addGroupMember request to " + addGroupMemberURL.toString()); log.debug("addGroupMember request to " + addGroupMemberURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -604,7 +587,9 @@ public class GMSClient implements TransferListener String userIDType = AuthenticationUtil.getPrincipalType(userID); String userIDType = AuthenticationUtil.getPrincipalType(userID); String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; URL addUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL addUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("addUserMember request to " + addUserMemberURL.toString()); log.debug("addUserMember request to " + addUserMemberURL.toString()); Loading Loading @@ -659,7 +644,9 @@ public class GMSClient implements TransferListener { { String path = targetGroupName + "/groupMembers/" + groupMemberName; String path = targetGroupName + "/groupMembers/" + groupMemberName; URL removeGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("removeGroupMember request to " + log.debug("removeGroupMember request to " + removeGroupMemberURL.toString()); removeGroupMemberURL.toString()); Loading Loading @@ -726,7 +713,9 @@ public class GMSClient implements TransferListener log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType); log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType); String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; URL removeUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("removeUserMember: " + removeUserMemberURL.toString()); log.debug("removeUserMember: " + removeUserMemberURL.toString()); Loading Loading @@ -836,11 +825,13 @@ public class GMSClient implements TransferListener //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType)); //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT); URL searchURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT); URL getMembershipsURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString()); log.debug("getMemberships request to " + searchURL.toString()); log.debug("getMemberships request to " + getMembershipsURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(searchURL, out); HttpDownload transfer = new HttpDownload(getMembershipsURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -945,11 +936,13 @@ public class GMSClient implements TransferListener searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName)); searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName)); URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT); URL searchURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT); URL getMembershipURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString()); log.debug("getMembership request to " + searchURL.toString()); log.debug("getMembership request to " + getMembershipURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(searchURL, out); HttpDownload transfer = new HttpDownload(getMembershipURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -1102,17 +1095,17 @@ public class GMSClient implements TransferListener Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class); Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class); if (gset == null || gset.isEmpty()) if (gset == null || gset.isEmpty()) { { GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID); GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID); subject.getPrivateCredentials().add(mems); subject.getPrivateCredentials().add(mems); return mems; return mems; } } GroupMemberships mems = gset.iterator().next(); GroupMemberships mems = gset.iterator().next(); // check to ensure they have the same service URI // check to ensure they have the same service URI if (!gmsServiceURI.toString().equals(mems.getServiceURI())) if (!serviceID.toString().equals(mems.getServiceURI())) { { log.debug("Not using cache because of differing service URIs: " + log.debug("Not using cache because of differing service URIs: " + "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]"); "[" + serviceID.toString() + "][" + mems.getServiceURI() + "]"); return null; return null; } } Loading Loading @@ -1182,4 +1175,9 @@ public class GMSClient implements TransferListener return false; return false; } } protected RegistryClient getRegistryClient() { return new RegistryClient(); } } } cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java +28 −39 Original line number Original line Diff line number Diff line Loading @@ -84,6 +84,8 @@ import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.reg.Standards; import ca.nrc.cadc.reg.client.LocalAuthority; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ReaderException; import ca.nrc.cadc.ac.ReaderException; Loading @@ -110,47 +112,22 @@ public class UserClient { { private static final Logger log = Logger.getLogger(UserClient.class); private static final Logger log = Logger.getLogger(UserClient.class); private static final String USERS = "users"; private URI serviceID; private static final String USER_REQUESTS = "reqs"; private RegistryClient registryClient; private URI usersURI; // to be used when the client can work with // user requests private URI userReqsURI; /** /** * Constructor. * Constructor. * * * @param serviceURI The URI of the supporting access control web service * @param serviceID The URI of the supporting access control web service * obtained from the registry. * obtained from the registry. */ */ public UserClient(URI serviceURI) public UserClient(URI serviceID) throws IllegalArgumentException throws IllegalArgumentException { { this(serviceURI, new RegistryClient()); if (serviceID == null) } public UserClient(URI serviceURI, RegistryClient registryClient) { if (serviceURI == null) throw new IllegalArgumentException("Service URI cannot be null."); throw new IllegalArgumentException("Service URI cannot be null."); if (serviceURI.getFragment() != null) if (serviceID.getFragment() != null) throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI); throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceID); this.serviceID = serviceID; this.registryClient = registryClient; try { this.usersURI = new URI(serviceURI.toASCIIString() + "#" + USERS); this.userReqsURI = new URI(serviceURI.toASCIIString() + "#" + USER_REQUESTS); } catch(URISyntaxException ex) { throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex); } } } /** /** Loading @@ -171,10 +148,12 @@ public class UserClient String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity"; String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity"; // augment subject calls are always https with client certs // augment subject calls are always https with client certs URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); URL getUserURL = new URL(usersURL.toExternalForm() + path); if (getUserURL == null) if (getUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI); log.debug("augmentSubject request to " + getUserURL.toString()); log.debug("augmentSubject request to " + getUserURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); Loading Loading @@ -209,7 +188,8 @@ public class UserClient */ */ public List<User> getDisplayUsers() throws IOException public List<User> getDisplayUsers() throws IOException { { URL usersURL = registryClient.getServiceURL(usersURI, "https"); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); final List<User> webUsers = new ArrayList<User>(); final List<User> webUsers = new ArrayList<User>(); HttpDownload httpDownload = HttpDownload httpDownload = new HttpDownload(usersURL, new HttpDownload(usersURL, Loading Loading @@ -273,10 +253,11 @@ public class UserClient StringBuilder userXML = new StringBuilder(); StringBuilder userXML = new StringBuilder(); userWriter.write(user, userXML); userWriter.write(user, userXML); URL createUserURL = registryClient.getServiceURL(usersURI, "https", null, AuthMethod.CERT); URL createUserURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_REQS_01_URI, AuthMethod.CERT); if (createUserURL == null) if (createUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_REQS_01_URI); log.debug("createUser request to " + createUserURL.toString()); log.debug("createUser request to " + createUserURL.toString()); ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes()); ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes()); Loading Loading @@ -336,9 +317,11 @@ public class UserClient String id = NetUtil.encode(principal.getName()); String id = NetUtil.encode(principal.getName()); String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal); String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal); URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); URL getUserURL = new URL(usersURL.toExternalForm() + path); if (getUserURL == null) if (getUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI); log.debug("getUser request to " + getUserURL.toString()); log.debug("getUser request to " + getUserURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); Loading Loading @@ -433,4 +416,10 @@ public class UserClient return idTypeStr; return idTypeStr; } } protected RegistryClient getRegistryClient() { return new RegistryClient(); } } } cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java +24 −9 Original line number Original line Diff line number Diff line Loading @@ -81,6 +81,8 @@ import java.util.List; import javax.security.auth.Subject; import javax.security.auth.Subject; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.reg.Standards; import org.apache.log4j.Level; import org.apache.log4j.Level; import org.junit.Assert; import org.junit.Assert; import org.junit.Test; import org.junit.Test; Loading Loading @@ -112,13 +114,20 @@ public class GMSClientTest final RegistryClient mockRegistryClient = final RegistryClient mockRegistryClient = createMock(RegistryClient.class); createMock(RegistryClient.class); final URI serviceURI = URI.create("http://mysite.com/users"); final URI serviceID = URI.create("ivo://mysite.com/users"); expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn( expect(mockRegistryClient.getServiceURL(serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT)) new URL("http://mysite.com/users/endpoint")); .andReturn(new URL("http://mysite.com/users")); replay(mockRegistryClient); replay(mockRegistryClient); GMSClient client = new GMSClient(serviceURI, mockRegistryClient); GMSClient client = new GMSClient(serviceID) { @Override protected RegistryClient getRegistryClient() { return mockRegistryClient; } }; Assert.assertFalse(client.userIsSubject(null, null)); Assert.assertFalse(client.userIsSubject(null, null)); Assert.assertFalse(client.userIsSubject(userID, null)); Assert.assertFalse(client.userIsSubject(userID, null)); Loading @@ -141,16 +150,22 @@ public class GMSClientTest final HttpPrincipal test1UserID = new HttpPrincipal("test"); final HttpPrincipal test1UserID = new HttpPrincipal("test"); subject.getPrincipals().add(test1UserID); subject.getPrincipals().add(test1UserID); final URI serviceURI = URI.create("http://mysite.com/users"); final URI serviceID = URI.create("ivo://mysite.com/users"); final RegistryClient mockRegistryClient = final RegistryClient mockRegistryClient = createMock(RegistryClient.class); createMock(RegistryClient.class); expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn( expect(mockRegistryClient.getServiceURL(serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT )) new URL("http://mysite.com/users/endpoint")); .andReturn(new URL("http://mysite.com/users")); replay(mockRegistryClient); replay(mockRegistryClient); final GMSClient client = new GMSClient(serviceURI, mockRegistryClient); final GMSClient client = new GMSClient(serviceID) { @Override protected RegistryClient getRegistryClient() { return mockRegistryClient; } }; Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { { Loading Loading
cadcAccessControl/build.xml +1 −1 Original line number Original line Diff line number Diff line Loading @@ -117,7 +117,7 @@ <target name="setup-test"> <target name="setup-test"> <copy overwrite="true" <copy overwrite="true" file="${env.CADC_PREFIX}/etc/LocalAuthority.properties" file="${env.A}/etc/LocalAuthority.properties" tofile="${build}/class/LocalAuthority.properties"/> tofile="${build}/class/LocalAuthority.properties"/> </target> </target> Loading
cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java +54 −56 Original line number Original line Diff line number Diff line Loading @@ -90,6 +90,7 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory; import javax.security.auth.Subject; import javax.security.auth.Subject; import ca.nrc.cadc.reg.Standards; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; Loading Loading @@ -124,50 +125,24 @@ public class GMSClient implements TransferListener { { private static final Logger log = Logger.getLogger(GMSClient.class); private static final Logger log = Logger.getLogger(GMSClient.class); private static final String GROUPS = "groups"; private static final String SEARCH = "search"; // socket factory to use when connecting // socket factory to use when connecting private SSLSocketFactory sslSocketFactory; private SSLSocketFactory sslSocketFactory; private SSLSocketFactory mySocketFactory; private SSLSocketFactory mySocketFactory; private RegistryClient registryClient; private URI serviceID; private URI gmsServiceURI; private URI groupsURI; private URI searchURI; public GMSClient(URI serviceURI) { this(serviceURI, new RegistryClient()); } /** /** * Slightly more complete constructor. Tests can override the * Constructor. * RegistryClient. * * * @param serviceURI The service URI. * @param serviceID The service ID. * @param registryClient The Registry Client. */ */ public GMSClient(URI serviceURI, RegistryClient registryClient) public GMSClient(URI serviceID) { { if (serviceURI == null) if (serviceID == null) throw new IllegalArgumentException("invalid serviceURI: " + serviceURI); throw new IllegalArgumentException("invalid serviceID: " + serviceID); if (serviceURI.getFragment() != null) if (serviceID.getFragment() != null) throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI); throw new IllegalArgumentException("invalid serviceID (fragment not allowed): " + serviceID); this.serviceID = serviceID; this.registryClient = registryClient; try { this.gmsServiceURI = serviceURI; this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS); this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH); } catch(URISyntaxException ex) { throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex); } } } public void transferEvent(TransferEvent te) public void transferEvent(TransferEvent te) Loading @@ -192,7 +167,6 @@ public class GMSClient implements TransferListener throw new UnsupportedOperationException("Not yet implemented"); throw new UnsupportedOperationException("Not yet implemented"); } } /** /** * Create a new group. * Create a new group. * * Loading @@ -208,7 +182,8 @@ public class GMSClient implements TransferListener throws GroupAlreadyExistsException, AccessControlException, throws GroupAlreadyExistsException, AccessControlException, UserNotFoundException, WriterException, IOException UserNotFoundException, WriterException, IOException { { URL createGroupURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT); URL createGroupURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); log.debug("createGroupURL request to " + createGroupURL.toString()); log.debug("createGroupURL request to " + createGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -279,12 +254,13 @@ public class GMSClient implements TransferListener public Group getGroup(String groupName) public Group getGroup(String groupName) throws GroupNotFoundException, AccessControlException, IOException throws GroupNotFoundException, AccessControlException, IOException { { URL groupsURL = getRegistryClient() URL getGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT); .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName); log.debug("getGroup request to " + getGroupURL.toString()); log.debug("getGroup request to " + getGroupURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(getGroupURL, out); HttpDownload transfer = new HttpDownload(getGroupURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -334,7 +310,8 @@ public class GMSClient implements TransferListener public List<String> getGroupNames() public List<String> getGroupNames() throws AccessControlException, IOException throws AccessControlException, IOException { { URL getGroupNamesURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT); URL getGroupNamesURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); log.debug("getGroupNames request to " + getGroupNamesURL.toString()); log.debug("getGroupNames request to " + getGroupNamesURL.toString()); Loading Loading @@ -411,7 +388,9 @@ public class GMSClient implements TransferListener throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException, throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException, AccessControlException, WriterException, IOException AccessControlException, WriterException, IOException { { URL updateGroupURL = registryClient.getServiceURL(groupsURI, "https", group.getID(), AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID()); log.debug("updateGroup request to " + updateGroupURL.toString()); log.debug("updateGroup request to " + updateGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -478,7 +457,9 @@ public class GMSClient implements TransferListener public void deleteGroup(String groupName) public void deleteGroup(String groupName) throws GroupNotFoundException, AccessControlException, IOException throws GroupNotFoundException, AccessControlException, IOException { { URL deleteGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName); log.debug("deleteGroup request to " + deleteGroupURL.toString()); log.debug("deleteGroup request to " + deleteGroupURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -545,7 +526,9 @@ public class GMSClient implements TransferListener { { String path = targetGroupName + "/groupMembers/" + groupMemberName; String path = targetGroupName + "/groupMembers/" + groupMemberName; URL addGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("addGroupMember request to " + addGroupMemberURL.toString()); log.debug("addGroupMember request to " + addGroupMemberURL.toString()); // reset the state of the cache // reset the state of the cache Loading Loading @@ -604,7 +587,9 @@ public class GMSClient implements TransferListener String userIDType = AuthenticationUtil.getPrincipalType(userID); String userIDType = AuthenticationUtil.getPrincipalType(userID); String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; URL addUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL addUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("addUserMember request to " + addUserMemberURL.toString()); log.debug("addUserMember request to " + addUserMemberURL.toString()); Loading Loading @@ -659,7 +644,9 @@ public class GMSClient implements TransferListener { { String path = targetGroupName + "/groupMembers/" + groupMemberName; String path = targetGroupName + "/groupMembers/" + groupMemberName; URL removeGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("removeGroupMember request to " + log.debug("removeGroupMember request to " + removeGroupMemberURL.toString()); removeGroupMemberURL.toString()); Loading Loading @@ -726,7 +713,9 @@ public class GMSClient implements TransferListener log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType); log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType); String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType; URL removeUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT); URL groupsURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT); URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path); log.debug("removeUserMember: " + removeUserMemberURL.toString()); log.debug("removeUserMember: " + removeUserMemberURL.toString()); Loading Loading @@ -836,11 +825,13 @@ public class GMSClient implements TransferListener //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType)); //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT); URL searchURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT); URL getMembershipsURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString()); log.debug("getMemberships request to " + searchURL.toString()); log.debug("getMemberships request to " + getMembershipsURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(searchURL, out); HttpDownload transfer = new HttpDownload(getMembershipsURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -945,11 +936,13 @@ public class GMSClient implements TransferListener searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString)); searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName)); searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName)); URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT); URL searchURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT); URL getMembershipURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString()); log.debug("getMembership request to " + searchURL.toString()); log.debug("getMembership request to " + getMembershipURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); HttpDownload transfer = new HttpDownload(searchURL, out); HttpDownload transfer = new HttpDownload(getMembershipURL, out); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.setSSLSocketFactory(getSSLSocketFactory()); transfer.run(); transfer.run(); Loading Loading @@ -1102,17 +1095,17 @@ public class GMSClient implements TransferListener Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class); Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class); if (gset == null || gset.isEmpty()) if (gset == null || gset.isEmpty()) { { GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID); GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID); subject.getPrivateCredentials().add(mems); subject.getPrivateCredentials().add(mems); return mems; return mems; } } GroupMemberships mems = gset.iterator().next(); GroupMemberships mems = gset.iterator().next(); // check to ensure they have the same service URI // check to ensure they have the same service URI if (!gmsServiceURI.toString().equals(mems.getServiceURI())) if (!serviceID.toString().equals(mems.getServiceURI())) { { log.debug("Not using cache because of differing service URIs: " + log.debug("Not using cache because of differing service URIs: " + "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]"); "[" + serviceID.toString() + "][" + mems.getServiceURI() + "]"); return null; return null; } } Loading Loading @@ -1182,4 +1175,9 @@ public class GMSClient implements TransferListener return false; return false; } } protected RegistryClient getRegistryClient() { return new RegistryClient(); } } }
cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java +28 −39 Original line number Original line Diff line number Diff line Loading @@ -84,6 +84,8 @@ import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.reg.Standards; import ca.nrc.cadc.reg.client.LocalAuthority; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ReaderException; import ca.nrc.cadc.ac.ReaderException; Loading @@ -110,47 +112,22 @@ public class UserClient { { private static final Logger log = Logger.getLogger(UserClient.class); private static final Logger log = Logger.getLogger(UserClient.class); private static final String USERS = "users"; private URI serviceID; private static final String USER_REQUESTS = "reqs"; private RegistryClient registryClient; private URI usersURI; // to be used when the client can work with // user requests private URI userReqsURI; /** /** * Constructor. * Constructor. * * * @param serviceURI The URI of the supporting access control web service * @param serviceID The URI of the supporting access control web service * obtained from the registry. * obtained from the registry. */ */ public UserClient(URI serviceURI) public UserClient(URI serviceID) throws IllegalArgumentException throws IllegalArgumentException { { this(serviceURI, new RegistryClient()); if (serviceID == null) } public UserClient(URI serviceURI, RegistryClient registryClient) { if (serviceURI == null) throw new IllegalArgumentException("Service URI cannot be null."); throw new IllegalArgumentException("Service URI cannot be null."); if (serviceURI.getFragment() != null) if (serviceID.getFragment() != null) throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI); throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceID); this.serviceID = serviceID; this.registryClient = registryClient; try { this.usersURI = new URI(serviceURI.toASCIIString() + "#" + USERS); this.userReqsURI = new URI(serviceURI.toASCIIString() + "#" + USER_REQUESTS); } catch(URISyntaxException ex) { throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex); } } } /** /** Loading @@ -171,10 +148,12 @@ public class UserClient String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity"; String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity"; // augment subject calls are always https with client certs // augment subject calls are always https with client certs URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); URL getUserURL = new URL(usersURL.toExternalForm() + path); if (getUserURL == null) if (getUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI); log.debug("augmentSubject request to " + getUserURL.toString()); log.debug("augmentSubject request to " + getUserURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); Loading Loading @@ -209,7 +188,8 @@ public class UserClient */ */ public List<User> getDisplayUsers() throws IOException public List<User> getDisplayUsers() throws IOException { { URL usersURL = registryClient.getServiceURL(usersURI, "https"); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); final List<User> webUsers = new ArrayList<User>(); final List<User> webUsers = new ArrayList<User>(); HttpDownload httpDownload = HttpDownload httpDownload = new HttpDownload(usersURL, new HttpDownload(usersURL, Loading Loading @@ -273,10 +253,11 @@ public class UserClient StringBuilder userXML = new StringBuilder(); StringBuilder userXML = new StringBuilder(); userWriter.write(user, userXML); userWriter.write(user, userXML); URL createUserURL = registryClient.getServiceURL(usersURI, "https", null, AuthMethod.CERT); URL createUserURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_REQS_01_URI, AuthMethod.CERT); if (createUserURL == null) if (createUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_REQS_01_URI); log.debug("createUser request to " + createUserURL.toString()); log.debug("createUser request to " + createUserURL.toString()); ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes()); ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes()); Loading Loading @@ -336,9 +317,11 @@ public class UserClient String id = NetUtil.encode(principal.getName()); String id = NetUtil.encode(principal.getName()); String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal); String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal); URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT); URL usersURL = getRegistryClient() .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT); URL getUserURL = new URL(usersURL.toExternalForm() + path); if (getUserURL == null) if (getUserURL == null) throw new IllegalArgumentException("No service endpoint for uri " + usersURI); throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI); log.debug("getUser request to " + getUserURL.toString()); log.debug("getUser request to " + getUserURL.toString()); ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); Loading Loading @@ -433,4 +416,10 @@ public class UserClient return idTypeStr; return idTypeStr; } } protected RegistryClient getRegistryClient() { return new RegistryClient(); } } }
cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java +24 −9 Original line number Original line Diff line number Diff line Loading @@ -81,6 +81,8 @@ import java.util.List; import javax.security.auth.Subject; import javax.security.auth.Subject; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.reg.Standards; import org.apache.log4j.Level; import org.apache.log4j.Level; import org.junit.Assert; import org.junit.Assert; import org.junit.Test; import org.junit.Test; Loading Loading @@ -112,13 +114,20 @@ public class GMSClientTest final RegistryClient mockRegistryClient = final RegistryClient mockRegistryClient = createMock(RegistryClient.class); createMock(RegistryClient.class); final URI serviceURI = URI.create("http://mysite.com/users"); final URI serviceID = URI.create("ivo://mysite.com/users"); expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn( expect(mockRegistryClient.getServiceURL(serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT)) new URL("http://mysite.com/users/endpoint")); .andReturn(new URL("http://mysite.com/users")); replay(mockRegistryClient); replay(mockRegistryClient); GMSClient client = new GMSClient(serviceURI, mockRegistryClient); GMSClient client = new GMSClient(serviceID) { @Override protected RegistryClient getRegistryClient() { return mockRegistryClient; } }; Assert.assertFalse(client.userIsSubject(null, null)); Assert.assertFalse(client.userIsSubject(null, null)); Assert.assertFalse(client.userIsSubject(userID, null)); Assert.assertFalse(client.userIsSubject(userID, null)); Loading @@ -141,16 +150,22 @@ public class GMSClientTest final HttpPrincipal test1UserID = new HttpPrincipal("test"); final HttpPrincipal test1UserID = new HttpPrincipal("test"); subject.getPrincipals().add(test1UserID); subject.getPrincipals().add(test1UserID); final URI serviceURI = URI.create("http://mysite.com/users"); final URI serviceID = URI.create("ivo://mysite.com/users"); final RegistryClient mockRegistryClient = final RegistryClient mockRegistryClient = createMock(RegistryClient.class); createMock(RegistryClient.class); expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn( expect(mockRegistryClient.getServiceURL(serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT )) new URL("http://mysite.com/users/endpoint")); .andReturn(new URL("http://mysite.com/users")); replay(mockRegistryClient); replay(mockRegistryClient); final GMSClient client = new GMSClient(serviceURI, mockRegistryClient); final GMSClient client = new GMSClient(serviceID) { @Override protected RegistryClient getRegistryClient() { return mockRegistryClient; } }; Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { { Loading
