Skip to content

Commit

Permalink
Adaguc-services now supports secured WPS as well
Browse files Browse the repository at this point in the history
  • Loading branch information
maartenplieger committed Mar 7, 2019
1 parent 632718d commit a9f2e59
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 14 deletions.
12 changes: 11 additions & 1 deletion src/main/java/nl/knmi/adaguc/security/user/User.java
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package nl.knmi.adaguc.security.user;

import java.io.IOException;

import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import lombok.Getter;
import nl.knmi.adaguc.tools.ElementNotFoundException;
Expand Down Expand Up @@ -49,6 +51,14 @@ public User(String _id) throws IOException, ElementNotFoundException {
Tools.mksubdirs(homeDir);
Tools.mksubdirs(dataDir);
Debug.println("User Home Dir: "+homeDir);
try {
X509Certificate cert = PemX509Tools.readCertificateFromPEMFile( this.homeDir + "/cert.crt");
PrivateKey key = PemX509Tools.readPrivateKeyFromPEM(this.homeDir + "/cert.key");
this.userCert = (new PemX509Tools()).new X509UserCertAndKey(cert, key);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

/**
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/nl/knmi/adaguc/security/user/UserManager.java
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public synchronized static User getUser(AuthenticatorInterface authenticator) th
return getUser(authenticator.getClientId());
}

public static String makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
public static String _makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
String ts = SecurityConfigurator.getTrustStore();

char [] tsPass = SecurityConfigurator.getTrustStorePassword().toCharArray();
Expand All @@ -77,7 +77,7 @@ public static String makeGetRequestWithUserFromServletRequest (HttpServletReques
userCertificate = user.getCertificate();
if (userCertificate == null) {
try {
OAuth2Handler.makeUserCertificate(user.userId);
OAuth2Handler._makeUserCertificate(user.userId);
} catch (OperatorCreationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ private static void handleSpecificProviderCharacteristics(HttpServletRequest req
setSessionInfo(request, userInfo);

try {
makeUserCertificate(User.makePosixUserId(userInfo.user_identifier));
_makeUserCertificate(User.makePosixUserId(userInfo.user_identifier));
Token token = TokenManager.registerToken(UserManager.getUser(userInfo.user_identifier));
ObjectMapper om = new ObjectMapper();
String result = om.writeValueAsString(token);
Expand Down Expand Up @@ -631,7 +631,7 @@ public static void setSessionInfo(HttpServletRequest request, UserInfo userInfo)

};

public static int makeUserCertificate(String clientId) throws CertificateException, IOException,
public static int _makeUserCertificate(String clientId) throws CertificateException, IOException,
InvalidKeyException, NoSuchAlgorithmException, OperatorCreationException, KeyManagementException,
UnrecoverableKeyException, KeyStoreException, NoSuchProviderException, SignatureException, GSSException,
ElementNotFoundException, CertificateVerificationException, JSONException {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -244,10 +244,10 @@ public static JSONObject statusLocationDataAsJSONElementToWPSStatusObject(String
String dataInputs=HTTPTools.getKVPItem(queryString, "DataInputs");
String responseForm=HTTPTools.getKVPItem(queryString, "ResponseForm");
if (dataInputs!=null) {
dataInputs=dataInputs.substring(1,dataInputs.length()-1);
dataInputs=dataInputs.substring(0,dataInputs.length());
}
if (responseForm!=null) {
responseForm=responseForm.substring(1,responseForm.length()-1);
responseForm=responseForm.substring(0,responseForm.length());
}
Debug.println("DataInputs: "+dataInputs+" , ResponseForm:"+responseForm);
XMLElement wpsElement=new XMLElement();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,13 @@ public void XML2JSON(

}
if(user!=null){

userCertificate = user.getCertificate();
Debug.println("using cert " + userCertificate);
}
}
Debug.println("userCertificate: " + userCertificate);
Debug.println("ts: " + ts);
String result = new String(makeRequest(requestStr, userCertificate, ts, tsPass));
rootElement.parseString(result);
}else{
Expand Down Expand Up @@ -268,10 +272,23 @@ private static byte[] makeRequest(String requestStr, X509UserCertAndKey userCert
CloseableHttpClient httpClient = (new PemX509Tools()).
getHTTPClientForPEMBasedClientAuth(ts, tsPass, null);
CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));
return EntityUtils.toByteArray(httpResponse.getEntity());

byte[] a = EntityUtils.toByteArray(httpResponse.getEntity());

Debug.println("Status: " + httpResponse.getStatusLine() + " Size: " + a.length);
/* Birdhouse WPS gives an exception when a certificate is needed, check it out */
if (a.length < 2048) {
String test = new String(a);
if (test.indexOf("A valid X.509 client certificate is needed")!=-1) {
Debug.println("Request needs certificate");
throw new IOException("Request needs certificate");
}
}
return a;
} catch (Exception e){
if (userCertificate!=null) {
/* Second, try with user certificate */
Debug.println("Trying with cert");
CloseableHttpClient httpClient = (new PemX509Tools()).
getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate);
CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/nl/knmi/adaguc/tools/MyXMLParser.java
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,16 @@ public void add(XMLElement el) {
this.xmlElements.add(el);
}

public void setAttr(String attr, String value) {
XMLAttribute at=new XMLAttribute();
at.name=attr;
at.value=value;
public void setAttr(String attrName, String attrValue) {
for (XMLAttribute itAttr : this.attributes) {
if (itAttr.name.equals(attr)) {
itAttr.value = value;
if (itAttr.name.equals(attrName)) {
itAttr.value = attrValue;
return;
}
}
XMLAttribute at=new XMLAttribute();
at.name=attrName;
at.value=attrValue;
this.attributes.add(at);
}

Expand Down

0 comments on commit a9f2e59

Please sign in to comment.