Merge pull request #17 from maartenplieger/master

 Adaguc-services now supports secured WPS as well

src/main/java/nl/knmi/adaguc/security/user/User.java

@@ -1,7 +1,9 @@
 package nl.knmi.adaguc.security.user;
 
 import java.io.IOException;
-
+import java.security.PrivateKey;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 
 import lombok.Getter;
 import nl.knmi.adaguc.tools.ElementNotFoundException;
@@ -49,6 +51,14 @@ public User(String _id) throws IOException, ElementNotFoundException {
 		Tools.mksubdirs(homeDir);
 		Tools.mksubdirs(dataDir);
 		Debug.println("User Home Dir: "+homeDir);
+		try {
+			X509Certificate cert = PemX509Tools.readCertificateFromPEMFile( this.homeDir + "/cert.crt");
+			PrivateKey key = PemX509Tools.readPrivateKeyFromPEM(this.homeDir + "/cert.key");
+			this.userCert = (new PemX509Tools()).new X509UserCertAndKey(cert, key);
+			Debug.println("### Loaded certificates from disk ### for " + this.userId);
+		} catch (Exception e) {
+			Debug.errprintln("### No certificates loaded found on disk for " + this.userId + " ###");
+		}
 	}
 
 	/**
@@ -75,7 +85,7 @@ private synchronized void createNCResourceFile()
 	}
 	public void setCertificate(X509UserCertAndKey userCert) throws IOException, ElementNotFoundException {
 		/* TODO could optinally write cert to user basket */
-
+		Debug.println("### setCertificate ### for " + this.userId);
 
 		PemX509Tools.writeCertificateToPemFile(userCert.getUserSlCertificate(), this.homeDir + "/cert.crt");
 		PemX509Tools.writePrivateKeyToPemFile(userCert.getPrivateKey(), this.homeDir + "/cert.key");

src/main/java/nl/knmi/adaguc/security/user/UserManager.java

@@ -61,7 +61,7 @@ public synchronized static User getUser(AuthenticatorInterface authenticator) th
 		return getUser(authenticator.getClientId());
 	}
 
-	public static String makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
+	public static String _makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
 		String ts = SecurityConfigurator.getTrustStore();
 
 		char [] tsPass = SecurityConfigurator.getTrustStorePassword().toCharArray();
@@ -77,7 +77,7 @@ public static String makeGetRequestWithUserFromServletRequest (HttpServletReques
 				userCertificate = user.getCertificate();
 				if (userCertificate == null) {
 					try {
-						OAuth2Handler.makeUserCertificate(user.userId);
+						OAuth2Handler._makeUserCertificate(user.userId);
 					} catch (OperatorCreationException e) {
 						// TODO Auto-generated catch block
 						e.printStackTrace();

src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2Handler.java

@@ -496,7 +496,7 @@ private static void handleSpecificProviderCharacteristics(HttpServletRequest req
 						setSessionInfo(request, userInfo);
 
 						try {
-							makeUserCertificate(User.makePosixUserId(userInfo.user_identifier));
+							_makeUserCertificate(User.makePosixUserId(userInfo.user_identifier));
 							Token token = TokenManager.registerToken(UserManager.getUser(userInfo.user_identifier));
 							ObjectMapper om = new ObjectMapper();
 							String result = om.writeValueAsString(token);
@@ -631,7 +631,7 @@ public static void setSessionInfo(HttpServletRequest request, UserInfo userInfo)
 
 	};
 
-	public static int makeUserCertificate(String clientId) throws CertificateException, IOException,
+	public static int _makeUserCertificate(String clientId) throws CertificateException, IOException,
 	InvalidKeyException, NoSuchAlgorithmException, OperatorCreationException, KeyManagementException,
 	UnrecoverableKeyException, KeyStoreException, NoSuchProviderException, SignatureException, GSSException,
 	ElementNotFoundException, CertificateVerificationException, JSONException {

src/main/java/nl/knmi/adaguc/services/pywpsserver/PyWPSServer.java

@@ -244,10 +244,10 @@ public static JSONObject statusLocationDataAsJSONElementToWPSStatusObject(String
 				String dataInputs=HTTPTools.getKVPItem(queryString, "DataInputs");
 				String responseForm=HTTPTools.getKVPItem(queryString, "ResponseForm");
 				if (dataInputs!=null) {
-					dataInputs=dataInputs.substring(1,dataInputs.length()-1);
+					dataInputs=dataInputs.substring(0,dataInputs.length());
 				}
 				if (responseForm!=null) {
-					responseForm=responseForm.substring(1,responseForm.length()-1);
+					responseForm=responseForm.substring(0,responseForm.length());
 				}
 				Debug.println("DataInputs: "+dataInputs+" , ResponseForm:"+responseForm);
 				XMLElement wpsElement=new XMLElement();

src/main/java/nl/knmi/adaguc/services/xml2json/ServiceHelperRequestMapper.java

@@ -122,9 +122,13 @@ public void XML2JSON(
 
 						}
 						if(user!=null){
+
 							userCertificate = user.getCertificate();
+							Debug.println("using cert " + userCertificate);
 						}
 					}
+					Debug.println("userCertificate: " + userCertificate);
+					Debug.println("ts: " + ts);
 					String result = new String(makeRequest(requestStr, userCertificate, ts, tsPass));
 					rootElement.parseString(result);
 				}else{
@@ -268,10 +272,23 @@ private static byte[] makeRequest(String requestStr, X509UserCertAndKey userCert
 			CloseableHttpClient httpClient = (new PemX509Tools()).
 					getHTTPClientForPEMBasedClientAuth(ts, tsPass, null);
 			CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));
-			return EntityUtils.toByteArray(httpResponse.getEntity());
+
+			byte[] a = EntityUtils.toByteArray(httpResponse.getEntity());
+
+			Debug.println("Status: " + httpResponse.getStatusLine() + " Size: " + a.length);
+			/* Birdhouse WPS gives an exception when a certificate is needed, check it out */
+			if (a.length < 2048) {
+				String test = new String(a);
+				if (test.indexOf("A valid X.509 client certificate is needed")!=-1) {
+					Debug.println("Request needs certificate");
+					throw new IOException("Request needs certificate");
+				}
+			}
+			return a;
 		} catch (Exception e){
 			if (userCertificate!=null) {
 				/* Second, try with user certificate */
+				Debug.println("Trying with cert");
 				CloseableHttpClient httpClient = (new PemX509Tools()).
 						getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate);
 				CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));

src/main/java/nl/knmi/adaguc/tools/MyXMLParser.java

@@ -106,16 +106,16 @@ public void add(XMLElement el) {
 			this.xmlElements.add(el);
 		}
 
-		public void setAttr(String attr, String value) {
-			XMLAttribute at=new XMLAttribute();
-			at.name=attr;
-			at.value=value;
+		public void setAttr(String attrName, String attrValue) {
 			for (XMLAttribute itAttr : this.attributes) {
-				if (itAttr.name.equals(attr)) {
-					itAttr.value = value;
+				if (itAttr.name.equals(attrName)) {
+					itAttr.value = attrValue;
 					return;
 				}
 			}
+			XMLAttribute at=new XMLAttribute();
+			at.name=attrName;
+			at.value=attrValue;
 			this.attributes.add(at);
 		}