Java tutorial
/* * dCache - http://www.dcache.org/ * * Copyright (C) 2016 Deutsches Elektronen-Synchrotron * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package org.dcache.gridsite; import com.google.common.base.Charsets; import com.google.common.hash.Hashing; import com.google.common.io.BaseEncoding; import org.italiangrid.voms.ac.VOMSACValidator; import org.springframework.beans.factory.annotation.Required; import javax.security.auth.Subject; import java.security.cert.CertPath; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collection; import java.util.Map; import dmg.cells.nucleus.CellMessageReceiver; import org.dcache.auth.Subjects; import org.dcache.delegation.gridsite2.DelegationException; import static com.google.common.collect.Iterables.getFirst; import static org.dcache.gridsite.Utilities.assertThat; /** * Implementation of the Delegation interface, as defined by the WSDL. Most * of the implementation details are handled by other classes through * various interfaces. The objects that provide the necessary functionality * are discovered through Servlet attributes. */ public class DelegationService implements CellMessageReceiver { private Map<String, String> serviceMetadata; private CredentialDelegationStore delegations; private CredentialDelegationFactory factory; private CredentialStore credentials; @Required public void setServiceMetadata(Map<String, String> serviceMetadata) { this.serviceMetadata = serviceMetadata; } @Required public void setDelegations(CredentialDelegationStore delegations) { this.delegations = delegations; } @Required public void setFactory(CredentialDelegationFactory factory) { this.factory = factory; } @Required public void setCredentials(CredentialStore credentials) { this.credentials = credentials; } public GetServiceMetaDataResponse mesageArrived(GetServiceMetaDataRequest request) throws DelegationException { String value = serviceMetadata.get(request.getKey()); assertThat(value != null, "unknown key"); return new GetServiceMetaDataResponse(value); } public GetProxyReqResponse messageArrived(GetProxyReqRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), request.getDelegationID()); return new GetProxyReqResponse(newDelegation(id, request.getSubject()).getCertificateSigningRequest()); } public GetNewProxyReqResponse messageArrived(GetNewProxyReqRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), generateDelegationId(request.getSubject())); return new GetNewProxyReqResponse(newDelegation(id, request.getSubject()).getCertificateSigningRequest(), id.getDelegationId()); } private CredentialDelegation newDelegation(DelegationIdentity id, Subject subject) throws DelegationException { assertThat(!delegations.has(id), "delegation already started", id); assertThat(!credentials.has(id), "delegated credential already exists", id); CertPath path = getFirst(subject.getPublicCredentials(CertPath.class), null); CredentialDelegation delegation = factory.newDelegation(id, path); delegations.add(delegation); return delegation; } public PutProxyResponse messageArrived(PutProxyRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), request.getDelegationID()); CredentialDelegation delegation = delegations.remove(id); credentials.put(id, delegation.acceptCertificate(request.getProxy()), Subjects.getPrimaryFqan(request.getSubject())); return new PutProxyResponse(); } public RenewProxyReqResponse messageArrived(RenewProxyReqRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), request.getDelegationID()); assertThat(!delegations.has(id), "delegation already started", id); assertThat(credentials.has(id), "no delegated credential", id); CertPath certPath = getFirst(request.getSubject().getPublicCredentials(CertPath.class), null); CredentialDelegation delegation = factory.newDelegation(id, certPath); delegations.add(delegation); return new RenewProxyReqResponse(delegation.getCertificateSigningRequest()); } public GetTerminationTimeResponse messageArrived(GetTerminationTimeRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), request.getDelegationID()); return new GetTerminationTimeResponse(credentials.getExpiry(id)); } public DestroyResponse messageArrived(DestroyRequest request) throws DelegationException { DelegationIdentity id = new DelegationIdentity(Subjects.getDn(request.getSubject()), request.getDelegationID()); delegations.removeIfPresent(id); credentials.remove(id); return new DestroyResponse(); } private String generateDelegationId(Subject subject) throws DelegationException { String generator = Subjects.getDn(subject) + Subjects.getFqans(subject); byte[] raw = generator.getBytes(Charsets.UTF_8); byte[] digest = Hashing.sha1().hashBytes(raw).asBytes(); return BaseEncoding.base16().encode(digest, 0, 20); } }