Java tutorial
/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.ArrayList; import java.util.Collections; import java.util.List; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolError; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; /** * The default implementation of the {@link VOMSACService}. * * * @author Valerio Venturi * @author Andrea Ceccanti * */ public class DefaultVOMSACService implements VOMSACService { /** * The listener that will be informed about request events */ protected VOMSRequestListener requestListener; /** * The listener that will be informed about low-level protocol details */ protected VOMSProtocolListener protocolListener; /** * The validator used for the SSL handshake */ protected X509CertChainValidatorExt validator; /** * The store used to keep VOMS server contact information. */ protected VOMSServerInfoStore serverInfoStore; /** * The http protocol implementation */ protected VOMSProtocol httpProtocol; /** * The voms legacy protocol implementation */ protected VOMSProtocol legacyProtocol; /** * Constructor which builds a {@link DefaultVOMSACService} from a * {@link Builder} * * @param builder * the builder object that provides the settings for this * {@link VOMSACService} */ protected DefaultVOMSACService(Builder builder) { this.validator = builder.validator; this.requestListener = builder.requestListener; this.protocolListener = builder.protocolListener; this.serverInfoStore = builder.serverInfoStore; this.httpProtocol = builder.httpProtocol; this.legacyProtocol = builder.legacyProtocol; } /** * Extracts an AC from a VOMS response * * @param request * the request * @param response * the received response * @return a possibly <code>null</code> {@link AttributeCertificate} object */ protected AttributeCertificate getACFromResponse(VOMSACRequest request, VOMSResponse response) { byte[] acBytes = response.getAC(); if (acBytes == null) return null; ASN1InputStream asn1InputStream = new ASN1InputStream(acBytes); AttributeCertificate attributeCertificate = null; try { attributeCertificate = AttributeCertificate.getInstance(asn1InputStream.readObject()); asn1InputStream.close(); return attributeCertificate; } catch (Throwable e) { requestListener.notifyVOMSRequestFailure(request, null, new VOMSError("Error unmarshalling VOMS AC. Cause: " + e.getMessage(), e)); return null; } } private VOMSResponse doRequest(VOMSProtocol protocol, VOMSServerInfo endpoint, X509Credential cred, VOMSACRequest req) { VOMSResponse response = null; try { response = protocol.doRequest(endpoint, cred, req); } catch (VOMSProtocolError e) { requestListener.notifyVOMSRequestFailure(req, endpoint, e); } return response; } /** * Handles errors included in the VOMS response * * @param request * the request * @param si * the VOMS server endpoint information * @param response * the received {@link VOMSResponse} */ protected void handleErrorsInResponse(VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) { if (response.hasErrors()) requestListener.notifyErrorsInVOMSReponse(request, si, response.errorMessages()); } /** * Handles warnings included in the VOMS response * * @param request * the request * @param si * the VOMS server endpoint information * @param response * the received {@link VOMSResponse} */ protected void handleWarningsInResponse(VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) { if (response.hasWarnings()) requestListener.notifyWarningsInVOMSResponse(request, si, response.warningMessages()); } public AttributeCertificate getVOMSAttributeCertificate(X509Credential credential, VOMSACRequest request) { List<VOMSServerInfo> vomsServerInfos = getVOMSServerInfos(request); if (vomsServerInfos.isEmpty()) throw new VOMSError("VOMS server for VO " + request.getVoName() + " " + "is not known! Check your vomses configuration."); VOMSResponse response = null; AttributeCertificate vomsAC = null; for (VOMSServerInfo vomsServerInfo : vomsServerInfos) { requestListener.notifyVOMSRequestStart(request, vomsServerInfo); // Try HTTP request first response = doRequest(httpProtocol, vomsServerInfo, credential, request); // If failed, try legacy request if (response == null) { response = doRequest(legacyProtocol, vomsServerInfo, credential, request); } // We had failures with both requests if (response == null) { requestListener.notifyVOMSRequestFailure(request, vomsServerInfo, new VOMSError("REST and legacy VOMS endpoints failed.")); // continue to next server continue; } // Notify that the server was contacted successfully requestListener.notifyVOMSRequestSuccess(request, vomsServerInfo); // Notify errors handleErrorsInResponse(request, vomsServerInfo, response); // Notify warnings handleWarningsInResponse(request, vomsServerInfo, response); vomsAC = getACFromResponse(request, response); // Exit the loop only when succesfully get an AC // out of the VOMS server if (!response.hasErrors() && vomsAC != null) { return vomsAC; } } // if we reach this point we had failures in contacting // all known voms server for the VO requestListener.notifyVOMSRequestFailure(request, null, null); return null; } /** * Get VOMS server endpoint information that matches with the * {@link VOMSACRequest} passed as argument. * * This method returns a random shuffle of the {@link VOMSServerInfo} objects * that match the input request. * * @param request * the request * @return a possibly empty {@link List} of {@link VOMSServerInfo} objects */ protected List<VOMSServerInfo> getVOMSServerInfos(VOMSACRequest request) { List<VOMSServerInfo> vomsServerInfos = new ArrayList<VOMSServerInfo>( serverInfoStore.getVOMSServerInfo(request.getVoName())); if (!vomsServerInfos.isEmpty()) { Collections.shuffle(vomsServerInfos); } return vomsServerInfos; } /** * Creates a {@link DefaultVOMSACService} object. The * {@link DefaultVOMSACService} parameters can be set with the appropriate * methods. Example: * * <pre> * * * * * * * * * * * { * @code * VOMSACService acService = new DefaultVOMSACService.Builder(certChainValidator) * .requestListener(requestListener) * .serverInfoStoreListener(serverInfoStoreListener) * .protocolListener(protocolListener).build(); * } * </pre> * * */ public static class Builder { /** * The listener that will be informed about request events */ private VOMSRequestListener requestListener = NullListener.INSTANCE; /** * The listener that will be informed about low-level protocol details */ private VOMSProtocolListener protocolListener = NullListener.INSTANCE; /** * The listener that will be informed about server info store events */ private VOMSServerInfoStoreListener storeListener = NullListener.INSTANCE; /** * The validator used for the SSL handshake */ private X509CertChainValidatorExt validator; /** * The store used to keep VOMS server contact information. */ private VOMSServerInfoStore serverInfoStore; /** * The provided strategy to lookup vomses information. */ private VOMSESLookupStrategy vomsesLookupStrategy; /** * A list of paths where vomses information will be looked for, used to * create the server info store. */ private List<String> vomsesLocations; /** * The connect timeout value */ private int connectTimeout = AbstractVOMSProtocol.DEFAULT_CONNECT_TIMEOUT; /** * The read timeout used */ private int readTimeout = AbstractVOMSProtocol.DEFAULT_READ_TIMEOUT; /** * Whether the client should skip hostname checking */ private boolean skipHostnameChecks = true; /** * The http protocol implementation */ protected VOMSProtocol httpProtocol; /** * The voms legacy protocol implementation */ protected VOMSProtocol legacyProtocol; /** * Creates a Builder for a {@link DefaultVOMSACService}. * * @param certChainValidator * the validator to use to setup the SSL connection and validate * the certificates */ public Builder(X509CertChainValidatorExt certChainValidator) { if (certChainValidator == null) throw new NullPointerException("Please provide a non-null certificate chain validator"); this.validator = certChainValidator; } /** * Sets the request listener for the {@link DefaultVOMSACService} that this * builder is creating * * @param l * the request listener that will receive notifications about * request events * @return this {@link Builder} instance */ public Builder requestListener(VOMSRequestListener l) { this.requestListener = l; return this; } /** * Sets the {@link VOMSServerInfoStoreListener} for the * {@link DefaultVOMSACService} that this builder is creating * * @param sl * the store listener that will receive notifications about store * events * @return this {@link Builder} instance */ public Builder serverInfoStoreListener(VOMSServerInfoStoreListener sl) { this.storeListener = sl; return this; } /** * Sets the {@link VOMSServerInfoStore} for the {@link DefaultVOMSACService} * that this builder is creating * * @param sis * a {@link VOMSServerInfoStore} object * @return this {@link Builder} instance */ public Builder serverInfoStore(VOMSServerInfoStore sis) { this.serverInfoStore = sis; return this; } /** * Sets the {@link VOMSProtocolListener} for the * {@link DefaultVOMSACService} that this builder is creating * * @param pl * the {@link VOMSProtocolListener} that will receive notifications * about protocol events * @return this {@link Builder} instance */ public Builder protocolListener(VOMSProtocolListener pl) { this.protocolListener = pl; return this; } /** * Sets the connect timeout (in millisecods) for the * {@link DefaultVOMSACService} that this builder is creating * * @param timeout * the timeout value in milliseconds * @return this {@link Builder} instance */ public Builder connectTimeout(int timeout) { this.connectTimeout = timeout; return this; } /** * Sets the read timeout (in milliseconds) for the * {@link DefaultVOMSACService} that this builder is creating * * @param timeout * the timeout value in milliseconds * @return this {@link Builder} instance */ public Builder readTimeout(int timeout) { this.readTimeout = timeout; return this; } /** * Sets a flag to skip VOMS hostname checking. Allows for creative VOMS * server side certificate configuration. * * @param s * <code>true</code> to skip the checks, <code>false</code> * otherwise * * @return this {@link Builder} instance */ public Builder skipHostnameChecks(boolean s) { this.skipHostnameChecks = s; return this; } /** * Sets the vomses lookup strategy for the {@link DefaultVOMSACService} that * this builder is creating * * @param strategy * the {@link VOMSESLookupStrategy} object * @return this {@link Builder} instance */ public Builder vomsesLookupStrategy(VOMSESLookupStrategy strategy) { this.vomsesLookupStrategy = strategy; return this; } /** * Sets a list of locations that will be used to build a * {@link VOMSESLookupStrategy} for the {@link DefaultVOMSACService} that * this builder is creating * * @param vomsesLocations * a list of paths where vomses information will be looked for * @return this {@link Builder} instance */ public Builder vomsesLocations(List<String> vomsesLocations) { this.vomsesLocations = vomsesLocations; return this; } /** * Sets the http protocol implementation * * @param httpProtocol * the http protocol implementatino * @return this {@link Builder} instance */ public Builder httpProtocol(VOMSProtocol httpProtocol) { this.httpProtocol = httpProtocol; return this; } /** * Sets the legacy protocol implementation * * @param legacyProtocol * the legacy protocol implementation * * @return * the {@link Builder} */ public Builder legacyProtocol(VOMSProtocol legacyProtocol) { this.legacyProtocol = legacyProtocol; return this; } /** * Builds the server info store */ protected void buildServerInfoStore() { if (serverInfoStore != null) return; serverInfoStore = new DefaultVOMSServerInfoStore.Builder().lookupStrategy(vomsesLookupStrategy) .storeListener(storeListener).vomsesPaths(vomsesLocations).build(); } /** * Builds default protocols if needed */ protected void buildProtocols() { if (httpProtocol == null) { RESTProtocol p = new RESTProtocol(validator, protocolListener, connectTimeout, readTimeout); p.setSkipHostnameChecks(skipHostnameChecks); httpProtocol = p; } if (legacyProtocol == null) { LegacyProtocol p = new LegacyProtocol(validator, protocolListener, connectTimeout, readTimeout); p.setSkipHostnameChecks(skipHostnameChecks); legacyProtocol = p; } } /** * Builds the {@link DefaultVOMSACService} * * @return a {@link DefaultVOMSACService} configured as required by this * builder */ public DefaultVOMSACService build() { buildServerInfoStore(); buildProtocols(); return new DefaultVOMSACService(this); } } }