Skip to content

Commit

Permalink
Merge pull request #8 from maartenplieger/master
Browse files Browse the repository at this point in the history
Added cross origin flag to WMS endpoint
  • Loading branch information
maartenplieger authored Feb 16, 2018
2 parents f50d5bb + 0662c2c commit 48ede6f
Show file tree
Hide file tree
Showing 11 changed files with 337 additions and 63 deletions.
85 changes: 61 additions & 24 deletions src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java
Original file line number Diff line number Diff line change
@@ -1,14 +1,34 @@
package nl.knmi.adaguc.security;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.ietf.jgss.GSSException;
import org.springframework.security.core.AuthenticationException;

import nl.knmi.adaguc.security.PemX509Tools.X509Info;
import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
import nl.knmi.adaguc.security.token.Token;
import nl.knmi.adaguc.security.token.TokenManager;
import nl.knmi.adaguc.security.user.User;
import nl.knmi.adaguc.security.user.UserManager;
import nl.knmi.adaguc.tools.Debug;
import nl.knmi.adaguc.tools.ElementNotFoundException;
import nl.knmi.adaguc.tools.HTTPTools;
Expand All @@ -24,55 +44,72 @@ public AuthenticatorImpl() {
// TODO Auto-generated constructor stub
}


@Override
public void init(HttpServletRequest request) {
// Debug.println("Init");
public synchronized void init(HttpServletRequest request) {
if (request == null ) {
return;
}
// Debug.println("Init");
String sessionId = null;
HttpSession session = request.getSession();
if (session!=null) {
sessionId = (String) session.getAttribute("user_identifier");
}


if (sessionId!=null) {
x509 = new PemX509Tools().new X509Info(sessionId, sessionId);
Debug.println("Got userid from session");
return;
} else {
Debug.println("No userinfo from session");
}

x509 = new PemX509Tools().getUserIdFromCertificate(request);
Debug.println("No user info found from certificates");
if(x509 == null){
String path = request.getServletPath();
String tokenStr = new TokenManager().getTokenFromPath(path);
if(tokenStr == null){
try {

String tokenStr = new TokenManager().getTokenFromPath(path);

if(tokenStr == null){
try {
tokenStr = HTTPTools.getHTTPParam(request, "key");
} catch (Exception e) {
} catch (Exception e1) {
Debug.println("No access token set in URL via key=<accesstoken> KVP");
}
}
if(tokenStr!=null){
Token token = null;
}

if(tokenStr!=null){
Token token = null;
try {
token = TokenManager.getToken(tokenStr);
// Debug.println("Found token "+token);
// Debug.println("Found token "+token);
x509 = new PemX509Tools().new X509Info(token.getUserId(), token.getToken());
// Debug.println("Found user "+x509.getCN());
} catch (AuthenticationException | IOException | ElementNotFoundException e) {
// Debug.println("Found user "+x509.getCN());
} catch (AuthenticationException | IOException | ElementNotFoundException e1) {
// TODO Auto-generated catch block
Debug.printStackTrace(e);
Debug.printStackTrace(e1);
}



}else{
Debug.println("Unable to find user info from certificate or accesstoken");
}





}

}

public String getClientId(){
if(x509 == null){
return null;
}
return x509.getCN();
}


}
63 changes: 52 additions & 11 deletions src/main/java/nl/knmi/adaguc/security/user/User.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,38 @@

import java.io.IOException;


import lombok.Getter;
import nl.knmi.adaguc.tools.ElementNotFoundException;
import nl.knmi.adaguc.config.MainServicesConfigurator;
import nl.knmi.adaguc.security.PemX509Tools;
import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
import nl.knmi.adaguc.security.SecurityConfigurator;
import nl.knmi.adaguc.tools.Debug;
import nl.knmi.adaguc.tools.Tools;

public class User {
@Getter
String homeDir = null;

@Getter
String userId = null;

@Getter
String dataDir = null;



private X509UserCertAndKey userCert;


public static String makePosixUserId(String userId){
if (userId == null)
return null;
if (userId == null)
return null;

userId = userId.replace("http://", "");
userId = userId.replace("https://", "");
userId = userId.replaceAll("/", ".");
return userId;
}
userId = userId.replace("http://", "");
userId = userId.replace("https://", "");
userId = userId.replaceAll("/", ".");
return userId;
}


public User(String _id) throws IOException, ElementNotFoundException {
Expand All @@ -41,6 +47,41 @@ public User(String _id) throws IOException, ElementNotFoundException {
Debug.println("User Home Dir: "+homeDir);
}

/**
* Create NetCDF .httprc or .dodsrc resource file and store it in the users
* home directory
*
* @param user
* The user object
* @throws IOException
* @throws ElementNotFoundException
*/
private synchronized void createNCResourceFile()
throws IOException, ElementNotFoundException {
String fileContents =
"HTTP.SSL.VALIDATE=0\n" +
"HTTP.COOKIEJAR=" + this.homeDir + "/.dods_cookies\n" +
"HTTP.SSL.CERTIFICATE=" + this.homeDir + "/cert.crt" + "\n" +
"HTTP.SSL.KEY=" + this.homeDir + "/cert.key" + "\n" +
"HTTP.SSL.SSLv3="+this.homeDir + "/cert.crt"+"\n" +
"HTTP.SSL.CAPATH="+ SecurityConfigurator.getTrustRootsCADirectory();
Debug.println("createNCResourceFile for user "+this.userId+":\n"+fileContents);
Tools.writeFile(this.homeDir + "/.httprc", fileContents);
Tools.writeFile(this.homeDir + "/.dodsrc", fileContents);
}
public void setCertificate(X509UserCertAndKey userCert) throws IOException, ElementNotFoundException {
/* TODO could optinally write cert to user basket */


PemX509Tools.writeCertificateToPemFile(userCert.getUserSlCertificate(), this.homeDir + "/cert.crt");
PemX509Tools.writePrivateKeyToPemFile(userCert.getPrivateKey(), this.homeDir + "/cert.key");

this.userCert = userCert;
createNCResourceFile();
}

public X509UserCertAndKey getCertificate() {
return this.userCert;
}

}
71 changes: 70 additions & 1 deletion src/main/java/nl/knmi/adaguc/security/user/UserManager.java
Original file line number Diff line number Diff line change
@@ -1,14 +1,38 @@
package nl.knmi.adaguc.security.user;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

import javax.servlet.http.HttpServletRequest;

import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.bouncycastle.operator.OperatorCreationException;
import org.ietf.jgss.GSSException;
import org.json.JSONException;
import org.springframework.security.core.AuthenticationException;

import nl.knmi.adaguc.tools.Debug;
import nl.knmi.adaguc.tools.ElementNotFoundException;
import nl.knmi.adaguc.security.AuthenticationExceptionImpl;
import nl.knmi.adaguc.security.AuthenticatorFactory;
import nl.knmi.adaguc.security.AuthenticatorInterface;
import nl.knmi.adaguc.security.CertificateVerificationException;
import nl.knmi.adaguc.security.PemX509Tools;
import nl.knmi.adaguc.security.SecurityConfigurator;
import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
import nl.knmi.adaguc.services.oauth2.OAuth2Handler;



Expand All @@ -30,10 +54,55 @@ public synchronized static User getUser(String id) throws IOException, ElementNo
}

private static String harmonizeUserId(String id) {
return id;
return User.makePosixUserId(id);
}

public synchronized static User getUser(AuthenticatorInterface authenticator) throws IOException, ElementNotFoundException, AuthenticationException {
return getUser(authenticator.getClientId());
}

public static String makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
String ts = SecurityConfigurator.getTrustStore();

char [] tsPass = SecurityConfigurator.getTrustStorePassword().toCharArray();

Debug.println("Running remote adaguc with truststore");

X509UserCertAndKey userCertificate = null;

AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(servletRequest);
if(authenticator!=null){
User user = UserManager.getUser(authenticator);
if(user!=null){
userCertificate = user.getCertificate();
if (userCertificate == null) {
try {
OAuth2Handler.makeUserCertificate(user.userId);
} catch (OperatorCreationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateVerificationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
if (userCertificate!=null) {
Debug.println("Making request with user certificate");
}


CloseableHttpClient httpClient = (new PemX509Tools()).
getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate);
CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));
return EntityUtils.toString(httpResponse.getEntity());
}




}
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter()
return converter;
}
@ResponseBody
@CrossOrigin
@RequestMapping("wms")
public void ADAGUCSERVERWMS(HttpServletResponse response, HttpServletRequest request){

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,16 @@ public static void runADAGUC(HttpServletRequest request,HttpServletResponse resp
List<String> environmentVariables = new ArrayList<String>();
String userHomeDir="/tmp/";

// AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request);
// if(authenticator != null){
// userHomeDir = UserManager.getUser(authenticator).getHomeDir();
// }
AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request);
if(authenticator != null){
try {
userHomeDir = UserManager.getUser(authenticator).getHomeDir();
} catch(Exception e){

}

}
Debug.println("Using home " + userHomeDir);
String homeURL=MainServicesConfigurator.getServerExternalURL();
String adagucExecutableLocation = ADAGUCConfigurator.getADAGUCExecutable();
Debug.println("adagucExecutableLocation: "+adagucExecutableLocation);
Expand Down
10 changes: 1 addition & 9 deletions src/main/java/nl/knmi/adaguc/services/basket/Basket.java
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,5 @@ public BasketNode listFiles(BasketNode bn, String dir) throws ElementNotFoundExc
}


public static void main(String[]argv) {
Basket b=new Basket("/nobackup/users/vreedede/testimpactspace", "testBasket", null);
try {
System.err.println(b.listFiles());
} catch (ElementNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

}
Loading

0 comments on commit 48ede6f

Please sign in to comment.