Changeset 94 for dataportal


Ignore:
Timestamp:
18/02/05 12:51:43 (16 years ago)
Author:
nbennett
Message:

* empty log message *

Location:
dataportal/trunk/acmnerc/src/uk/ac/cclrc/authorisation
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • dataportal/trunk/acmnerc/src/uk/ac/cclrc/authorisation/ACGen.java

    r91 r94  
    2626    private PrivateKey hostPrivateKey; 
    2727    private PublicKey hostPublicKey; 
    28     private String messageText; 
    29     private String certFile; 
    30     private String keyFile; 
     28    private String messageText, certFile, keyFile, basePath; 
    3129    private java.security.cert.X509Certificate x509Cert; 
    3230 
     
    123121        byte[] encodedHolderBytes = org.globus.util.Base64.encode( holderBytes ); 
    124122        String encodedHolderString = new String( encodedHolderBytes ); 
    125         File signatureFile = new File( issuerName + "_" + encodedHolderString + "_signature.xml"); 
     123        File signatureFile = new File( basePath + issuerName + "_" + encodedHolderString + ".xml"); 
    126124        
    127125        XMLSignature sig = null; 
     
    330328        }                 
    331329        */ 
     330        basePath = prop.getProperty("base_path"); 
     331        if( basePath == null ) 
     332        { 
     333            throw new GeneralSecurityException( "The base path to the directory where signed tokens are stored " + 
     334                "is not specified in the config file" ); 
     335        }                         
    332336        // System.out.println(keyStoreFileName); 
    333337        if(keyStoreFileName == null || keyStoreFileName.equals("")) keyStoreFileName = System.getProperty("user.home")+File.separator+".keystore"; 
  • dataportal/trunk/acmnerc/src/uk/ac/cclrc/authorisation/client/TokenReader.java

    r91 r94  
    3939    private X509Certificate acServerCertificate; 
    4040    private PublicKey acServerPublicKey; 
    41     private String messageText; 
    42     private String certFile; 
     41    private String messageText, certFile, basePath; 
    4342    private Properties prop; 
    4443     
     
    4746    RSAPublicKey pubKey; 
    4847     
    49     public TokenReader() throws IOException, CertificateException 
     48    public TokenReader() throws IOException, CertificateException, GeneralSecurityException 
    5049    { 
    5150        // certFile = System.getProperty("user.home")+File.separator+".globus"+File.separator+"portalcert.pem"; 
     
    6665            throw ioe; 
    6766        } 
     67        basePath = prop.getProperty( "base_path" ); 
     68        if( basePath == null ) 
     69        { 
     70            throw new GeneralSecurityException( "The base path to the directory where signed tokens are stored " + 
     71                "is not specified in the config file" ); 
     72        }                         
     73         
    6874        String filename = prop.getProperty("certificate"); 
    6975        if(filename == null) throw new FileNotFoundException("keystore certificate not specified in config file"); 
     
    8288     *  @return boolean true/false 
    8389     **/ 
    84     /* 
    8590    public AttributeList getAttributes(org.w3c.dom.Element authorisationToken) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidAuthorisationTokenException, Exception { 
    8691        try { 
     
    106111        } 
    107112    } 
    108      */ 
    109113     
    110114    // NOT USED FOR XML SIGNATURE     
     
    130134     *  @return boolean true/false 
    131135     **/ 
    132     /* 
    133136    private boolean verifyauthorisationToken(Element acInfo, Element signature)   throws NoSuchAlgorithmException, InvalidKeyException, SignatureException   { 
    134137         
     
    155158         
    156159    } 
    157      */ 
    158160     
    159161    // INCLUDED FOR XML SIGNATURE     
     
    176178        String encodedHolderString = new String( encodedHolderBytes ); 
    177179         
    178         String signatureFileName = issuerName + "_" + encodedHolderString + "_signature.xml"; 
     180        String signatureFileName = basePath + issuerName + "_" + encodedHolderString + ".xml"; 
    179181 
    180182        boolean schemaValidate = false; 
     
    216218 
    217219        System.out.println("**********************************************"); 
    218         System.out.println("Try to verify signature file associated with the authorisation token whose data is to be extracted"); 
     220        //System.out.println("Try to verify signature file associated with the authorisation token whose data is to be extracted"); 
     221        System.out.println("Try to verify signed authorisation token file whose data is to be extracted"); 
    219222        System.out.println("//////////////////////////////////////////////"); 
    220223        System.out.println(""); 
  • dataportal/trunk/acmnerc/src/uk/ac/cclrc/authorisation/server/ACServer.java

    r91 r94  
    103103        if( server == null ) 
    104104        { 
    105             throw new GeneralSecurityException( "The name/URL of the database server containing the user/role data" + 
     105            throw new GeneralSecurityException( "The name/URL of the database server containing the user/role data " + 
    106106                "is not specified in the config file" ); 
    107107        } 
     
    110110        if( port == null ) 
    111111        { 
    112             throw new GeneralSecurityException( "The port for queries to the database server containing user/role data" + 
     112            throw new GeneralSecurityException( "The port for queries to the database server containing user/role data " + 
    113113                "is not specified in the config file" ); 
    114114        } 
     
    117117        if( dbName == null ) 
    118118        { 
    119             throw new GeneralSecurityException( "The name of the database containing the user/role data" + 
     119            throw new GeneralSecurityException( "The name of the database containing the user/role data " + 
    120120                "is not specified in the config file" ); 
    121121        } 
     
    142142        if( signatureAlgorithm == null ) 
    143143        { 
    144             throw new GeneralSecurityException( "The signature algorithm to be used for digitally signing attribute certificates" + 
     144            throw new GeneralSecurityException( "The signature algorithm to be used for digitally signing attribute certificates " + 
    145145                "is not specified in the config file" ); 
    146146        } 
     
    160160        }                 
    161161         
    162         mapFilePath = prop.getProperty("map_file_location"); 
    163          
    164162        mappingPreference = prop.getProperty("mapping_preference"); 
    165163        if( mappingPreference == null ) 
     
    169167        }         
    170168         
     169        mapFilePath = prop.getProperty("map_file_location"); 
     170        if( !mappingPreference.equalsIgnoreCase( "database" ) && mapFilePath == null ) 
     171        { 
     172            throw new GeneralSecurityException( "A mapping file will be used for role mappings yet the path of this file " + 
     173                "is not specified in the config file" ); 
     174        } 
     175         
    171176        tokenLifetime = prop.getProperty("token_lifetime"); 
    172177        if( tokenLifetime == null ) 
     
    176181 
    177182        String quotedStdRolesQuery = prop.getProperty("std_roles_query"); 
     183        if( quotedStdRolesQuery == null ) 
     184        { 
     185            throw new GeneralSecurityException( "The standard roles query is not specified in the config file" ); 
     186        }                 
    178187        sf = new StringFormatter( quotedStdRolesQuery ); 
    179188        stdRolesQuery = sf.removeQuotes(); 
     
    184193*/ 
    185194        String quotedAffilOrgsQuery = prop.getProperty("affil_orgs_query"); 
     195        if( quotedAffilOrgsQuery == null ) 
     196        { 
     197            throw new GeneralSecurityException( "The affiliated organisations query is not completely specified in the config file" ); 
     198        }                 
    186199        sf.setNewString( quotedAffilOrgsQuery ); 
    187200        affilOrgsQuery = sf.removeQuotes(); 
    188201 
    189202        String quotedAffilOrgsQuery2 = prop.getProperty("affil_orgs_query2"); 
     203        if( quotedAffilOrgsQuery2 == null ) 
     204        { 
     205            throw new GeneralSecurityException( "The affiliated organisations query is not completely specified in the config file" ); 
     206        }                         
    190207        sf.setNewString( quotedAffilOrgsQuery2 ); 
    191208        affilOrgsQuery2 = sf.removeQuotes(); 
     
    195212        { 
    196213            throw new GeneralSecurityException( "The first field of distinguished names is not specified in the config file" ); 
    197         }                 
     214        } 
     215        if( !( dbDNstartValue.equalsIgnoreCase( "CN" ) || dbDNstartValue.equalsIgnoreCase( "C" ) ) ) 
     216        { 
     217            throw new GeneralSecurityException( "The first field of distinguished names specified in the config file must be C or CN" ); 
     218        } 
    198219 
    199220        String quotedDBDNequalityString = prop.getProperty("db_DN_equality_string"); 
     221        if( quotedDBDNequalityString == null ) 
     222        { 
     223            throw new GeneralSecurityException( "The distinguished names equality string is not specified in the config file" ); 
     224        }         
    200225        sf.setNewString( quotedDBDNequalityString ); 
    201226        dbDNequalityString = sf.removeQuotes();             
    202227 
    203228        String quotedDBDNdelimString = prop.getProperty("db_DN_delim_string");             
     229        if( quotedDBDNdelimString == null ) 
     230        { 
     231            throw new GeneralSecurityException( "The distinguished names delimiter string is not specified in the config file" ); 
     232        }                 
    204233        sf.setNewString( quotedDBDNdelimString ); 
    205234        dbDNdelimString = sf.removeQuotes();      
    206235 
    207236        String quotedUserQuery = prop.getProperty("user_query"); 
     237        if( quotedUserQuery == null ) 
     238        { 
     239            throw new GeneralSecurityException( "The user query is not specified in the config file" ); 
     240        } 
    208241        sf.setNewString( quotedUserQuery ); 
    209242        userQuery = sf.removeQuotes(); 
    210243 
    211         String quotedMappedRolesQuery1 = prop.getProperty("mapped_roles_query_pt1"); 
    212         sf.setNewString( quotedMappedRolesQuery1 ); 
    213         mappedRolesQuery1 = sf.removeQuotes(); 
    214  
    215         String quotedMappedRolesQuery2 = prop.getProperty("mapped_roles_query_pt2"); 
    216         sf.setNewString( quotedMappedRolesQuery2 ); 
    217         mappedRolesQuery2 = sf.removeQuotes();             
     244        String quotedMappedRolesQuery1 = ""; 
     245        String quotedMappedRolesQuery2 = ""; 
     246         
     247        if( mappingPreference.equalsIgnoreCase( "database" ) ) 
     248        { 
     249            quotedMappedRolesQuery1 = prop.getProperty("mapped_roles_query_pt1"); 
     250            if( quotedMappedRolesQuery1 == null ) 
     251            { 
     252                throw new GeneralSecurityException( "The mapped roles query is not completely specified in the config file" ); 
     253            } 
     254            sf.setNewString( quotedMappedRolesQuery1 ); 
     255            mappedRolesQuery1 = sf.removeQuotes(); 
     256 
     257            quotedMappedRolesQuery2 = prop.getProperty("mapped_roles_query_pt2"); 
     258            if( quotedMappedRolesQuery2 == null ) 
     259            { 
     260                throw new GeneralSecurityException( "The mapped roles query is not completely specified in the config file" ); 
     261            } 
     262            sf.setNewString( quotedMappedRolesQuery2 ); 
     263            mappedRolesQuery2 = sf.removeQuotes();             
     264        } 
    218265 
    219266        String quotedPubKeyQuery = prop.getProperty("pub_key_query"); 
     
    291338            // NDB - demo-code 
    292339            System.out.println("**********************************************"); 
    293             System.out.println("User NOT found in local database so will now see if mapped authorisation token can be generated"); 
     340            System.out.println("User NOT found in local database.  Will now see if a mapped authorisation token is available / can be generated"); 
    294341            System.out.println("//////////////////////////////////////////////"); 
    295342            System.out.println(""); 
     
    303350                list =  reader.getACInfo( extAuthToken ); 
    304351                String authTokenProvenance = list.getProvenance(); 
     352                String issuerName = list.getIssuerName(); 
    305353 
    306354                System.out.println("**********************************************"); 
     
    312360                if( authTokenProvenance.equals("mapped") ) 
    313361                { 
    314                     throw new InvalidAuthorisationTokenException( "Mapped Authorisation Tokens can not be used to generate further Authorisation Tokens - only Original Authorisation Tokens for affiliated institutions can be." ); 
     362                    if( issuerName.equalsIgnoreCase( facility ) ) 
     363                    { 
     364                        System.out.println("**********************************************"); 
     365                        System.out.println("The user is passing in a mapped token that was issued by this data centre." ); 
     366                        System.out.println("This token can be used itself and a new mapped token does not need to be generated"); 
     367                        System.out.println("//////////////////////////////////////////////"); 
     368                        System.out.println(""); 
     369                        System.out.println(""); 
     370                         
     371                        return extAuthToken; 
     372                    } 
     373                    else 
     374                    { 
     375                        throw new InvalidAuthorisationTokenException( "Mapped Authorisation Tokens can not be used to generate further Authorisation Tokens - only Original Authorisation Tokens for affiliated institutions can be." ); 
     376                    } 
    315377                } 
    316378                else 
     
    469531 
    470532        String extdbDNstartValue = prop.getProperty(extOrg+"_db_DN_start_value"); 
    471  
     533        if( extdbDNstartValue == null ) 
     534        { 
     535            throw new GeneralSecurityException( "The first field of " + extOrg + " distinguished names is not specified in the config file" ); 
     536        } 
     537        if( !( extdbDNstartValue.equalsIgnoreCase( "CN" ) || extdbDNstartValue.equalsIgnoreCase( "C" ) ) ) 
     538        { 
     539            throw new GeneralSecurityException( "The first field of " + extOrg + " distinguished names specified in the config file must be C or CN" ); 
     540        } 
     541         
    472542        String quotedExtDBDNequalityString = prop.getProperty(extOrg+"_db_DN_equality_string"); 
     543        if( quotedExtDBDNequalityString == null ) 
     544        { 
     545            throw new GeneralSecurityException( "The " + extOrg + " distinguished names equality string is not specified in the config file" ); 
     546        }                 
    473547        sf.setNewString( quotedExtDBDNequalityString ); 
    474548        String extdbDNequalityString = sf.removeQuotes();             
    475549 
    476         String quotedExtDBDNdelimString = prop.getProperty(extOrg+"_db_DN_delim_string");             
     550        String quotedExtDBDNdelimString = prop.getProperty(extOrg+"_db_DN_delim_string");  
     551        if( quotedExtDBDNdelimString == null ) 
     552        { 
     553            throw new GeneralSecurityException( "The " + extOrg + " distinguished names delimiter string is not specified in the config file" ); 
     554        }                         
    477555        sf.setNewString( quotedExtDBDNdelimString ); 
    478556        String extdbDNdelimString = sf.removeQuotes();      
     
    12111289        }         
    12121290         
     1291        if( keyStoreFileName == null || keyStoreFileName.equals("") ) 
     1292        { 
     1293            throw new GeneralSecurityException( "The keystore file name is not specified in the config file" ); 
     1294        } 
    12131295        // System.out.println(keyStoreFileName); 
    1214         if(keyStoreFileName == null || keyStoreFileName.equals("")) keyStoreFileName = System.getProperty("user.home")+File.separator+".keystore"; 
    1215         if(keyStorePasswd == null || keyStorePasswd.equals("")) keyStorePasswd = "changeit"; 
     1296        //if(keyStoreFileName == null || keyStoreFileName.equals("")) keyStoreFileName = System.getProperty("user.home")+File.separator+".keystore"; 
     1297        //if(keyStorePasswd == null || keyStorePasswd.equals("")) keyStorePasswd = "changeit"; 
     1298        if(keyStorePasswd == null || keyStorePasswd.equals("")) 
     1299        { 
     1300            throw new GeneralSecurityException( "The keystore password is not specified in the config file" ); 
     1301        }     
    12161302         
    12171303        //KeyStore keystore = KeyStore.getInstance( "JKS" ); 
Note: See TracChangeset for help on using the changeset viewer.