/** * Generate a list of cookies based on the original credentials passed in, one for each * of the supported domains. * * @param cookieValue * @param requestURI * @return cookieList */ public List<SSOCookieCredential> getSSOCookieCredentials(final String cookieValue, final String requestURI) throws InvalidDelegationTokenException, IOException { List<SSOCookieCredential> cookieList = new ArrayList<>(); DelegationToken cookieToken = DelegationToken.parse(cookieValue, requestURI, new CookieScopeValidator()); for (String domain: cookieToken.getDomains()) { SSOCookieCredential nextCookie = new SSOCookieCredential(cookieValue, domain, cookieToken.getExpiryTime()); cookieList.add(nextCookie); } return cookieList; }
/** * Constructor. * * @param user identity of the delegating user - required * @param scope - scope of the delegation, i.e. resource that it applies * to - optional * @param expiryTime - the expiry date of this token (UTC) */ public DelegationToken(HttpPrincipal user, URI scope, Date expiryTime, List<String> domains) { // Validation of parameter means using this() to call // other constructor isn't possible. if (user == null) { throw new IllegalArgumentException("User identity required"); } this.addPrincipal(user); if (expiryTime == null) { throw new IllegalArgumentException("No expiry time"); } this.expiryTime = expiryTime; this.scope = scope; this.setDomains(domains); }
/** * Constructor. * * @param principals - sorted set of identity principals (http, x500, cadc) * @param scope - scope of the delegation, i.e. resource that it applies to - optional * @param expiryTime - the expiry date of this token (UTC) * @param domains - list of domains that this token could be used for */ public DelegationToken(Set<Principal> principals, URI scope, Date expiryTime, List<String> domains) { if (principals == null || principals.size() == 0) { throw new IllegalArgumentException("Identity principals required (ie http, x500, cadc internal)"); } if (expiryTime == null) { throw new IllegalArgumentException("No expiry time"); } this.addPrincipals(principals); this.expiryTime = expiryTime; this.scope = scope; this.setDomains(domains); }
/** * Builds a DelegationToken from a text string * * @param text Token to parse * @param requestURI The HTTP Request URI * @param sv ScopeValidator instance. * @return corresponding DelegationToken * @throws InvalidDelegationTokenException If the given token cannot be parsed. */ public static DelegationToken parse(String text, String requestURI, ScopeValidator sv) throws InvalidDelegationTokenException { if (text.startsWith(DelegationToken.EXPIRY_LABEL)) { final String[] fields = text.split(FIELD_DELIM); return parse(fields, text, requestURI, sv); } else { return parseEncoded(URI.create(text), requestURI, sv); } }
this.token = DelegationToken.parse(tokenValue, request.getRequestURI()); principals.add(new HttpPrincipal(httpUser)); else if (token != null) // user from token principals.add(token.getUser()); ssoCookie.getValue()); cookiePrincipals = cookieToken.getIdentityPrincipals(); principals.addAll(cookiePrincipals);
sb.append(token.getExpiryTime().getTime()); HttpPrincipal user = token.getUser(); if (StringUtil.hasText(user.getProxyUser())) { sb.append(FIELD_DELIM); if (token.getScope() != null) { sb.append(FIELD_DELIM); sb.append(SCOPE_LABEL); sb.append(VALUE_DELIM); sb.append(token.getScope()); if (token.getDomains() != null) { for (String domain : token.getDomains()) { sb.append(FIELD_DELIM); sb.append(DOMAIN_LABEL);
@Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("DelegationToken(").append(USER_LABEL).append("="); if (StringUtil.hasText(getUser().getProxyUser())) { sb.append(",").append(PROXY_LABEL).append("="); sb.append(getUser().getProxyUser()); } sb.append(getUser()); sb.append(",").append(SCOPE_LABEL).append("="); sb.append(getScope()); sb.append(",startTime="); sb.append(getExpiryTime()); for (String domain : domains) { sb.append(",").append(DOMAIN_LABEL).append("=").append(domain); } sb.append(")"); return sb.toString(); }
/** * Parse the given text into a DelegationToken object. * * @param text The token string. * @param requestURI The HTTP Request URI * @return DelegationToken instance. Never null. * @throws InvalidDelegationTokenException If the given token cannot be parsed. */ public static DelegationToken parse(String text, String requestURI) throws InvalidDelegationTokenException { return parse(text, requestURI, null); }
sv = getScopeValidator(); validateSignature(signature, cookieText); return new DelegationToken(principalSet, scope, expirytime, domains);
/** * Generate a new cookie value for the set of Principals, scope and expiryDate. * Sets a default scope and expiry if either not supplied * @param principalSet * @param scope * @param expiryDate * @return * @throws InvalidKeyException * @throws IOException */ public final String generate(final Set<Principal> principalSet, URI scope, Date expiryDate) throws InvalidKeyException, IOException { if (scope == null) { scope = SCOPE_URI; } if (expiryDate == null) { expiryDate = getExpirationDate(); } List<String> domainList = null; PropertiesReader propReader = new PropertiesReader(DOMAINS_PROP_FILE); List<String> domainValues = propReader.getPropertyValues("domains"); if (domainValues != null && (domainValues.size() > 0)) { domainList = Arrays.asList(domainValues.get(0).split(" ")); } DelegationToken token = new DelegationToken(principalSet, scope, expiryDate, domainList); return DelegationToken.format(token); }
/** * Serializes and signs the object into a string of attribute-value pairs. * * @param token the token to format * the returned string * @return String with DelegationToken information * @throws IOException Any IO Errors. * @throws InvalidKeyException If the signature cannot be completed. */ public static String format(DelegationToken token) throws InvalidKeyException, IOException { return format(token, TokenEncoding.BASE64); }
private void addPrincipal(Principal p) { if (p != null) { Set<Principal> pSet = new HashSet<>(); pSet.add(p); addPrincipals(pSet); } }
/** * Serializes and signs the object into a string of attribute-value pairs. * * @param token the token to format * the returned string * @return String with DelegationToken information, with a "scheme" to indicate the encoding type. * @throws IOException Any IO Errors. * @throws InvalidKeyException If the signature cannot be completed. */ public static String format(final DelegationToken token, final TokenEncoding tokenEncoding) throws InvalidKeyException, IOException { StringBuilder sb = getContent(token); //sign and add the signature field String toSign = sb.toString(); log.debug("string to be signed: " + toSign); sb.append(FIELD_DELIM); sb.append(SIGNATURE_LABEL); sb.append(VALUE_DELIM); // Signature is always Base64 encoded. This is necessary because the value of the Signature alone cannot be // easily transported. final RsaSignatureGenerator su = new RsaSignatureGenerator(); final byte[] sig = su.sign(new ByteArrayInputStream(toSign.getBytes())); sb.append(new String(Base64.encode(sig))); return tokenEncoding.name().toLowerCase() + ":" + new String(TOKEN_ENCODER_DECODER.encode(sb.toString().getBytes(), tokenEncoding)); }
if (StringUtil.hasText(tokenValue)) { try { this.token = DelegationToken.parse(tokenValue, request.getResourceRef().getPath()); } catch (InvalidDelegationTokenException ex) { log.debug("invalid DelegationToken: " + tokenValue, ex); } else if (token != null) // user from token principals.add(token.getUser()); ssoCookie.getValue()); cookiePrincipals = cookieToken.getIdentityPrincipals(); principals.addAll(cookiePrincipals);
private static DelegationToken parseEncoded(final URI encodedURI, final String requestURI, final ScopeValidator scopeValidator) throws InvalidDelegationTokenException { if (!StringUtil.hasLength(encodedURI.getScheme())) { throw new InvalidDelegationTokenException("Wrong format for encoded token."); } else { final TokenEncoding tokenEncoding = TokenEncoding.valueOf(encodedURI.getScheme().toUpperCase()); final byte[] decodedBytes = TOKEN_ENCODER_DECODER.decode(encodedURI.getSchemeSpecificPart(), tokenEncoding); final String decodedString = new String(decodedBytes); return parse(decodedString.split(FIELD_DELIM), decodedString, requestURI, scopeValidator); } }
token = DelegationToken.parse(value, SCOPE_URI.toASCIIString(), new CookieScopeValidator());