Merge pull request #8 from maartenplieger/master

Added cross origin flag to WMS endpoint

src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java

@@ -1,14 +1,34 @@
 package nl.knmi.adaguc.security;
 
 import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.ietf.jgss.GSSException;
 import org.springframework.security.core.AuthenticationException;
 
 import nl.knmi.adaguc.security.PemX509Tools.X509Info;
+import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
 import nl.knmi.adaguc.security.token.Token;
 import nl.knmi.adaguc.security.token.TokenManager;
+import nl.knmi.adaguc.security.user.User;
+import nl.knmi.adaguc.security.user.UserManager;
 import nl.knmi.adaguc.tools.Debug;
 import nl.knmi.adaguc.tools.ElementNotFoundException;
 import nl.knmi.adaguc.tools.HTTPTools;
@@ -24,55 +44,72 @@ public AuthenticatorImpl() {
 		// TODO Auto-generated constructor stub
 	}
 
-
 	@Override
-	public void init(HttpServletRequest request) {
-//		Debug.println("Init");
+	public synchronized void init(HttpServletRequest request) {
+		if (request == null ) {
+			return;
+		}
+		//		Debug.println("Init");
+		String sessionId = null;
+		HttpSession session = request.getSession();
+		if (session!=null) {
+			sessionId = (String) session.getAttribute("user_identifier");
+		}
+
+
+		if (sessionId!=null) {
+			x509 = new PemX509Tools().new X509Info(sessionId, sessionId);
+			Debug.println("Got userid from session");
+			return;
+		} else {
+			Debug.println("No userinfo from session");
+		}
+
 		x509 = new PemX509Tools().getUserIdFromCertificate(request);
 		Debug.println("No user info found from certificates");
 		if(x509 == null){
 			String path = request.getServletPath();
-			
-		    String tokenStr = new TokenManager().getTokenFromPath(path);
-		    
-		    if(tokenStr == null){
-			    try {
+
+			String tokenStr = new TokenManager().getTokenFromPath(path);
+
+			if(tokenStr == null){
+				try {
 					tokenStr = HTTPTools.getHTTPParam(request, "key");
-				} catch (Exception e) {
+				} catch (Exception e1) {
 					Debug.println("No access token set in URL via key=<accesstoken> KVP");
 				}
-		    }
-		    
-		    if(tokenStr!=null){
-			    Token token = null;
+			}
+
+			if(tokenStr!=null){
+				Token token = null;
 				try {
 					token = TokenManager.getToken(tokenStr);
-//					Debug.println("Found token "+token);
+					//					Debug.println("Found token "+token);
 					x509 = new PemX509Tools().new X509Info(token.getUserId(), token.getToken());
-//					Debug.println("Found user "+x509.getCN());
-				} catch (AuthenticationException | IOException | ElementNotFoundException e) {
+					//					Debug.println("Found user "+x509.getCN());
+				} catch (AuthenticationException | IOException | ElementNotFoundException e1) {
 					// TODO Auto-generated catch block
-					Debug.printStackTrace(e);
+					Debug.printStackTrace(e1);
 				}
-			    
-			    
-			    
+
+
+
 			}else{
 				Debug.println("Unable to find user info from certificate or accesstoken");
 			}
-
 
-
+
+
 		}
 
 	}
-	
+
 	public String getClientId(){
 		if(x509 == null){
 			return null;
 		}
 		return x509.getCN();
 	}
-	
+
 
 }

src/main/java/nl/knmi/adaguc/security/user/User.java

@@ -2,32 +2,38 @@
 
 import java.io.IOException;
 
+
 import lombok.Getter;
 import nl.knmi.adaguc.tools.ElementNotFoundException;
 import nl.knmi.adaguc.config.MainServicesConfigurator;
+import nl.knmi.adaguc.security.PemX509Tools;
+import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
+import nl.knmi.adaguc.security.SecurityConfigurator;
 import nl.knmi.adaguc.tools.Debug;
 import nl.knmi.adaguc.tools.Tools;
 
 public class User {
 	@Getter
 	String homeDir = null;
-	
+
 	@Getter
 	String userId = null;
-	
+
 	@Getter
 	String dataDir = null;
-
-
+
+	private X509UserCertAndKey userCert;
+
+
 	public static String makePosixUserId(String userId){
-	    if (userId == null)
-	      return null;
+		if (userId == null)
+			return null;
 
-	    userId = userId.replace("http://", "");
-	    userId = userId.replace("https://", "");
-	    userId = userId.replaceAll("/", ".");
-	    return userId;
-	  }
+		userId = userId.replace("http://", "");
+		userId = userId.replace("https://", "");
+		userId = userId.replaceAll("/", ".");
+		return userId;
+	}
 
 
 	public User(String _id) throws IOException, ElementNotFoundException {
@@ -41,6 +47,41 @@ public User(String _id) throws IOException, ElementNotFoundException {
 		Debug.println("User Home Dir: "+homeDir);
 	}
 
+	/**
+	 * Create NetCDF .httprc or .dodsrc resource file and store it in the users
+	 * home directory
+	 * 
+	 * @param user
+	 *          The user object
+	 * @throws IOException
+	 * @throws ElementNotFoundException 
+	 */
+	private synchronized void createNCResourceFile()
+			throws IOException, ElementNotFoundException {
+		String fileContents = 
+				"HTTP.SSL.VALIDATE=0\n" + 
+				"HTTP.COOKIEJAR=" + this.homeDir + "/.dods_cookies\n" + 
+				"HTTP.SSL.CERTIFICATE="	+ this.homeDir + "/cert.crt" + "\n" +
+				"HTTP.SSL.KEY="	+ this.homeDir + "/cert.key" + "\n" + 
+				"HTTP.SSL.SSLv3="+this.homeDir + "/cert.crt"+"\n" +
+				"HTTP.SSL.CAPATH="+ SecurityConfigurator.getTrustRootsCADirectory();
+		Debug.println("createNCResourceFile for user "+this.userId+":\n"+fileContents);
+		Tools.writeFile(this.homeDir + "/.httprc", fileContents);
+		Tools.writeFile(this.homeDir + "/.dodsrc", fileContents);
+	}
+	public void setCertificate(X509UserCertAndKey userCert) throws IOException, ElementNotFoundException {
+		/* TODO could optinally write cert to user basket */
 
+
+		PemX509Tools.writeCertificateToPemFile(userCert.getUserSlCertificate(), this.homeDir + "/cert.crt");
+		PemX509Tools.writePrivateKeyToPemFile(userCert.getPrivateKey(), this.homeDir + "/cert.key");
 
+		this.userCert = userCert;
+		createNCResourceFile();
+	}
+
+	public X509UserCertAndKey getCertificate() {
+		return this.userCert;
+	}
+
 }

src/main/java/nl/knmi/adaguc/security/user/UserManager.java

@@ -1,14 +1,38 @@
 package nl.knmi.adaguc.security.user;
 
 import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.ietf.jgss.GSSException;
+import org.json.JSONException;
 import org.springframework.security.core.AuthenticationException;
 
+import nl.knmi.adaguc.tools.Debug;
 import nl.knmi.adaguc.tools.ElementNotFoundException;
 import nl.knmi.adaguc.security.AuthenticationExceptionImpl;
+import nl.knmi.adaguc.security.AuthenticatorFactory;
 import nl.knmi.adaguc.security.AuthenticatorInterface;
+import nl.knmi.adaguc.security.CertificateVerificationException;
+import nl.knmi.adaguc.security.PemX509Tools;
+import nl.knmi.adaguc.security.SecurityConfigurator;
+import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey;
+import nl.knmi.adaguc.services.oauth2.OAuth2Handler;
 
 
 
@@ -30,10 +54,55 @@ public synchronized static User getUser(String id) throws IOException, ElementNo
 	}
 
 	private static String harmonizeUserId(String id) {
-		return id;
+		return User.makePosixUserId(id);
 	}
 
 	public synchronized static User getUser(AuthenticatorInterface authenticator) throws IOException, ElementNotFoundException, AuthenticationException {
 		return getUser(authenticator.getClientId());
 	}
+
+	public static String makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException {
+		String ts = SecurityConfigurator.getTrustStore();
+
+		char [] tsPass = SecurityConfigurator.getTrustStorePassword().toCharArray();
+
+		Debug.println("Running remote adaguc with truststore");
+
+		X509UserCertAndKey userCertificate = null;
+
+		AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(servletRequest);
+		if(authenticator!=null){
+			User user = UserManager.getUser(authenticator);
+			if(user!=null){
+				userCertificate = user.getCertificate();
+				if (userCertificate == null) {
+					try {
+						OAuth2Handler.makeUserCertificate(user.userId);
+					} catch (OperatorCreationException e) {
+						// TODO Auto-generated catch block
+						e.printStackTrace();
+					} catch (CertificateVerificationException e) {
+						// TODO Auto-generated catch block
+						e.printStackTrace();
+					} catch (JSONException e) {
+						// TODO Auto-generated catch block
+						e.printStackTrace();
+					}
+				}
+			}
+		}
+		if (userCertificate!=null) {
+			Debug.println("Making request with user certificate");
+		}
+
+
+		CloseableHttpClient httpClient = (new PemX509Tools()).
+				getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate);
+		CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr));
+		return EntityUtils.toString(httpResponse.getEntity());
+	}
+
+
+
+
 }

src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java

@@ -26,6 +26,7 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter()
 		return converter;
 	}
 	@ResponseBody
+	@CrossOrigin
 	@RequestMapping("wms")
 	public void ADAGUCSERVERWMS(HttpServletResponse response, HttpServletRequest request){
 

src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCServer.java

@@ -71,11 +71,16 @@ public static void runADAGUC(HttpServletRequest request,HttpServletResponse resp
     List<String> environmentVariables = new ArrayList<String>();
     String userHomeDir="/tmp/";
 
-//    AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request);
-//	if(authenticator != null){
-//		userHomeDir = UserManager.getUser(authenticator).getHomeDir();
-//	}
+    AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request);
+	if(authenticator != null){
+		try {
+			userHomeDir = UserManager.getUser(authenticator).getHomeDir();
+		} catch(Exception e){
+
+		}
 
+	} 
+	Debug.println("Using home " + userHomeDir);
     String homeURL=MainServicesConfigurator.getServerExternalURL();
     String adagucExecutableLocation = ADAGUCConfigurator.getADAGUCExecutable();
     Debug.println("adagucExecutableLocation: "+adagucExecutableLocation);

src/main/java/nl/knmi/adaguc/services/basket/Basket.java

@@ -71,13 +71,5 @@ public BasketNode listFiles(BasketNode bn, String dir) throws ElementNotFoundExc
 	}
 
 
-	public static void main(String[]argv) {
-		Basket b=new Basket("/nobackup/users/vreedede/testimpactspace", "testBasket", null);
-		try {
-			System.err.println(b.listFiles());
-		} catch (ElementNotFoundException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
+
 }