This commit is contained in:
Lucio Lelii 2016-11-14 16:39:00 +00:00
parent f4971155f5
commit 8f3287a6f6
5 changed files with 286 additions and 13 deletions

View File

@ -42,4 +42,10 @@ public interface AuthorizationProxy {
File getSymmKey(String filePath) throws Exception;
String resolveTokenByUserAndContext(String user, String context)
throws Exception;
String generateExternalServiceToken(String serviceId)
throws Exception;
}

View File

@ -16,6 +16,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.net.ssl.HttpsURLConnection;
@ -90,6 +91,64 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
return Utils.addInfrastructureHashToToken(token, infrastructureHash);
}
@Override
public String generateExternalServiceToken(String serviceId) throws Exception {
String methodPath = "/token/external/";
int infrastructureHash = Utils.getInfrastructureHashFromToken(SecurityTokenProvider.instance.get(), endpoints.getDefaultInfrastructure());
StringBuilder callUrl = new StringBuilder(getInternalEnpoint(infrastructureHash)).append(methodPath).append(serviceId);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "PUT", true);
connection.setDoInput(true);
connection.setRequestProperty("Content-type", "application/xml");
log.debug("response code for "+callUrl.toString()+" is "+connection.getResponseCode()+" "+connection.getResponseMessage());
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
String token= "";
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
result.append(line);
token = result.toString();
}
return Utils.addInfrastructureHashToToken(token, infrastructureHash);
}
@Override
public String resolveTokenByUserAndContext(String user, String context) throws Exception {
String methodPath = "/token/";
int infrastructureHash = Utils.getInfrastructureHashfromContext(context);
StringBuilder callUrl = new StringBuilder(getInternalEnpoint(infrastructureHash)).append(methodPath).append(user).append("?context=").append(context);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "GET", false);
log.debug("response code for "+callUrl.toString()+" is "+connection.getResponseCode()+" "+connection.getResponseMessage());
if (connection.getResponseCode()==404) throw new ObjectNotFound("token not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service (error code is "+connection.getResponseCode()+")");
if (connection.getContentLengthLong()==0) return null;
String token= "";
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
result.append(line);
token = result.toString();
}
return Utils.addInfrastructureHashToToken(token, infrastructureHash);
}
@Override
public String generateUserToken(UserInfo client, String context) throws Exception {
@ -179,10 +238,19 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
if (connection.getResponseCode()!=200) throw new Exception("error retrieving keys (error code is "+connection.getResponseCode()+")");
if (connection.getContentLengthLong()<=0) return Collections.emptyMap();
Map<String, String> tokensQulifiersMap;
try(InputStream stream = (InputStream)connection.getContent();){
QualifiersList entries = (QualifiersList)Binder.getContext().createUnmarshaller().unmarshal(stream);
return entries.getQualifiers();
tokensQulifiersMap = entries.getQualifiers();
}
if (tokensQulifiersMap!=null && !tokensQulifiersMap.isEmpty()){
Map<String, String> toReturnMap = new HashMap<String, String>();
for (Entry<String, String> entry: tokensQulifiersMap.entrySet())
toReturnMap.put(entry.getKey(), Utils.addInfrastructureHashToToken(entry.getValue(), infrastructureHash));
return toReturnMap;
} else return Collections.emptyMap();
}
@ -281,7 +349,7 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+maskedToken+" not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service (error code is "+connection.getResponseCode()+")");
if (connection.getContentLengthLong()<=0) return null;
if (connection.getContentLengthLong()==0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
@ -333,8 +401,12 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "GET", true);
connection.setDoInput(true);
if (connection.getResponseCode()!=200) throw new Exception("error retrieving policies");
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
if (connection.getResponseCode()!=200){
log.info("response code is not 200");
throw new Exception("error retrieving policies");
}
if (connection.getContentLengthLong()==0)
return Collections.emptyList();
try(InputStreamReader stream = new InputStreamReader((InputStream)connection.getContent())){
Policies policies = (Policies)Binder.getContext().createUnmarshaller().unmarshal(stream);

View File

@ -2,10 +2,18 @@ package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.Policy;
@ -15,12 +23,14 @@ import org.gcube.common.authorization.library.policies.Users;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.junit.Ignore;
import org.junit.Test;
public class CallTest {
@Test
public void resolveNodeToken() throws Exception{
System.out.println(resolveToken("a7caa51b-6979-4b1d-abc6-449365b8350a-98187548")); //81caac0f-8a0d-4923-9312-7ff0eb3f2d5e|98187548"));
System.out.println(resolveToken("80048c62-26e0-4df3-a5ec-f893aee07243-843339462")); //81caac0f-8a0d-4923-9312-7ff0eb3f2d5e|98187548"));
}
@Test
@ -38,9 +48,10 @@ public class CallTest {
@Test
public void getPolicies() throws Exception{
SecurityTokenProvider.instance.set(requestTestToken("/gcube/devNext/NextNext"));
List<Policy> policies = authorizationService().getPolicies("/gcube/devsec/devVRE");
System.out.println(policies);
SecurityTokenProvider.instance.set(requestTestToken("/gcube/devNext"));
List<Policy> policies = authorizationService().getPolicies("/gcube/devsec");
for (Policy policy: policies)
System.out.println(policy);
}
@Test
@ -50,7 +61,7 @@ public class CallTest {
@Test
public void requestToken() throws Exception{
System.out.println(authorizationService().generateUserToken(new UserInfo("andrea.dellamico", new ArrayList<String>()), "/gcube"));
System.out.println(authorizationService().generateUserToken(new UserInfo("test.gcube", new ArrayList<String>()), "/gcube/devsec"));
}
@Test(expected=RuntimeException.class)
public void createKeyWithError() throws Exception {
@ -83,8 +94,8 @@ public class CallTest {
}
public String _requestNodeToken() throws Exception {
SecurityTokenProvider.instance.set(requestTestToken("/gcube"));
String token = authorizationService().requestActivation(new ContainerInfo("dlib29.isti.cnr.it",8080), "/gcube/devsec");
SecurityTokenProvider.instance.set(requestTestToken("/d4science.research-infrastructures.eu"));
String token = authorizationService().requestActivation(new ContainerInfo("node65.d4science.org",80), "/d4science.research-infrastructures.eu");
return token;
}
@ -94,11 +105,139 @@ public class CallTest {
}
private String requestTestToken(String context) throws Exception{
return authorizationService().generateUserToken(new UserInfo("test.token", new ArrayList<String>()), context);
return authorizationService().generateUserToken(new UserInfo("lucio.lelii", new ArrayList<String>()), context);
}
private AuthorizationEntry resolveToken(String token) throws Exception{
AuthorizationEntry entry = authorizationService().get(token);
return entry;
}
/* List<String> scopes = Arrays.asList("/d4science.research-infrastructures.eu/gCubeApps/TabularDataLab",
"/d4science.research-infrastructures.eu/FARM/AquaMaps",
"/d4science.research-infrastructures.eu/FARM/WECAFC-FIRMS",
"/d4science.research-infrastructures.eu/gCubeApps/PGFA-UFMT",
"/d4science.research-infrastructures.eu/FARM",
"/d4science.research-infrastructures.eu/gCubeApps/EcologicalModelling",
"/d4science.research-infrastructures.eu/gCubeApps/EuBrazilOpenBio",
"/d4science.research-infrastructures.eu/gCubeApps/AlieiaVRE",
/d4science.research-infrastructures.eu/gCubeApps/ENVRIPlus",
/d4science.research-infrastructures.eu/gCubeApps/ENVRI",
/d4science.research-infrastructures.eu/gCubeApps/ICES_DASC",
/d4science.research-infrastructures.eu/gCubeApps/FAO_TunaAtlas",
/d4science.research-infrastructures.eu/SoBigData/ResourceCatalogue",
/d4science.research-infrastructures.eu/gCubeApps/StocksAndFisheriesKB",
/d4science.research-infrastructures.eu/SoBigData/TagMe",
/d4science.research-infrastructures.eu/gCubeApps/BlueCommons",
/d4science.research-infrastructures.eu/gCubeApps/ICES_TCSSM",
/d4science.research-infrastructures.eu/gCubeApps/OpenIt",
/d4science.research-infrastructures.eu/SmartArea/SmartApps",
/d4science.research-infrastructures.eu",
/d4science.research-infrastructures.eu/gCubeApps/Parthenos",
/d4science.research-infrastructures.eu/gCubeApps/AquacultureAtlasGeneration",
/d4science.research-infrastructures.eu/gCubeApps/IGDI",
/d4science.research-infrastructures.eu/gCubeApps/RStudioLab",
/d4science.research-infrastructures.eu/SoBigData",
/d4science.research-infrastructures.eu/gCubeApps/BlueBridgeProject",
/d4science.research-infrastructures.eu/gCubeApps/rScience",
/d4science.research-infrastructures.eu/FARM/VME-DB",
/d4science.research-infrastructures.eu/gCubeApps/EllinikaPsariaVRE",
/d4science.research-infrastructures.eu/gCubeApps/gCube",
/d4science.research-infrastructures.eu/FARM/TBTI_VRE",
/d4science.research-infrastructures.eu/FARM/GRSF",
/d4science.research-infrastructures.eu/gCubeApps/DocumentsWorkflow",
/d4science.research-infrastructures.eu/gCubeApps/ICOS_ETC",
/d4science.research-infrastructures.eu/SoBigData/CityOfCitizens",
/d4science.research-infrastructures.eu/gCubeApps/SoBigData.eu",
/d4science.research-infrastructures.eu/gCubeApps/BiOnym",
/d4science.research-infrastructures.eu/gCubeApps/PerformanceEvaluationInAquaculture",
/d4science.research-infrastructures.eu/gCubeApps/SmartArea",
/d4science.research-infrastructures.eu/gCubeApps/ICES_TCRE",
/d4science.research-infrastructures.eu/gCubeApps/CNR_OpenScienceTF",
/d4science.research-infrastructures.eu/gCubeApps/BlueBRIDGE-PSC",
/d4science.research-infrastructures.eu/gCubeApps/BOBLME_HilsaAWG",
/d4science.research-infrastructures.eu/gCubeApps/ScalableDataMining",
/d4science.research-infrastructures.eu/gCubeApps/BiodiversityLab",
/d4science.research-infrastructures.eu/gCubeApps/DESCRAMBLE",
/d4science.research-infrastructures.eu/gCubeApps/ICES_FIACO",
/d4science.research-infrastructures.eu/gCubeApps/BlueBRIDGE-EAB",
/d4science.research-infrastructures.eu/gCubeApps/ARIADNE",
/d4science.research-infrastructures.eu/SmartArea/SmartBuilding",
/d4science.research-infrastructures.eu/gCubeApps/ProtectedAreaImpactMaps",
/d4science.research-infrastructures.eu/gCubeApps/ForkysVRE",
/d4science.research-infrastructures.eu/gCubeApps/EGIEngage",
/d4science.research-infrastructures.eu/gCubeApps/ICES_StockAssessmentAdvanced",
/d4science.research-infrastructures.eu/FARM/GRSF",
/d4science.research-infrastructures.eu/SmartArea",
/d4science.research-infrastructures.eu/gCubeApps/RPrototypingLab",
/d4science.research-infrastructures.eu/gCubeApps/TCom",
/d4science.research-infrastructures.eu/gCubeApps/ICCAT_BFT-E",
/d4science.research-infrastructures.eu/gCubeApps/ICES_DALSA",
/d4science.research-infrastructures.eu/gCubeApps/SoBigData.it",
/d4science.research-infrastructures.eu/gCubeApps/EGIP",
/d4science.research-infrastructures.eu/gCubeApps/BlueUptake",
/d4science.research-infrastructures.eu/FARM/iMarineBoardVRE",
/d4science.research-infrastructures.eu/gCubeApps/KnowledgeBridging",
/d4science.research-infrastructures.eu/gCubeApps/EFG",
/d4science.research-infrastructures.eu/gCubeApps/StockAssessment",
/d4science.research-infrastructures.eu/gCubeApps/iSearch",
"/d4science.research-infrastructures.eu/gCubeApps",
"/d4science.research-infrastructures.eu/gCubeApps/StrategicInvestmentAnalysis")*/
@Test
public void requestListOfTokenForVREs() throws Exception{
SecurityTokenProvider.instance.set(requestTestToken("/d4science.research-infrastructures.eu"));
String jrNode ="tabulardata.d4science.org";
int jrPort =8080;
AuthorizationProxy proxy = authorizationService();
try(BufferedReader isr = new BufferedReader(new InputStreamReader(new FileInputStream("./src/test/resources/Scopes.txt")));
BufferedWriter bw = new BufferedWriter(new FileWriter("./src/test/resources/tokens-"+jrNode+".txt"))){
String line = null;
while ( (line=isr.readLine())!=null){
System.out.println(" retrieving token for scope "+line);
String token = proxy.requestActivation(new ContainerInfo(jrNode,jrPort), line.trim());
bw.write(String.format("<token>%s</token>", token));
bw.newLine();
}
}
}
@Ignore @Test
public void checkDiff() throws Exception{
Set<String> scopes = new HashSet<String>();
try(BufferedReader isr = new BufferedReader(new InputStreamReader(new FileInputStream("./src/test/resources/Scopes.txt")))){
String line = null;
while ( (line=isr.readLine())!=null){
System.out.println(scopes.size()+" "+line);
if (scopes.contains(line.trim()))
System.out.println("already contians "+line);
else scopes.add(line.trim());
}
}
System.out.println("initial scope count is "+scopes.size());
try(BufferedReader isr = new BufferedReader(new InputStreamReader(new FileInputStream("./src/test/resources/createdScope.txt")))){
String line = null;
while ( (line=isr.readLine())!=null){
if (!scopes.remove(line.trim()))
System.out.println("cannot remove scope "+line.trim());
}
}
System.out.println("final scope count is "+scopes.size());
}
}

View File

@ -0,0 +1,48 @@
package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.io.IOException;
import java.util.ArrayList;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.junit.Test;
public class StressTest {
@Test
public void stressing(){
int counter = 0;
for (int i =1 ; i<=10000; i++){
if ((i-(counter*4))>4)
counter++;
final int index = counter;
Thread t = new Thread(){
public void run(){
try {
requestTestToken("/gcube", "stress.test19-"+index);
} catch (Exception e) {
System.out.println("erorr in thread "+Thread.currentThread().getName());
e.printStackTrace();
}
}
};
t.start();
System.out.println("next execution");
}
System.out.println("waiting");
try {
System.in.read();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private String requestTestToken(String context, String user) throws Exception{
return authorizationService().generateUserToken(new UserInfo(user, new ArrayList<String>()), context);
}
}

View File

@ -0,0 +1,8 @@
/d4science.research-infrastructures.eu/gCubeApps/FAO_TunaAtlas
/d4science.research-infrastructures.eu/gCubeApps/TabularDataLab
/d4science.research-infrastructures.eu/gCubeApps/BOBLME_HilsaAWG
/d4science.research-infrastructures.eu/gCubeApps/PGFA-UFMT
/d4science.research-infrastructures.eu/gCubeApps/IGDI
/d4science.research-infrastructures.eu/gCubeApps/ICES_TCRE
/d4science.research-infrastructures.eu/gCubeApps/StockAssessment
/d4science.research-infrastructures.eu