Changeset 7458

Timestamp:

08/09/10 15:58:46 (10 years ago)

Author:

pjkersha

Message:

First working version for resolver - resolves an e-mail address from an OpenID. TODO:

• Add SSL client cert to SSL context so that server can authenticate
• separate X.509 trust managers for Yadis and Attribute Service calls - they are likely to have separate SSL configurations: DN whitelists and trust stores. Also, Yadis retrieval is not likely to need SSL client authn.

Location:

TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security

Files:

• DnWhitelistX509TrustMgr.properties (modified) (1 diff)
• openid (deleted)
• openid2emailresolution/OpenId2EmailAddrResolution.java (modified) (10 diffs)
• yadis (modified) (1 prop)

TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/DnWhitelistX509TrustMgr.properties

@@ -14 +14 @@
 # @author pjkersha
 # @version $Revision$
+org.earthsystemgrid.security.DnWhitelistX509TrustMgr.keyStoreFilePath = /home/pjkersha/workspace/EsgYadisParser/src/org/earthsystemgrid/security/yadis/test.ks
+org.earthsystemgrid.security.DnWhitelistX509TrustMgr.keyStorePassphrase = testpass
 org.earthsystemgrid.security.DnWhitelistX509TrustMgr.dn0 = CN=ceda.ac.uk, OU=RAL-SPBU, O=Science and Technology Facilities Council, C=GB
-org.earthsystemgrid.security.DnWhitelistX509TrustMgr.dn1 = CN=localhost, OU=Test, O=Test Org
+org.earthsystemgrid.security.DnWhitelistX509TrustMgr.dn1 = CN=localhost, OU=Security, O=NDG

TI12-security/trunk/EsgYadisParser/src/org/earthsystemgrid/security/openid2emailresolution/OpenId2EmailAddrResolution.java

@@ -5 +5 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
 import java.net.MalformedURLException;
+import java.net.ProtocolException;
 import java.net.URL;
 import java.security.KeyManagementException;
@@ -11 +14 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -17 +21 @@
 import java.util.Set;
 
+import javax.mail.internet.AddressException;
 import javax.mail.internet.InternetAddress;
 import javax.net.ssl.HttpsURLConnection;
@@ -24 +29 @@
 
 import esg.saml.attr.service.impl.SAMLAttributeServiceClientSoapImpl;
+import esg.saml.attr.service.impl.SAMLAttributesImpl;
+import esg.saml.common.SAMLBuilder;
+import esg.saml.common.SAMLParameters;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AttributeBuilder;
+import org.opensaml.saml2.core.impl.AttributeImpl;
 import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.parse.XMLParserException;
 
 import org.earthsystemgrid.security.DnWhitelistX509TrustMgr;
@@ -105 +119 @@
         }
         
-        /*
+        /**
          * Call Attribute Service to retrieve user's e-mail address
+         * 
+         * @param attributeServiceEndpoint
+         * @param openidURL
+         * @return
+         * @throws AttributeServiceQueryException
          */
         protected InternetAddress queryAttributeService(URL attributeServiceEndpoint,
                         URL openidURL) throws AttributeServiceQueryException
         {
-                String issuer = "my issuer";
+                String issuer = "CN=localhost, OU=Security, O=NDG";
                 SAMLAttributeServiceClientSoapImpl attributeServiceClient = 
                         new SAMLAttributeServiceClientSoapImpl(issuer);
                 
                 // Create query
+                AttributeBuilder attributeBuilder = new AttributeBuilder();
+                Attribute emailAttribute = attributeBuilder.buildObject();
+                emailAttribute.setName(SAMLParameters.EMAIL_ADDRESS);
+                emailAttribute.setFriendlyName(SAMLParameters.EMAIL_ADDRESS_FRIENDLY);
+                emailAttribute.setNameFormat("http://www.w3.org/2001/XMLSchema#string");
+                
+                List<Attribute> attributes = new ArrayList<Attribute>();
+                attributes.add(emailAttribute);
+                
                 String query = null;
                 try {
-                        query = attributeServiceClient.buildAttributeRequest(openidURL.toString());
+                        query = attributeServiceClient.buildAttributeRequest(
+                                        openidURL.toString(), attributes);
+                        
                 } catch (MarshallingException e) {
                         throw new AttributeServiceQueryException("Marshalling attribute " +
@@ -148 +178 @@
                 }
                 connection.setSSLSocketFactory(socketFactory);
-                                
+                connection.setDoOutput(true);
+                
+                try {
+                        connection.setRequestMethod("POST");
+                } catch (ProtocolException e) {
+                        throw new AttributeServiceQueryException(
+                                        "Setting HTTP request method to \"POST\"", e);
+                }
+                
+                OutputStream ops = null;
+                try {
+                        ops = connection.getOutputStream();
+                } catch (IOException e) {
+                        throw new AttributeServiceQueryException(
+                                "Getting output stream for attribute query", e);
+                }
+                
+                OutputStreamWriter osw = new OutputStreamWriter(ops);
+                try {
+                        osw.write(query);
+                        osw.flush();
+                        osw.close();
+                } catch (IOException e) {
+                        throw new AttributeServiceQueryException(
+                                "Error writing attribute query for dispatch", e);
+                }
+                
                 InputStream ins = null;
                 try {
@@ -155 +211 @@
                         throw new AttributeServiceQueryException("Getting input stream", e);
                 }
+                
             InputStreamReader isr = new InputStreamReader(ins);
             BufferedReader in = new BufferedReader(isr);
@@ -161 +218 @@
 
             try {
-                        while ((inputLine = in.readLine()) != null)
-                        {
+                        while ((inputLine = in.readLine()) != null) {
                             buf.append(inputLine);
                             buf.append(System.getProperty("line.separator"));
@@ -171 +227 @@
                 }
 
-            return buf.toString();
-                
-                return null;
-        }
+                /*
+                 * Parse the response
+                 */
+                String response = buf.toString();
+                SAMLAttributesImpl samlAttrs = null;
+                try {
+                        samlAttrs = (SAMLAttributesImpl) 
+                                attributeServiceClient.parseAttributeResponse(response);
+                        
+                } catch (XMLParserException e) {
+                        throw new AttributeServiceQueryException(
+                                        "Parsing attribute query response", e);
+                } catch (UnmarshallingException e) {
+                        throw new AttributeServiceQueryException(
+                                        "Unmarshalling attribute query response", e);
+                }
+                
+                String sEmail = samlAttrs.getEmail();
+                if (sEmail == null) {
+                        throw new AttributeServiceQueryException(
+                                        "Error retrieving e-mail address for user " + openidURL +
+                                        " from Attribute Service " + attributeServiceEndpoint);
+                }
+                
+                InternetAddress email;
+                try {
+                        email = new InternetAddress(sEmail);
+                } catch (AddressException e) {
+                        throw new AttributeServiceQueryException(
+                                        "Error parsing e-mail address", e);
+                }
+            return email;
+        }
+        
         public static void main(String[] args) throws IOException, 
                 NoMatchingXrdsServiceException, 
@@ -181 +267 @@
                 AttributeServiceQueryException
         {
-                OpenId2EmailAddrResolution openid2EmailAddr = new OpenId2EmailAddrResolution();
+                // Input DNs from a file
+                InputStream propertiesFile = 
+                        DnWhitelistX509TrustMgr.class.getResourceAsStream(
+                                                                "DnWhitelistX509TrustMgr.properties");
+
+                OpenId2EmailAddrResolution openid2EmailAddr = new 
+                        OpenId2EmailAddrResolution(propertiesFile);
                 
 //              URL yadisURL = new URL("https://ceda.ac.uk/openid/Philip.Kershaw");
-                URL yadisURL = new URL("https://localhost:7443/openid/PJKershaw");
-                InternetAddress emailAddr = null;
-                emailAddr = openid2EmailAddr.resolve(yadisURL);
+                URL yadisURL = new URL("https://localhost:7443/openid/philip.kershaw");
+
+                InternetAddress email;
+                email = openid2EmailAddr.resolve(yadisURL);
+                System.out.println("OpenID: " + yadisURL.toString() + " resolves to " +
+                                "e-mail address: " + email.toString());
         }
 }