opencadc / cdp Goto Github PK
View Code? Open in Web Editor NEWclient and server implementation of Credential Delegation Protocol (CDP) specification
License: GNU Affero General Public License v3.0
client and server implementation of Credential Delegation Protocol (CDP) specification
License: GNU Affero General Public License v3.0
if you do not configure both the init params (one of which may not be desired/useful) it throws
To make this servlet usable by webapps out-of-the-box the configuration needs to be moved from web.xml to an external configuration file. This is currently needed by the vos.git/cavern project.
this is unnecessary as delegations are X509 certificate only operations
Trying to delegate a terena user certificate with this command:
java ca.nrc.cadc.cred.client.Main -d --delegate --daysValid=20 --cert=<terena_key_and_crt.pem>
It is thrown a ResourceNotFoundException
The reason is that the CSR is saved in the database (CertificateDAO.java, put method) with an hash key different to which used to retrieve it (DelegationsImpl.java, hash method).
Details:
CertificateDAO.java, put method, calculates the x509 certificate chain hash :
X509CertificateChain.getHashKey()
DelegationsImpl.java, in initializeIdentity method calls Delegations.hash, which calculates the principal hash:
public String hash(X500Principal principal)
{
return Integer.toString(principal.hashCode());
}
Patch is to change this last method:
public String hash(X500Principal principal)
{
return X509CertificateChain.getHashKey(principal);
}
CertificateDAO assumes that catalog and schema can be set but that isn't always true.
Implementors have to povide a fair bit of code in DelegationsImpl to use CertificateDAO; this should be just the configuration.
CredClient.getProxyCertificate fails with when the currently delegated certificate is not valid (eg expired). This leaves the calling service unable to diagnose and report a suitable error to it's caller.
impovement:
This version of CDP only works with v1.46 of bcprov-jdk15on.jar library.
In file
cdp/cadc-cdp/src/main/java/ca/nrc/cadc/cred/client/Main.java
SERVICE_ID = "ivo://oats.inaf.it/cred" should be configurable
Proposed patch: to add a constructor to initialize the string and add the string initialiaztion to the main method also:
//public static final String SERVICE_ID = "ivo://oats.inaf.it/cred";
public static String SERVICE_ID;
public Main() {
LocalAuthority localAuthority = new LocalAuthority();
URI serviceURI = localAuthority.getServiceURI(Standards.CRED_DELEGATE_10.toString());
SERVICE_ID = serviceURI.toString();
}
/**
* Main class for accessing CDP
*
* @param args
*/
public static void main(String[] args)
{
LocalAuthority localAuthority = new LocalAuthority();
URI serviceURI = localAuthority.getServiceURI(Standards.CRED_DELEGATE_10.toString());
SERVICE_ID = serviceURI.toString();
In file
cdp/cadc-cert-gen/src/main/java/ca/nrc/cadc/cert/AbstractCertGenAction.java
The string CRED_SERVICE_ID should be configurable.
Proposed patch:
add a constructor where initialize the string. Not clear to me if the initialization should be added in init() method also.
//public static final URI CRED_SERVICE_ID = URI.create("ivo://cadc.nrc.ca/cred");
public static URI CRED_SERVICE_ID;
protected int expiring;
protected String userid;
public AbstractCertGenAction() {
LocalAuthority localAuthority = new LocalAuthority();
CRED_SERVICE_ID = localAuthority.getServiceURI(Standards.CRED_DELEGATE_10.toString());
}
public boolean init(final ArgumentMap argMap) throws IOException
{
LocalAuthority localAuthority = new LocalAuthority();
CRED_SERVICE_ID = localAuthority.getServiceURI(Standards.CRED_DELEGATE_10.toString());
It would be useful if one could specify an alternate location in which CredUtil.java would look for the privileged client certificate. Currently, it either in JNDI or in $HOME/.ssl/cadcproxy.pem.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.