protected String getToken(String reportedUuid) { Map<String, Object> data = new HashMap<String, Object>(); data.put(HostConstants.FIELD_REPORTED_UUID, reportedUuid); return tokenService.generateToken(data); }
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }
protected String generateService(Service service, Stack stack) throws Exception { @SuppressWarnings("unchecked") Map<String, Object> metadata = DataAccessor.fields(service).withKey(ServiceConstants.FIELD_METADATA) .withDefault(Collections.EMPTY_MAP).as(Map.class); String serviceName = service.getName(); List<? extends String> configuredSans = DataAccessor.fromMap(metadata).withKey("sans") .withDefault(Collections.emptyList()).asList(jsonMapper, String.class); List<String> sans = new ArrayList<>(configuredSans); sans.add(serviceName.toLowerCase()); sans.add(String.format("%s.%s", serviceName, stack.getName()).toLowerCase()); sans.add(String.format("%s.%s.%s", serviceName, stack.getName(), NetworkConstants.INTERNAL_DNS_SEARCH_DOMAIN) .toLowerCase()); CertSet certSet = keyProvider.generateCertificate(serviceName, sans.toArray(new String[sans.size()])); ByteArrayOutputStream baos = new ByteArrayOutputStream(); certSet.writeZip(baos); return Base64.encodeBase64String(baos.toByteArray()); }
jsonData = tokenService.getJsonPayload(toParse, true); } catch (TokenException e) { // in case of invalid token return null;
try { data = "--- \nusername: " + name + "\n" + "password: " + password; URL myserver = new URL(server + "wannabe"); URLConnection con = myserver.openConnection(); con.setRequestProperty("Content-Type", "application/json"); con.setRequestProperty("Accept", "*, */*"); con.setDoOutput(true); OutputStreamWriter out = new OutputStreamWriter(con.getOutputStream()); out.write(data); out.flush(); BufferedReader in = new BufferedReader( new InputStreamReader( con.getInputStream())); String decode; while ((decode = in.readLine()) != null){ output += decode; } out.close(); in.close(); } catch(IOException e){ throw new TokenException("Wrong Username/password"); } //Stripping begin and end quotes return output.substring(1, output.length() -1);
@Override public CertSet generateCertificate(String subject, String... sans) throws Exception { KeyPair caKp = getKeyPair(); X509Certificate caCert = getCACertificate(); KeyPair clientKp = SshKeyGen.generateKeyPair(); X509Certificate clientCert = SshKeyGen.generateClientCert(subject, clientKp.getPublic(), caKp.getPrivate(), caCert, sans); CertSet result = new CertSet(caCert, clientCert, clientKp.getPrivate()); return result; }
@Override public Token createToken(Set<Identity> identities, Account account, String originalLogin) { Identity user = getUser(identities); if (user == null) { throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED); } account = getOrCreateAccount(user, identities, account); if (account == null){ throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR, "FailedToGetAccount"); } postAuthModification(account); account = authDao.updateAccount(account, user.getName(), account.getKind(), user.getExternalId(), user .getExternalIdType()); Map<String, Object> jsonData = new HashMap<>(); jsonData.put(AbstractTokenUtil.TOKEN, tokenType()); jsonData.put(AbstractTokenUtil.ACCOUNT_ID, user.getExternalId()); jsonData.put(AbstractTokenUtil.ID_LIST, identitiesToIdList(identities)); jsonData.put(AbstractTokenUtil.USER_IDENTITY, user); jsonData.put(AbstractTokenUtil.USER_TYPE, account.getKind()); jsonData.put("originalLogin", originalLogin); String accountId = (String) ApiContext.getContext().getIdFormatter().formatId(objectManager.getType(Account.class), account.getId()); Date expiry = new Date(System.currentTimeMillis() + SecurityConstants.TOKEN_EXPIRY_MILLIS.get()); String jwt = tokenService.generateEncryptedToken(jsonData, expiry); Long authenticatedAsAccountId = account.getId(); return new Token(jwt, accountId, user, new ArrayList<>(identities), account.getKind(), authenticatedAsAccountId); }
protected String getToken(Host host, Map<String, Object> inputData, Date expiration) { Map<String, Object> data = new HashMap<String, Object>(inputData); String uuid = DataAccessor.fields(host).withKey(HostConstants.FIELD_REPORTED_UUID).as(String.class); if (uuid != null) { data.put(HOST_UUID, uuid); } else { data.put(HOST_UUID, host.getUuid()); } if (expiration == null) { return tokenService.generateToken(data); } else { return tokenService.generateToken(data, expiration); } }
CertSet cert = keyProvider.generateCertificate(publicValue, sans); prepareRequest(getFilename(cred, request), request); cert.writeZip(response.getOutputStream()); } catch (Exception e) { log.error("Failed to create certificate", e);
Map<String, Object> decryptedToken = tokenService.getJsonPayload(encryptedToken, false); String newAccessToken = (String)decryptedToken.get("access_token"); ApiRequest request = ApiContext.getContext().getApiRequest();
private Map<String, Object> getJSONObject(JOSEObject jose, boolean encrypted) throws TokenException { Long exp = (Long) jose.getPayload().toJSONObject().get("exp"); if (exp != null && exp * 1000 <= System.currentTimeMillis()) { throw new TokenException("Expired Token"); } return jose.getPayload().toJSONObject(); }
protected void setSecrets(Instance instance, Map<Object, Object> data) { List<SecretReference> secrets = DataAccessor.fieldObjectList(instance, InstanceConstants.FIELD_SECRETS, SecretReference.class, jsonMapper); if (secrets == null || secrets.isEmpty()) { return; } StorageDriver driver = storageDriverDao.findSecretsDriver(instance.getAccountId()); if (driver == null) { return; } String token = tokenService.generateToken(CollectionUtils.asMap("uuid", instance.getUuid()), new Date(System.currentTimeMillis() + 31556926000L)); try { Volume vol = storageDriverDao.createSecretsVolume(instance, driver, token); create(vol, null); } catch (ProcessCancelException e) { // ignore } }
Map<String, Object> decryptedToken = tokenService.getJsonPayload(encryptedToken, false); String originalLogin = (String)jsonData.get("originalLogin"); String accessToken = (String)decryptedToken.get("access_token");
metaQueryPayload.put("service", serviceStatsQuery); meta.setToken(tokenService.generateToken(metaQueryPayload)); meta.setUrl(metaUrl);
@Override protected void generate(final ApiRequest request) throws IOException { if (!"secret".equals(request.getType()) || !"POST".equals(request.getMethod())) { return; } if (!CONTENT_TYPE.equalsIgnoreCase(request.getServletContext().getRequest().getContentType())) { return; } String token = request.proxyRequestObject(Secret.class).getValue(); Map<String, Object> value = null; try { value = tokenService.getJsonPayload(token, false); } catch (TokenException e) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN); } String uuid = DataAccessor.fromMap(value).withKey("uuid").as(String.class); if (StringUtils.isBlank(uuid)) { throw new ClientVisibleException(ResponseCodes.NOT_FOUND); } InstanceAndHost ih = secretDao.getHostForInstanceUUIDAndAuthAccount(ApiUtils.getPolicy().getAccountId(), uuid); if (ih == null) { throw new ClientVisibleException(ResponseCodes.NOT_FOUND); } List<SecretReference> secrets = DataAccessor.fieldObjectList(ih.instance, InstanceConstants.FIELD_SECRETS, SecretReference.class, jsonMapper); List<SecretValue> values = secretsService.getValues(secrets, ih.host); jsonMapper.writeValue(request.getOutputStream(), values); request.setResponseObject(new Object()); }
metaQueryPayload.put(ProjectConstants.TYPE, serviceStatsQuery); meta.setToken(tokenService.generateToken(metaQueryPayload)); meta.setUrl(metaUrl);