Repository: airavata Updated Branches: refs/heads/develop 7a779933e -> 7d97f7340
boiler plate code for keycloak admin client Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/8327c29f Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/8327c29f Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/8327c29f Branch: refs/heads/develop Commit: 8327c29f036ebcc93bc3f3616756c67bb36b7341 Parents: 7a77993 Author: Anuj Bhandar <[email protected]> Authored: Mon Apr 17 17:38:33 2017 -0400 Committer: Anuj Bhandar <[email protected]> Committed: Mon May 1 15:29:27 2017 -0400 ---------------------------------------------------------------------- jssecacerts | Bin 0 -> 114936 bytes modules/commons/pom.xml | 5 + modules/user-profile-migration/pom.xml | 27 ++- .../apache/airavata/ISLoginCredentialsDAO.java | 78 -------- .../apache/airavata/IdentityServerClient.java | 137 ------------- .../airavata/KeycloakIdentityServerClient.java | 88 +++++++++ .../org/apache/airavata/MigrationManager.java | 12 +- .../airavata/Wso2ISLoginCredentialsDAO.java | 78 ++++++++ .../airavata/Wso2IdentityServerClient.java | 137 +++++++++++++ .../utils/InstallCert$SavingTrustManager.class | Bin 0 -> 1164 bytes .../org/apache/airavata/utils/InstallCert.class | Bin 0 -> 5947 bytes .../org/apache/airavata/utils/InstallCert.java | 192 +++++++++++++++++++ .../org/apache/airavata/utils/iamscigaporg.cer | Bin 0 -> 1411 bytes 13 files changed, 530 insertions(+), 224 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/jssecacerts ---------------------------------------------------------------------- diff --git a/jssecacerts b/jssecacerts new file mode 100644 index 0000000..8b1b783 Binary files /dev/null and b/jssecacerts differ http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/commons/pom.xml ---------------------------------------------------------------------- diff --git a/modules/commons/pom.xml b/modules/commons/pom.xml index b00c9ee..e4c1bab 100644 --- a/modules/commons/pom.xml +++ b/modules/commons/pom.xml @@ -138,6 +138,11 @@ <artifactId>logback-classic</artifactId> <version>${logback.version}</version> </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>airavata-commons</artifactId> + <version>0.17-SNAPSHOT</version> + </dependency> </dependencies> <properties> http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/pom.xml ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/pom.xml b/modules/user-profile-migration/pom.xml index 1ef677e..2171c8f 100644 --- a/modules/user-profile-migration/pom.xml +++ b/modules/user-profile-migration/pom.xml @@ -60,11 +60,13 @@ <artifactId>commons-httpclient</artifactId> <version>3.1</version> </dependency> + <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> - <version>4.0.1</version> + <version>4.5.3</version> </dependency> + <dependency> <groupId>org.wso2.carbon</groupId> <artifactId>org.wso2.carbon.um.ws.api.stub</artifactId> @@ -91,8 +93,27 @@ <artifactId>airavata-data-models</artifactId> <version>${project.version}</version> </dependency> + <!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api --> + <dependency> + <groupId>javax.ws.rs</groupId> + <artifactId>javax.ws.rs-api</artifactId> + <version>2.0.1</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client --> + <dependency> + <groupId>org.jboss.resteasy</groupId> + <artifactId>resteasy-client</artifactId> + <version>3.1.2.Final</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client --> + <dependency> + <groupId>org.keycloak</groupId> + <artifactId>keycloak-admin-client</artifactId> + <version>3.0.0.Final</version> + </dependency> </dependencies> + <build> <sourceDirectory>src/main/java</sourceDirectory> <plugins> @@ -102,8 +123,8 @@ <inherited>true</inherited> <version>2.0</version> <configuration> - <source>1.6</source> - <target>1.6</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> </plugins> http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/ISLoginCredentialsDAO.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/ISLoginCredentialsDAO.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/ISLoginCredentialsDAO.java deleted file mode 100644 index cbc74f1..0000000 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/ISLoginCredentialsDAO.java +++ /dev/null @@ -1,78 +0,0 @@ -/** - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.airavata; - -public class ISLoginCredentialsDAO { - public String getGateway() { - return Gateway; - } - - public void setGateway(String gateway) { - Gateway = gateway; - } - - public String getLoginUserName() { - return loginUserName; - } - - public void setLoginUserName(String loginUserName) { - this.loginUserName = loginUserName; - } - - public String getLoginPassword() { - return loginPassword; - } - - public void setLoginPassword(String loginPassword) { - this.loginPassword = loginPassword; - } - - private String Gateway; - private String loginUserName; - private String loginPassword; - - public ISLoginCredentialsDAO(String gateway, String loginUserName, String loginPassword) { - Gateway = gateway; - this.loginUserName = loginUserName; - this.loginPassword = loginPassword; - } -} http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/IdentityServerClient.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/IdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/IdentityServerClient.java deleted file mode 100644 index 0d1f770..0000000 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/IdentityServerClient.java +++ /dev/null @@ -1,137 +0,0 @@ -/** - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.airavata; - -import org.apache.axis2.client.Options; -import org.apache.axis2.client.ServiceClient; -import org.apache.axis2.context.ConfigurationContext; -import org.apache.axis2.context.ConfigurationContextFactory; -import org.apache.axis2.transport.http.HTTPConstants; -import org.apache.axis2.transport.http.HttpTransportProperties; -import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub; - -import java.io.File; - -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - - -public class IdentityServerClient { - /** - * Server url of the WSO2 Carbon Server - */ - private static String SEVER_URL = "URL for Identity server"; - - - public static RemoteUserStoreManagerServiceStub getAdminServiceClient(String adminUserName, String adminPassword, String adminService){ - - /** - * trust store path. this must contains server's certificate or Server's CA chain - */ - - /* The below code snippet is intentionally commented for the build to pass, - * because the private key and certificate file are not committed to GitHub, - * which are needed to run the client */ - -// String trustStore = System.getProperty("user.dir") + File.separator + -// "modules" + File.separator + "user-profile-migration" + File.separator + -// "src" + File.separator + "main" + File.separator + -// "resources" + File.separator + "wso2carbon.jks"; -// System.out.println("file path : " + trustStore); -// -// /** -// * Call to https://localhost:9443/services/ uses HTTPS protocol. -// * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the -// * trust store. -// * Following code sets what trust-store to look for and its JKs password. -// */ -// -// System.setProperty("javax.net.ssl.trustStore", trustStore ); -// -// System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); - - /** - * Axis2 configuration context - */ - ConfigurationContext configContext; - RemoteUserStoreManagerServiceStub adminStub; - - try { - - /** - * Create a configuration context. A configuration context contains information for - * axis2 environment. This is needed to create an axis2 service client - */ - configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); - - /** - * end point url with service name - */ -// String serviceEndPoint = SEVER_URL + "RemoteUserStoreManagerService"; - String serviceEndPoint = SEVER_URL + adminService; - - /** - * create stub and service client - */ - adminStub = new RemoteUserStoreManagerServiceStub(configContext, serviceEndPoint); - ServiceClient client = adminStub._getServiceClient(); - Options option = client.getOptions(); - - /** - * Setting a authenticated cookie that is received from Carbon server. - * If you have authenticated with Carbon server earlier, you can use that cookie, if - * it has not been expired - */ - option.setProperty(HTTPConstants.COOKIE_STRING, null); - - /** - * Setting basic auth headers for authentication for carbon server - */ - HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator(); - auth.setUsername(adminUserName); - auth.setPassword(adminPassword); - auth.setPreemptiveAuthentication(true); - option.setProperty(HTTPConstants.AUTHENTICATE, auth); - option.setManageSession(true); - return adminStub; - } catch (Exception e) { - e.printStackTrace(); - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java new file mode 100644 index 0000000..940e9db --- /dev/null +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java @@ -0,0 +1,88 @@ +package org.apache.airavata; + +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +import org.keycloak.admin.client.Keycloak; +import org.keycloak.representations.idm.CredentialRepresentation; +import org.keycloak.representations.idm.UserRepresentation; + +import java.util.Arrays; + +public class KeycloakIdentityServerClient { + + public void setAdminUserName(String adminUserName) { + adminUserName = adminUserName; + } + + public void setAdminUserPassword(String adminUserPassword) { + this.adminUserPassword = adminUserPassword; + } + + public void setRealm(String realm) { + this.realm = realm; + } + + public void setAdminUrl(String adminUrl) { + this.adminUrl = adminUrl; + } + + private String adminUrl; + private String realm; + private String adminUserName; + private String adminUserPassword; + private Keycloak client; + + public KeycloakIdentityServerClient(String adminUrl, String realm, String adminUserName, String adminUserPassword) { + this.adminUrl = adminUrl; + this.realm = realm; + this.adminUserName = adminUserName; + this.adminUserPassword = adminUserPassword; + this.client = Keycloak.getInstance( + this.adminUrl, + this.realm, // the realm to log in to + this.adminUserName, this.adminUserPassword, // the user + "security-admin-console"); + } + + boolean createUser(){ + + CredentialRepresentation credential = new CredentialRepresentation(); + credential.setType(CredentialRepresentation.PASSWORD); + credential.setValue("test123"); + UserRepresentation user = new UserRepresentation(); + user.setUsername("testuser"); + user.setFirstName("Test"); + user.setLastName("User"); + user.setCredentials(Arrays.asList(credential)); + this.client.realm(this.realm).users().create(user); + return true; + } + + public static void main(String[] args){ + KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth";, + "accord.scigap.org", + "AccordAdmin", + "Accord@123"); + client.createUser(); + } + +} http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java index 2f5af70..5ce33d1 100644 --- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java @@ -33,21 +33,21 @@ import java.util.List; public class MigrationManager { - private ArrayList<ISLoginCredentialsDAO> adminCredentials = new ArrayList<ISLoginCredentialsDAO>(); + private ArrayList<Wso2ISLoginCredentialsDAO> adminCredentials = new ArrayList<Wso2ISLoginCredentialsDAO>(); /*Add the credentials for all the tenants from which the profile should be migrated to Airavata DB*/ public void setISLoginCredentials(){ - adminCredentials.add(new ISLoginCredentialsDAO("prod.seagrid","UserName","Password")); + adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","UserName","Password")); // new credential records here... } /* Method used to fetch all the user profiles from the registered tenants */ - public List<UserProfileDAO> getUserProfilesFromIS(){ + public List<UserProfileDAO> getUserProfilesFromWso2IS(){ ArrayList<UserProfileDAO> userProfileList = new ArrayList<UserProfileDAO>(); - for(ISLoginCredentialsDAO creds:adminCredentials){ - RemoteUserStoreManagerServiceStub isClient = IdentityServerClient.getAdminServiceClient(creds.getLoginUserName(),creds.getLoginPassword(),"RemoteUserStoreManagerService"); + for(Wso2ISLoginCredentialsDAO creds:adminCredentials){ + RemoteUserStoreManagerServiceStub isClient = Wso2IdentityServerClient.getAdminServiceClient(creds.getLoginUserName(),creds.getLoginPassword(),"RemoteUserStoreManagerService"); String[] userList; System.out.println("Fetching User Profiles for " + creds.getGateway() + " tenant ..."); try { @@ -127,7 +127,7 @@ public class MigrationManager { public static void main(String[] args) { MigrationManager migrationManager = new MigrationManager(); migrationManager.setISLoginCredentials(); - List<UserProfileDAO> userProfileList = migrationManager.getUserProfilesFromIS(); + List<UserProfileDAO> userProfileList = migrationManager.getUserProfilesFromWso2IS(); try { migrationManager.migrateUserProfilesToAiravata(userProfileList); } catch (TException e) { http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2ISLoginCredentialsDAO.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2ISLoginCredentialsDAO.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2ISLoginCredentialsDAO.java new file mode 100644 index 0000000..3834fcb --- /dev/null +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2ISLoginCredentialsDAO.java @@ -0,0 +1,78 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata; + +public class Wso2ISLoginCredentialsDAO { + public String getGateway() { + return Gateway; + } + + public void setGateway(String gateway) { + Gateway = gateway; + } + + public String getLoginUserName() { + return loginUserName; + } + + public void setLoginUserName(String loginUserName) { + this.loginUserName = loginUserName; + } + + public String getLoginPassword() { + return loginPassword; + } + + public void setLoginPassword(String loginPassword) { + this.loginPassword = loginPassword; + } + + private String Gateway; + private String loginUserName; + private String loginPassword; + + public Wso2ISLoginCredentialsDAO(String gateway, String loginUserName, String loginPassword) { + Gateway = gateway; + this.loginUserName = loginUserName; + this.loginPassword = loginPassword; + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java new file mode 100644 index 0000000..3f5cae7 --- /dev/null +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java @@ -0,0 +1,137 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.airavata; + +import org.apache.axis2.client.Options; +import org.apache.axis2.client.ServiceClient; +import org.apache.axis2.context.ConfigurationContext; +import org.apache.axis2.context.ConfigurationContextFactory; +import org.apache.axis2.transport.http.HTTPConstants; +import org.apache.axis2.transport.http.HttpTransportProperties; +import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub; + +import java.io.File; + +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + + +public class Wso2IdentityServerClient { + /** + * Server url of the WSO2 Carbon Server + */ + private static String SEVER_URL = "URL for Identity server"; + + + public static RemoteUserStoreManagerServiceStub getAdminServiceClient(String adminUserName, String adminPassword, String adminService){ + + /** + * trust store path. this must contains server's certificate or Server's CA chain + */ + + /* The below code snippet is intentionally commented for the build to pass, + * because the private key and certificate file are not committed to GitHub, + * which are needed to run the client */ + +// String trustStore = System.getProperty("user.dir") + File.separator + +// "modules" + File.separator + "user-profile-migration" + File.separator + +// "src" + File.separator + "main" + File.separator + +// "resources" + File.separator + "wso2carbon.jks"; +// System.out.println("file path : " + trustStore); +// +// /** +// * Call to https://localhost:9443/services/ uses HTTPS protocol. +// * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the +// * trust store. +// * Following code sets what trust-store to look for and its JKs password. +// */ +// +// System.setProperty("javax.net.ssl.trustStore", trustStore ); +// +// System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); + + /** + * Axis2 configuration context + */ + ConfigurationContext configContext; + RemoteUserStoreManagerServiceStub adminStub; + + try { + + /** + * Create a configuration context. A configuration context contains information for + * axis2 environment. This is needed to create an axis2 service client + */ + configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null); + + /** + * end point url with service name + */ +// String serviceEndPoint = SEVER_URL + "RemoteUserStoreManagerService"; + String serviceEndPoint = SEVER_URL + adminService; + + /** + * create stub and service client + */ + adminStub = new RemoteUserStoreManagerServiceStub(configContext, serviceEndPoint); + ServiceClient client = adminStub._getServiceClient(); + Options option = client.getOptions(); + + /** + * Setting a authenticated cookie that is received from Carbon server. + * If you have authenticated with Carbon server earlier, you can use that cookie, if + * it has not been expired + */ + option.setProperty(HTTPConstants.COOKIE_STRING, null); + + /** + * Setting basic auth headers for authentication for carbon server + */ + HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator(); + auth.setUsername(adminUserName); + auth.setPassword(adminPassword); + auth.setPreemptiveAuthentication(true); + option.setProperty(HTTPConstants.AUTHENTICATE, auth); + option.setManageSession(true); + return adminStub; + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class new file mode 100644 index 0000000..932d67a Binary files /dev/null and b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert$SavingTrustManager.class differ http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class new file mode 100644 index 0000000..8489c79 Binary files /dev/null and b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.class differ http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java new file mode 100644 index 0000000..13ca144 --- /dev/null +++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/InstallCert.java @@ -0,0 +1,192 @@ +package org.apache.airavata.utils; + +/** + * Created by anujbhan on 4/17/17. + */ +/* + * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of Sun Microsystems nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import java.io.*; +import java.net.URL; + +import java.security.*; +import java.security.cert.*; + +import javax.net.ssl.*; + +public class InstallCert { + + public static void main(String[] args) throws Exception { + String host; + int port; + char[] passphrase; + if ((args.length == 1) || (args.length == 2)) { + String[] c = args[0].split(":"); + host = c[0]; + port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); + String p = (args.length == 1) ? "changeit" : args[1]; + passphrase = p.toCharArray(); + } else { + System.out.println("Usage: java InstallCert <host>[:port] [passphrase]"); + return; + } + + File file = new File("jssecacerts"); + if (file.isFile() == false) { + char SEP = File.separatorChar; + File dir = new File(System.getProperty("java.home") + SEP + + "lib" + SEP + "security"); + file = new File(dir, "jssecacerts"); + if (file.isFile() == false) { + file = new File(dir, "cacerts"); + } + } + System.out.println("Loading KeyStore " + file + "..."); + InputStream in = new FileInputStream(file); + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(in, passphrase); + in.close(); + + SSLContext context = SSLContext.getInstance("TLS"); + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ks); + X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0]; + SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); + context.init(null, new TrustManager[] {tm}, null); + SSLSocketFactory factory = context.getSocketFactory(); + + System.out.println("Opening connection to " + host + ":" + port + "..."); + SSLSocket socket = (SSLSocket)factory.createSocket(host, port); + socket.setSoTimeout(10000); + try { + System.out.println("Starting SSL handshake..."); + socket.startHandshake(); + socket.close(); + System.out.println(); + System.out.println("No errors, certificate is already trusted"); + } catch (SSLException e) { + System.out.println(); + e.printStackTrace(System.out); + } + + X509Certificate[] chain = tm.chain; + if (chain == null) { + System.out.println("Could not obtain server certificate chain"); + return; + } + + BufferedReader reader = + new BufferedReader(new InputStreamReader(System.in)); + + System.out.println(); + System.out.println("Server sent " + chain.length + " certificate(s):"); + System.out.println(); + MessageDigest sha1 = MessageDigest.getInstance("SHA1"); + MessageDigest md5 = MessageDigest.getInstance("MD5"); + for (int i = 0; i < chain.length; i++) { + X509Certificate cert = chain[i]; + System.out.println + (" " + (i + 1) + " Subject " + cert.getSubjectDN()); + System.out.println(" Issuer " + cert.getIssuerDN()); + sha1.update(cert.getEncoded()); + System.out.println(" sha1 " + toHexString(sha1.digest())); + md5.update(cert.getEncoded()); + System.out.println(" md5 " + toHexString(md5.digest())); + System.out.println(); + } + + System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); + String line = reader.readLine().trim(); + int k; + try { + k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; + } catch (NumberFormatException e) { + System.out.println("KeyStore not changed"); + return; + } + + X509Certificate cert = chain[k]; + String alias = host + "-" + (k + 1); + ks.setCertificateEntry(alias, cert); + + OutputStream out = new FileOutputStream("jssecacerts"); + ks.store(out, passphrase); + out.close(); + + System.out.println(); + System.out.println(cert); + System.out.println(); + System.out.println + ("Added certificate to keystore 'jssecacerts' using alias '" + + alias + "'"); + } + + private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); + + private static String toHexString(byte[] bytes) { + StringBuffer sb = new StringBuffer(bytes.length * 3); + for(int b = 0;b < bytes.length;b++) { + b &= 0xff; + sb.append(HEXDIGITS[b >> 4]); + sb.append(HEXDIGITS[b & 15]); + sb.append(' '); + } + return sb.toString(); + } + + private static class SavingTrustManager implements X509TrustManager { + + private final X509TrustManager tm; + private X509Certificate[] chain; + + SavingTrustManager(X509TrustManager tm) { + this.tm = tm; + } + + public X509Certificate[] getAcceptedIssuers() { + throw new UnsupportedOperationException(); + } + + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + throw new UnsupportedOperationException(); + } + + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + this.chain = chain; + tm.checkServerTrusted(chain, authType); + } + } + +} + http://git-wip-us.apache.org/repos/asf/airavata/blob/8327c29f/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer ---------------------------------------------------------------------- diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer new file mode 100644 index 0000000..3491263 Binary files /dev/null and b/modules/user-profile-migration/src/main/java/org/apache/airavata/utils/iamscigaporg.cer differ
