Fixes #27

b07078f8 · Dustin Jenkins · b13beea6 · b07078f8 · b07078f8 · b07078f8
Commit b07078f8 authored 8 years ago by Dustin Jenkins
--- a/cadc-access-control/build.gradle
+++ b/cadc-access-control/build.gradle
@@ -15,7 +15,7 @@ sourceCompatibility = 1.7
 group = 'org.opencadc'
-version = '1.1.4'
+version = '1.1.5'
 mainClassName = 'ca.nrc.cadc.ac.client.Main'
@@ -29,7 +29,6 @@ dependencies {
    compile 'org.opencadc:cadc-registry:1.+'
    testCompile 'junit:junit:4.+'
-    testCompile 'org.easymock:easymock:3.+'
    testCompile 'xerces:xercesImpl:2.+'
    testCompile 'org.skyscreamer:jsonassert:1.+'
 }

--- a/cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java
@@ -89,6 +89,8 @@ import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLSocketFactory;
 import javax.security.auth.Subject;
+import ca.nrc.cadc.auth.*;
+import ca.nrc.cadc.net.*;
 import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.Group;
@@ -100,16 +102,6 @@ import ca.nrc.cadc.ac.WriterException;
 import ca.nrc.cadc.ac.xml.GroupListReader;
 import ca.nrc.cadc.ac.xml.GroupReader;
 import ca.nrc.cadc.ac.xml.GroupWriter;
-import ca.nrc.cadc.auth.AuthMethod;
-import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.SSLUtil;
-import ca.nrc.cadc.net.HttpDownload;
-import ca.nrc.cadc.net.HttpPost;
-import ca.nrc.cadc.net.HttpTransfer;
-import ca.nrc.cadc.net.HttpUpload;
-import ca.nrc.cadc.net.InputStreamWrapper;
-import ca.nrc.cadc.net.NetUtil;
 import ca.nrc.cadc.net.event.TransferEvent;
 import ca.nrc.cadc.net.event.TransferListener;
 import ca.nrc.cadc.reg.Standards;
@@ -182,7 +174,7 @@ public class GMSClient implements TransferListener
               UserNotFoundException, WriterException, IOException
    {
        URL createGroupURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        log.debug("createGroupURL request to " + createGroupURL.toString());
        // reset the state of the cache
@@ -254,7 +246,7 @@ public class GMSClient implements TransferListener
        throws GroupNotFoundException, AccessControlException, IOException
    {
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
        log.debug("getGroup request to " + getGroupURL.toString());
@@ -310,7 +302,7 @@ public class GMSClient implements TransferListener
        throws AccessControlException, IOException
    {
        URL getGroupNamesURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        log.debug("getGroupNames request to " + getGroupNamesURL.toString());
@@ -388,7 +380,7 @@ public class GMSClient implements TransferListener
               AccessControlException, WriterException, IOException
    {
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID().getName());
        log.debug("updateGroup request to " + updateGroupURL.toString());
@@ -401,7 +393,7 @@ public class GMSClient implements TransferListener
        log.debug("updateGroup: " + groupXML);
        HttpPost transfer = new HttpPost(updateGroupURL, groupXML.toString(),
-                                         "application/xml", true);
+                                         "application/xml", false);
        transfer.setSSLSocketFactory(getSSLSocketFactory());
        transfer.setTransferListener(this);
        transfer.run();
@@ -431,18 +423,21 @@ public class GMSClient implements TransferListener
            throw new IOException(error);
        }
-        try
+        return getGroup(group.getID().getName());
-        {
-            String retXML = transfer.getResponseBody();
+// Cookie gets lost when following redirect and pulling the XML down!
-            log.debug("getGroup returned: " + retXML);
+//        try
-            GroupReader groupReader = new GroupReader();
+//        {
-            return groupReader.read(retXML);
+//            String retXML = transfer.getResponseBody();
-        }
+//            log.debug("getGroup returned: " + retXML);
-        catch (Exception bug)
+//            GroupReader groupReader = new GroupReader();
-        {
+//            return groupReader.read(retXML);
-            log.error("Unexpected exception", bug);
+//        }
-            throw new RuntimeException(bug);
+//        catch (Exception bug)
-        }
+//        {
+//            log.error("Unexpected exception", bug);
+//            throw new RuntimeException(bug);
+//        }
    }
    /**
@@ -457,55 +452,37 @@ public class GMSClient implements TransferListener
        throws GroupNotFoundException, AccessControlException, IOException
    {
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
        log.debug("deleteGroup request to " + deleteGroupURL.toString());
        // reset the state of the cache
        clearCache();
-        HttpURLConnection conn =
+        HttpDelete delete = new HttpDelete(deleteGroupURL, true);
-                (HttpURLConnection) deleteGroupURL.openConnection();
+        delete.setSSLSocketFactory(getSSLSocketFactory());
-        conn.setRequestMethod("DELETE");
+        delete.run();
-        SSLSocketFactory sf = getSSLSocketFactory();
+        Throwable error = delete.getThrowable();
-        if ((sf != null) && ((conn instanceof HttpsURLConnection)))
+        if (error != null)
-        {
-            ((HttpsURLConnection) conn)
-                    .setSSLSocketFactory(sf);
-        }
-        final int responseCode;
-        try
-        {
-            responseCode = conn.getResponseCode();
-        }
-        catch(Exception e)
-        {
-            throw new AccessControlException(e.getMessage());
-        }
-        if (responseCode != 200)
        {
-            String errMessage = NetUtil.getErrorBody(conn);
+            // transfer returns a -1 code for anonymous access.
-            log.debug("deleteGroup response " + responseCode + ": " +
+            if ((delete.getResponseCode() == -1) ||
-                      errMessage);
+                (delete.getResponseCode() == 401) ||
+                (delete.getResponseCode() == 403))
-            if ((responseCode == 401) || (responseCode == 403) ||
-                    (responseCode == -1))
            {
-                throw new AccessControlException(errMessage);
+                throw new AccessControlException(error.getMessage());
            }
-            if (responseCode == 400)
+            if (delete.getResponseCode() == 400)
            {
-                throw new IllegalArgumentException(errMessage);
+                throw new IllegalArgumentException(error.getMessage());
            }
-            if (responseCode == 404)
+            if (delete.getResponseCode() == 404)
            {
-                throw new GroupNotFoundException(errMessage);
+                throw new GroupNotFoundException(error.getMessage());
            }
-            throw new IOException("HttpResponse (" + responseCode + ") - " + errMessage);
+            throw new IOException(error);
        }
    }
@@ -526,7 +503,7 @@ public class GMSClient implements TransferListener
        String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("addGroupMember request to " + addGroupMemberURL.toString());
@@ -587,7 +564,7 @@ public class GMSClient implements TransferListener
        String userIDType = AuthenticationUtil.getPrincipalType(userID);
        String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL addUserMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("addUserMember request to " + addUserMemberURL.toString());
@@ -644,7 +621,7 @@ public class GMSClient implements TransferListener
        String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("removeGroupMember request to " +
                  removeGroupMemberURL.toString());
@@ -713,7 +690,7 @@ public class GMSClient implements TransferListener
        log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType);
        String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
        URL groupsURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("removeUserMember: " + removeUserMemberURL.toString());
@@ -822,10 +799,10 @@ public class GMSClient implements TransferListener
        StringBuilder searchGroupPath = new StringBuilder("?");
        //searchGroupURL.append("ID=").append(NetUtil.encode(id));
        //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType));
-        searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
+        searchGroupPath.append("ROLE=").append(NetUtil.encode(roleString));
        URL searchURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, getAuthMethod());
        URL getMembershipsURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
        log.debug("getMemberships request to " + getMembershipsURL.toString());
@@ -936,7 +913,7 @@ public class GMSClient implements TransferListener
        searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName));
        URL searchURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, AuthMethod.CERT);
+            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, getAuthMethod());
        URL getMembershipURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
        log.debug("getMembership request to " + getMembershipURL.toString());
@@ -1179,4 +1156,21 @@ public class GMSClient implements TransferListener
        return new RegistryClient();
    }
+    private AuthMethod getAuthMethod()
+    {
+        Subject subject = AuthenticationUtil.getCurrentSubject();
+        if (subject != null)
+        {
+            for (Object o : subject.getPublicCredentials())
+            {
+                if (o instanceof X509CertificateChain)
+                    return AuthMethod.CERT;
+                if (o instanceof SSOCookieCredential)
+                    return AuthMethod.COOKIE;
+                // AuthMethod.PASSWORD not supported
+                // AuthMethod.TOKEN not supported
+            }
+        }
+        return AuthMethod.ANON;
+    }
 }
--- a/cadc-access-control/src/test/java/ca/nrc/cadc/ac/client/GMSClientTest.java
+++ b/cadc-access-control/src/test/java/ca/nrc/cadc/ac/client/GMSClientTest.java
@@ -69,12 +69,7 @@
 package ca.nrc.cadc.ac.client;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
 import java.net.URI;
-import java.net.URL;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
@@ -88,10 +83,7 @@ import org.junit.Test;
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.GroupURI;
 import ca.nrc.cadc.ac.Role;
-import ca.nrc.cadc.auth.AuthMethod;
 import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.reg.Standards;
-import ca.nrc.cadc.reg.client.RegistryClient;
 import ca.nrc.cadc.util.Log4jInit;
@@ -103,7 +95,6 @@ public class GMSClientTest
    }
    @Test
    public void testUserIsSubject() throws Exception
    {
@@ -112,24 +103,9 @@ public class GMSClientTest
        HttpPrincipal userID2 = new HttpPrincipal("test2");
        subject.getPrincipals().add(userID);
-        final RegistryClient mockRegistryClient =
-                createMock(RegistryClient.class);
        final URI serviceID = URI.create("ivo://mysite.com/users");
-        expect(mockRegistryClient.getServiceURL(serviceID, Standards.UMS_USERS_01, AuthMethod.CERT))
+        GMSClient client = new GMSClient(serviceID);
-            .andReturn(new URL("http://mysite.com/users"));
-        replay(mockRegistryClient);
-        GMSClient client = new GMSClient(serviceID)
-        {
-            @Override
-            protected RegistryClient getRegistryClient()
-            {
-                return mockRegistryClient;
-            }
-        };
        Assert.assertFalse(client.userIsSubject(null, null));
        Assert.assertFalse(client.userIsSubject(userID, null));
        Assert.assertFalse(client.userIsSubject(null, subject));
@@ -152,21 +128,7 @@ public class GMSClientTest
        subject.getPrincipals().add(test1UserID);
        final URI serviceID = URI.create("ivo://mysite.com/users");
-        final RegistryClient mockRegistryClient =
+        final GMSClient client = new GMSClient(serviceID);
-                createMock(RegistryClient.class);
-        expect(mockRegistryClient.getServiceURL(serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT ))
-            .andReturn(new URL("http://mysite.com/users"));
-        replay(mockRegistryClient);
-        final GMSClient client = new GMSClient(serviceID)
-        {
-            @Override
-            protected RegistryClient getRegistryClient()
-            {
-                return mockRegistryClient;
-            }
-        };
        Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
        {