Bug #2744
CNode client does not respect Session param
100%
Description
In the portal I make use of the CertificateManager's "registration" feature that allows me to associate a particular subject to a cert/key pair. When I use the CNode client to make calls, I used to be able to pass in a Session parameter that used the same subject that I registered my cert/key pair with and the call woukd be performed as that person using those pre-registered credentials.
Now that Session param (and contained subject) is ignored and my call acts as though it came from an unauthenticated (basically public) user.
I looked over the code and I'm not sure it's doing exactly what we agreed on. Moreover, there's no way to even set the Session when getting the CNode client via the static call to D1Client.getCN() which is used throughout the codebase.
I thought we would preserve the existing behavior of all the methods that take the Session parameter and just pass in null in the Session-less implementations of the methods.
Here is a sample bit of code that illustrates what I am trying to do.¶
// create a CN client
CNode cn = D1Client.getCN();
String subjectDN = "CN=Benjamin Leinfelder A515,O=University of Chicago,C=US,DC=cilogon,DC=org";
// set up my credentials for this particular subject CertificateManager.getInstance().setCertificateLocation("BAD"); X509Certificate certificate = CertificateManager.getInstance().loadCertificateFromFile("/tmp/x509up_u503"); PrivateKey key = CertificateManager.getInstance().loadPrivateKeyFromFile("/tmp/x509up_u503", null); CertificateManager.getInstance().registerCertificate(subjectDN, certificate, key); // make a call as this particular subject (in the session that is passed in) Subject subject = new Subject(); subject.setValue(subjectDN); Session session = new Session(); session.setSubject(subject); SubjectInfo subjectInfo = cn.getSubjectInfo(session , subject);
Subtasks
History
#1 Updated by Rob Nahf over 12 years ago
- Category set to d1_libclient_java
- Status changed from New to Closed
- Target version set to Sprint-2012.19-Block.3.2
The determineSession() method used to negotiate the difference between the new methods and the old was overly complicated and superfluous. Ripped it out in favor of the direct approach of passing in the session object held by the D1Node.
Added the method D1Client.getCN(Session session), for completeness.