Bug #6786
d1_libclient_java should support Session parameters
100%
Description
Working with the d1_portal code, I noticed that I could no longer act as a proxy for users interacting with that service. Turns out the Session parameter in the MNode implementation was not being used. The portal uses CertificateManager.registerCertificate() to map Session Subjects with the correct certificate//key to use for those calls. But the current implementation hides SSL set up and ignores any Session parameters when the actual MN API calls are being made.
See: D1Client and DefaultHttpMultipartRestClient for a more details.
Subtasks
Associated revisions
Refs #6788, #6786, #6842: Refactored MultipartD1Node (constructors and added getRestClient(Session s) method to provide a standard way for API methods to decide between Sessions passed via the method vs. in the constructor. Added new X509Session class, and restructured HttpMultipartRestClient and HttpUtils to work with new X509Session objects and allow removal of DefaultHttpMultipartRestClient.
Refs #6788, #6786, #6842: Refactored MultipartD1Node (constructors and added getRestClient(Session s) method to provide a standard way for API methods to decide between Sessions passed via the method vs. in the constructor. Added new X509Session class, and restructured HttpMultipartRestClient and HttpUtils to work with new X509Session objects and allow removal of DefaultHttpMultipartRestClient.
refs #6786: added debug statements to CertificateManager to help debug getKeyStore issue seen in d1_portal.
refs #6786: added debug statements to CertificateManager to help debug getKeyStore issue seen in d1_portal.
History
#1 Updated by Ben Leinfelder about 9 years ago
Updated with latest changes to support this, but not get this error about keys:
java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55)
at java.security.KeyStore.setKeyEntry(KeyStore.java:909)
at org.dataone.client.auth.CertificateManager.getKeyStore(CertificateManager.java:962)
at org.dataone.client.auth.CertificateManager.getSSLConnectionSocketFactory(CertificateManager.java:728)
at org.dataone.client.utils.HttpUtils.buildConnectionRegistry(HttpUtils.java:133)
at org.dataone.client.utils.HttpUtils.getHttpClientBuilder(HttpUtils.java:107)
at org.dataone.client.utils.HttpUtils.createHttpClient(HttpUtils.java:100)
at org.dataone.client.rest.HttpMultipartRestClient.(HttpMultipartRestClient.java:204)
at org.dataone.client.rest.HttpMultipartRestClient.(HttpMultipartRestClient.java:190)
at org.dataone.client.rest.MultipartD1Node.getRestClient(MultipartD1Node.java:128)
at org.dataone.client.v2.impl.MultipartMNode.listObjects(MultipartMNode.java:211)
#2 Updated by Rob Nahf about 9 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
I wrote a unit test for HttpMultipartRestClient that exercises the constructor used where the bug was happening, and it's working fine. That exception only happens when the PrivateKey passed in is null, so I suspect there might be something wonky with the registration of certificates, most likely with pulling the certificate from HttpRequest. I didn't touch that method, so there's a good possibility something's different in the context, maybe with Java7?
I'll enhance the log.debug statements in CertificateManager to allow portal to get a better picture of what's going on.
#3 Updated by Ben Leinfelder about 9 years ago
I was able to use the CM.registerCertificate() method and proxy as a different user. The previous error was when I was using the configured certificateFile location and acting as the CN. Hope that helps clarify the error and when it arose.
#4 Updated by Rob Nahf about 9 years ago
- % Done changed from 30 to 50
- Status changed from In Progress to Testing
- Target version changed from CCI-2.0.0 to CLJ-2.0.0
#5 Updated by Rob Nahf over 8 years ago
- Status changed from Testing to Closed
- % Done changed from 50 to 100
fixed.
