Project

General

Profile

Bug #6786

d1_libclient_java should support Session parameters

Added by Ben Leinfelder almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
d1_libclient_java
Target version:
Start date:
2015-02-05
Due date:
% Done:

100%

Story Points:
Sprint:

Description

Working with the d1_portal code, I noticed that I could no longer act as a proxy for users interacting with that service. Turns out the Session parameter in the MNode implementation was not being used. The portal uses CertificateManager.registerCertificate() to map Session Subjects with the correct certificate//key to use for those calls. But the current implementation hides SSL set up and ignores any Session parameters when the actual MN API calls are being made.

See: D1Client and DefaultHttpMultipartRestClient for a more details.


Subtasks

Task #6788: refactor how the Multipart*Nodes get their rest clientClosedRob Nahf

Task #6842: expose the session information in CertificateManagerClosedRob Nahf

Associated revisions

Revision 15157
Added by Rob Nahf almost 10 years ago

Refs #6788, #6786, #6842: Refactored MultipartD1Node (constructors and added getRestClient(Session s) method to provide a standard way for API methods to decide between Sessions passed via the method vs. in the constructor. Added new X509Session class, and restructured HttpMultipartRestClient and HttpUtils to work with new X509Session objects and allow removal of DefaultHttpMultipartRestClient.

Revision 15157
Added by Rob Nahf almost 10 years ago

Refs #6788, #6786, #6842: Refactored MultipartD1Node (constructors and added getRestClient(Session s) method to provide a standard way for API methods to decide between Sessions passed via the method vs. in the constructor. Added new X509Session class, and restructured HttpMultipartRestClient and HttpUtils to work with new X509Session objects and allow removal of DefaultHttpMultipartRestClient.

Revision 15197
Added by Rob Nahf almost 10 years ago

refs #6786: added debug statements to CertificateManager to help debug getKeyStore issue seen in d1_portal.

Revision 15197
Added by Rob Nahf almost 10 years ago

refs #6786: added debug statements to CertificateManager to help debug getKeyStore issue seen in d1_portal.

History

#1 Updated by Ben Leinfelder almost 10 years ago

Updated with latest changes to support this, but not get this error about keys:

java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55)
at java.security.KeyStore.setKeyEntry(KeyStore.java:909)
at org.dataone.client.auth.CertificateManager.getKeyStore(CertificateManager.java:962)
at org.dataone.client.auth.CertificateManager.getSSLConnectionSocketFactory(CertificateManager.java:728)
at org.dataone.client.utils.HttpUtils.buildConnectionRegistry(HttpUtils.java:133)
at org.dataone.client.utils.HttpUtils.getHttpClientBuilder(HttpUtils.java:107)
at org.dataone.client.utils.HttpUtils.createHttpClient(HttpUtils.java:100)
at org.dataone.client.rest.HttpMultipartRestClient.(HttpMultipartRestClient.java:204)
at org.dataone.client.rest.HttpMultipartRestClient.(HttpMultipartRestClient.java:190)
at org.dataone.client.rest.MultipartD1Node.getRestClient(MultipartD1Node.java:128)
at org.dataone.client.v2.impl.MultipartMNode.listObjects(MultipartMNode.java:211)

#2 Updated by Rob Nahf almost 10 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

I wrote a unit test for HttpMultipartRestClient that exercises the constructor used where the bug was happening, and it's working fine. That exception only happens when the PrivateKey passed in is null, so I suspect there might be something wonky with the registration of certificates, most likely with pulling the certificate from HttpRequest. I didn't touch that method, so there's a good possibility something's different in the context, maybe with Java7?

I'll enhance the log.debug statements in CertificateManager to allow portal to get a better picture of what's going on.

#3 Updated by Ben Leinfelder almost 10 years ago

I was able to use the CM.registerCertificate() method and proxy as a different user. The previous error was when I was using the configured certificateFile location and acting as the CN. Hope that helps clarify the error and when it arose.

#4 Updated by Rob Nahf almost 10 years ago

  • % Done changed from 30 to 50
  • Status changed from In Progress to Testing
  • Target version changed from CCI-2.0.0 to CLJ-2.0.0

#5 Updated by Rob Nahf about 9 years ago

  • Status changed from Testing to Closed
  • % Done changed from 50 to 100

fixed.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)