Skip to content

Commit

Permalink
vault: tweaks for upstream changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@pdowler
pdowler committed Oct 26, 2023
1 parent 9463d1a commit 353ba22
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 24 deletions.
11 changes: 8 additions & 3 deletions vault/src/intTest/java/org/opencadc/vault/NodesTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@

import ca.nrc.cadc.util.FileUtil;
import ca.nrc.cadc.util.Log4jInit;
import java.io.File;
import java.net.URI;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
Expand All @@ -87,10 +88,14 @@ public class NodesTest extends org.opencadc.conformance.vos.NodesTest {
Log4jInit.setLevel("org.opencadc.vospace", Level.DEBUG);
}

private static File ADMIN_CERT = FileUtil.getFileFromResource("vault-test.pem", NodesTest.class);

public NodesTest() {
super(URI.create("ivo://opencadc.org/vault"), "vault-test.pem");
enablePermissionTests(new GroupURI(URI.create("ivo://cadc.nrc.ca/gms?opencadc-vospace-test")),
FileUtil.getFileFromResource("vault-auth-test.pem", NodesTest.class));
super(URI.create("ivo://opencadc.org/vault"), ADMIN_CERT);

File altCert = FileUtil.getFileFromResource("vault-auth-test.pem", NodesTest.class);
enablePermissionTests(new GroupURI(URI.create("ivo://cadc.nrc.ca/gms?opencadc-vospace-test")), altCert);

// vault does not check the actual groups in the permission props tests, hence they can be made up.
enablePermissionPropsTest(new GroupURI(URI.create("ivo://myauth/gms?gr1")), new GroupURI(URI.create("ivo://myauth/gms?gr2")));
}
Expand Down
35 changes: 14 additions & 21 deletions vault/src/main/java/org/opencadc/vault/NodePersistenceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
package org.opencadc.vault;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.IdentityManager;
import ca.nrc.cadc.auth.PrincipalExtractor;
import ca.nrc.cadc.auth.X509CertificateChain;
Expand Down Expand Up @@ -167,32 +168,14 @@ public NodePersistenceImpl(URI resourceID) {
nodeDaoConfig.put("schema", inventorySchema);
nodeDaoConfig.put("vosSchema", vospaceSchema);

final String owner = config.getFirstPropertyValue(VaultInitAction.ROOT_OWNER);
if (owner == null) {
throw new InvalidConfigException(VaultInitAction.ROOT_OWNER + " cannot be null");
}
Subject rawOwnerSubject = AuthenticationUtil.getSubject(new PrincipalExtractor() {
@Override
public Set<Principal> getPrincipals() {
Set<Principal> ret = new HashSet<>();
ret.add(new X500Principal(owner));
return ret;
}

@Override
public X509CertificateChain getCertificateChain() {
return null;
}
});
IdentityManager identityManager = AuthenticationUtil.getIdentityManager();

// root node
IdentityManager identityManager = AuthenticationUtil.getIdentityManager();
UUID rootID = new UUID(0L, 0L);
this.root = new ContainerNode(rootID, "");
root.owner = identityManager.augment(rawOwnerSubject);
root.owner = getRootOwner(config, identityManager);
root.ownerDisplay = identityManager.toDisplayString(root.owner);
log.warn("ROOT owner: " + root.owner);
root.ownerID = identityManager.toOwner(rawOwnerSubject);
root.ownerID = identityManager.toOwner(root.owner);
root.isPublic = true;
root.inheritPermissions = false;

Expand All @@ -215,6 +198,16 @@ public X509CertificateChain getCertificateChain() {
String ns = config.getFirstPropertyValue(VaultInitAction.STORAGE_NAMESPACE_KEY);
this.storageNamespace = new Namespace(ns);
}

private Subject getRootOwner(MultiValuedProperties mvp, IdentityManager im) {
final String owner = mvp.getFirstPropertyValue(VaultInitAction.ROOT_OWNER);
if (owner == null) {
throw new InvalidConfigException(VaultInitAction.ROOT_OWNER + " cannot be null");
}
Subject ret = new Subject();
ret.getPrincipals().add(new HttpPrincipal(owner));
return im.augment(ret);
}

@Override
public Views getViews() {
Expand Down

0 comments on commit 353ba22

Please sign in to comment.