diff --git a/vault/src/intTest/java/org/opencadc/vault/NodesTest.java b/vault/src/intTest/java/org/opencadc/vault/NodesTest.java index 7cc2d4cd..869ca002 100644 --- a/vault/src/intTest/java/org/opencadc/vault/NodesTest.java +++ b/vault/src/intTest/java/org/opencadc/vault/NodesTest.java @@ -69,6 +69,7 @@ import ca.nrc.cadc.util.FileUtil; import ca.nrc.cadc.util.Log4jInit; +import java.io.File; import java.net.URI; import org.apache.log4j.Level; import org.apache.log4j.Logger; @@ -87,10 +88,14 @@ public class NodesTest extends org.opencadc.conformance.vos.NodesTest { Log4jInit.setLevel("org.opencadc.vospace", Level.DEBUG); } + private static File ADMIN_CERT = FileUtil.getFileFromResource("vault-test.pem", NodesTest.class); + public NodesTest() { - super(URI.create("ivo://opencadc.org/vault"), "vault-test.pem"); - enablePermissionTests(new GroupURI(URI.create("ivo://cadc.nrc.ca/gms?opencadc-vospace-test")), - FileUtil.getFileFromResource("vault-auth-test.pem", NodesTest.class)); + super(URI.create("ivo://opencadc.org/vault"), ADMIN_CERT); + + File altCert = FileUtil.getFileFromResource("vault-auth-test.pem", NodesTest.class); + enablePermissionTests(new GroupURI(URI.create("ivo://cadc.nrc.ca/gms?opencadc-vospace-test")), altCert); + // vault does not check the actual groups in the permission props tests, hence they can be made up. enablePermissionPropsTest(new GroupURI(URI.create("ivo://myauth/gms?gr1")), new GroupURI(URI.create("ivo://myauth/gms?gr2"))); } diff --git a/vault/src/main/java/org/opencadc/vault/NodePersistenceImpl.java b/vault/src/main/java/org/opencadc/vault/NodePersistenceImpl.java index 76146493..0c8b7457 100644 --- a/vault/src/main/java/org/opencadc/vault/NodePersistenceImpl.java +++ b/vault/src/main/java/org/opencadc/vault/NodePersistenceImpl.java @@ -68,6 +68,7 @@ package org.opencadc.vault; import ca.nrc.cadc.auth.AuthenticationUtil; +import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.IdentityManager; import ca.nrc.cadc.auth.PrincipalExtractor; import ca.nrc.cadc.auth.X509CertificateChain; @@ -167,32 +168,14 @@ public NodePersistenceImpl(URI resourceID) { nodeDaoConfig.put("schema", inventorySchema); nodeDaoConfig.put("vosSchema", vospaceSchema); - final String owner = config.getFirstPropertyValue(VaultInitAction.ROOT_OWNER); - if (owner == null) { - throw new InvalidConfigException(VaultInitAction.ROOT_OWNER + " cannot be null"); - } - Subject rawOwnerSubject = AuthenticationUtil.getSubject(new PrincipalExtractor() { - @Override - public Set getPrincipals() { - Set ret = new HashSet<>(); - ret.add(new X500Principal(owner)); - return ret; - } - - @Override - public X509CertificateChain getCertificateChain() { - return null; - } - }); - IdentityManager identityManager = AuthenticationUtil.getIdentityManager(); - // root node + IdentityManager identityManager = AuthenticationUtil.getIdentityManager(); UUID rootID = new UUID(0L, 0L); this.root = new ContainerNode(rootID, ""); - root.owner = identityManager.augment(rawOwnerSubject); + root.owner = getRootOwner(config, identityManager); root.ownerDisplay = identityManager.toDisplayString(root.owner); log.warn("ROOT owner: " + root.owner); - root.ownerID = identityManager.toOwner(rawOwnerSubject); + root.ownerID = identityManager.toOwner(root.owner); root.isPublic = true; root.inheritPermissions = false; @@ -215,6 +198,16 @@ public X509CertificateChain getCertificateChain() { String ns = config.getFirstPropertyValue(VaultInitAction.STORAGE_NAMESPACE_KEY); this.storageNamespace = new Namespace(ns); } + + private Subject getRootOwner(MultiValuedProperties mvp, IdentityManager im) { + final String owner = mvp.getFirstPropertyValue(VaultInitAction.ROOT_OWNER); + if (owner == null) { + throw new InvalidConfigException(VaultInitAction.ROOT_OWNER + " cannot be null"); + } + Subject ret = new Subject(); + ret.getPrincipals().add(new HttpPrincipal(owner)); + return im.augment(ret); + } @Override public Views getViews() {