Skip to content

Commit

Permalink
Merge pull request #207 from pdowler/master
Browse files Browse the repository at this point in the history 
cavern: fix preauth subject handling bug
  • Loading branch information
@pdowler
pdowler authored Dec 6, 2023
2 parents 4217ed5 + 9c83a3a commit 2df0f93
Show file tree
Hide file tree
Showing 6 changed files with 98 additions and 14 deletions.
2 changes: 1 addition & 1 deletion cadc-test-vos/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ sourceCompatibility = 1.8

group = 'org.opencadc'

version = '2.1.1'
version = '2.1.2'

description = 'OpenCADC VOSpace test library'
def git_url = 'https://github.com/opencadc/vos'
Expand Down
2 changes: 1 addition & 1 deletion cadc-test-vos/src/main/java/org/opencadc/conformance/vos/TransferTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ public void asyncMoveTest() {
}
}

private Transfer doTransfer(Transfer transfer) throws IOException, TransferParsingException {
protected Transfer doTransfer(Transfer transfer) throws IOException, TransferParsingException {
// Write a transfer document
TransferWriter transferWriter = new TransferWriter();
StringWriter sw = new StringWriter();
Expand Down
2 changes: 1 addition & 1 deletion cavern/VERSION
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## deployable containers have a semantic and build tag
# semantic version tag: major.minor
# build version tag: timestamp
VER=0.6.0
VER=0.6.1
TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
unset VER
85 changes: 85 additions & 0 deletions cavern/src/intTest/java/org/opencadc/cavern/TransferTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,24 @@

package org.opencadc.cavern;

import ca.nrc.cadc.net.FileContent;
import ca.nrc.cadc.net.HttpGet;
import ca.nrc.cadc.net.HttpUpload;
import ca.nrc.cadc.util.Log4jInit;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.net.URL;
import java.nio.charset.Charset;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.Test;
import org.opencadc.vospace.VOS;
import org.opencadc.vospace.VOSURI;
import org.opencadc.vospace.transfer.Direction;
import org.opencadc.vospace.transfer.Protocol;
import org.opencadc.vospace.transfer.Transfer;

/**
*
Expand All @@ -88,4 +103,74 @@ public class TransferTest extends org.opencadc.conformance.vos.TransferTest {
public TransferTest() {
super(Constants.RESOURCE_ID, Constants.TEST_CERT);
}

@Test
public void testPreauthToken() {
try {
// Create a DataNode.
String path = "sync-push-pull-preauth";
URL nodeURL = getNodeURL(nodesServiceURL, path);
VOSURI nodeURI = getVOSURI(path);
log.debug("nodeURL: " + nodeURL);

// Cleanup leftover node
delete(nodeURL, false);

// Create a push-to-vospace Transfer for the node
Transfer pushTransfer = new Transfer(nodeURI.getURI(), Direction.pushToVoSpace);
pushTransfer.version = VOS.VOSPACE_21;
Protocol protocol = new Protocol(VOS.PROTOCOL_HTTPS_PUT);
// anon only to get preauth
pushTransfer.getProtocols().add(protocol);

// Do the transfer
Transfer details = doTransfer(pushTransfer);
Assert.assertEquals("expected transfer direction = " + Direction.pushToVoSpace,
Direction.pushToVoSpace, details.getDirection());
Assert.assertNotNull("expected > 0 protocols", details.getProtocols());
Assert.assertEquals(1, details.getProtocols().size());
Protocol p = details.getProtocols().get(0);
Assert.assertNull(p.getSecurityMethod());
URL putURL = new URL(p.getEndpoint());
log.info("put URL: " + putURL);

// try to put the bytes
String msg = "cavern testPreauthToken";
FileContent content = new FileContent(msg, "text/plain", Charset.forName("UTF-8"));
HttpUpload put = new HttpUpload(content, putURL);
put.prepare(); // throws
// no response body

// Create a pull-from-vospace Transfer for the node
Transfer pullTransfer = new Transfer(nodeURI.getURI(), Direction.pullFromVoSpace);
pullTransfer.version = VOS.VOSPACE_21;
// anon only to get preauth
pullTransfer.getProtocols().add(protocol);

// Do the transfer
details = doTransfer(pullTransfer);
Assert.assertEquals("expected transfer direction = " + Direction.pullFromVoSpace,
Direction.pullFromVoSpace, details.getDirection());
Assert.assertNotNull("expected > 0 protocols", details.getProtocols());
Assert.assertEquals(2, details.getProtocols().size());
p = details.getProtocols().get(0);
Assert.assertNull(p.getSecurityMethod());
URL getURL = new URL(p.getEndpoint());
log.info("get URL: " + getURL);

HttpGet get = new HttpGet(getURL, true);
get.prepare(); // throws
InputStream istream = get.getInputStream();
LineNumberReader r = new LineNumberReader(new InputStreamReader(istream));
String actual = r.readLine();
Assert.assertEquals(msg, actual);

// Delete the node
delete(nodeURL, false);

} catch (Exception e) {
log.error("Unexpected error", e);
Assert.fail("Unexpected error: " + e);
}
}
}
10 changes: 5 additions & 5 deletions cavern/src/main/java/org/opencadc/cavern/files/HeadAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,19 +112,19 @@ Path resolveAndSetMetadata() throws Exception {
VOSURI nodeURI = getNodeURI();
log.debug("target: " + nodeURI);

Subject caller = AuthenticationUtil.getCurrentSubject();
boolean preauthGranted = false;
if (preauthToken != null) {
CavernURLGenerator cav = new CavernURLGenerator(nodePersistence);
Object tokenUser = cav.validateToken(preauthToken, nodeURI, ReadGrant.class);
preauthGranted = true;
// reset loggables
Subject subject = AuthenticationUtil.getCurrentSubject();
subject.getPrincipals().clear();
caller.getPrincipals().clear();
if (tokenUser != null) {
Subject s = identityManager.toSubject(tokenUser);
subject.getPrincipals().addAll(s.getPrincipals());
caller.getPrincipals().addAll(s.getPrincipals());
}
logInfo.setSubject(subject);
// reset loggables
logInfo.setSubject(caller);
logInfo.setResource(nodeURI.getURI());
logInfo.setPath(syncInput.getContextPath() + syncInput.getComponentPath());
logInfo.setGrant("read: preauth-token");
Expand Down
11 changes: 5 additions & 6 deletions cavern/src/main/java/org/opencadc/cavern/files/PutAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,14 +141,13 @@ public void doAction() throws Exception {
CavernURLGenerator cav = new CavernURLGenerator(nodePersistence);
Object tokenUser = cav.validateToken(preauthToken, nodeURI, WriteGrant.class);
preauthGranted = true;
// reset loggables
Subject subject = AuthenticationUtil.getCurrentSubject();
subject.getPrincipals().clear();
caller.getPrincipals().clear();
if (tokenUser != null) {
subject = identityManager.toSubject(tokenUser);
caller = subject;
Subject s = identityManager.toSubject(tokenUser);
caller.getPrincipals().addAll(s.getPrincipals());
}
logInfo.setSubject(subject);
// reset loggables
logInfo.setSubject(caller);
logInfo.setResource(nodeURI.getURI());
logInfo.setPath(syncInput.getContextPath() + syncInput.getComponentPath());
logInfo.setGrant("read: preauth-token");
Expand Down

0 comments on commit 2df0f93

Please sign in to comment.