Difference between revisions of "OAuth for MyProxy GetProxy Endpoint"

From PDP/Grid Wiki
Jump to navigationJump to search
(myproxy server (first half))
(ncsa-security-all section)
Line 158: Line 158:
 
The implementation of the GetProxy servlet is done in ''OA2ProxyServlet''. A successful GetProxy request will execute the following flow in the servlet:
 
The implementation of the GetProxy servlet is done in ''OA2ProxyServlet''. A successful GetProxy request will execute the following flow in the servlet:
  
[[File:Getproxy_servlet_seq.svg? ]]
+
[[File:Getproxy_servlet_seq.svg]]
  
 
* Step 1 : As mentioned above, the key and CSR generation has been moved away from the OA4MP Client into the Server. The ''verifyAndGet'' method creates a new keypair and saves the resulting private key and CSR into the transaction. The proxylifetime, voname and vomses are also stripped off here from the request and saved in the transaction.  
 
* Step 1 : As mentioned above, the key and CSR generation has been moved away from the OA4MP Client into the Server. The ''verifyAndGet'' method creates a new keypair and saves the resulting private key and CSR into the transaction. The proxylifetime, voname and vomses are also stripped off here from the request and saved in the transaction.  
Line 169: Line 169:
  
 
=== ncsa.security.all ===
 
=== ncsa.security.all ===
 +
 +
The '''myproxy''' project builds on top of the '''ncsa.security.all''' project, and therefore some of the modified code logically belongs into this project.
 +
 +
[[File:Ncsa-uml.svg | 1000px]]
 +
 +
The original OA4MP uses ''MyX509Certificates'' as a container to transmit and receive certificate chains. With the extension of GetProxy Endpoint, this container class is no longer sufficient to transmit proxies around, because it cannot hold the proxy's private key. A new container under the name of ''MyX509Proxy'' has been implemented which extends ''MyX509Certificates''.
 +
 +
The ''ProxyUtil'' class is hold a set of static methods used for proxy transformation and generation. This class works with the aid of a newly introduced dependency: [https://github.com/eu-emi/canl-java/ canl-java]. At the time of this writing the canl version integrated was version 2.2.0.
 +
 +
A new request server called ''PPServer2'' (Protected Proxy Server 2) has been added after the model of ''PAServer2'' used for GetCert Requests. The new ''PPServer2'' class sets [[#Protocol Specification | GetProxy request parameters]] and creates a ''MyX509Proxy'' out of the response.

Revision as of 17:38, 12 January 2016