Skip to content

Commit

Permalink
Find account by certificate sub and iss in VOMS AA (indigo-iam#897)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rmiccoli @jouvin
rmiccoli authored and jouvin committed Feb 6, 2025
1 parent e7068c0 commit 2b53c2b
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 13 deletions.
28 changes: 18 additions & 10 deletions iam-voms-aa/src/main/java/it/infn/mw/voms/aa/impl/DefaultIamVomsAccountResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,24 +18,32 @@
import java.util.Optional;

import it.infn.mw.iam.persistence.model.IamAccount;
import it.infn.mw.iam.persistence.repository.IamAccountRepository;
import it.infn.mw.iam.persistence.model.IamX509Certificate;
import it.infn.mw.iam.persistence.repository.IamX509CertificateRepository;
import it.infn.mw.voms.aa.VOMSRequestContext;

public class DefaultIamVomsAccountResolver implements IamVOMSAccountResolver {

IamAccountRepository accountRepo;
public DefaultIamVomsAccountResolver(IamAccountRepository repo) {
this.accountRepo = repo;
IamX509CertificateRepository certificateRepo;

public DefaultIamVomsAccountResolver(IamX509CertificateRepository repo) {
this.certificateRepo = repo;
}

@Override
public Optional<IamAccount> resolveAccountFromRequest(VOMSRequestContext requestContext) {

String certificateSubject = requestContext.getRequest().getRequesterSubject();

return accountRepo.findByCertificateSubject(certificateSubject);

String certificateIssuer = requestContext.getRequest().getRequesterIssuer();

Optional<IamX509Certificate> cert =
certificateRepo.findBySubjectDnAndIssuerDn(certificateSubject, certificateIssuer);

if (cert.isEmpty()) {
return Optional.empty();
}
return Optional.ofNullable(cert.get().getAccount());

}

}
6 changes: 3 additions & 3 deletions iam-voms-aa/src/main/java/it/infn/mw/voms/config/VomsConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
import it.infn.mw.iam.authn.x509.IamX509AuthenticationProvider;
import it.infn.mw.iam.authn.x509.IamX509AuthenticationUserDetailService;
import it.infn.mw.iam.authn.x509.InactiveAccountAuthenticationHander;
import it.infn.mw.iam.persistence.repository.IamAccountRepository;
import it.infn.mw.iam.persistence.repository.IamX509CertificateRepository;
import it.infn.mw.voms.aa.AttributeAuthority;
import it.infn.mw.voms.aa.ac.ACGenerator;
import it.infn.mw.voms.aa.ac.ThreadLocalACGenerator;
Expand Down Expand Up @@ -97,8 +97,8 @@ ACGenerator acGenerator(PEMCredential aaCredential) {
}

@Bean
IamVOMSAccountResolver iamAccountResolver(IamAccountRepository accountRepo) {
return new DefaultIamVomsAccountResolver(accountRepo);
IamVOMSAccountResolver iamAccountResolver(IamX509CertificateRepository certificateRepo) {
return new DefaultIamVomsAccountResolver(certificateRepo);
}

@Bean
Expand Down

0 comments on commit 2b53c2b

Please sign in to comment.