Renaming scitokens to otokens.

parent 86210b4d
......@@ -2192,7 +2192,7 @@ AC_CONFIG_FILES([Makefile
src/hed/libs/delegation/test/Makefile
src/hed/libs/xmlsec/Makefile
src/hed/libs/globusutils/Makefile
src/hed/libs/scitokens/Makefile
src/hed/libs/otokens/Makefile
src/hed/daemon/Makefile
src/hed/daemon/scripts/Makefile
src/hed/daemon/schema/Makefile
......@@ -2262,7 +2262,7 @@ AC_CONFIG_FILES([Makefile
src/hed/shc/delegationsh/schema/Makefile
src/hed/shc/legacy/Makefile
src/hed/shc/legacy/schema/Makefile
src/hed/shc/scitokens/Makefile
src/hed/shc/otokens/Makefile
src/hed/identitymap/Makefile
src/hed/identitymap/schema/Makefile
src/libs/Makefile
......
......@@ -9,7 +9,7 @@ debian/tmp/usr/lib/libarcdatastaging.so.*
debian/tmp/usr/lib/libarcloader.so.*
debian/tmp/usr/lib/libarcmessage.so.*
debian/tmp/usr/lib/libarcsecurity.so.*
debian/tmp/usr/lib/libarcscitokens.so.*
debian/tmp/usr/lib/libarcotokens.so.*
debian/tmp/usr/lib/libarcinfosys.so.*
debian/tmp/usr/lib/libarcwsaddressing.so.*
debian/tmp/usr/lib/libarcwssecurity.so.*
......
......@@ -5,6 +5,7 @@ debian/tmp/usr/lib/arc/libaccARCHERY.so
debian/tmp/usr/lib/arc/libaccLDAP.so
debian/tmp/usr/lib/arc/test/libaccTEST.so
debian/tmp/usr/lib/arc/libarcshclegacy.so
debian/tmp/usr/lib/arc/libarcshcotokens.so
debian/tmp/usr/lib/arc/libarcshc.so
debian/tmp/usr/lib/arc/libdmcfile.so
debian/tmp/usr/lib/arc/libdmchttp.so
......@@ -26,6 +27,7 @@ debian/tmp/usr/lib/arc/libaccARCHERY.apd
debian/tmp/usr/lib/arc/libaccLDAP.apd
debian/tmp/usr/lib/arc/test/libaccTEST.apd
debian/tmp/usr/lib/arc/libarcshclegacy.apd
debian/tmp/usr/lib/arc/libarcshcotokens.apd
debian/tmp/usr/lib/arc/libarcshc.apd
debian/tmp/usr/lib/arc/libdmcfile.apd
debian/tmp/usr/lib/arc/libdmchttp.apd
......
#include "../../../src/hed/libs/otokens/otokens.h"
#include "../../../src/hed/libs/scitokens/jwse.h"
......@@ -44,6 +44,11 @@ ARCSECURITY_CFLAGS='-I$(top_srcdir)/include'
AC_SUBST(ARCSECURITY_LIBS)
AC_SUBST(ARCSECURITY_CFLAGS)
ARCOTOKENS_LIBS='$(top_builddir)/src/hed/libs/security/libarcotokens.la'
ARCOTOKENS_CFLAGS='-I$(top_srcdir)/include'
AC_SUBST(ARCOTOKENS_LIBS)
AC_SUBST(ARCOTOKENS_CFLAGS)
ARCINFOSYS_LIBS='$(top_builddir)/src/hed/libs/infosys/libarcinfosys.la'
ARCINFOSYS_CFLAGS='-I$(top_srcdir)/include'
AC_SUBST(ARCINFOSYS_LIBS)
......
......@@ -1202,7 +1202,7 @@ service arc-infosys-ldap condrestart > /dev/null 2>&1 || :
%{_libdir}/libarcloader.so.*
%{_libdir}/libarcmessage.so.*
%{_libdir}/libarcsecurity.so.*
%{_libdir}/libarcscitokens.so.*
%{_libdir}/libarcotokens.so.*
%{_libdir}/libarcinfosys.so.*
%{_libdir}/libarcwsaddressing.so.*
%{_libdir}/libarcwssecurity.so.*
......@@ -1620,6 +1620,7 @@ service arc-infosys-ldap condrestart > /dev/null 2>&1 || :
%{_libdir}/%{pkgdir}/libaccLDAP.so
%{_libdir}/%{pkgdir}/libarcshc.so
%{_libdir}/%{pkgdir}/libarcshclegacy.so
%{_libdir}/%{pkgdir}/libarcshcotokens.so
%{_libdir}/%{pkgdir}/libdmcfile.so
%{_libdir}/%{pkgdir}/libdmchttp.so
%{_libdir}/%{pkgdir}/libdmcldap.so
......@@ -1643,6 +1644,7 @@ service arc-infosys-ldap condrestart > /dev/null 2>&1 || :
%{_libdir}/%{pkgdir}/libaccLDAP.apd
%{_libdir}/%{pkgdir}/libarcshc.apd
%{_libdir}/%{pkgdir}/libarcshclegacy.apd
%{_libdir}/%{pkgdir}/libarcshcotokens.apd
%{_libdir}/%{pkgdir}/libdmcfile.apd
%{_libdir}/%{pkgdir}/libdmchttp.apd
%{_libdir}/%{pkgdir}/libdmcldap.apd
......
......@@ -10,11 +10,11 @@
#include <arc/delegation/DelegationInterface.h>
#include <arc/compute/Job.h>
#include <arc/StringConv.h>
#include <arc/scitokens/jwse.h>
#include <arc/otokens/otokens.h>
#include <arc/credential/Credential.h>
#include "JobStateEMIES.h"
#define USE_SCITOKENS 1
#define USE_OTOKENS 1
#include "EMIESClient.h"
......@@ -82,10 +82,10 @@ namespace Arc {
logger.msg(DEBUG, "Creating an EMI ES client");
#ifdef USE_SCITOKENS
scitoken = Arc::GetEnv("SCITOKEN");
std::cerr<<"SCITOKEN: "<<scitoken<<std::endl;
if(!scitoken.empty()) {
#ifdef USE_OTOKENS
otoken = Arc::GetEnv("OTOKEN");
std::cerr<<"OTOKEN: "<<otoken<<std::endl;
if(!otoken.empty()) {
// removing credentials from HTTPS layer
MCCConfig temp_cfg(cfg);
temp_cfg.proxy.clear();
......@@ -153,8 +153,8 @@ namespace Arc {
MessageAttributes attrout;
MessageAttributes attrin;
attrout.set("SOAP:ENDPOINT",rurl.str());
if(!scitoken.empty())
attrout.set("HTTP:authorization", "bearer "+scitoken);
if(!otoken.empty())
attrout.set("HTTP:authorization", "bearer "+otoken);
if (!deleg->DelegateCredentialsInit(*entry,&attrout,&attrin,&(client->GetContext()),
(renew_id.empty()?DelegationProviderSOAP::EMIDS:DelegationProviderSOAP::EMIDSRENEW))) {
......@@ -203,8 +203,8 @@ namespace Arc {
PayloadSOAP* resp = NULL;
std::multimap<std::string,std::string> http_attr;
if(!scitoken.empty())
http_attr.insert(std::pair<std::string,std::string>("authorization","bearer "+scitoken));
if(!otoken.empty())
http_attr.insert(std::pair<std::string,std::string>("authorization","bearer "+otoken));
if (!client->process(http_attr, &req, &resp)) {
logger.msg(VERBOSE, "%s request failed", req.Child(0).FullName());
......
......@@ -329,7 +329,7 @@ namespace Arc {
const MCCConfig cfg;
std::string scitoken;
std::string otoken;
int timeout;
......
......@@ -14,7 +14,7 @@ libaccEMIES_la_SOURCES = EMIESClient.cpp EMIESClient.h \
libaccEMIES_la_CXXFLAGS = -I$(top_srcdir)/include \
$(LIBXML2_CFLAGS) $(GLIBMM_CFLAGS) $(AM_CXXFLAGS)
libaccEMIES_la_LIBADD = \
$(top_builddir)/src/hed/libs/scitokens/libarcscitokens.la \
$(top_builddir)/src/hed/libs/otokens/libarcotokens.la \
$(top_builddir)/src/hed/libs/delegation/libarcdelegation.la \
$(top_builddir)/src/hed/libs/compute/libarccompute.la \
$(top_builddir)/src/hed/libs/communication/libarccommunication.la \
......@@ -32,7 +32,7 @@ libaccEMIES_la_LDFLAGS = -no-undefined -avoid-version -module
arcemiestest_SOURCES = TestEMIESClient.cpp EMIESClient.cpp JobStateEMIES.cpp
arcemiestest_CXXFLAGS = -I$(top_srcdir)/include $(LIBXML2_CFLAGS) $(GLIBMM_CFLAGS)
arcemiestest_LDADD = \
$(top_builddir)/src/hed/libs/scitokens/libarcscitokens.la \
$(top_builddir)/src/hed/libs/otokens/libarcotokens.la \
$(top_builddir)/src/hed/libs/delegation/libarcdelegation.la \
$(top_builddir)/src/hed/libs/communication/libarccommunication.la \
$(top_builddir)/src/hed/libs/compute/libarccompute.la \
......
......@@ -15,9 +15,9 @@ SUBDIRS = common loader message crypto cryptomod \
credential credentialmod data security \
ws-addressing $(XMLSEC_DIR) ws-security delegation \
communication compute infosys $(GLOBUSUTILS_DIR) \
credentialstore scitokens
credentialstore otokens
DIST_SUBDIRS = common loader message crypto cryptomod \
credential credentialmod data security \
ws-addressing xmlsec ws-security delegation \
communication compute infosys globusutils \
credentialstore scitokens
credentialstore otokens
#DIST_SUBDIRS = test
#SUBDIRS = $(TEST_DIR)
lib_LTLIBRARIES = libarcscitokens.la
lib_LTLIBRARIES = libarcotokens.la
pgmpkglibdir = $(pkglibdir)
pgmpkglib_PROGRAMS =
libarcscitokens_ladir = $(pkgincludedir)
libarcscitokens_la_HEADERS = jwse.h openid_metadata.h
libarcscitokens_la_SOURCES = jwse.cpp jwse_hmac.cpp jwse_ecdsa.cpp jwse_rsassapkcs1.cpp jwse_rsassapss.cpp jwse_keys.cpp openid_metadata.cpp jwse_private.h
libarcscitokens_la_CXXFLAGS = -I$(top_srcdir)/include $(OPENSSL_CFLAGS) $(LIBXML2_CFLAGS) $(GLIBMM_CFLAGS) $(AM_CXXFLAGS)
libarcscitokens_la_LIBADD = \
libarcotokens_ladir = $(pkgincludedir)
libarcotokens_la_HEADERS = otokens.h openid_metadata.h
libarcotokens_la_SOURCES = jwse.cpp jwse_hmac.cpp jwse_ecdsa.cpp jwse_rsassapkcs1.cpp jwse_rsassapss.cpp jwse_keys.cpp openid_metadata.cpp jwse_private.h
libarcotokens_la_CXXFLAGS = -I$(top_srcdir)/include $(OPENSSL_CFLAGS) $(LIBXML2_CFLAGS) $(GLIBMM_CFLAGS) $(AM_CXXFLAGS)
libarcotokens_la_LIBADD = \
$(top_builddir)/src/external/cJSON/libcjson.la \
$(top_builddir)/src/hed/libs/common/libarccommon.la \
$(top_builddir)/src/hed/libs/communication/libarccommunication.la \
$(OPENSSL_LIBS) $(GLIBMM_LIBS) $(LIBINTL)
libarcscitokens_la_LDFLAGS = -version-info 3:0:0
libarcotokens_la_LDFLAGS = -version-info 3:0:0
......@@ -8,7 +8,7 @@
#include <arc/Logger.h>
#include <arc/external/cJSON/cJSON.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
......
......@@ -6,7 +6,7 @@
#include <arc/external/cJSON/cJSON.h>
#include <openssl/evp.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
#if OPENSSL_VERSION_NUMBER < 0x10100000L
......
......@@ -6,7 +6,7 @@
#include <arc/external/cJSON/cJSON.h>
#include <openssl/evp.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
#if OPENSSL_VERSION_NUMBER < 0x10100000L
......
......@@ -13,7 +13,7 @@
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
#include "openid_metadata.h"
......
......@@ -6,7 +6,7 @@
#include <arc/external/cJSON/cJSON.h>
#include <openssl/evp.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
#if OPENSSL_VERSION_NUMBER < 0x10100000L
......
......@@ -6,7 +6,7 @@
#include <arc/external/cJSON/cJSON.h>
#include <openssl/evp.h>
#include "jwse.h"
#include "otokens.h"
#include "jwse_private.h"
#if OPENSSL_VERSION_NUMBER < 0x10100000L
......
......@@ -10,7 +10,7 @@ namespace Arc {
class JWSEKeyHolder;
//! Class for parsing, verifying and extracting information
//! from SciTokens (JWS or JWE encoded).
//! from Tokens (JWS or JWE encoded).
class JWSE {
public:
static char const * const ClaimNameSubject;
......@@ -25,22 +25,22 @@ namespace Arc {
static char const * const HeaderNameAlgorithm;
static char const * const HeaderNameEncryption;
//! Parse scitoken available as simple string.
//! Mostly to be used for scitokens embedded into something
//! Parse token available as simple string.
//! Mostly to be used for tokens embedded into something
//! like HTTP header.
JWSE(std::string const& jwseCompact);
//! Default contructor creates valid SciToken
//! Default contructor creates valid Token
//! with empty information.
JWSE();
//! Odinary destructor
~JWSE();
//! Returns true if object represents valid SciToken
//! Returns true if object represents valid Token
operator bool() const { return valid_; }
//! Returns true if object does not represents valid SciToken
//! Returns true if object does not represents valid Token
bool operator!() const { return !valid_; }
//! Returns number of authorized activities
......@@ -76,10 +76,10 @@ namespace Arc {
//! Set specified claim to new value.
void Claim(char const* name, char const* value);
//! Parses passed SciToken and stores collected information in this object.
//! Parses passed Token and stores collected information in this object.
bool Input(std::string const& jwseCompact);
//! Serializes stored SciToken into string container.
//! Serializes stored Token into string container.
bool Output(std::string& jwseCompact) const;
//! Assigns certificate to use for signing
......
......@@ -11,10 +11,10 @@ endif
SUBDIRS = allowpdp denypdp simplelistpdp arcpdp xacmlpdp \
pdpserviceinvoker arcauthzsh delegationpdp usernametokensh gaclpdp \
$(SUBDIRS_XMLSEC) delegationsh legacy scitokens
$(SUBDIRS_XMLSEC) delegationsh legacy otokens
DIST_SUBDIRS = allowpdp denypdp simplelistpdp arcpdp xacmlpdp \
pdpserviceinvoker arcauthzsh delegationpdp usernametokensh gaclpdp \
x509tokensh samltokensh saml2sso_assertionconsumersh delegationsh legacy scitokens
x509tokensh samltokensh saml2sso_assertionconsumersh delegationsh legacy otokens
noinst_PROGRAMS = test testinterface_arc testinterface_xacml
pkglib_LTLIBRARIES = libarcshc.la
......
......@@ -163,8 +163,8 @@ class LegacyPDPAttr: public Arc::SecAttr {
LegacyPDPAttr(bool decision):decision_(decision) { };
LegacyPDPAttr(bool decision, const std::list<std::string>& mvoms,
const std::list<std::string>& mvo,
const std::list<std::string>& mscitokens):
decision_(decision), voms(mvoms), vo(mvo), scitokens(mscitokens) { };
const std::list<std::string>& motokens):
decision_(decision), voms(mvoms), vo(mvo), otokens(motokens) { };
virtual ~LegacyPDPAttr(void);
// Common interface
......@@ -181,7 +181,7 @@ class LegacyPDPAttr: public Arc::SecAttr {
virtual bool equal(const SecAttr &b) const;
std::list<std::string> voms;
std::list<std::string> vo;
std::list<std::string> scitokens; //
std::list<std::string> otokens; //
};
LegacyPDPAttr::~LegacyPDPAttr(void) {
......@@ -200,8 +200,8 @@ std::string LegacyPDPAttr::get(const std::string& id) const {
if(!voms.empty()) return *voms.begin();
} else if(id == "VO") {
if(!vo.empty()) return *vo.begin();
} else if(id == "SCITOKENS") {
if(!scitokens.empty()) return *scitokens.begin();
} else if(id == "OTOKENS") {
if(!otokens.empty()) return *otokens.begin();
}
return "";
}
......@@ -209,7 +209,7 @@ std::string LegacyPDPAttr::get(const std::string& id) const {
std::list<std::string> LegacyPDPAttr::getAll(const std::string& id) const {
if(id == "VOMS") return voms;
if(id == "VO") return vo;
if(id == "SCITOKENS") return scitokens;
if(id == "OTOKENS") return otokens;
return std::list<std::string>();
}
......@@ -252,15 +252,15 @@ ArcSec::PDPStatus LegacyPDP::isPermitted(Arc::Message *msg) const {
decision = true;
const std::list<std::string>& matched_voms = lattr->GetGroupVOMS(match);
const std::list<std::string>& matched_vo = lattr->GetGroupVO(match);
const std::list<std::string>& matched_scitokens = lattr->GetGroupScitokens(match);
msg->AuthContext()->set(attrname_,new LegacyPDPAttr(decision, matched_voms, matched_vo, matched_scitokens));
const std::list<std::string>& matched_otokens = lattr->GetGroupOtokens(match);
msg->AuthContext()->set(attrname_,new LegacyPDPAttr(decision, matched_voms, matched_vo, matched_otokens));
} else if(match_lists(vos_,vos,match,logger)) {
decision = true;
const std::list<std::string> matched_voms;
const std::list<std::string> matched_scitokens;
const std::list<std::string> matched_otokens;
std::list<std::string> matched_vo;
matched_vo.push_back(match);
msg->AuthContext()->set(attrname_,new LegacyPDPAttr(decision, matched_voms, matched_vo, matched_scitokens));
msg->AuthContext()->set(attrname_,new LegacyPDPAttr(decision, matched_voms, matched_vo, matched_otokens));
} else {
msg->AuthContext()->set(attrname_,new LegacyPDPAttr(decision));
};
......
......@@ -102,21 +102,21 @@ const std::list<std::string>& LegacySecAttr::GetGroupVOMS(const std::string& gro
return empty_list;
}
const std::list<std::string>& LegacySecAttr::GetGroupScitokens(const std::string& group) const {
std::list< std::list<std::string> >::const_iterator scitokens = groupsScitokens_.begin();
const std::list<std::string>& LegacySecAttr::GetGroupOtokens(const std::string& group) const {
std::list< std::list<std::string> >::const_iterator otokens = groupsOtokens_.begin();
for(std::list<std::string>::const_iterator grp = groups_.begin(); grp != groups_.end(); ++grp) {
if(scitokens == groupsScitokens_.end()) break;
if(*grp == group) return *scitokens;
++scitokens;
if(otokens == groupsOtokens_.end()) break;
if(*grp == group) return *otokens;
++otokens;
};
return empty_list;
}
void LegacySecAttr::AddGroup(const std::string& group, const std::list<std::string>& vo, const std::list<std::string>& voms, const std::list<std::string>& scitokens) {
void LegacySecAttr::AddGroup(const std::string& group, const std::list<std::string>& vo, const std::list<std::string>& voms, const std::list<std::string>& otokens) {
groups_.push_back(group);
groupsVO_.push_back(vo);
groupsVOMS_.push_back(voms);
groupsScitokens_.push_back(scitokens);
groupsOtokens_.push_back(otokens);
}
......
......@@ -27,11 +27,11 @@ class LegacySecAttr: public Arc::SecAttr {
void AddGroup(const std::string& group,
const std::list<std::string>& vo,
const std::list<std::string>& voms,
const std::list<std::string>& scitokens);
const std::list<std::string>& otokens);
const std::list<std::string> GetGroups(void) const { return groups_; };
const std::list<std::string>& GetGroupVO(const std::string& group) const;
const std::list<std::string>& GetGroupVOMS(const std::string& group) const;
const std::list<std::string>& GetGroupScitokens(const std::string& group) const;
const std::list<std::string>& GetGroupOtokens(const std::string& group) const;
void AddVO(const std::string& vo) { VOs_.push_back(vo); };
const std::list<std::string> GetVOs(void) const { return VOs_; };
......@@ -41,7 +41,7 @@ class LegacySecAttr: public Arc::SecAttr {
std::list<std::string> VOs_;
std::list< std::list<std::string> > groupsVO_; // synchronized with groups_
std::list< std::list<std::string> > groupsVOMS_; // synchronized with groups_
std::list< std::list<std::string> > groupsScitokens_; // synchronized with groups_
std::list< std::list<std::string> > groupsOtokens_; // synchronized with otokens_
virtual bool equal(const SecAttr &b) const;
};
......
......@@ -146,11 +146,11 @@ ArcSec::SecHandlerStatus LegacySecHandler::Handle(Arc::Message* msg) const {
for(std::list<std::string>::const_iterator grp = groups.begin(); grp != groups.end(); ++grp) {
const char* vo = auth.get_group_vo(*grp);
const voms_t* voms = auth.get_group_voms(*grp);
const scitokens_t* scitokens = auth.get_group_scitokens(*grp);
const otokens_t* otokens = auth.get_group_otokens(*grp);
//std::string glid = auth.get_group_globalid(*grp);
std::list<std::string> vos;
std::list<std::string> vomss;
std::list<std::string> scitokenss;
std::list<std::string> otokenss;
if((vo != NULL) && (*vo != '\0')) vos.push_back(vo);
if(voms != NULL) {
for(std::vector<voms_fqan_t>::const_iterator f = voms->fqans.begin();
......@@ -162,12 +162,12 @@ ArcSec::SecHandlerStatus LegacySecHandler::Handle(Arc::Message* msg) const {
};
// We need something like fqan for tokens. Currently we only need to identify cleint.
// For that combination of subject and issuer is enough.
if(scitokens) {
if(!scitokens->subject.empty() && !scitokens->issuer.empty()) {
scitokenss.push_back(scitokens->issuer + "/" + scitokens->subject);
if(otokens) {
if(!otokens->subject.empty() && !otokens->issuer.empty()) {
otokenss.push_back(otokens->issuer + "/" + otokens->subject);
};
};
sattr->AddGroup(*grp, vos, vomss, scitokenss);
sattr->AddGroup(*grp, vos, vomss, otokenss);
};
};
......
......@@ -9,7 +9,7 @@ endif
libarcshclegacy_la_SOURCES = auth_file.cpp auth_subject.cpp \
auth_plugin.cpp \
auth_voms.cpp auth_scitokens.cpp auth.cpp auth.h \
auth_voms.cpp auth_otokens.cpp auth.cpp auth.h \
simplemap.cpp simplemap.h \
unixmap_lcmaps.cpp unixmap.cpp unixmap.h \
ConfigParser.cpp ConfigParser.h \
......
......@@ -24,7 +24,7 @@ AuthResult AuthUser::match_all(const char* line) {
std::string token = Arc::trim(line);
if(token == "yes") {
default_voms_=voms_t();
default_scitokens_=scitokens_t();
default_otokens_=otokens_t();
default_vo_=NULL;
default_group_=NULL;
return AAA_POSITIVE_MATCH;
......@@ -46,7 +46,7 @@ AuthResult AuthUser::match_group(const char* line) {
for(std::list<group_t>::iterator i = groups_.begin();i!=groups_.end();++i) {
if(s == i->name) {
default_voms_=voms_t();
default_scitokens_=scitokens_t();
default_otokens_=otokens_t();
default_vo_=i->vo;
default_group_=i->name.c_str();
return AAA_POSITIVE_MATCH;
......@@ -66,7 +66,7 @@ AuthResult AuthUser::match_vo(const char* line) {
for(std::list<std::string>::iterator i = vos_.begin();i!=vos_.end();++i) {
if(s == *i) {
default_voms_=voms_t();
default_scitokens_=scitokens_t();
default_otokens_=otokens_t();
default_vo_=i->c_str();
default_group_=NULL;
return AAA_POSITIVE_MATCH;
......@@ -82,7 +82,7 @@ AuthUser::source_t AuthUser::sources[] = {
{ "subject", &AuthUser::match_subject },
{ "file", &AuthUser::match_file },
{ "voms", &AuthUser::match_voms },
{ "scitokens", &AuthUser::match_scitokens },
{ "otokens", &AuthUser::match_otokens },
{ "userlist", &AuthUser::match_vo },
{ "plugin", &AuthUser::match_plugin },
{ NULL, NULL }
......@@ -91,7 +91,7 @@ AuthUser::source_t AuthUser::sources[] = {
AuthUser::AuthUser(const AuthUser& a):message_(a.message_) {
subject_ = a.subject_;
voms_data_ = a.voms_data_;
scitokens_data_ = a.scitokens_data_;
otokens_data_ = a.otokens_data_;
from = a.from;
filename=a.filename;
......@@ -99,7 +99,7 @@ AuthUser::AuthUser(const AuthUser& a):message_(a.message_) {
proxy_file_was_created=false;
// process_voms();
default_voms_=voms_t();
default_scitokens_=scitokens_t();
default_otokens_=otokens_t();
default_vo_=NULL;
default_group_=NULL;
......@@ -108,7 +108,7 @@ AuthUser::AuthUser(const AuthUser& a):message_(a.message_) {
}
AuthUser::AuthUser(Arc::Message& message):
default_voms_(), default_scitokens_(), default_vo_(NULL), default_group_(NULL),
default_voms_(), default_otokens_(), default_vo_(NULL), default_group_(NULL),
proxy_file_was_created(false), has_delegation(false), message_(message) {
// Fetch X.509 and VOMS attributes
std::list<std::string> voms_attrs;
......@@ -128,26 +128,26 @@ AuthUser::AuthUser(Arc::Message& message):
};
voms_data_ = arc_to_voms(voms_attrs);
// Fetch SciTokens attributes
sattr = message_.Auth()->get("SCITOKENS");
// Fetch OTokens attributes
sattr = message_.Auth()->get("OTOKENS");
if(sattr) {
scitokens_t scitokens;
scitokens.subject = sattr->get("sub");
scitokens.issuer = sattr->get("iss");
scitokens.audience = sattr->get("aud");
Arc::tokenize(sattr->get("scope"), scitokens.scopes);
scitokens_data_.push_back(scitokens);
otokens_t otokens;
otokens.subject = sattr->get("sub");
otokens.issuer = sattr->get("iss");
otokens.audience = sattr->get("aud");
Arc::tokenize(sattr->get("scope"), otokens.scopes);
otokens_data_.push_back(otokens);
if(subject_.empty())
subject_ = sattr->get("iss+sub");
};
sattr = message_.AuthContext()->get("SCITOKENS");
sattr = message_.AuthContext()->get("OTOKENS");
if(sattr) {
scitokens_t scitokens;
scitokens.subject = sattr->get("sub");
scitokens.issuer = sattr->get("iss");
scitokens.audience = sattr->get("aud");
Arc::tokenize(sattr->get("scope"), scitokens.scopes);
scitokens_data_.push_back(scitokens);
otokens_t otokens;
otokens.subject = sattr->get("sub");
otokens.issuer = sattr->get("iss");
otokens.audience = sattr->get("aud");
Arc::tokenize(sattr->get("scope"), otokens.scopes);
otokens_data_.push_back(otokens);
if(subject_.empty())
subject_ = sattr->get("iss+sub");
};
......@@ -340,7 +340,7 @@ bool AuthUser::store_credentials(void) {
}
void AuthUser::add_group(const std::string& grp) {
groups_.push_back(group_t(grp,default_vo_,default_voms_,default_scitokens_));
groups_.push_back(group_t(grp,default_vo_,default_voms_,default_otokens_));
logger.msg(Arc::VERBOSE,"Assigned to authorization group %s",grp);
};
......
......@@ -34,7 +34,7 @@ struct voms_t {
std::vector<voms_fqan_t> fqans; /*!< Processed FQANs of user */
};
struct scitokens_t {
struct otokens_t {
std::string subject;
std::string issuer;
std::string audience;
......@@ -53,20 +53,20 @@ class AuthUser {
std::string name; //
const char* vo; // local VO which caused authorization of this group
struct voms_t voms; // VOMS attributes which caused authorization of this group
struct scitokens_t scitokens; // SciTokens attributes which caused authorization of this group
group_t(const std::string& name_,const char* vo_,const struct voms_t& voms_,const struct scitokens_t& scitokens_):
name(name_),vo(vo_?vo_:""),voms(voms_),scitokens(scitokens_) { };
struct otokens_t otokens; // OTokens attributes which caused authorization of this group
group_t(const std::string& name_,const char* vo_,const struct voms_t& voms_,const struct otokens_t& otokens_):
name(name_),vo(vo_?vo_:""),voms(voms_),otokens(otokens_) { };
};
struct voms_t default_voms_;
struct scitokens_t default_scitokens_;
struct otokens_t default_otokens_;
const char* default_vo_;
const char* default_group_;
// Attributes of user
std::string subject_; // DN of certificate
std::vector<struct voms_t> voms_data_; // VOMS information extracted from message
std::vector<struct scitokens_t> scitokens_data_; // SciTokens information extracted from message
std::vector<struct otokens_t> otokens_data_; // OTokens information extracted from message
// Old attributes - remove or convert
std::string from; // Remote hostname
......@@ -82,7 +82,7 @@ class AuthUser {
AuthResult match_file(const char* line);
AuthResult match_ldap(const char* line);
AuthResult match_voms(const char* line);
AuthResult match_scitokens(const char* line);
AuthResult match_otokens(const char* line);
AuthResult match_vo(const char* line);
AuthResult match_lcas(const char *);
AuthResult match_plugin(const char* line);
......@@ -154,7 +154,7 @@ class AuthUser {
return false;
};
const std::vector<struct voms_t>& voms(void);
const std::vector<struct scitokens_t>& scitokens(void);
const std::vector<struct otokens_t>& otokens(void);
const std::list<std::string>& VOs(void);
const struct voms_t* get_group_voms(const std::string& grp) const {
const group_t* group = find_group(grp);
......@@ -164,9 +164,9 @@ class AuthUser {
const group_t* group = find_group(grp);
return (group == NULL)?NULL:group->vo;
};
const struct scitokens_t* get_group_scitokens(const std::string& grp) const {
const struct otokens_t* get_group_otokens(const std::string& grp) const {
const group_t* group = find_group(grp);
return (group == NULL)?NULL:&(group->scitokens);
return (group == NULL)?NULL:&(grou