dmlite  0.6
DomeTalker.h
Go to the documentation of this file.
1 /*
2  * Copyright 2016 CERN
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 
18 
19 /// @file DomeTalker.h
20 /// @brief Utility class, used to send requests to Dome
21 /// @author Georgios Bitzes <georgios.bitzes@cern.ch>
22 /// @date Mar 2016
23 
24 #ifndef UTILS_DOMETALKER_H
25 #define UTILS_DOMETALKER_H
26 
27 #include <davix/davix.hpp>
28 #include "DavixPool.h"
29 #include "DomeUtils.h"
30 #include "cpp/authn.h"
31 
32 #include <boost/property_tree/ptree.hpp>
33 
34 namespace dmlite {
35 
37  /// The remote user that originated a request. Typically a DN
38  std::string clientName;
39  /// The remote address of the user's machine
40  std::string remoteAddress;
41  /// The groups the user belongs to
42  std::vector<std::string> groups;
43 
44  // These fields may come from openid-connect
45  /// The OIDC audience
46  std::string oidc_audience;
47  /// The OIDC issuer
48  std::string oidc_issuer;
49  /// The OIDC scope
50  std::string oidc_scope;
51  /// The OIDC authorization is complete. Other (e.g. group-based) auth steps can be skipped
53 
54  DomeCredentials(std::string cn, std::string ra, std::vector<std::string> gr) :
55  clientName(cn), remoteAddress(ra), groups(gr), oidc_authorized(false) {}
56 
59  if(ctx) {
60 
62  if (!clientName.size())
63  clientName = ctx->user.name;
64 
66 
67  // Take the "regular groups, e.g. the ones coming from gridsite
68  for(size_t i = 0; i < ctx->groups.size(); i++) {
69  groups.push_back(ctx->groups[i].name);
70  }
71 
72 
73  // Take also the info that come from OIDC
77 
78 
79  }
80  }
81 
82 
83 
84 
85 };
86 
88  DOME_HTTP_OK = 200,
89 
95 
98 };
99 
100 int http_status(const DmException &e);
101 
102 class DmStatus;
103 int http_status(const DmStatus &e);
104 
105 class DomeTalker {
106 public:
107  DomeTalker(DavixCtxPool &pool, const DomeCredentials &creds, std::string uri, std::string verb, std::string cmd);
108  DomeTalker(DavixCtxPool &pool, std::string uri, std::string verb, std::string cmd);
109  ~DomeTalker();
110 
111  bool execute();
112  bool execute(const boost::property_tree::ptree &params);
113  bool execute(const std::string &str);
114  bool execute(const std::ostringstream &ss);
115 
116  // only send a single json param
117  bool execute(const std::string &key, const std::string &value);
118 
119  // only send two
120  bool execute(const std::string &key1, const std::string &value1,
121  const std::string &key2, const std::string &value2);
122 
123  // be generous, send three
124  bool execute(const std::string &key1, const std::string &value1,
125  const std::string &key2, const std::string &value2,
126  const std::string &key3, const std::string &value3);
127 
128  // get error message, if it exists
129  std::string err();
130 
131  // get response status
132  int status();
133 
134  // produce the appropriate code for a dmlite exception
135  int dmlite_code();
136 
137  const boost::property_tree::ptree& jresp();
138  const std::string& response();
139 
140  void setcommand(const DomeCredentials &creds, const char *verb, const char *cmd);
141 protected:
142  // This has to be in sync with XrdHttpReq.hh
143  static const char *reqTypes[12];
144  int getXrdHttpReqIndex(const char *verb) {
145  for (int i = 0; i < 12; i++) {
146  if (!strcmp(verb, reqTypes[i])) return i;
147  }
148  return 0;
149  }
150 
151  /// Calculate the same url hash as XrdHttp.
152  /// This avoids the ssl handshake when using XrdHTTP
153  void calcXrdHttpHashes(
154  char *hash,
155  const char *fn,
156  int16_t request,
157  const char *sslclientshortname,
158  const char *sslclientvorg,
159  const char *sslclienthost,
160  const char *sslclientdn,
161  time_t tim,
162  const char *key);
163 
165  const char *h1,
166  const char *h2);
167 private:
170  std::string uri_;
171  std::string verb_;
172  std::string cmd_;
173 
174  std::string target_;
175 
178 
179  Davix::DavixError *err_;
180  std::string response_;
181  boost::property_tree::ptree json_;
183  int status_;
184 };
185 
186 }
187 #endif
Definition: DomeTalker.h:92
Security context. To be created by the Authn.
Definition: authn.h:73
Definition: DomeTalker.h:105
Definition: DomeTalker.h:90
std::string clientName
Definition: authn.h:26
Definition: DomeTalker.h:93
std::string clientName
The remote user that originated a request. Typically a DN.
Definition: DomeTalker.h:38
const boost::property_tree::ptree & jresp()
std::string oidc_audience
The OIDC audience.
Definition: DomeTalker.h:46
std::string err()
SecurityCredentials credentials
Definition: authn.h:82
void calcXrdHttpHashes(char *hash, const char *fn, int16_t request, const char *sslclientshortname, const char *sslclientvorg, const char *sslclienthost, const char *sslclientdn, time_t tim, const char *key)
DomeTalker(DavixCtxPool &pool, const DomeCredentials &creds, std::string uri, std::string verb, std::string cmd)
std::string target_
Definition: DomeTalker.h:174
Definition: DavixPool.h:48
std::string response_
Definition: DomeTalker.h:180
Definition: DomeTalker.h:36
std::vector< GroupInfo > groups
Definition: authn.h:85
int getXrdHttpReqIndex(const char *verb)
Definition: DomeTalker.h:144
Definition: DomeTalker.h:97
int status_
Definition: DomeTalker.h:183
Authentication API. Any sort of security check is plugin-specific.
Definition: DavixPool.h:90
std::string oidc_audience
Definition: authn.h:31
Definition: DomeTalker.h:88
Definition: DavixPool.h:97
DomeCredentials(std::string cn, std::string ra, std::vector< std::string > gr)
Definition: DomeTalker.h:54
DomeHttpCode
Definition: DomeTalker.h:87
DavixCtxPool & pool_
Definition: DomeTalker.h:168
std::string oidc_issuer
The OIDC issuer.
Definition: DomeTalker.h:48
void setcommand(const DomeCredentials &creds, const char *verb, const char *cmd)
Davix::DavixError * err_
Definition: DomeTalker.h:179
std::string oidc_issuer
Definition: authn.h:32
std::string remoteAddress
The remote address of the user&#39;s machine.
Definition: DomeTalker.h:40
Definition: DomeTalker.h:91
static const char * reqTypes[12]
Definition: DomeTalker.h:143
const std::string & response()
std::string oidc_scope
The OIDC scope.
Definition: DomeTalker.h:50
std::string uri_
Definition: DomeTalker.h:170
bool parsedJson_
Definition: DomeTalker.h:182
std::string cmd_
Definition: DomeTalker.h:172
bool oidc_authorized
The OIDC authorization is complete. Other (e.g. group-based) auth steps can be skipped.
Definition: DomeTalker.h:52
std::string verb_
Definition: DomeTalker.h:171
Small utilities used throughout dome.
DavixStuff * ds_
Definition: DomeTalker.h:177
Definition: DomeTalker.h:94
DavixGrabber grabber_
Definition: DomeTalker.h:176
DomeCredentials()
Definition: DomeTalker.h:57
Definition: DomeTalker.h:96
std::string oidc_scope
Definition: authn.h:33
int http_status(const DmException &e)
std::string name
Definition: authn.h:51
std::string remoteAddress
Definition: authn.h:27
UserInfo user
Definition: authn.h:84
boost::property_tree::ptree json_
Definition: DomeTalker.h:181
Namespace for the dmlite C++ API.
Definition: authn.h:16
int compareXrdHttpHashes(const char *h1, const char *h2)
DomeCredentials creds_
Definition: DomeTalker.h:169
std::vector< std::string > groups
The groups the user belongs to.
Definition: DomeTalker.h:42
DomeCredentials(const SecurityContext *ctx)
Definition: DomeTalker.h:58