25 Apr 2005NVO Team Meeting - Tucson1 VOStore: a Java implementation Matthew J. Graham CACR/Caltech...
-
Upload
dante-blackhurst -
Category
Documents
-
view
213 -
download
1
Transcript of 25 Apr 2005NVO Team Meeting - Tucson1 VOStore: a Java implementation Matthew J. Graham CACR/Caltech...
25 Apr 2005NVO Team Meeting - Tucson 1
VOStore: a Java implementation
Matthew J. GrahamCACR/Caltech
THE US NATIONAL VIRTUAL OBSERVATORY
25 Apr 2005NVO Team Meeting - Tucson 2
Overview
• Java webapp: – $TOMCAT_HOME/webapps/vostore
• Embedded AXIS to handle WS:– $TOMCAT_HOME/webapps/vostore/services
• Embedded Sleepycat Berkeley DB (JE)• Embedded Jakarta Slide to handle
WebDAV:– $TOMCAT_HOME/webapps/vostore/webdav
• WCK to handle relational db stores• WSS4J to handle WS-Security
25 Apr 2005NVO Team Meeting - Tucson 3
WSDL specification
• revisions• getAvailability• formats: FILE, CSV• transports: SOAP-ATTACHMENT, WEBDAV• put(id, format, transport) VOStoreResponse• get(id, format, transport) VOStoreResponse• listAll VOStoreDescriptor[]• list VOStoreDescriptor[]• rename• delete
25 Apr 2005NVO Team Meeting - Tucson 4
StoreDescriptor
• identifier• creationDate• modificationDate• owner: DN
• format: – FILE, CSV, WEBDAV-FOLDER, WEBDAV-RESOURCE
• location• parent• children• isFolder• isStored
}}VOStoreDescriptor
25 Apr 2005NVO Team Meeting - Tucson 5
WebDAV
• A set of extensions to HTTP to support:– Locking – Collections– Properties – Access control– Namespace management – Versioning
• Verbs:– PROPFIND – PROPPATCH– MKCOL – DELETE– PUT – COPY– MOVE – LOCK– UNLOCK – OPTIONS– SEARCH
25 Apr 2005NVO Team Meeting - Tucson 6
Identifier-location mapping
ivoa:// nvo.caltech / myData # 1
Format = FILE Format = CSV
http://localhost:8080/vostore/webdav
/files/abcdef12-abcdef12 /db/nvo_caltech_myData_1
25 Apr 2005NVO Team Meeting - Tucson 7
Relational db stores
• http://…/db/nvo_caltech_myData_1– open JDBC connection to db– drop table nvo_caltech_myData_1– create table nvo_caltech_myData_1:
• #Names: col1, col2, …• #Formats: varchar(20)
– insert into nvo_caltech_myData_1 values (…)
25 Apr 2005NVO Team Meeting - Tucson 8
Security (I)
• Certificate request:– Country – State – City – Organization – Unit – Name – Email
-----BEGIN CERTIFICATE REQUEST-----MIIBWTCCAQMCAQAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhQYXNhZGVuYTEQMA4GA1UEChMHQ2FsdGVjaDEVMBMGA1UECxMMQXN0cm9waHlzaWNzMRcwFQYDVQQDEw5NYXR0aGV3IEdyYWhhbTEkMCIGCSqGSIb3DQEJARYVbWpnQGFzdHJvLmNhbHRlY2guZWR1MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANWUbVnZ+kbWycOcWiICvOZajKyhGFQhzOk5mbc9UcCYha9KkdzxZqtvYslt8+/m6xC2qvQ+nNSLo8TKc0aJvAECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0EArAHtlt0rLhSe0IPuft5h3dNrdASOqLCT49Lhdq+4In62NZFum8Ks3dEykMjhon92NjuQzQB6F3ipro+yCTpUOA==-----END CERTIFICATE REQUEST-----
25 Apr 2005NVO Team Meeting - Tucson 9
Security (II)
• X.509 certificate (PEM):-----BEGIN CERTIFICATE-----MIICFDCCAb4CAQcwDQYJKoZIhvcNAQEEBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhQYXNhZGVuYTEQMA4GA1UEChMHQ2FsdGVjaDENMAsGA1UECxMEQ0FDUjEOMAwGA1UEAxMFQ2lyY2UxIzAhBgkqhkiG9w0BCQEWFG1qZ0BjYWNyLmNhbHRlY2guZWR1MB4XDTA1MDQyMTIxNTkyNVoXDTA1MDUyMTIxNTkyNVowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhQYXNhZGVuYTEQMA4GA1UEChMHQ2FsdGVjaDEVMBMGA1UECxMMQXN0cm9waHlzaWNzMRcwFQYDVQQDEw5NYXR0aGV3IEdyYWhhbTEkMCIGCSqGSIb3DQEJARYVbWpnQGFzdHJvLmNhbHRlY2guZWR1MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANWUbVnZ+kbWycOcWiICvOZajKyhGFQhzOk5mbc9UcCYha9KkdzxZqtvYslt8+/m6xC2qvQ+nNSLo8TKc0aJvAECAwEAATANBgkqhkiG9w0BAQQFAANBACwiM3r+07/iZfiIrF7YPEC1Eml+k+5esbbzObl/OyaSHrUSP0xYM12fuFiBSVMmwU9NlyLCNDHnM8dWnFTIDyI=-----END CERTIFICATE-----
25 Apr 2005NVO Team Meeting - Tucson 10
Security (III)
• X.509 certificate (PEM) cont.:Owner: [email protected], CN=Matthew Graham,
OU=Astrophysics, O=Caltech, L=Pasadena, ST=California, C=USIssuer: [email protected], CN=Circe, OU=CACR,
O=Caltech, L=Pasadena, ST=California, C=USSerial number: 7Valid from: Thu Apr 21 14:59:25 PDT 2005 until: Sat May 21 14:59:25
PDT 2005Certificate fingerprints: MD5: C0:00:75:FC:D2:7A:BE:B1:35:2D:31:53:3B:27:9D:01 SHA1:
50:9C:96:4B:14:D3:0B:72:3F:49:CC:99:E2:3A:B7:45:FE:D5:F2:24
• X.509 certificate (PKCS12)
25 Apr 2005NVO Team Meeting - Tucson 11
WS-Security (I)
• Digitally sign SOAP messages with X.509 certificate:
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3611893" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICFDCCAb4CAQcwDQYJKoZIhvcNAQEEBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMREwDwYDVQQHEwhQYXNhZGVuYTEQMA4GA1UEChMHQ2FsdGVjaDENMAsGA1UECxMEQ0FDUjEOMAwGA1UEAxMFQ2lyY2UxIzAhBgkqhkiG9w0BCQEWFG1qZ0BjYWNyLmNhbHRlY2guZWR1MB4XDTA1MDQyMTIxNTkyNVoXDTA1MDUyMTIxNTkyNVowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhQYXNhZGVuYTEQMA4GA1UEChMHQ2FsdGVjaDEVMBMGA1UECxMMQXN0cm9waHlzaWNzMRcwFQYDVQQDEw5NYXR0aGV3IEdyYWhhbTEkMCIGCSqGSIb3DQEJARYVbWpnQGFzdHJvLmNhbHRlY2guZWR1MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANWUbVnZ+kbWycOcWiICvOZajKyhGFQhzOk5mbc9UcCYha9KkdzxZqtvYslt8+/m6xC2qvQ+nNSLo8TKc0aJvAECAwEAATANBgkqhkiG9w0BAQQFAANBACwiM3r+07/iZfiIrF7YPEC1Eml+k+5esbbzObl/OyaSHrUSP0xYM12fuFiBSVMmwU9NlyLCNDHnM8dWnFTIDyI=</wsse:BinarySecurityToken><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>
25 Apr 2005NVO Team Meeting - Tucson 12
WS-Security (II):<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#"><ec:InclusiveNamespaces PrefixList="soapenv xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-7927866"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
PrefixList="xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>/j0+BLme8mKuxVed9eXCNnSmZBU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>m8z0ODW17ynpovU0tn13WD5byd41cePcoaFaTKzS+9z3RSB6vcE2Sjb50fhtO75Uuu+8JM9HUBmDAFWJ7Tz3zg==</ds:SignatureValue><ds:KeyInfo Id="KeyId-4798869"><wsse:SecurityTokenReference wsu:Id="STRId-3664555"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-3611893"/></wsse:SecurityTokenReference>
</ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header><soapenv:Body wsu:Id="id-7927866"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Put xmlns="http://vospace.ivoa.net"><requestedIdentifier>ivoa://nvo.caltech/myData#1</requestedIdentifier>
<transport>WEBDAV</transport><format>CSV</format></Put></soapenv:Body></soapenv:Envelope>
25 Apr 2005NVO Team Meeting - Tucson 13
WSS4J: Client
public VOStoreTestSecureClient() { EngineConfiguration config = new FileProvider("client_deploy.wsdd"); VOStoreLocator loc = new VOStoreLocator(config); Stub axisPort = (Stub) loc.getPort(VOStoreSoap.class); axisPort._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE); axisPort._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties"); axisPort._setProperty(WSHandlerConstants.USER, "mjg-cert"); axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
"net.ivoa.vospace.client.PWCallback"); axisPort._setProperty(WSHandlerConstants.SIG_KEY_ID,
"DirectReference"); service = (VOStoreSoapStub) axisPort;
25 Apr 2005NVO Team Meeting - Tucson 14
WSS4J: Server
public String getUser() { MessageContext context = MessageContext.getCurrentContext();
Vector recvResults = (Vector) context.getProperty(WSHandlerConstants
.RECV_RESULTS);WSHandlerResult result = (WSHandlerResult) recvResults.get(0);Vector results = result.getResults();WSSecurityEngineResult wsseResult = (WSSecurityEngineResult) results
.get(0);String DN = wsseResult.getPrincipal().getName();String user = DN.substring(13, DN.indexOf(','));
25 Apr 2005NVO Team Meeting - Tucson 15
Secure WebDAV
• Server:<Connector port=”8443" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https"
secure="true" clientAuth="true" sslProtocol="TLS" URIEncoding="UTF-8"/>
• Client:Protocol.registerProtocol("https", new Protocol("https", new
SSLCertSocketFactory("ca.pem", "client.p12"), 443));HttpURL hrl = new HttpsURL(“localhost", 8443, "/webdav");WebdavResource wdr = new WebdavResource(hrl);
25 Apr 2005NVO Team Meeting - Tucson 16
Attachments: Client
• Put:DataHandler attachmentFile = new DataHandler(new
FileDataSource("test.fits"));service._setProperty(Call.ATTACHMENT_ENCAPSULATION_FORMAT,
Call.ATTACHMENT_ENCAPSULATION_FORMAT_DIME);service.addAttachment(attachmentFile);
• Get:Object[] messageAttachments = service.getAttachments();AttachmentPart attachment = (AttachmentPart)
messageAttachments[0];DataHandler dh = attachment.getDataHandler();InputStream is = dh.getInputStream();
25 Apr 2005NVO Team Meeting - Tucson 17
Attachments: Server
• Adding:FileDataSource fds = new FileDataSource(tempFile);AttachmentPart replyAttachment = new AttachmentPart(new
DataHandler(fds));MessageContext context = MessageContext.getCurrentContext();Message respMsg = context.getResponseMessage();respMsg.getAttachmentsImpl().setSendType(Attachments.SEND_TYPE_
DIME);respMsg.addAttachmentPart(replyAttachment);
• Retrieving:MessageContext context = MessageContext.getCurrentContext(); Message reqMsg = context.getRequestMessage(); Attachments messageAttachments = reqMsg.getAttachmentsImpl();
25 Apr 2005NVO Team Meeting - Tucson 18
Interoperability
• C#:– WSE 2.0– WSRF.Net
• Perl :– DIME-based attachments not yet fully functional in
SOAP::Lite– WS-Security will be supported by WSRF::Lite (but not yet)– HTTP::Webdav/PerlDAV
• Python:– ZSI– pyGridWare– Python DAV client library
25 Apr 2005NVO Team Meeting - Tucson 19
What next?
• VOTable and FITS binary table parsers• SRB for bulk data transfers• SAML tokens