Metacat

package edu.ucsb.nceas.metacat.client.gsi;

import edu.ucsb.nceas.metacat.client.MetacatAuthException;

import edu.ucsb.nceas.metacat.client.MetacatClient;

import edu.ucsb.nceas.metacat.client.MetacatInaccessibleException;

import edu.ucsb.nceas.utilities.HttpMessage;

import org.ietf.jgss.GSSCredential;

import java.io.IOException;

import java.net.MalformedURLException;

import java.net.URL;

import java.net.URLStreamHandler;

import java.util.Properties;

/** An extension of the Metacat client that uses Grid Security Infrastructure

 *  (GSI) enabled HTTPS instead of HTTP to communicate.

 *

 *  <p>Note that not all client deployments will include the JARs necessary to

 *  run this version of the Metacat client; therefore, we should make sure that

 *  the superclass (MetacatClient) can run even if this class can't be loaded.

 *  That is, catch (and log) NoClassDefFoundError, etc. */

public class MetacatGsiClient extends MetacatClient {

	/** The current user's GSS credential, as an alternative to

	 *  username/password. Needed for every connection.

	 *  Set via {@link #login(GSSCredential)}. */

	private GSSCredential credential;

	private void initCredential(GSSCredential credential)

		throws MetacatAuthException

	{

		if (credential == null)

			throw new NullPointerException("Credential is null.");

		if (this.credential != null)

			throw new MetacatAuthException

				("Credential already initialized; please create a new "

					+ getClass().getName() + " to start a new session.");

		this.credential = credential;

	}

	public String login(GSSCredential credential)

			throws MetacatAuthException, MetacatInaccessibleException

	{

		initCredential(credential);

		// code below mostly copied from super.login(username, password)

		Properties prop = new Properties();

		prop.put("action", "login");

		prop.put("qformat", "xml");

		String response;

		try {

			response = sendDataForString(prop, null, null, 0);

		} catch (Exception e) {

			throw new MetacatInaccessibleException(e);

		}

		if (response.indexOf("<login>") == -1) {

			setSessionId("");

			throw new MetacatAuthException(response);

		} else {

			int start = response.indexOf("<sessionId>") + 11;

			int end = response.indexOf("</sessionId>");

			if ((start != -1) && (end != -1)) {

				setSessionId(response.substring(start,end));

			}

		}

		return response;

	}

	/** Parse the Metacat URL and, if we are using a GSI credential,

	 *  ensure that the protocol is an SSL-based one (HTTPS or HTTPG). */

	private URL parseAndCheckURL() throws MetacatInaccessibleException {

		try {

			URL url = new URL(getMetacatUrl().trim());

			if (credential != null) {

				URLStreamHandler gsiHandler;

				try {

					gsiHandler = (URLStreamHandler) Class

						.forName("org.globus.net.protocol.https.Handler")

						.newInstance();

				} catch (Exception e) {

					throw new MetacatInaccessibleException

						("Unable to create protocol handler for HTTPS+GSI.", e);

				}

				// reconstruct with correct handler

				url = new URL(url.getProtocol(), url.getHost(), url.getPort(),

					url.getFile(), gsiHandler);

			}

			return url;

		}

		catch (MalformedURLException e) {

			throw new MetacatInaccessibleException

				("Unable to parse URL to contact Metacat server: \""

					+ getMetacatUrl() + "\".", e);

		}

	}

	/** Create an HttpMessage that can send messages to the server.

	 *  If using a GSI credential, use the credential to set up an SSL

	 *  connection (HTTPS / HTTPG).  If using HTTP and username/password,

	 *  just use a regular HTTP conenction. */

	protected HttpMessage createHttpMessage()

		throws MetacatInaccessibleException, MetacatAuthException, IOException

	{

		if (credential != null)

			return new HttpGsiMessage(credential, parseAndCheckURL());

		else

			return super.createHttpMessage();

	}

}