00001
00002 #include <string>
00003 #include <memory>
00004 #include <stdexcept>
00005 #include <vector>
00006
00007 #include "XrdHttp/XrdHttpExtHandler.hh"
00008
00009 class XrdOucEnv;
00010 class XrdOucStream;
00011 class XrdSecEntity;
00012 class XrdAccAuthorize;
00013
00014 namespace Macaroons {
00015
00016 enum LogMask {
00017 Debug = 0x01,
00018 Info = 0x02,
00019 Warning = 0x04,
00020 Error = 0x08,
00021 All = 0xff
00022 };
00023
00024 class Handler : public XrdHttpExtHandler {
00025 public:
00026 Handler(XrdSysError *log, const char *config, XrdOucEnv *myEnv,
00027 XrdAccAuthorize *chain) :
00028 m_max_duration(86400),
00029 m_chain(chain),
00030 m_log(log)
00031 {
00032 AuthzBehavior behavior;
00033 if (!Config(config, myEnv, m_log, m_location, m_secret, m_max_duration, behavior))
00034 {
00035 throw std::runtime_error("Macaroon handler config failed.");
00036 }
00037 }
00038
00039 enum AuthzBehavior {
00040 PASSTHROUGH,
00041 ALLOW,
00042 DENY
00043 };
00044
00045 virtual ~Handler();
00046
00047 virtual bool MatchesPath(const char *verb, const char *path) override;
00048 virtual int ProcessReq(XrdHttpExtReq &req) override;
00049
00050 virtual int Init(const char *cfgfile) override {return 0;}
00051
00052
00053
00054 static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log,
00055 std::string &location, std::string &secret, ssize_t &max_duration,
00056 AuthzBehavior &behavior);
00057
00058 private:
00059 std::string GenerateID(const std::string &, const XrdSecEntity &, const std::string &, const std::vector<std::string> &, const std::string &);
00060 std::string GenerateActivities(const XrdHttpExtReq &, const std::string &) const;
00061
00062 int ProcessOAuthConfig(XrdHttpExtReq &req);
00063 int ProcessTokenRequest(XrdHttpExtReq& req);
00064 int GenerateMacaroonResponse(XrdHttpExtReq& req, const std::string &response, const std::vector<std::string> &, ssize_t validity, bool oauth_response);
00065
00066 static bool xsecretkey(XrdOucStream &Config, XrdSysError *log, std::string &secret);
00067 static bool xsitename(XrdOucStream &Config, XrdSysError *log, std::string &location);
00068 static bool xtrace(XrdOucStream &Config, XrdSysError *log);
00069 static bool xmaxduration(XrdOucStream &Config, XrdSysError *log, ssize_t &max_duration);
00070
00071 ssize_t m_max_duration;
00072 XrdAccAuthorize *m_chain;
00073 XrdSysError *m_log;
00074 std::string m_location;
00075 std::string m_secret;
00076 };
00077
00078 }