
95b811b1ceb436ea16a7af0c8698481c.ppt
- Количество слайдов: 19
THE US NATIONAL VIRTUAL OBSERVATORY VOStore: a Java implementation Matthew J. Graham CACR/Caltech NVO Team Meeting - Tucson 25 Apr 2005 1
Overview • Java webapp: – $TOMCAT_HOME/webapps/vostore • Embedded AXIS to handle WS: – $TOMCAT_HOME/webapps/vostore/services • Embedded Sleepycat Berkeley DB (JE) • Embedded Jakarta Slide to handle Web. DAV: – $TOMCAT_HOME/webapps/vostore/webdav • WCK to handle relational db stores • WSS 4 J to handle WS-Security NVO Team Meeting - Tucson 25 Apr 2005 2
WSDL specification • • • revisions get. Availability formats: FILE, CSV transports: SOAP-ATTACHMENT, WEBDAV put(id, format, transport) VOStore. Response get(id, format, transport) VOStore. Response list. All VOStore. Descriptor[] list VOStore. Descriptor[] rename delete NVO Team Meeting - Tucson 25 Apr 2005 3
Store. Descriptor • • • identifier creation. Date modification. Date owner: DN format: • • • } location parent children is. Folder is. Stored } VOStore. Descriptor – FILE, CSV, WEBDAV-FOLDER, WEBDAV-RESOURCE NVO Team Meeting - Tucson 25 Apr 2005 4
Web. DAV • A set of extensions to HTTP to support: – Locking – Properties – Namespace management • Verbs: – – – PROPFIND MKCOL PUT MOVE UNLOCK SEARCH – – – Collections – Access control – Versioning PROPPATCH DELETE COPY LOCK OPTIONS NVO Team Meeting - Tucson 25 Apr 2005 5
Identifier-location mapping ivoa: // nvo. caltech / my. Data # 1 http: //localhost: 8080/vostore/webdav Format = FILE /files/abcdef 12 -abcdef 12 Format = CSV /db/nvo_caltech_my. Data_1 NVO Team Meeting - Tucson 25 Apr 2005 6
Relational db stores • http: //…/db/nvo_caltech_my. Data_1 – open JDBC connection to db – drop table nvo_caltech_my. Data_1 – create table nvo_caltech_my. Data_1: • #Names: col 1, col 2, … • #Formats: varchar(20) – insert into nvo_caltech_my. Data_1 values (…) NVO Team Meeting - Tucson 25 Apr 2005 7
Security (I) • Certificate request: – Country – Organization – State – Unit – City – Name – Email -----BEGIN CERTIFICATE REQUEST----MIIBWTCCAQMCAQAwg. Z 0 x. Cz. AJBg. NVBAYTAl. VTMRMw. EQYDVQQIEwp. DYWxp. Zm 9 ybmlh MREw. Dw. YDVQQHEwh. QYXNh. ZGVu. YTEQMA 4 GA 1 UECh. MHQ 2 Fsd. GVja. DEVMBMGA 1 UECx. MM QXN 0 cm 9 wa. Hlza. WNz. MRcw. FQYDVQQDEw 5 NYXR 0 a. GV 3 IEdy. YWhhb. TEk. MCIGCSq. GSIb 3 DQEJARYVb. Wpn. QGFzd. HJv. Lm. Nhb. HRl. Y 2 gu. ZWR 1 MFww. DQYJKo. ZIhvc. NAQEBBQADSw. Aw SAJBANWUb. Vn. Z+kb. Wyc. Oc. Wi. ICv. OZaj. Kyh. GFQhz. Ok 5 mbc 9 Uc. CYha 9 Kkdzx. Zqtv. Yslt 8+/m 6 x. C 2 qv. Q+n. NSLo 8 TKc 0 a. Jv. AECAw. EAAa. AAMA 0 GCSq. GSIb 3 DQEBBAUAA 0 EAr. AHt lt 0 r. Lh. Se 0 IPuft 5 h 3 d. Nrd. ASOq. LCT 49 Lhdq+4 In 62 NZFum 8 Ks 3 d. Eyk. Mjhon 92 Nju. Q z. QB 6 F 3 ipro+y. CTp. UOA== -----END CERTIFICATE REQUEST----- NVO Team Meeting - Tucson 25 Apr 2005 8
Security (II) • X. 509 certificate (PEM): -----BEGIN CERTIFICATE----MIICFDCCAb 4 CAQcw. DQYJKo. ZIhvc. NAQEEBQAwg. Ysx. Cz. AJBg. NVBAYTAl. VTMRMw. EQYD VQQIEwp. DYWxp. Zm 9 ybmlh. MREw. Dw. YDVQQHEwh. QYXNh. ZGVu. YTEQMA 4 GA 1 UECh. MHQ 2 Fs d. GVja. DENMAs. GA 1 UECx. MEQ 0 FDUj. EOMAw. GA 1 UEAx. MFQ 2 ly. Y 2 Ux. Iz. Ah. Bgkqhki. G 9 w 0 B CQEWFG 1 q. Z 0 Bj. YWNy. Lm. Nhb. HRl. Y 2 gu. ZWR 1 MB 4 XDTA 1 MDQy. MTIx. NTky. NVo. XDTA 1 MDUy MTIx. NTky. NVowg. Z 0 x. Cz. AJBg. NVBAYTAl. VTMRMw. EQYDVQQIEwp. DYWxp. Zm 9 ybmlh. MREw Dw. YDVQQHEwh. QYXNh. ZGVu. YTEQMA 4 GA 1 UECh. MHQ 2 Fsd. GVja. DEVMBMGA 1 UECx. MMQXN 0 cm 9 wa. Hlza. WNz. MRcw. FQYDVQQDEw 5 NYXR 0 a. GV 3 IEdy. YWhhb. TEk. MCIGCSq. GSIb 3 DQEJ ARYVb. Wpn. QGFzd. HJv. Lm. Nhb. HRl. Y 2 gu. ZWR 1 MFww. DQYJKo. ZIhvc. NAQEBBQADSw. Aw. SAJB ANWUb. Vn. Z+kb. Wyc. Oc. Wi. ICv. OZaj. Kyh. GFQhz. Ok 5 mbc 9 Uc. CYha 9 Kkdzx. Zqtv. Yslt 8+/m 6 x. C 2 qv. Q+n. NSLo 8 TKc 0 a. Jv. AECAw. EAATANBgkqhki. G 9 w 0 BAQQFAANBACwi. M 3 r+07/i Zfi. Ir. F 7 YPEC 1 Eml+k+5 esbbz. Obl/Oya. SHr. USP 0 x. YM 12 fu. Fi. BSVMmw. U 9 Nly. LCNDHn M 8 d. Wn. FTIDy. I= -----END CERTIFICATE----- NVO Team Meeting - Tucson 25 Apr 2005 9
Security (III) • X. 509 certificate (PEM) cont. : Owner: EMAILADDRESS=mjg@astro. caltech. edu, CN=Matthew Graham, OU=Astrophysics, O=Caltech, L=Pasadena, ST=California, C=US Issuer: EMAILADDRESS=mjg@cacr. caltech. edu, CN=Circe, OU=CACR, O=Caltech, L=Pasadena, ST=California, C=US Serial number: 7 Valid from: Thu Apr 21 14: 59: 25 PDT 2005 until: Sat May 21 14: 59: 25 PDT 2005 Certificate fingerprints: MD 5: C 0: 00: 75: FC: D 2: 7 A: BE: B 1: 35: 2 D: 31: 53: 3 B: 27: 9 D: 01 SHA 1: 50: 9 C: 96: 4 B: 14: D 3: 0 B: 72: 3 F: 49: CC: 99: E 2: 3 A: B 7: 45: FE: D 5: F 2: 24 • X. 509 certificate (PKCS 12) NVO Team Meeting - Tucson 25 Apr 2005 10
WS-Security (I) • Digitally sign SOAP messages with X. 509 certificate: <? xml version="1. 0" encoding="UTF-8"? > <soapenv: Envelope xmlns: soapenv="http: //schemas. xmlsoap. org/soap/envelope/" xmlns: xsd="http: //www. w 3. org/2001/XMLSchema" xmlns: xsi="http: //www. w 3. org/2001/XMLSchemainstance"> <soapenv: Header> <wsse: Security soapenv: must. Understand="1" xmlns: wsse="http: //docs. oasis-open. org/wss/2004/01/oasis 200401 -wssecurity-secext-1. 0. xsd"><wsse: Binary. Security. Token Encoding. Type="http: //docs. oasisopen. org/wss/2004/01/oasis-200401 -wss-soap-message-security-1. 0#Base 64 Binary" Value. Type="http: //docs. oasis-open. org/wss/2004/01/oasis-200401 -wss-x 509 -token-profile 1. 0#X 509 v 3" wsu: Id="Cert. Id-3611893" xmlns: wsu="http: //docs. oasis-open. org/wss/2004/01/oasis 200401 -wssecurity-utility 1. 0. xsd">MIICFDCCAb 4 CAQcw. DQYJKo. ZIhvc. NAQEEBQAwg. Ysx. Cz. AJBg. NVBAYTAl. VTMRMw. EQYDVQQIEwp. DYW xp Zm 9 ybmlh. MREw. Dw. YDVQQHEwh. QYXNh. ZGVu. YTEQMA 4 GA 1 UECh. MHQ 2 Fsd. GVja. DENMAs. GA 1 UECx. MEQ 0 FD Uj. EOMAw. GA 1 UEAx. MFQ 2 ly. Y 2 Ux. Iz. Ah. Bgkqhki. G 9 w 0 BCQEWFG 1 q. Z 0 Bj. YWNy. Lm. Nhb. HRl. Y 2 gu. ZWR 1 MB 4 X DTA 1 MDQy. MTIx. NTky. NVo. XDTA 1 MDUy. MTIx. NTky. NVowg. Z 0 x. Cz. AJBg. NVBAYTAl. VTMRMw. EQYDVQQIEwp. D YWxp. Zm 9 ybmlh. MREw. Dw. YDVQQHEwh. QYXNh. ZGVu. YTEQMA 4 GA 1 UECh. MHQ 2 Fsd. GVja. DEVMBMGA 1 UECx. MM QXN 0 cm 9 wa. Hlza. WNz. MRcw. FQYDVQQDEw 5 NYXR 0 a. GV 3 IEdy. YWhhb. TEk. MCIGCSq. GSIb 3 DQEJARYVb. Wpn QGFzd. HJv. Lm. Nhb. HRl. Y 2 gu. ZWR 1 MFww. DQYJKo. ZIhvc. NAQEBBQADSw. Aw. SAJBANWUb. Vn. Z+kb. Wyc. Oc. Wi. IC v. OZaj. Kyh. GFQhz. Ok 5 mbc 9 Uc. CYha 9 Kkdzx. Zqtv. Yslt 8+/m 6 x. C 2 qv. Q+n. NSLo 8 TKc 0 a. Jv. AECAw. EAATAN Bgkqhki. G 9 w 0 BAQQFAANBACwi. M 3 r+07/i. Zfi. Ir. F 7 YPEC 1 Eml+k+5 esbbz. Obl/Oya. SHr. USP 0 x. YM 12 f u. Fi. BSVMmw. U 9 Nly. LCNDHn. M 8 d. Wn. FTIDy. I=</wsse: Binary. Security. Token><ds: Signature xmlns: ds="http: //www. w 3. org/2000/09/xmldsig#"> <ds: Signed. Info> NVO Team Meeting - Tucson 25 Apr 2005 11
WS-Security (II): <ds: Canonicalization. Method Algorithm="http: //www. w 3. org/2001/10/xml-excc 14 n#"><ec: Inclusive. Namespaces Prefix. List="soapenv xsd xsi" xmlns: ec="http: //www. w 3. org/2001/10/xml-exc-c 14 n#"/></ds: Canonicalization. Method> <ds: Signature. Method Algorithm="http: //www. w 3. org/2000/09/xmldsig#rsa-sha 1"/> <ds: Reference URI="#id-7927866"> <ds: Transforms> <ds: Transform Algorithm="http: //www. w 3. org/2001/10/xml-exc-c 14 n#"><ec: Inclusive. Namespaces Prefix. List="xsd xsi" xmlns: ec="http: //www. w 3. org/2001/10/xml-exc-c 14 n#"/></ds: Transform> </ds: Transforms> <ds: Digest. Method Algorithm="http: //www. w 3. org/2000/09/xmldsig#sha 1"/> <ds: Digest. Value>/j 0+BLme 8 m. Kux. Ved 9 e. XCNn. Sm. ZBU=</ds: Digest. Value> </ds: Reference> </ds: Signed. Info> <ds: Signature. Value> m 8 z 0 ODW 17 ynpov. U 0 tn 13 WD 5 byd 41 ce. Pcoa. Fa. TKz. S+9 z 3 RSB 6 vc. E 2 Sjb 50 fht. O 75 Uuu+8 JM 9 HUBm. D AFWJ 7 Tz 3 zg== </ds: Signature. Value> <ds: Key. Info Id="Key. Id-4798869"> <wsse: Security. Token. Reference wsu: Id="STRId-3664555" xmlns: wsu="http: //docs. oasisopen. org/wss/2004/01/oasis-200401 -wssecurity-utility-1. 0. xsd"><wsse: Reference URI="#Cert. Id 3611893"/></wsse: Security. Token. Reference> </ds: Key. Info> </ds: Signature></wsse: Security></soapenv: Header><soapenv: Body wsu: Id="id-7927866" xmlns: wsu="http: //docs. oasis-open. org/wss/2004/01/oasis-200401 -wssecurity-utility 1. 0. xsd"><Put xmlns="http: //vospace. ivoa. net"><requested. Identifier>ivoa: //nvo. caltech/my. Data#1</requested. Identifie r> <transport>WEBDAV</transport><format>CSV</format></Put></soapenv: Body></soapenv: Envelope> NVO Team Meeting - Tucson 25 Apr 2005 12
WSS 4 J: Client public VOStore. Test. Secure. Client() { Engine. Configuration config = new File. Provider("client_deploy. wsdd"); VOStore. Locator loc = new VOStore. Locator(config); Stub axis. Port = (Stub) loc. get. Port(VOStore. Soap. class); axis. Port. _set. Property(WSHandler. Constants. ACTION, WSHandler. Constants. SIGNATURE); axis. Port. _set. Property(WSHandler. Constants. SIG_PROP_FILE, "client_crypto. properties"); axis. Port. _set. Property(WSHandler. Constants. USER, "mjg-cert"); axis. Port. _set. Property(WSHandler. Constants. PW_CALLBACK_CLASS, "net. ivoa. vospace. client. PWCallback"); axis. Port. _set. Property(WSHandler. Constants. SIG_KEY_ID, "Direct. Reference"); service = (VOStore. Soap. Stub) axis. Port; NVO Team Meeting - Tucson 25 Apr 2005 13
WSS 4 J: Server public String get. User() { Message. Context context = Message. Context. get. Current. Context(); Vector recv. Results = (Vector) context. get. Property(WSHandler. Constants. RECV_RESULTS); WSHandler. Result result = (WSHandler. Result) recv. Results. get(0); Vector results = result. get. Results(); WSSecurity. Engine. Result wsse. Result = (WSSecurity. Engine. Result) results. get(0); String DN = wsse. Result. get. Principal(). get. Name(); String user = DN. substring(13, DN. index. Of(', ')); NVO Team Meeting - Tucson 25 Apr 2005 14
Secure Web. DAV • Server: <Connector port=” 8443" max. Threads="150" min. Spare. Threads="25" max. Spare. Threads="75" enable. Lookups="true" disable. Upload. Timeout="true" accept. Count="100" debug="0" scheme="https" secure="true" client. Auth="true" ssl. Protocol="TLS" URIEncoding="UTF-8"/> • Client: Protocol. register. Protocol("https", new SSLCert. Socket. Factory("ca. pem", "client. p 12"), 443)); Http. URL hrl = new Https. URL(“localhost", 8443, "/webdav"); Webdav. Resource wdr = new Webdav. Resource(hrl); NVO Team Meeting - Tucson 25 Apr 2005 15
Attachments: Client • Put: Data. Handler attachment. File = new Data. Handler(new File. Data. Source("test. fits")); service. _set. Property(Call. ATTACHMENT_ENCAPSULATION_FORMAT, Call. ATTACHMENT_ENCAPSULATION_FORMAT_DIME); service. add. Attachment(attachment. File); • Get: Object[] message. Attachments = service. get. Attachments(); Attachment. Part attachment = (Attachment. Part) message. Attachments[0]; Data. Handler dh = attachment. get. Data. Handler(); Input. Stream is = dh. get. Input. Stream(); NVO Team Meeting - Tucson 25 Apr 2005 16
Attachments: Server • Adding: File. Data. Source fds = new File. Data. Source(temp. File); Attachment. Part reply. Attachment = new Attachment. Part(new Data. Handler(fds)); Message. Context context = Message. Context. get. Current. Context(); Message resp. Msg = context. get. Response. Message(); resp. Msg. get. Attachments. Impl(). set. Send. Type(Attachments. SEND_TYPE_DIM E); resp. Msg. add. Attachment. Part(reply. Attachment); • Retrieving: Message. Context context = Message. Context. get. Current. Context(); Message req. Msg = context. get. Request. Message(); Attachments message. Attachments = req. Msg. get. Attachments. Impl(); NVO Team Meeting - Tucson 25 Apr 2005 17
Interoperability • C#: – WSE 2. 0 – WSRF. Net • Perl : – DIME-based attachments not yet fully functional in SOAP: : Lite – WS-Security will be supported by WSRF: : Lite (but not yet) – HTTP: : Webdav/Perl. DAV • Python: – ZSI – py. Grid. Ware – Python DAV client library NVO Team Meeting - Tucson 25 Apr 2005 18
What next? • VOTable and FITS binary table parsers • SRB for bulk data transfers • SAML tokens NVO Team Meeting - Tucson 25 Apr 2005 19
95b811b1ceb436ea16a7af0c8698481c.ppt