Package org.globus.myproxy
Class MyProxy
- java.lang.Object
-
- org.globus.myproxy.MyProxy
-
public class MyProxy extends java.lang.Object
This class provides an API for communicating with MyProxy servers. It provides main functions for retrieving, removing and storing credentials on MyProxy server. It also provides functions for getting credential information and changing passwords.More information about MyProxy is available on the MyProxy Home Page.
- Version:
- 2.0
-
-
Field Summary
Fields Modifier and Type Field Description protected Authorization
authorization
The authorization policy in effect for the target MyProxy server.private static java.lang.String
AUTHZ_DATA
static int
CHANGE_PASSWORD
The integer command number for the MyProxy Password Change command (4).protected org.ietf.jgss.GSSContext
context
The GSSContext for communication with the MyProxy server.private static java.lang.String
CRED
private static java.lang.String
CRED_DESC
private static java.lang.String
CRED_END_TIME
private static java.lang.String
CRED_NAME
private static java.lang.String
CRED_OWNER
private static java.lang.String
CRED_RENEWER
private static java.lang.String
CRED_RETRIEVER
private static java.lang.String
CRED_START_TIME
static int
DEFAULT_KEYBITS
The default key size (2048 bits).static int
DEFAULT_PORT
The default MyProxy server port (7512).private static java.lang.String
DESC
static int
DESTROY_PROXY
The integer command number for the MyProxy 'Destroy' command (3).private static java.lang.String
END_TIME
private static java.lang.String
ERROR
static int
GET_PROXY
The integer command number for the MyProxy 'Get' command (0).static int
GET_TRUSTROOTS
The integer command number for the MyProxy 'Get Trustroots' command (7).protected java.lang.String
host
The hostname(s) of the target MyProxy server(s).static int
INFO_PROXY
The integer command number for the MyProxy 'Info' command (2).(package private) static org.apache.commons.logging.Log
logger
static int
MIN_PASSWORD_LENGTH
static java.lang.String
MYPROXY_PROTOCOL_VERSION
private static java.lang.String
OWNER
protected int
port
The port of the target MyProxy server (default 7512).static int
PUT_PROXY
The integer command number for the MyProxy 'Put' command (1).private static java.lang.String
RENEWER
private static java.lang.String
RESPONSE
static int
RETRIEVE_CREDENTIAL
The integer command number for the MyProxy 'Retrieve' command (6).private static java.lang.String
RETRIEVER
private static java.lang.String
START_TIME
static int
STORE_CREDENTIAL
The integer command number for the MyProxy 'Store' command (5).private static java.lang.String
TRUSTED_CERT_PATH
protected java.lang.String[]
trustrootData
protected java.lang.String[]
trustrootFilenames
Trustroot information and path constant.private static java.lang.String
TRUSTROOTS
static java.lang.String
version
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
bootstrapTrust()
Bootstraps trustroot information from the MyProxy server.void
changePassword(org.ietf.jgss.GSSCredential credential, ChangePasswordParams params)
Changes the password of the credential on the MyProxy server.private static void
close(java.io.OutputStream out, java.io.InputStream in, java.net.Socket sock)
void
destroy(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase)
Removes delegated credentials from the MyProxy server.void
destroy(org.ietf.jgss.GSSCredential credential, DestroyParams params)
Removes delegated credentials from the MyProxy server.org.ietf.jgss.GSSCredential
get(java.lang.String username, java.lang.String passphrase, int lifetime)
Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential.org.ietf.jgss.GSSCredential
get(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime)
Retrieves delegated credentials from the MyProxy server.org.ietf.jgss.GSSCredential
get(org.ietf.jgss.GSSCredential credential, GetParams params)
Retrieves delegated credentials from the MyProxy server.private org.ietf.jgss.GSSCredential
getAnonymousCredential()
Authorization
getAuthorization()
Get MyProxy server authorization mechanism.private static Authorization
getAuthorization(java.lang.String subjectDN)
private CredentialInfo
getCredentialInfo(java.util.Map map, java.lang.String name)
private java.lang.String
getCredName(java.lang.String line, int pos, java.lang.String arg)
java.lang.String
getHost()
Get MyProxy server hostname.int
getPort()
Get MyProxy server port.private GssSocket
getSocket(org.ietf.jgss.GSSCredential credential)
static java.lang.String
getTrustRootPath()
Returns the trusted certificates directory location where writeTrustRoots() will store certificates.void
getTrustroots(org.ietf.jgss.GSSCredential credential, GetTrustrootsParams params)
Retrieves trustroot information from the MyProxy server.private java.io.InputStream
handleReply(java.io.InputStream in)
private java.io.InputStream
handleReply(java.io.InputStream in, java.io.OutputStream out, org.ietf.jgss.GSSCredential authzcreds, boolean wantTrustroots)
CredentialInfo
info(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase)
Retrieves credential information from MyProxy server.CredentialInfo[]
info(org.ietf.jgss.GSSCredential credential, InfoParams params)
Retrieves credential information from MyProxy server.private boolean
matches(java.lang.String line, int pos, java.lang.String arg)
private static java.lang.String
openssl_X509_NAME_hash(javax.security.auth.x500.X500Principal p)
Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) Based on openssl's crypto/x509/x509_cmp.c line 321private static java.lang.String
opensslHash(java.security.cert.X509Certificate cert)
void
put(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime)
Delegate credentials to a MyProxy server.void
put(org.ietf.jgss.GSSCredential credential, InitParams params)
Delegate credentials to a MyProxy server.private static java.lang.String
readLine(java.io.InputStream is)
void
setAuthorization(Authorization authorization)
Set MyProxy server authorization mechanism.void
setHost(java.lang.String host)
Set MyProxy server hostname.void
setPort(int port)
Set MyProxy server port.void
store(org.ietf.jgss.GSSCredential credential, java.security.cert.X509Certificate[] certs, OpenSSLKey key, StoreParams params)
Store credentials on a MyProxy server.private static java.lang.String
toHex(byte[] bin)
boolean
writeTrustRoots()
Writes the retrieved trust roots to the Globus trusted certificates directory.boolean
writeTrustRoots(java.lang.String directory)
Writes the retrieved trust roots to a trusted certificates directory.
-
-
-
Field Detail
-
logger
static org.apache.commons.logging.Log logger
-
version
public static final java.lang.String version
- See Also:
- Constant Field Values
-
MIN_PASSWORD_LENGTH
public static final int MIN_PASSWORD_LENGTH
- See Also:
- Constant Field Values
-
MYPROXY_PROTOCOL_VERSION
public static final java.lang.String MYPROXY_PROTOCOL_VERSION
- See Also:
- Constant Field Values
-
RESPONSE
private static final java.lang.String RESPONSE
- See Also:
- Constant Field Values
-
ERROR
private static final java.lang.String ERROR
- See Also:
- Constant Field Values
-
AUTHZ_DATA
private static final java.lang.String AUTHZ_DATA
- See Also:
- Constant Field Values
-
CRED
private static final java.lang.String CRED
- See Also:
- Constant Field Values
-
OWNER
private static final java.lang.String OWNER
- See Also:
- Constant Field Values
-
START_TIME
private static final java.lang.String START_TIME
- See Also:
- Constant Field Values
-
END_TIME
private static final java.lang.String END_TIME
- See Also:
- Constant Field Values
-
DESC
private static final java.lang.String DESC
- See Also:
- Constant Field Values
-
RETRIEVER
private static final java.lang.String RETRIEVER
- See Also:
- Constant Field Values
-
RENEWER
private static final java.lang.String RENEWER
- See Also:
- Constant Field Values
-
TRUSTROOTS
private static final java.lang.String TRUSTROOTS
- See Also:
- Constant Field Values
-
CRED_START_TIME
private static final java.lang.String CRED_START_TIME
- See Also:
- Constant Field Values
-
CRED_END_TIME
private static final java.lang.String CRED_END_TIME
- See Also:
- Constant Field Values
-
CRED_OWNER
private static final java.lang.String CRED_OWNER
- See Also:
- Constant Field Values
-
CRED_DESC
private static final java.lang.String CRED_DESC
- See Also:
- Constant Field Values
-
CRED_RETRIEVER
private static final java.lang.String CRED_RETRIEVER
- See Also:
- Constant Field Values
-
CRED_RENEWER
private static final java.lang.String CRED_RENEWER
- See Also:
- Constant Field Values
-
CRED_NAME
private static final java.lang.String CRED_NAME
- See Also:
- Constant Field Values
-
DEFAULT_PORT
public static final int DEFAULT_PORT
The default MyProxy server port (7512).- See Also:
- Constant Field Values
-
DEFAULT_KEYBITS
public static final int DEFAULT_KEYBITS
The default key size (2048 bits).- See Also:
- Constant Field Values
-
GET_PROXY
public static final int GET_PROXY
The integer command number for the MyProxy 'Get' command (0).- See Also:
- Constant Field Values
-
PUT_PROXY
public static final int PUT_PROXY
The integer command number for the MyProxy 'Put' command (1).- See Also:
- Constant Field Values
-
INFO_PROXY
public static final int INFO_PROXY
The integer command number for the MyProxy 'Info' command (2).- See Also:
- Constant Field Values
-
DESTROY_PROXY
public static final int DESTROY_PROXY
The integer command number for the MyProxy 'Destroy' command (3).- See Also:
- Constant Field Values
-
CHANGE_PASSWORD
public static final int CHANGE_PASSWORD
The integer command number for the MyProxy Password Change command (4).- See Also:
- Constant Field Values
-
STORE_CREDENTIAL
public static final int STORE_CREDENTIAL
The integer command number for the MyProxy 'Store' command (5).- See Also:
- Constant Field Values
-
RETRIEVE_CREDENTIAL
public static final int RETRIEVE_CREDENTIAL
The integer command number for the MyProxy 'Retrieve' command (6).- See Also:
- Constant Field Values
-
GET_TRUSTROOTS
public static final int GET_TRUSTROOTS
The integer command number for the MyProxy 'Get Trustroots' command (7).- See Also:
- Constant Field Values
-
host
protected java.lang.String host
The hostname(s) of the target MyProxy server(s). Multiple host names can be specified comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
-
port
protected int port
The port of the target MyProxy server (default 7512).
-
authorization
protected Authorization authorization
The authorization policy in effect for the target MyProxy server.
-
context
protected org.ietf.jgss.GSSContext context
The GSSContext for communication with the MyProxy server.
-
trustrootFilenames
protected java.lang.String[] trustrootFilenames
Trustroot information and path constant.
-
trustrootData
protected java.lang.String[] trustrootData
-
TRUSTED_CERT_PATH
private static final java.lang.String TRUSTED_CERT_PATH
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
MyProxy
public MyProxy()
Initialize the MyProxy client object with the default authorization policy.
-
MyProxy
public MyProxy(java.lang.String host, int port)
Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.- Parameters:
host
- The hostname(s) of the MyProxy server(s) with optional port info. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.port
- The port number of the MyProxy server to use if one is not specified as part of the host string.
-
-
Method Detail
-
setHost
public void setHost(java.lang.String host)
Set MyProxy server hostname.- Parameters:
host
- The hostname(s) of the MyProxy server(s). Multiple host names are comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
-
getHost
public java.lang.String getHost()
Get MyProxy server hostname.- Returns:
- The hostname of the MyProxy server.
-
setPort
public void setPort(int port)
Set MyProxy server port.- Parameters:
port
- The port number of the MyProxy server to use if one is not specified as part of the host string. Defaults to MyProxy.DEFAULT_PORT.
-
getPort
public int getPort()
Get MyProxy server port.- Returns:
- The port number of the MyProxy server.
-
setAuthorization
public void setAuthorization(Authorization authorization)
Set MyProxy server authorization mechanism.- Parameters:
authorization
- The authorization mechanism for the MyProxy server.
-
getAuthorization
public Authorization getAuthorization()
Get MyProxy server authorization mechanism.- Returns:
- The authorization mechanism for the MyProxy server.
-
getSocket
private GssSocket getSocket(org.ietf.jgss.GSSCredential credential) throws java.io.IOException, org.ietf.jgss.GSSException
- Throws:
java.io.IOException
org.ietf.jgss.GSSException
-
put
public void put(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
Delegate credentials to a MyProxy server.- Parameters:
credential
- The GSI credentials to use.username
- The username to store the credentials under.passphrase
- The passphrase to use to encrypt the stored credentials.lifetime
- The maximum lifetime of credentials delegated by the server (in seconds).- Throws:
MyProxyException
- If an error occurred during the operation.
-
put
public void put(org.ietf.jgss.GSSCredential credential, InitParams params) throws MyProxyException
Delegate credentials to a MyProxy server.- Parameters:
credential
- The GSI credentials to use.params
- The parameters for the put operation.- Throws:
MyProxyException
- If an error occurred during the operation.
-
store
public void store(org.ietf.jgss.GSSCredential credential, java.security.cert.X509Certificate[] certs, OpenSSLKey key, StoreParams params) throws MyProxyException
Store credentials on a MyProxy server. Copies certificate(s) and private key directly to the server rather than delegating an X.509 proxy credential.- Parameters:
credential
- The local GSI credentials to use for authentication.certs
- The certificate(s) to store.key
- The private key to store (typically encrypted).params
- The parameters for the store operation.- Throws:
MyProxyException
- If an error occurred during the operation.
-
destroy
public void destroy(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase) throws MyProxyException
Removes delegated credentials from the MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication.username
- The username of the credentials to remove.passphrase
- The passphrase of the credentials to remove.- Throws:
MyProxyException
- If an error occurred during the operation.
-
destroy
public void destroy(org.ietf.jgss.GSSCredential credential, DestroyParams params) throws MyProxyException
Removes delegated credentials from the MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication.params
- The parameters for the destroy operation.- Throws:
MyProxyException
- If an error occurred during the operation.
-
changePassword
public void changePassword(org.ietf.jgss.GSSCredential credential, ChangePasswordParams params) throws MyProxyException
Changes the password of the credential on the MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication.params
- The parameters for the change password operation.- Throws:
MyProxyException
- If an error occurred during the operation.
-
info
public CredentialInfo info(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase) throws MyProxyException
Retrieves credential information from MyProxy server. Only the information of the default credential is returned by this operation.- Parameters:
credential
- The local GSI credentials to use for authentication.username
- The username of the credentials to remove.passphrase
- The passphrase of the credentials to remove.- Returns:
- The credential information of the default credential.
- Throws:
MyProxyException
- If an error occurred during the operation.
-
info
public CredentialInfo[] info(org.ietf.jgss.GSSCredential credential, InfoParams params) throws MyProxyException
Retrieves credential information from MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication.params
- The parameters for the info operation.- Returns:
- The array of credential information of all the user's credentials.
- Throws:
MyProxyException
- If an error occurred during the operation.
-
matches
private boolean matches(java.lang.String line, int pos, java.lang.String arg)
-
getCredName
private java.lang.String getCredName(java.lang.String line, int pos, java.lang.String arg)
-
getCredentialInfo
private CredentialInfo getCredentialInfo(java.util.Map map, java.lang.String name)
-
get
public org.ietf.jgss.GSSCredential get(java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.- Parameters:
username
- The username of the credentials to retrieve.passphrase
- The passphrase of the credentials to retrieve.lifetime
- The requested lifetime of the retrieved credential (in seconds).- Returns:
- GSSCredential The retrieved delegated credentials.
- Throws:
MyProxyException
- If an error occurred during the operation.
-
get
public org.ietf.jgss.GSSCredential get(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
Retrieves delegated credentials from the MyProxy server. Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.- Parameters:
credential
- The local GSI credentials to use for authentication. Can be set to null if no local credentials.username
- The username of the credentials to retrieve.passphrase
- The passphrase of the credentials to retrieve.lifetime
- The requested lifetime of the retrieved credential (in seconds).- Returns:
- GSSCredential The retrieved delegated credentials.
- Throws:
MyProxyException
- If an error occurred during the operation.
-
get
public org.ietf.jgss.GSSCredential get(org.ietf.jgss.GSSCredential credential, GetParams params) throws MyProxyException
Retrieves delegated credentials from the MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication. Can be set to null if no local credentials.params
- The parameters for the get operation.- Returns:
- GSSCredential The retrieved delegated credentials.
- Throws:
MyProxyException
- If an error occurred during the operation.
-
getTrustroots
public void getTrustroots(org.ietf.jgss.GSSCredential credential, GetTrustrootsParams params) throws MyProxyException
Retrieves trustroot information from the MyProxy server.- Parameters:
credential
- The local GSI credentials to use for authentication. Can be set to null if no local credentials.params
- The parameters for the get-trustroots operation.- Throws:
MyProxyException
- If an error occurred during the operation.
-
bootstrapTrust
public void bootstrapTrust() throws MyProxyException
Bootstraps trustroot information from the MyProxy server.- Throws:
MyProxyException
- If an error occurred during the operation.
-
readLine
private static java.lang.String readLine(java.io.InputStream is) throws java.io.IOException
- Throws:
java.io.IOException
-
handleReply
private java.io.InputStream handleReply(java.io.InputStream in) throws java.io.IOException, MyProxyException
- Throws:
java.io.IOException
MyProxyException
-
handleReply
private java.io.InputStream handleReply(java.io.InputStream in, java.io.OutputStream out, org.ietf.jgss.GSSCredential authzcreds, boolean wantTrustroots) throws java.io.IOException, MyProxyException
- Throws:
java.io.IOException
MyProxyException
-
close
private static void close(java.io.OutputStream out, java.io.InputStream in, java.net.Socket sock)
-
getAuthorization
private static Authorization getAuthorization(java.lang.String subjectDN)
-
getAnonymousCredential
private org.ietf.jgss.GSSCredential getAnonymousCredential() throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
getTrustRootPath
public static java.lang.String getTrustRootPath()
Returns the trusted certificates directory location where writeTrustRoots() will store certificates. It first checks the X509_CERT_DIR system property. If that property is not set, it uses ${user.home}/.globus/certificates. Note that, unlike CoGProperties.getCaCertLocations(), it does not return /etc/grid-security/certificates or ${GLOBUS_LOCATION}/share/certificates.
-
writeTrustRoots
public boolean writeTrustRoots() throws java.io.IOException
Writes the retrieved trust roots to the Globus trusted certificates directory.- Returns:
- true if trust roots are written successfully, false if no trust roots are available to be written
- Throws:
java.io.IOException
-
writeTrustRoots
public boolean writeTrustRoots(java.lang.String directory) throws java.io.IOException
Writes the retrieved trust roots to a trusted certificates directory.- Parameters:
directory
- path where the trust roots should be written- Returns:
- true if trust roots are written successfully, false if no trust roots are available to be written
- Throws:
java.io.IOException
-
opensslHash
private static java.lang.String opensslHash(java.security.cert.X509Certificate cert)
-
openssl_X509_NAME_hash
private static java.lang.String openssl_X509_NAME_hash(javax.security.auth.x500.X500Principal p) throws java.lang.Exception
Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) Based on openssl's crypto/x509/x509_cmp.c line 321- Throws:
java.lang.Exception
-
toHex
private static java.lang.String toHex(byte[] bin)
-
-