public class MyProxy
extends java.lang.Object
More information about MyProxy is available on the MyProxy Home Page.
Modifier and Type | Field and Description |
---|---|
protected Authorization |
authorization
The authorization policy in effect for the target MyProxy server.
|
private static java.lang.String |
AUTHZ_DATA |
static int |
CHANGE_PASSWORD
The integer command number for the MyProxy Password Change
command (4).
|
protected org.ietf.jgss.GSSContext |
context
The GSSContext for communication with the MyProxy server.
|
private static java.lang.String |
CRED |
private static java.lang.String |
CRED_DESC |
private static java.lang.String |
CRED_END_TIME |
private static java.lang.String |
CRED_NAME |
private static java.lang.String |
CRED_OWNER |
private static java.lang.String |
CRED_RENEWER |
private static java.lang.String |
CRED_RETRIEVER |
private static java.lang.String |
CRED_START_TIME |
static int |
DEFAULT_KEYBITS
The default key size (2048 bits).
|
static int |
DEFAULT_PORT
The default MyProxy server port (7512).
|
private static java.lang.String |
DESC |
static int |
DESTROY_PROXY
The integer command number for the MyProxy 'Destroy' command (3).
|
private static java.lang.String |
END_TIME |
private static java.lang.String |
ERROR |
static int |
GET_PROXY
The integer command number for the MyProxy 'Get' command (0).
|
static int |
GET_TRUSTROOTS
The integer command number for the MyProxy 'Get Trustroots' command (7).
|
protected java.lang.String |
host
The hostname(s) of the target MyProxy server(s).
|
static int |
INFO_PROXY
The integer command number for the MyProxy 'Info' command (2).
|
(package private) static org.apache.commons.logging.Log |
logger |
static int |
MIN_PASSWORD_LENGTH |
static java.lang.String |
MYPROXY_PROTOCOL_VERSION |
private static java.lang.String |
OWNER |
protected int |
port
The port of the target MyProxy server (default 7512).
|
static int |
PUT_PROXY
The integer command number for the MyProxy 'Put' command (1).
|
private static java.lang.String |
RENEWER |
private static java.lang.String |
RESPONSE |
static int |
RETRIEVE_CREDENTIAL
The integer command number for the MyProxy 'Retrieve' command (6).
|
private static java.lang.String |
RETRIEVER |
private static java.lang.String |
START_TIME |
static int |
STORE_CREDENTIAL
The integer command number for the MyProxy 'Store' command (5).
|
private static java.lang.String |
TRUSTED_CERT_PATH |
protected java.lang.String[] |
trustrootData |
protected java.lang.String[] |
trustrootFilenames
Trustroot information and path constant.
|
private static java.lang.String |
TRUSTROOTS |
static java.lang.String |
version |
Constructor and Description |
---|
MyProxy()
Initialize the MyProxy client object with the default
authorization policy.
|
MyProxy(java.lang.String host,
int port)
Prepare to connect to the MyProxy server at the specified
host and port using the default authorization policy.
|
Modifier and Type | Method and Description |
---|---|
void |
bootstrapTrust()
Bootstraps trustroot information from the MyProxy server.
|
void |
changePassword(org.ietf.jgss.GSSCredential credential,
ChangePasswordParams params)
Changes the password of the credential on the
MyProxy server.
|
private static void |
close(java.io.OutputStream out,
java.io.InputStream in,
java.net.Socket sock) |
void |
destroy(org.ietf.jgss.GSSCredential credential,
DestroyParams params)
Removes delegated credentials from the MyProxy server.
|
void |
destroy(org.ietf.jgss.GSSCredential credential,
java.lang.String username,
java.lang.String passphrase)
Removes delegated credentials from the MyProxy server.
|
org.ietf.jgss.GSSCredential |
get(org.ietf.jgss.GSSCredential credential,
GetParams params)
Retrieves delegated credentials from the MyProxy server.
|
org.ietf.jgss.GSSCredential |
get(org.ietf.jgss.GSSCredential credential,
java.lang.String username,
java.lang.String passphrase,
int lifetime)
Retrieves delegated credentials from the MyProxy server.
|
org.ietf.jgss.GSSCredential |
get(java.lang.String username,
java.lang.String passphrase,
int lifetime)
Retrieves delegated credentials from MyProxy server Anonymously
(without local credentials)
Notes: Performs simple verification of private/public keys of
the delegated credential.
|
private org.ietf.jgss.GSSCredential |
getAnonymousCredential() |
Authorization |
getAuthorization()
Get MyProxy server authorization mechanism.
|
private static Authorization |
getAuthorization(java.lang.String subjectDN) |
private CredentialInfo |
getCredentialInfo(java.util.Map map,
java.lang.String name) |
private java.lang.String |
getCredName(java.lang.String line,
int pos,
java.lang.String arg) |
java.lang.String |
getHost()
Get MyProxy server hostname.
|
int |
getPort()
Get MyProxy server port.
|
private GssSocket |
getSocket(org.ietf.jgss.GSSCredential credential) |
static java.lang.String |
getTrustRootPath()
Returns the trusted certificates directory location where
writeTrustRoots() will store certificates.
|
void |
getTrustroots(org.ietf.jgss.GSSCredential credential,
GetTrustrootsParams params)
Retrieves trustroot information from the MyProxy server.
|
private java.io.InputStream |
handleReply(java.io.InputStream in) |
private java.io.InputStream |
handleReply(java.io.InputStream in,
java.io.OutputStream out,
org.ietf.jgss.GSSCredential authzcreds,
boolean wantTrustroots) |
CredentialInfo[] |
info(org.ietf.jgss.GSSCredential credential,
InfoParams params)
Retrieves credential information from MyProxy server.
|
CredentialInfo |
info(org.ietf.jgss.GSSCredential credential,
java.lang.String username,
java.lang.String passphrase)
Retrieves credential information from MyProxy server.
|
private boolean |
matches(java.lang.String line,
int pos,
java.lang.String arg) |
private static java.lang.String |
openssl_X509_NAME_hash(javax.security.auth.x500.X500Principal p)
Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem)
Based on openssl's crypto/x509/x509_cmp.c line 321
|
private static java.lang.String |
opensslHash(java.security.cert.X509Certificate cert) |
void |
put(org.ietf.jgss.GSSCredential credential,
InitParams params)
Delegate credentials to a MyProxy server.
|
void |
put(org.ietf.jgss.GSSCredential credential,
java.lang.String username,
java.lang.String passphrase,
int lifetime)
Delegate credentials to a MyProxy server.
|
private static java.lang.String |
readLine(java.io.InputStream is) |
void |
setAuthorization(Authorization authorization)
Set MyProxy server authorization mechanism.
|
void |
setHost(java.lang.String host)
Set MyProxy server hostname.
|
void |
setPort(int port)
Set MyProxy server port.
|
void |
store(org.ietf.jgss.GSSCredential credential,
java.security.cert.X509Certificate[] certs,
OpenSSLKey key,
StoreParams params)
Store credentials on a MyProxy server.
|
private static java.lang.String |
toHex(byte[] bin) |
boolean |
writeTrustRoots()
Writes the retrieved trust roots to the Globus trusted certificates
directory.
|
boolean |
writeTrustRoots(java.lang.String directory)
Writes the retrieved trust roots to a trusted certificates directory.
|
static org.apache.commons.logging.Log logger
public static final java.lang.String version
public static final int MIN_PASSWORD_LENGTH
public static final java.lang.String MYPROXY_PROTOCOL_VERSION
private static final java.lang.String RESPONSE
private static final java.lang.String ERROR
private static final java.lang.String AUTHZ_DATA
private static final java.lang.String CRED
private static final java.lang.String OWNER
private static final java.lang.String START_TIME
private static final java.lang.String END_TIME
private static final java.lang.String DESC
private static final java.lang.String RETRIEVER
private static final java.lang.String RENEWER
private static final java.lang.String TRUSTROOTS
private static final java.lang.String CRED_START_TIME
private static final java.lang.String CRED_END_TIME
private static final java.lang.String CRED_OWNER
private static final java.lang.String CRED_DESC
private static final java.lang.String CRED_RETRIEVER
private static final java.lang.String CRED_RENEWER
private static final java.lang.String CRED_NAME
public static final int DEFAULT_PORT
public static final int DEFAULT_KEYBITS
public static final int GET_PROXY
public static final int PUT_PROXY
public static final int INFO_PROXY
public static final int DESTROY_PROXY
public static final int CHANGE_PASSWORD
public static final int STORE_CREDENTIAL
public static final int RETRIEVE_CREDENTIAL
public static final int GET_TRUSTROOTS
protected java.lang.String host
protected int port
protected Authorization authorization
protected org.ietf.jgss.GSSContext context
protected java.lang.String[] trustrootFilenames
protected java.lang.String[] trustrootData
private static final java.lang.String TRUSTED_CERT_PATH
public MyProxy()
public MyProxy(java.lang.String host, int port)
host
- The hostname(s) of the MyProxy server(s) with optional port
info. Multiple hostnames can be specified in a comma separated
list with each hostname optionally followed by a ':' and port
number. The client will communicate with the first server it has
a successful network connection with.port
- The port number of the MyProxy server to use if one is not
specified as part of the host string.public void setHost(java.lang.String host)
host
- The hostname(s) of the MyProxy server(s). Multiple host names
are comma delimited with each hostname optionally followed by a
':' and port number. The client will communicate with the first
server it has a successful network connection with.public java.lang.String getHost()
public void setPort(int port)
port
- The port number of the MyProxy server to use if one is not
specified as part of the host string. Defaults to
MyProxy.DEFAULT_PORT.public int getPort()
public void setAuthorization(Authorization authorization)
authorization
- The authorization mechanism for the MyProxy server.public Authorization getAuthorization()
private GssSocket getSocket(org.ietf.jgss.GSSCredential credential) throws java.io.IOException, org.ietf.jgss.GSSException
java.io.IOException
org.ietf.jgss.GSSException
public void put(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
credential
- The GSI credentials to use.username
- The username to store the credentials under.passphrase
- The passphrase to use to encrypt the stored
credentials.lifetime
- The maximum lifetime of credentials delegated by the server
(in seconds).MyProxyException
- If an error occurred during the operation.public void put(org.ietf.jgss.GSSCredential credential, InitParams params) throws MyProxyException
credential
- The GSI credentials to use.params
- The parameters for the put operation.MyProxyException
- If an error occurred during the operation.public void store(org.ietf.jgss.GSSCredential credential, java.security.cert.X509Certificate[] certs, OpenSSLKey key, StoreParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.certs
- The certificate(s) to store.key
- The private key to store (typically encrypted).params
- The parameters for the store operation.MyProxyException
- If an error occurred during the operation.public void destroy(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase) throws MyProxyException
credential
- The local GSI credentials to use for authentication.username
- The username of the credentials to remove.passphrase
- The passphrase of the credentials to remove.MyProxyException
- If an error occurred during the operation.public void destroy(org.ietf.jgss.GSSCredential credential, DestroyParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.params
- The parameters for the destroy operation.MyProxyException
- If an error occurred during the operation.public void changePassword(org.ietf.jgss.GSSCredential credential, ChangePasswordParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.params
- The parameters for the change password operation.MyProxyException
- If an error occurred during the operation.public CredentialInfo info(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase) throws MyProxyException
credential
- The local GSI credentials to use for authentication.username
- The username of the credentials to remove.passphrase
- The passphrase of the credentials to remove.MyProxyException
- If an error occurred during the operation.public CredentialInfo[] info(org.ietf.jgss.GSSCredential credential, InfoParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.params
- The parameters for the info operation.MyProxyException
- If an error occurred during the operation.private boolean matches(java.lang.String line, int pos, java.lang.String arg)
private java.lang.String getCredName(java.lang.String line, int pos, java.lang.String arg)
private CredentialInfo getCredentialInfo(java.util.Map map, java.lang.String name)
public org.ietf.jgss.GSSCredential get(java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
username
- The username of the credentials to retrieve.passphrase
- The passphrase of the credentials to retrieve.lifetime
- The requested lifetime of the retrieved credential (in seconds).MyProxyException
- If an error occurred during the operation.public org.ietf.jgss.GSSCredential get(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime) throws MyProxyException
credential
- The local GSI credentials to use for authentication.
Can be set to null if no local credentials.username
- The username of the credentials to retrieve.passphrase
- The passphrase of the credentials to retrieve.lifetime
- The requested lifetime of the retrieved credential (in seconds).MyProxyException
- If an error occurred during the operation.public org.ietf.jgss.GSSCredential get(org.ietf.jgss.GSSCredential credential, GetParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.
Can be set to null if no local credentials.params
- The parameters for the get operation.MyProxyException
- If an error occurred during the operation.public void getTrustroots(org.ietf.jgss.GSSCredential credential, GetTrustrootsParams params) throws MyProxyException
credential
- The local GSI credentials to use for authentication.
Can be set to null if no local credentials.params
- The parameters for the get-trustroots operation.MyProxyException
- If an error occurred during the operation.public void bootstrapTrust() throws MyProxyException
MyProxyException
- If an error occurred during the operation.private static java.lang.String readLine(java.io.InputStream is) throws java.io.IOException
java.io.IOException
private java.io.InputStream handleReply(java.io.InputStream in) throws java.io.IOException, MyProxyException
java.io.IOException
MyProxyException
private java.io.InputStream handleReply(java.io.InputStream in, java.io.OutputStream out, org.ietf.jgss.GSSCredential authzcreds, boolean wantTrustroots) throws java.io.IOException, MyProxyException
java.io.IOException
MyProxyException
private static void close(java.io.OutputStream out, java.io.InputStream in, java.net.Socket sock)
private static Authorization getAuthorization(java.lang.String subjectDN)
private org.ietf.jgss.GSSCredential getAnonymousCredential() throws org.ietf.jgss.GSSException
org.ietf.jgss.GSSException
public static java.lang.String getTrustRootPath()
public boolean writeTrustRoots() throws java.io.IOException
java.io.IOException
public boolean writeTrustRoots(java.lang.String directory) throws java.io.IOException
directory
- path where the trust roots should be writtenjava.io.IOException
private static java.lang.String opensslHash(java.security.cert.X509Certificate cert)
private static java.lang.String openssl_X509_NAME_hash(javax.security.auth.x500.X500Principal p) throws java.lang.Exception
java.lang.Exception
private static java.lang.String toHex(byte[] bin)