Package org.globus.myproxy

Class MyProxy

  • public class MyProxy
extends java.lang.Object
    This class provides an API for communicating with MyProxy servers. It provides main functions for retrieving, removing and storing credentials on MyProxy server. It also provides functions for getting credential information and changing passwords.

    More information about MyProxy is available on the MyProxy Home Page.

    Version:
    2.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected Authorization authorization
      The authorization policy in effect for the target MyProxy server.
      private static java.lang.String AUTHZ_DATA  
      static int CHANGE_PASSWORD
      The integer command number for the MyProxy Password Change command (4).
      protected org.ietf.jgss.GSSContext context
      The GSSContext for communication with the MyProxy server.
      private static java.lang.String CRED  
      private static java.lang.String CRED_DESC  
      private static java.lang.String CRED_END_TIME  
      private static java.lang.String CRED_NAME  
      private static java.lang.String CRED_OWNER  
      private static java.lang.String CRED_RENEWER  
      private static java.lang.String CRED_RETRIEVER  
      private static java.lang.String CRED_START_TIME  
      static int DEFAULT_KEYBITS
      The default key size (2048 bits).
      static int DEFAULT_PORT
      The default MyProxy server port (7512).
      private static java.lang.String DESC  
      static int DESTROY_PROXY
      The integer command number for the MyProxy 'Destroy' command (3).
      private static java.lang.String END_TIME  
      private static java.lang.String ERROR  
      static int GET_PROXY
      The integer command number for the MyProxy 'Get' command (0).
      static int GET_TRUSTROOTS
      The integer command number for the MyProxy 'Get Trustroots' command (7).
      protected java.lang.String host
      The hostname(s) of the target MyProxy server(s).
      static int INFO_PROXY
      The integer command number for the MyProxy 'Info' command (2).
      (package private) static org.apache.commons.logging.Log logger  
      static int MIN_PASSWORD_LENGTH  
      static java.lang.String MYPROXY_PROTOCOL_VERSION  
      private static java.lang.String OWNER  
      protected int port
      The port of the target MyProxy server (default 7512).
      static int PUT_PROXY
      The integer command number for the MyProxy 'Put' command (1).
      private static java.lang.String RENEWER  
      private static java.lang.String RESPONSE  
      static int RETRIEVE_CREDENTIAL
      The integer command number for the MyProxy 'Retrieve' command (6).
      private static java.lang.String RETRIEVER  
      private static java.lang.String START_TIME  
      static int STORE_CREDENTIAL
      The integer command number for the MyProxy 'Store' command (5).
      private static java.lang.String TRUSTED_CERT_PATH  
      protected java.lang.String[] trustrootData  
      protected java.lang.String[] trustrootFilenames
      Trustroot information and path constant.
      private static java.lang.String TRUSTROOTS  
      static java.lang.String version  

    • Constructor Summary

      Constructors 
      Constructor Description
      MyProxy()
      Initialize the MyProxy client object with the default authorization policy.
      MyProxy​(java.lang.String host, int port)
      Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void bootstrapTrust()
      Bootstraps trustroot information from the MyProxy server.
      void changePassword​(org.ietf.jgss.GSSCredential credential, ChangePasswordParams params)
      Changes the password of the credential on the MyProxy server.
      private static void close​(java.io.OutputStream out, java.io.InputStream in, java.net.Socket sock)  
      void destroy​(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase)
      Removes delegated credentials from the MyProxy server.
      void destroy​(org.ietf.jgss.GSSCredential credential, DestroyParams params)
      Removes delegated credentials from the MyProxy server.
      org.ietf.jgss.GSSCredential get​(java.lang.String username, java.lang.String passphrase, int lifetime)
      Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential.
      org.ietf.jgss.GSSCredential get​(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime)
      Retrieves delegated credentials from the MyProxy server.
      org.ietf.jgss.GSSCredential get​(org.ietf.jgss.GSSCredential credential, GetParams params)
      Retrieves delegated credentials from the MyProxy server.
      private org.ietf.jgss.GSSCredential getAnonymousCredential()  
      Authorization getAuthorization()
      Get MyProxy server authorization mechanism.
      private static Authorization getAuthorization​(java.lang.String subjectDN)  
      private CredentialInfo getCredentialInfo​(java.util.Map map, java.lang.String name)  
      private java.lang.String getCredName​(java.lang.String line, int pos, java.lang.String arg)  
      java.lang.String getHost()
      Get MyProxy server hostname.
      int getPort()
      Get MyProxy server port.
      private GssSocket getSocket​(org.ietf.jgss.GSSCredential credential)  
      static java.lang.String getTrustRootPath()
      Returns the trusted certificates directory location where writeTrustRoots() will store certificates.
      void getTrustroots​(org.ietf.jgss.GSSCredential credential, GetTrustrootsParams params)
      Retrieves trustroot information from the MyProxy server.
      private java.io.InputStream handleReply​(java.io.InputStream in)  
      private java.io.InputStream handleReply​(java.io.InputStream in, java.io.OutputStream out, org.ietf.jgss.GSSCredential authzcreds, boolean wantTrustroots)  
      CredentialInfo info​(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase)
      Retrieves credential information from MyProxy server.
      CredentialInfo[] info​(org.ietf.jgss.GSSCredential credential, InfoParams params)
      Retrieves credential information from MyProxy server.
      private boolean matches​(java.lang.String line, int pos, java.lang.String arg)  
      private static java.lang.String openssl_X509_NAME_hash​(javax.security.auth.x500.X500Principal p)
      Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) Based on openssl's crypto/x509/x509_cmp.c line 321
      private static java.lang.String opensslHash​(java.security.cert.X509Certificate cert)  
      void put​(org.ietf.jgss.GSSCredential credential, java.lang.String username, java.lang.String passphrase, int lifetime)
      Delegate credentials to a MyProxy server.
      void put​(org.ietf.jgss.GSSCredential credential, InitParams params)
      Delegate credentials to a MyProxy server.
      private static java.lang.String readLine​(java.io.InputStream is)  
      void setAuthorization​(Authorization authorization)
      Set MyProxy server authorization mechanism.
      void setHost​(java.lang.String host)
      Set MyProxy server hostname.
      void setPort​(int port)
      Set MyProxy server port.
      void store​(org.ietf.jgss.GSSCredential credential, java.security.cert.X509Certificate[] certs, OpenSSLKey key, StoreParams params)
      Store credentials on a MyProxy server.
      private static java.lang.String toHex​(byte[] bin)  
      boolean writeTrustRoots()
      Writes the retrieved trust roots to the Globus trusted certificates directory.
      boolean writeTrustRoots​(java.lang.String directory)
      Writes the retrieved trust roots to a trusted certificates directory.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        static org.apache.commons.logging.Log logger

      • MYPROXY_PROTOCOL_VERSION

        public static final java.lang.String MYPROXY_PROTOCOL_VERSION
        See Also:
        Constant Field Values

      • DEFAULT_PORT

        public static final int DEFAULT_PORT
        The default MyProxy server port (7512).
        See Also:
        Constant Field Values

      • DEFAULT_KEYBITS

        public static final int DEFAULT_KEYBITS
        The default key size (2048 bits).
        See Also:
        Constant Field Values

      • GET_PROXY

        public static final int GET_PROXY
        The integer command number for the MyProxy 'Get' command (0).
        See Also:
        Constant Field Values

      • PUT_PROXY

        public static final int PUT_PROXY
        The integer command number for the MyProxy 'Put' command (1).
        See Also:
        Constant Field Values

      • INFO_PROXY

        public static final int INFO_PROXY
        The integer command number for the MyProxy 'Info' command (2).
        See Also:
        Constant Field Values

      • DESTROY_PROXY

        public static final int DESTROY_PROXY
        The integer command number for the MyProxy 'Destroy' command (3).
        See Also:
        Constant Field Values

      • CHANGE_PASSWORD

        public static final int CHANGE_PASSWORD
        The integer command number for the MyProxy Password Change command (4).
        See Also:
        Constant Field Values

      • STORE_CREDENTIAL

        public static final int STORE_CREDENTIAL
        The integer command number for the MyProxy 'Store' command (5).
        See Also:
        Constant Field Values

      • RETRIEVE_CREDENTIAL

        public static final int RETRIEVE_CREDENTIAL
        The integer command number for the MyProxy 'Retrieve' command (6).
        See Also:
        Constant Field Values

      • GET_TRUSTROOTS

        public static final int GET_TRUSTROOTS
        The integer command number for the MyProxy 'Get Trustroots' command (7).
        See Also:
        Constant Field Values

      • host

        protected java.lang.String host
        The hostname(s) of the target MyProxy server(s). Multiple host names can be specified comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.

      • port

        protected int port
        The port of the target MyProxy server (default 7512).

      • authorization

        protected Authorization authorization
        The authorization policy in effect for the target MyProxy server.

      • context

        protected org.ietf.jgss.GSSContext context
        The GSSContext for communication with the MyProxy server.

      • trustrootFilenames

        protected java.lang.String[] trustrootFilenames
        Trustroot information and path constant.

      • trustrootData

        protected java.lang.String[] trustrootData

      • TRUSTED_CERT_PATH

        private static final java.lang.String TRUSTED_CERT_PATH
        See Also:
        Constant Field Values

    • Constructor Detail

      • MyProxy

        public MyProxy()
        Initialize the MyProxy client object with the default authorization policy.

      • MyProxy

        public MyProxy​(java.lang.String host,
               int port)
        Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.
        Parameters:
        host - The hostname(s) of the MyProxy server(s) with optional port info. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
        port - The port number of the MyProxy server to use if one is not specified as part of the host string.

    • Method Detail

      • setHost

        public void setHost​(java.lang.String host)
        Set MyProxy server hostname.
        Parameters:
        host - The hostname(s) of the MyProxy server(s). Multiple host names are comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.

      • getHost

        public java.lang.String getHost()
        Get MyProxy server hostname.
        Returns:
        The hostname of the MyProxy server.

      • setPort

        public void setPort​(int port)
        Set MyProxy server port.
        Parameters:
        port - The port number of the MyProxy server to use if one is not specified as part of the host string. Defaults to MyProxy.DEFAULT_PORT.

      • getPort

        public int getPort()
        Get MyProxy server port.
        Returns:
        The port number of the MyProxy server.

      • setAuthorization

        public void setAuthorization​(Authorization authorization)
        Set MyProxy server authorization mechanism.
        Parameters:
        authorization - The authorization mechanism for the MyProxy server.

      • getAuthorization

        public Authorization getAuthorization()
        Get MyProxy server authorization mechanism.
        Returns:
        The authorization mechanism for the MyProxy server.

      • getSocket

        private GssSocket getSocket​(org.ietf.jgss.GSSCredential credential)
                     throws java.io.IOException,
                            org.ietf.jgss.GSSException
        Throws:
        java.io.IOException
        org.ietf.jgss.GSSException

      • put

        public void put​(org.ietf.jgss.GSSCredential credential,
                java.lang.String username,
                java.lang.String passphrase,
                int lifetime)
         throws MyProxyException
        Delegate credentials to a MyProxy server.
        Parameters:
        credential - The GSI credentials to use.
        username - The username to store the credentials under.
        passphrase - The passphrase to use to encrypt the stored credentials.
        lifetime - The maximum lifetime of credentials delegated by the server (in seconds).
        Throws:
        MyProxyException - If an error occurred during the operation.

      • put

        public void put​(org.ietf.jgss.GSSCredential credential,
                InitParams params)
         throws MyProxyException
        Delegate credentials to a MyProxy server.
        Parameters:
        credential - The GSI credentials to use.
        params - The parameters for the put operation.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • store

        public void store​(org.ietf.jgss.GSSCredential credential,
                  java.security.cert.X509Certificate[] certs,
                  OpenSSLKey key,
                  StoreParams params)
           throws MyProxyException
        Store credentials on a MyProxy server. Copies certificate(s) and private key directly to the server rather than delegating an X.509 proxy credential.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        certs - The certificate(s) to store.
        key - The private key to store (typically encrypted).
        params - The parameters for the store operation.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • destroy

        public void destroy​(org.ietf.jgss.GSSCredential credential,
                    java.lang.String username,
                    java.lang.String passphrase)
             throws MyProxyException
        Removes delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        username - The username of the credentials to remove.
        passphrase - The passphrase of the credentials to remove.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • destroy

        public void destroy​(org.ietf.jgss.GSSCredential credential,
                    DestroyParams params)
             throws MyProxyException
        Removes delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the destroy operation.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • changePassword

        public void changePassword​(org.ietf.jgss.GSSCredential credential,
                           ChangePasswordParams params)
                    throws MyProxyException
        Changes the password of the credential on the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the change password operation.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • info

        public CredentialInfo info​(org.ietf.jgss.GSSCredential credential,
                           java.lang.String username,
                           java.lang.String passphrase)
                    throws MyProxyException
        Retrieves credential information from MyProxy server. Only the information of the default credential is returned by this operation.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        username - The username of the credentials to remove.
        passphrase - The passphrase of the credentials to remove.
        Returns:
        The credential information of the default credential.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • info

        public CredentialInfo[] info​(org.ietf.jgss.GSSCredential credential,
                             InfoParams params)
                      throws MyProxyException
        Retrieves credential information from MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the info operation.
        Returns:
        The array of credential information of all the user's credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • matches

        private boolean matches​(java.lang.String line,
                        int pos,
                        java.lang.String arg)

      • getCredName

        private java.lang.String getCredName​(java.lang.String line,
                                     int pos,
                                     java.lang.String arg)

      • getCredentialInfo

        private CredentialInfo getCredentialInfo​(java.util.Map map,
                                         java.lang.String name)

      • get

        public org.ietf.jgss.GSSCredential get​(java.lang.String username,
                                       java.lang.String passphrase,
                                       int lifetime)
                                throws MyProxyException
        Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
        Parameters:
        username - The username of the credentials to retrieve.
        passphrase - The passphrase of the credentials to retrieve.
        lifetime - The requested lifetime of the retrieved credential (in seconds).
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • get

        public org.ietf.jgss.GSSCredential get​(org.ietf.jgss.GSSCredential credential,
                                       java.lang.String username,
                                       java.lang.String passphrase,
                                       int lifetime)
                                throws MyProxyException
        Retrieves delegated credentials from the MyProxy server. Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        username - The username of the credentials to retrieve.
        passphrase - The passphrase of the credentials to retrieve.
        lifetime - The requested lifetime of the retrieved credential (in seconds).
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • get

        public org.ietf.jgss.GSSCredential get​(org.ietf.jgss.GSSCredential credential,
                                       GetParams params)
                                throws MyProxyException
        Retrieves delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        params - The parameters for the get operation.
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • getTrustroots

        public void getTrustroots​(org.ietf.jgss.GSSCredential credential,
                          GetTrustrootsParams params)
                   throws MyProxyException
        Retrieves trustroot information from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        params - The parameters for the get-trustroots operation.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • bootstrapTrust

        public void bootstrapTrust()
                    throws MyProxyException
        Bootstraps trustroot information from the MyProxy server.
        Throws:
        MyProxyException - If an error occurred during the operation.

      • readLine

        private static java.lang.String readLine​(java.io.InputStream is)
                                  throws java.io.IOException
        Throws:
        java.io.IOException

      • handleReply

        private java.io.InputStream handleReply​(java.io.InputStream in)
                                 throws java.io.IOException,
                                        MyProxyException
        Throws:
        java.io.IOException
        MyProxyException

      • handleReply

        private java.io.InputStream handleReply​(java.io.InputStream in,
                                        java.io.OutputStream out,
                                        org.ietf.jgss.GSSCredential authzcreds,
                                        boolean wantTrustroots)
                                 throws java.io.IOException,
                                        MyProxyException
        Throws:
        java.io.IOException
        MyProxyException

      • close

        private static void close​(java.io.OutputStream out,
                          java.io.InputStream in,
                          java.net.Socket sock)

      • getAuthorization

        private static Authorization getAuthorization​(java.lang.String subjectDN)

      • getAnonymousCredential

        private org.ietf.jgss.GSSCredential getAnonymousCredential()
                                                    throws org.ietf.jgss.GSSException
        Throws:
        org.ietf.jgss.GSSException

      • getTrustRootPath

        public static java.lang.String getTrustRootPath()
        Returns the trusted certificates directory location where writeTrustRoots() will store certificates. It first checks the X509_CERT_DIR system property. If that property is not set, it uses ${user.home}/.globus/certificates. Note that, unlike CoGProperties.getCaCertLocations(), it does not return /etc/grid-security/certificates or ${GLOBUS_LOCATION}/share/certificates.

      • writeTrustRoots

        public boolean writeTrustRoots()
                        throws java.io.IOException
        Writes the retrieved trust roots to the Globus trusted certificates directory.
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        java.io.IOException

      • writeTrustRoots

        public boolean writeTrustRoots​(java.lang.String directory)
                        throws java.io.IOException
        Writes the retrieved trust roots to a trusted certificates directory.
        Parameters:
        directory - path where the trust roots should be written
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        java.io.IOException

      • opensslHash

        private static java.lang.String opensslHash​(java.security.cert.X509Certificate cert)

      • openssl_X509_NAME_hash

        private static java.lang.String openssl_X509_NAME_hash​(javax.security.auth.x500.X500Principal p)
                                                throws java.lang.Exception
        Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) Based on openssl's crypto/x509/x509_cmp.c line 321
        Throws:
        java.lang.Exception

      • toHex

        private static java.lang.String toHex​(byte[] bin)