Examples with X509Credential org.globus.gsi.X509Credential used on opensource projects

Example 1 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class TestPEMFileBasedKeyStore method testUserCerts.

@Test
public void testUserCerts() throws Exception {
    PEMKeyStore store = new PEMKeyStore();
    // Parameters in properties file
    Properties properties = new Properties();
    properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    InputStream ins = null;
    try {
        ins = getProperties(properties);
        store.engineLoad(ins, null);
    } finally {
        if (ins != null) {
            ins.close();
        }
    }
    Enumeration aliases = store.engineAliases();
    assertTrue(aliases.hasMoreElements());
    String alias = (String) aliases.nextElement();
    Key key = store.engineGetKey(alias, null);
    assertNotNull(key);
    assertTrue(key instanceof PrivateKey);
    Certificate[] chain = store.engineGetCertificateChain(alias);
    assertNotNull(chain);
    Certificate certificate = store.engineGetCertificate(alias);
    assertNull(certificate);
    X509Credential x509Credential = new X509Credential(new FileInputStream(this.certFile.getAbsoluteFilename()), new FileInputStream(this.keyFile.getAbsoluteFilename()));
    assertEquals(key, x509Credential.getPrivateKey());
    Certificate[] x509CredentialChain = x509Credential.getCertificateChain();
    assertEquals(chain.length, x509CredentialChain.length);
    for (int i = 0; i < chain.length; i++) {
        assert (chain[i].equals(x509CredentialChain[i]));
    }
    store = new PEMKeyStore();
    properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyEncFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    try {
        ins = getProperties(properties);
        store.engineLoad(ins, null);
    } finally {
        if (ins != null) {
            ins.close();
        }
    }
    aliases = store.engineAliases();
    assert (aliases.hasMoreElements());
    alias = (String) aliases.nextElement();
    try {
        store.engineGetKey(alias, null);
        fail();
    } catch (UnrecoverableKeyException e) {
    // this had better fail
    }
    key = store.engineGetKey(alias, "test".toCharArray());
    assertNotNull(key);
    assertTrue(key instanceof PrivateKey);
    chain = store.engineGetCertificateChain(alias);
    assertNotNull(chain);
}

Example 2 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSContextTest method testDelegation.

// basic delegation tests
public void testDelegation() throws Exception {
    // enable delegation
    clientContext.requestCredDeleg(true);
    assertTrue(clientContext.getCredDelegState());
    clientContext.requestConf(true);
    ExtendedGSSContext ctx = (ExtendedGSSContext) clientContext;
    ctx.setOption(GSSConstants.DELEGATION_TYPE, GSIConstants.DELEGATION_TYPE_FULL);
    assertTrue(ctx.getOption(GSSConstants.DELEGATION_TYPE) == GSIConstants.DelegationType.FULL);
    ctx.setOption(GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION, Boolean.TRUE);
    establishContext();
    ExtendedGSSCredential cred = null;
    cred = (ExtendedGSSCredential) serverContext.getDelegCred();
    assertTrue(cred != null);
    X509Credential proxy = null;
    proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
    assertTrue(proxy != null);
    assertTrue((proxy.getProxyType() == CertificateType.GSI_2_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_IMPERSONATION_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_IMPERSONATION_PROXY));
    logger.debug(proxy);
    GSSManager manager = getGSSManager();
    GSSCredential gssCred = manager.createCredential(GSSCredential.INITIATE_ONLY);
    // create server ctx using delegated cred
    serverContext = manager.createContext((GSSCredential) null);
    // create client ctx using default creds
    clientContext = manager.createContext(gssCred.getName(), GSSConstants.MECH_OID, cred, GSSContext.DEFAULT_LIFETIME);
    clientContext.requestCredDeleg(true);
    assertTrue(clientContext.getCredDelegState());
    establishContext();
    cred = (ExtendedGSSCredential) serverContext.getDelegCred();
    assertTrue(cred != null);
    proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
    assertTrue(proxy != null);
    assertTrue((proxy.getProxyType() == CertificateType.GSI_2_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_LIMITED_PROXY));
    logger.debug(proxy);
}

Example 3 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSCredentialTest method buildSelfSigned.

private X509Credential buildSelfSigned() throws GeneralSecurityException {
    KeyPair kp = kpg.generateKeyPair();
    PrivateKey privateKey = kp.getPrivate();
    certificateGenerator.setPublicKey(kp.getPublic());
    X509Certificate certificate = certificateGenerator.generate(privateKey);
    X509Certificate[] certChain = new X509Certificate[] { certificate };
    return new X509Credential(privateKey, certChain);
}

Example 4 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class PEMKeyStore method engineSetKeyEntry.

/**
 * Add a new private key to the keystore.
 *
 * @param s
 *            The alias for the object.
 * @param key
 *            The private key.
 * @param chars
 *            The password.
 * @param certificates
 *            The key's certificate chain.
 * @throws KeyStoreException
 */
@Override
public void engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates) throws KeyStoreException {
    if (!(key instanceof PrivateKey)) {
        throw new KeyStoreException("PrivateKey expected");
    }
    if (!(certificates instanceof X509Certificate[])) {
        throw new KeyStoreException("Certificate chain of X509Certificate expected");
    }
    CredentialWrapper wrapper;
    X509Credential credential = new X509Credential((PrivateKey) key, (X509Certificate[]) certificates);
    if (credential.isEncryptedKey()) {
        wrapper = createCertKeyCredential(s, credential);
    } else {
        wrapper = createProxyCredential(s, credential);
    }
    storeWrapper(wrapper);
    this.aliasObjectMap.put(wrapper.getAlias(), wrapper);
}

Example 5 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class ResourceProxyCredential method store.

public void store() throws ResourceStoreException {
    try {
        X509Credential credential = getCredential();
        credential.writeToFile(globusResource.getFile());
    } catch (IOException ioe) {
        throw new ResourceStoreException(ioe);
    } catch (CertificateEncodingException e) {
        throw new ResourceStoreException(e);
    }
}