use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class TestPEMFileBasedKeyStore method testUserCerts.
@Test
public void testUserCerts() throws Exception {
PEMKeyStore store = new PEMKeyStore();
// Parameters in properties file
Properties properties = new Properties();
properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
InputStream ins = null;
try {
ins = getProperties(properties);
store.engineLoad(ins, null);
} finally {
if (ins != null) {
ins.close();
}
}
Enumeration aliases = store.engineAliases();
assertTrue(aliases.hasMoreElements());
String alias = (String) aliases.nextElement();
Key key = store.engineGetKey(alias, null);
assertNotNull(key);
assertTrue(key instanceof PrivateKey);
Certificate[] chain = store.engineGetCertificateChain(alias);
assertNotNull(chain);
Certificate certificate = store.engineGetCertificate(alias);
assertNull(certificate);
X509Credential x509Credential = new X509Credential(new FileInputStream(this.certFile.getAbsoluteFilename()), new FileInputStream(this.keyFile.getAbsoluteFilename()));
assertEquals(key, x509Credential.getPrivateKey());
Certificate[] x509CredentialChain = x509Credential.getCertificateChain();
assertEquals(chain.length, x509CredentialChain.length);
for (int i = 0; i < chain.length; i++) {
assert (chain[i].equals(x509CredentialChain[i]));
}
store = new PEMKeyStore();
properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyEncFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
try {
ins = getProperties(properties);
store.engineLoad(ins, null);
} finally {
if (ins != null) {
ins.close();
}
}
aliases = store.engineAliases();
assert (aliases.hasMoreElements());
alias = (String) aliases.nextElement();
try {
store.engineGetKey(alias, null);
fail();
} catch (UnrecoverableKeyException e) {
// this had better fail
}
key = store.engineGetKey(alias, "test".toCharArray());
assertNotNull(key);
assertTrue(key instanceof PrivateKey);
chain = store.engineGetCertificateChain(alias);
assertNotNull(chain);
}
use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GlobusGSSContextTest method testDelegation.
// basic delegation tests
public void testDelegation() throws Exception {
// enable delegation
clientContext.requestCredDeleg(true);
assertTrue(clientContext.getCredDelegState());
clientContext.requestConf(true);
ExtendedGSSContext ctx = (ExtendedGSSContext) clientContext;
ctx.setOption(GSSConstants.DELEGATION_TYPE, GSIConstants.DELEGATION_TYPE_FULL);
assertTrue(ctx.getOption(GSSConstants.DELEGATION_TYPE) == GSIConstants.DelegationType.FULL);
ctx.setOption(GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION, Boolean.TRUE);
establishContext();
ExtendedGSSCredential cred = null;
cred = (ExtendedGSSCredential) serverContext.getDelegCred();
assertTrue(cred != null);
X509Credential proxy = null;
proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
assertTrue(proxy != null);
assertTrue((proxy.getProxyType() == CertificateType.GSI_2_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_IMPERSONATION_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_IMPERSONATION_PROXY));
logger.debug(proxy);
GSSManager manager = getGSSManager();
GSSCredential gssCred = manager.createCredential(GSSCredential.INITIATE_ONLY);
// create server ctx using delegated cred
serverContext = manager.createContext((GSSCredential) null);
// create client ctx using default creds
clientContext = manager.createContext(gssCred.getName(), GSSConstants.MECH_OID, cred, GSSContext.DEFAULT_LIFETIME);
clientContext.requestCredDeleg(true);
assertTrue(clientContext.getCredDelegState());
establishContext();
cred = (ExtendedGSSCredential) serverContext.getDelegCred();
assertTrue(cred != null);
proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
assertTrue(proxy != null);
assertTrue((proxy.getProxyType() == CertificateType.GSI_2_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_LIMITED_PROXY));
logger.debug(proxy);
}
use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GlobusGSSCredentialTest method buildSelfSigned.
private X509Credential buildSelfSigned() throws GeneralSecurityException {
KeyPair kp = kpg.generateKeyPair();
PrivateKey privateKey = kp.getPrivate();
certificateGenerator.setPublicKey(kp.getPublic());
X509Certificate certificate = certificateGenerator.generate(privateKey);
X509Certificate[] certChain = new X509Certificate[] { certificate };
return new X509Credential(privateKey, certChain);
}
use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class PEMKeyStore method engineSetKeyEntry.
/**
* Add a new private key to the keystore.
*
* @param s
* The alias for the object.
* @param key
* The private key.
* @param chars
* The password.
* @param certificates
* The key's certificate chain.
* @throws KeyStoreException
*/
@Override
public void engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates) throws KeyStoreException {
if (!(key instanceof PrivateKey)) {
throw new KeyStoreException("PrivateKey expected");
}
if (!(certificates instanceof X509Certificate[])) {
throw new KeyStoreException("Certificate chain of X509Certificate expected");
}
CredentialWrapper wrapper;
X509Credential credential = new X509Credential((PrivateKey) key, (X509Certificate[]) certificates);
if (credential.isEncryptedKey()) {
wrapper = createCertKeyCredential(s, credential);
} else {
wrapper = createProxyCredential(s, credential);
}
storeWrapper(wrapper);
this.aliasObjectMap.put(wrapper.getAlias(), wrapper);
}
use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class ResourceProxyCredential method store.
public void store() throws ResourceStoreException {
try {
X509Credential credential = getCredential();
credential.writeToFile(globusResource.getFile());
} catch (IOException ioe) {
throw new ResourceStoreException(ioe);
} catch (CertificateEncodingException e) {
throw new ResourceStoreException(e);
}
}
Aggregations