Search in sources :

Example 1 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class TestPEMFileBasedKeyStore method testUserCerts.

@Test
public void testUserCerts() throws Exception {
    PEMKeyStore store = new PEMKeyStore();
    // Parameters in properties file
    Properties properties = new Properties();
    properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    InputStream ins = null;
    try {
        ins = getProperties(properties);
        store.engineLoad(ins, null);
    } finally {
        if (ins != null) {
            ins.close();
        }
    }
    Enumeration aliases = store.engineAliases();
    assertTrue(aliases.hasMoreElements());
    String alias = (String) aliases.nextElement();
    Key key = store.engineGetKey(alias, null);
    assertNotNull(key);
    assertTrue(key instanceof PrivateKey);
    Certificate[] chain = store.engineGetCertificateChain(alias);
    assertNotNull(chain);
    Certificate certificate = store.engineGetCertificate(alias);
    assertNull(certificate);
    X509Credential x509Credential = new X509Credential(new FileInputStream(this.certFile.getAbsoluteFilename()), new FileInputStream(this.keyFile.getAbsoluteFilename()));
    assertEquals(key, x509Credential.getPrivateKey());
    Certificate[] x509CredentialChain = x509Credential.getCertificateChain();
    assertEquals(chain.length, x509CredentialChain.length);
    for (int i = 0; i < chain.length; i++) {
        assert (chain[i].equals(x509CredentialChain[i]));
    }
    store = new PEMKeyStore();
    properties.setProperty(PEMKeyStore.CERTIFICATE_FILENAME, new GlobusResource(this.certFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    properties.setProperty(PEMKeyStore.KEY_FILENAME, new GlobusResource(this.keyEncFile.getTempFile().getAbsolutePath()).getURL().toExternalForm());
    try {
        ins = getProperties(properties);
        store.engineLoad(ins, null);
    } finally {
        if (ins != null) {
            ins.close();
        }
    }
    aliases = store.engineAliases();
    assert (aliases.hasMoreElements());
    alias = (String) aliases.nextElement();
    try {
        store.engineGetKey(alias, null);
        fail();
    } catch (UnrecoverableKeyException e) {
    // this had better fail
    }
    key = store.engineGetKey(alias, "test".toCharArray());
    assertNotNull(key);
    assertTrue(key instanceof PrivateKey);
    chain = store.engineGetCertificateChain(alias);
    assertNotNull(chain);
}
Also used : Enumeration(java.util.Enumeration) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) Properties(java.util.Properties) FileInputStream(java.io.FileInputStream) PEMKeyStore(org.globus.gsi.stores.PEMKeyStore) X509Credential(org.globus.gsi.X509Credential) UnrecoverableKeyException(java.security.UnrecoverableKeyException) GlobusResource(org.globus.util.GlobusResource) Key(java.security.Key) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 2 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSContextTest method testDelegation.

// basic delegation tests
public void testDelegation() throws Exception {
    // enable delegation
    clientContext.requestCredDeleg(true);
    assertTrue(clientContext.getCredDelegState());
    clientContext.requestConf(true);
    ExtendedGSSContext ctx = (ExtendedGSSContext) clientContext;
    ctx.setOption(GSSConstants.DELEGATION_TYPE, GSIConstants.DELEGATION_TYPE_FULL);
    assertTrue(ctx.getOption(GSSConstants.DELEGATION_TYPE) == GSIConstants.DelegationType.FULL);
    ctx.setOption(GSSConstants.AUTHZ_REQUIRED_WITH_DELEGATION, Boolean.TRUE);
    establishContext();
    ExtendedGSSCredential cred = null;
    cred = (ExtendedGSSCredential) serverContext.getDelegCred();
    assertTrue(cred != null);
    X509Credential proxy = null;
    proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
    assertTrue(proxy != null);
    assertTrue((proxy.getProxyType() == CertificateType.GSI_2_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_IMPERSONATION_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_IMPERSONATION_PROXY));
    logger.debug(proxy);
    GSSManager manager = getGSSManager();
    GSSCredential gssCred = manager.createCredential(GSSCredential.INITIATE_ONLY);
    // create server ctx using delegated cred
    serverContext = manager.createContext((GSSCredential) null);
    // create client ctx using default creds
    clientContext = manager.createContext(gssCred.getName(), GSSConstants.MECH_OID, cred, GSSContext.DEFAULT_LIFETIME);
    clientContext.requestCredDeleg(true);
    assertTrue(clientContext.getCredDelegState());
    establishContext();
    cred = (ExtendedGSSCredential) serverContext.getDelegCred();
    assertTrue(cred != null);
    proxy = ((GlobusGSSCredentialImpl) cred).getX509Credential();
    assertTrue(proxy != null);
    assertTrue((proxy.getProxyType() == CertificateType.GSI_2_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_3_LIMITED_PROXY) || (proxy.getProxyType() == CertificateType.GSI_4_LIMITED_PROXY));
    logger.debug(proxy);
}
Also used : ExtendedGSSContext(org.gridforum.jgss.ExtendedGSSContext) X509Credential(org.globus.gsi.X509Credential) ExtendedGSSCredential(org.gridforum.jgss.ExtendedGSSCredential) ExtendedGSSCredential(org.gridforum.jgss.ExtendedGSSCredential) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager)

Example 3 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSCredentialTest method buildSelfSigned.

private X509Credential buildSelfSigned() throws GeneralSecurityException {
    KeyPair kp = kpg.generateKeyPair();
    PrivateKey privateKey = kp.getPrivate();
    certificateGenerator.setPublicKey(kp.getPublic());
    X509Certificate certificate = certificateGenerator.generate(privateKey);
    X509Certificate[] certChain = new X509Certificate[] { certificate };
    return new X509Credential(privateKey, certChain);
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) X509Credential(org.globus.gsi.X509Credential) X509Certificate(java.security.cert.X509Certificate)

Example 4 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class PEMKeyStore method engineSetKeyEntry.

/**
 * Add a new private key to the keystore.
 *
 * @param s
 *            The alias for the object.
 * @param key
 *            The private key.
 * @param chars
 *            The password.
 * @param certificates
 *            The key's certificate chain.
 * @throws KeyStoreException
 */
@Override
public void engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates) throws KeyStoreException {
    if (!(key instanceof PrivateKey)) {
        throw new KeyStoreException("PrivateKey expected");
    }
    if (!(certificates instanceof X509Certificate[])) {
        throw new KeyStoreException("Certificate chain of X509Certificate expected");
    }
    CredentialWrapper wrapper;
    X509Credential credential = new X509Credential((PrivateKey) key, (X509Certificate[]) certificates);
    if (credential.isEncryptedKey()) {
        wrapper = createCertKeyCredential(s, credential);
    } else {
        wrapper = createProxyCredential(s, credential);
    }
    storeWrapper(wrapper);
    this.aliasObjectMap.put(wrapper.getAlias(), wrapper);
}
Also used : PrivateKey(java.security.PrivateKey) X509Credential(org.globus.gsi.X509Credential) KeyStoreException(java.security.KeyStoreException) X509Certificate(java.security.cert.X509Certificate)

Example 5 with X509Credential

use of org.globus.gsi.X509Credential in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class ResourceProxyCredential method store.

public void store() throws ResourceStoreException {
    try {
        X509Credential credential = getCredential();
        credential.writeToFile(globusResource.getFile());
    } catch (IOException ioe) {
        throw new ResourceStoreException(ioe);
    } catch (CertificateEncodingException e) {
        throw new ResourceStoreException(e);
    }
}
Also used : X509Credential(org.globus.gsi.X509Credential) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException)

Aggregations

X509Credential (org.globus.gsi.X509Credential)21 IOException (java.io.IOException)12 GSSException (org.ietf.jgss.GSSException)10 X509Certificate (java.security.cert.X509Certificate)9 ByteArrayInputStream (java.io.ByteArrayInputStream)7 GeneralSecurityException (java.security.GeneralSecurityException)7 InputStream (java.io.InputStream)6 FileInputStream (java.io.FileInputStream)4 PrivateKey (java.security.PrivateKey)4 SSLException (javax.net.ssl.SSLException)4 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)4 CredentialException (org.globus.gsi.CredentialException)4 GlobusGSSCredentialImpl (org.globus.gsi.gssapi.GlobusGSSCredentialImpl)4 ExtendedGSSCredential (org.gridforum.jgss.ExtendedGSSCredential)4 KeyPair (java.security.KeyPair)3 Certificate (java.security.cert.Certificate)3 GSSCredential (org.ietf.jgss.GSSCredential)3 GSSManager (org.ietf.jgss.GSSManager)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 FileOutputStream (java.io.FileOutputStream)2