Search in sources :

Example 1 with GlobusGSSCredentialImpl

use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSCredentialTest method testImportExportOpaque.

public void testImportExportOpaque() throws Exception {
    GlobusGSSCredentialImpl cred = (GlobusGSSCredentialImpl) manager.createCredential(GSSCredential.ACCEPT_ONLY);
    assertTrue(cred != null);
    byte[] data = cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE);
    assertTrue(data != null);
    logger.debug(new String(data));
    GlobusGSSCredentialImpl cred2 = (GlobusGSSCredentialImpl) manager.createCredential(data, ExtendedGSSCredential.IMPEXP_OPAQUE, GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.ACCEPT_ONLY);
    assertTrue(cred2 != null);
    assertEquals(cred.getPrivateKey(), cred2.getPrivateKey());
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl)

Example 2 with GlobusGSSCredentialImpl

use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSCredentialTest method serialiseAndDeserialise.

private GlobusGSSCredentialImpl serialiseAndDeserialise(GSSCredential credential) throws IOException, ClassNotFoundException {
    if (!(credential instanceof GlobusGSSCredentialImpl)) {
        throw new RuntimeException("credential not a GlobusGSSCredentialImpl");
    }
    ByteArrayOutputStream storage = new ByteArrayOutputStream();
    new ObjectOutputStream(storage).writeObject(credential);
    byte[] data = storage.toByteArray();
    ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(data));
    return (GlobusGSSCredentialImpl) in.readObject();
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) ObjectInputStream(java.io.ObjectInputStream)

Example 3 with GlobusGSSCredentialImpl

use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GlobusGSSCredentialTest method testImportExportMechSpecific.

public void testImportExportMechSpecific() throws Exception {
    GlobusGSSCredentialImpl cred = (GlobusGSSCredentialImpl) manager.createCredential(GSSCredential.ACCEPT_ONLY);
    assertTrue(cred != null);
    byte[] data = cred.export(ExtendedGSSCredential.IMPEXP_MECH_SPECIFIC);
    assertTrue(data != null);
    String handle = new String(data);
    logger.debug(handle);
    GlobusGSSCredentialImpl cred2 = (GlobusGSSCredentialImpl) manager.createCredential(data, ExtendedGSSCredential.IMPEXP_MECH_SPECIFIC, GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.ACCEPT_ONLY);
    assertTrue(cred2 != null);
    assertEquals(cred.getPrivateKey(), cred2.getPrivateKey());
    handle = handle.substring(handle.indexOf('=') + 1);
    assertTrue((new File(handle)).delete());
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl) File(java.io.File)

Example 4 with GlobusGSSCredentialImpl

use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class MyProxy method get.

/**
 * Retrieves delegated credentials from the MyProxy server.
 *
 * @param  credential
 *         The local GSI credentials to use for authentication.
 *         Can be set to null if no local credentials.
 * @param  params
 *         The parameters for the get operation.
 * @return GSSCredential
 *         The retrieved delegated credentials.
 * @exception MyProxyException
 *         If an error occurred during the operation.
 */
public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException {
    if (params == null) {
        throw new IllegalArgumentException("params == null");
    }
    if (credential == null) {
        try {
            credential = getAnonymousCredential();
        } catch (GSSException e) {
            throw new MyProxyException("Failed to create anonymous credentials", e);
        }
    }
    String msg = params.makeRequest();
    Socket gsiSocket = null;
    OutputStream out = null;
    InputStream in = null;
    try {
        gsiSocket = getSocket(credential);
        if (credential.getName().isAnonymous()) {
            this.context.requestAnonymity(true);
        }
        out = gsiSocket.getOutputStream();
        in = gsiSocket.getInputStream();
        if (!((GssSocket) gsiSocket).getContext().getConfState())
            throw new Exception("Confidentiality requested but not available");
        // send message
        out.write(msg.getBytes());
        out.flush();
        if (logger.isDebugEnabled()) {
            logger.debug("Req sent:" + params);
        }
        // may require authz handshake
        handleReply(in, out, params.getAuthzCreds(), params.getWantTrustroots());
        // start delegation - generate key pair
        KeyPair keyPair = CertificateUtil.generateKeyPair("RSA", DEFAULT_KEYBITS);
        // According to the MyProxy protocol, the MyProxy server
        // will ignore the subject in the client's certificate
        // signing request (CSR). However, in some cases it is
        // helpful to control the CSR subject (for example, when
        // the MyProxy server is using a CA back-end that can only
        // issue certificates with subjects matching the request).
        // So we construct the CSR subject using the given MyProxy
        // username (if possible).
        String CSRsubjectString = params.getUserName();
        CSRsubjectString = CSRsubjectString.trim();
        if (CSRsubjectString.contains("CN=") || CSRsubjectString.contains("cn=")) {
            // If the MyProxy username is a DN, use it.
            if (CSRsubjectString.charAt(0) == '/') {
                // "good enough" conversion of OpenSSL DN strings
                CSRsubjectString = CSRsubjectString.substring(1);
                CSRsubjectString = CSRsubjectString.replace('/', ',');
            }
        } else {
            CSRsubjectString = "CN=" + CSRsubjectString;
        }
        X509Name CSRsubjectName;
        try {
            CSRsubjectName = new X509Name(CSRsubjectString);
        } catch (Exception e) {
            // If our X509Name construction fails for any reason,
            // just use a default value (as in the past).
            CSRsubjectName = new X509Name("CN=ignore");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("CSR subject: " + CSRsubjectName.toString());
        }
        BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault();
        byte[] req = null;
        req = certFactory.createCertificateRequest(CSRsubjectName, "SHA1WithRSAEncryption", keyPair);
        // send the request to server
        out.write(req);
        out.flush();
        // read the number of certificates
        int size = in.read();
        if (logger.isDebugEnabled()) {
            logger.debug("Reading " + size + " certs");
        }
        X509Certificate[] chain = new X509Certificate[size];
        for (int i = 0; i < size; i++) {
            chain[i] = certFactory.loadCertificate(in);
            // DEBUG: display the cert names
            if (logger.isDebugEnabled()) {
                logger.debug("Received cert: " + chain[i].getSubjectDN());
            }
        }
        // get the response
        handleReply(in);
        // make sure the private key belongs to the right public key
        // currently only works with RSA keys
        RSAPublicKey pkey = (RSAPublicKey) chain[0].getPublicKey();
        RSAPrivateKey prkey = (RSAPrivateKey) keyPair.getPrivate();
        if (!pkey.getModulus().equals(prkey.getModulus())) {
            throw new MyProxyException("Private/Public key mismatch!");
        }
        X509Credential newCredential = null;
        newCredential = new X509Credential(keyPair.getPrivate(), chain);
        return new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
    } catch (Exception e) {
        throw new MyProxyException("MyProxy get failed.", e);
    } finally {
        // close socket
        close(out, in, gsiSocket);
    }
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl) GssSocket(org.globus.gsi.gssapi.net.GssSocket) KeyPair(java.security.KeyPair) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) DataOutputStream(java.io.DataOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) GSSException(org.ietf.jgss.GSSException) EOFException(java.io.EOFException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) X509Certificate(java.security.cert.X509Certificate) X509Name(org.bouncycastle.asn1.x509.X509Name) X509Credential(org.globus.gsi.X509Credential) GSSException(org.ietf.jgss.GSSException) RSAPublicKey(java.security.interfaces.RSAPublicKey) BouncyCastleCertProcessingFactory(org.globus.gsi.bc.BouncyCastleCertProcessingFactory) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) SSLSocket(javax.net.ssl.SSLSocket) GssSocket(org.globus.gsi.gssapi.net.GssSocket) Socket(java.net.Socket)

Example 5 with GlobusGSSCredentialImpl

use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class MyProxyCLI method createNewProxy.

private static GSSCredential createNewProxy(String userCertFile, String userKeyFile, int lifetime, boolean stdin) {
    X509Certificate[] userCerts = null;
    PrivateKey userKey = null;
    try {
        OpenSSLKey key = new BouncyCastleOpenSSLKey(userKeyFile);
        if (key.isEncrypted()) {
            String prompt = "Enter GRID pass phrase: ";
            String pwd = (stdin) ? Util.getInput(prompt) : Util.getPrivateInput(prompt);
            if (pwd == null) {
                System.exit(-1);
            }
            key.decrypt(pwd);
        }
        userKey = key.getPrivateKey();
    } catch (IOException e) {
        System.err.println("Error: Failed to load key: " + userKeyFile);
        System.exit(-1);
    } catch (GeneralSecurityException e) {
        System.err.println("Error: Wrong pass phrase");
        System.exit(-1);
    }
    try {
        userCerts = CertificateLoadUtil.loadCertificates(userCertFile);
    } catch (IOException e) {
        System.err.println("Error: Failed to load cert: " + userCertFile);
        System.exit(-1);
    } catch (GeneralSecurityException e) {
        System.err.println("Error: Unable to load user certificate: " + userCertFile + " : " + e.getMessage());
        System.exit(-1);
    }
    BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault();
    int bits = org.globus.myproxy.MyProxy.DEFAULT_KEYBITS;
    boolean limited = false;
    GSIConstants.DelegationType proxyType = (limited) ? GSIConstants.DelegationType.LIMITED : GSIConstants.DelegationType.FULL;
    try {
        X509Credential proxy = factory.createCredential(userCerts, userKey, bits, lifetime, proxyType);
        return new GlobusGSSCredentialImpl(proxy, GSSCredential.INITIATE_ONLY);
    } catch (Exception e) {
        System.err.println("Failed to create a proxy: " + e.getMessage());
        System.exit(-1);
    }
    return null;
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) OpenSSLKey(org.globus.gsi.OpenSSLKey) BouncyCastleOpenSSLKey(org.globus.gsi.bc.BouncyCastleOpenSSLKey) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) GSSException(org.ietf.jgss.GSSException) BouncyCastleOpenSSLKey(org.globus.gsi.bc.BouncyCastleOpenSSLKey) GSIConstants(org.globus.gsi.GSIConstants) X509Credential(org.globus.gsi.X509Credential) BouncyCastleCertProcessingFactory(org.globus.gsi.bc.BouncyCastleCertProcessingFactory)

Aggregations

GlobusGSSCredentialImpl (org.globus.gsi.gssapi.GlobusGSSCredentialImpl)12 IOException (java.io.IOException)6 OutputStream (java.io.OutputStream)6 GeneralSecurityException (java.security.GeneralSecurityException)6 GSSException (org.ietf.jgss.GSSException)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)5 InputStream (java.io.InputStream)5 DataOutputStream (java.io.DataOutputStream)4 EOFException (java.io.EOFException)4 FileOutputStream (java.io.FileOutputStream)4 UnknownHostException (java.net.UnknownHostException)4 X509Certificate (java.security.cert.X509Certificate)4 X509Credential (org.globus.gsi.X509Credential)4 GssSocket (org.globus.gsi.gssapi.net.GssSocket)4 FileInputStream (java.io.FileInputStream)3 Socket (java.net.Socket)3 SSLSocket (javax.net.ssl.SSLSocket)3 BouncyCastleCertProcessingFactory (org.globus.gsi.bc.BouncyCastleCertProcessingFactory)3 ExtendedGSSContext (org.gridforum.jgss.ExtendedGSSContext)3