use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GlobusGSSCredentialTest method testImportExportOpaque.
public void testImportExportOpaque() throws Exception {
GlobusGSSCredentialImpl cred = (GlobusGSSCredentialImpl) manager.createCredential(GSSCredential.ACCEPT_ONLY);
assertTrue(cred != null);
byte[] data = cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE);
assertTrue(data != null);
logger.debug(new String(data));
GlobusGSSCredentialImpl cred2 = (GlobusGSSCredentialImpl) manager.createCredential(data, ExtendedGSSCredential.IMPEXP_OPAQUE, GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.ACCEPT_ONLY);
assertTrue(cred2 != null);
assertEquals(cred.getPrivateKey(), cred2.getPrivateKey());
}
use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GlobusGSSCredentialTest method serialiseAndDeserialise.
private GlobusGSSCredentialImpl serialiseAndDeserialise(GSSCredential credential) throws IOException, ClassNotFoundException {
if (!(credential instanceof GlobusGSSCredentialImpl)) {
throw new RuntimeException("credential not a GlobusGSSCredentialImpl");
}
ByteArrayOutputStream storage = new ByteArrayOutputStream();
new ObjectOutputStream(storage).writeObject(credential);
byte[] data = storage.toByteArray();
ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(data));
return (GlobusGSSCredentialImpl) in.readObject();
}
use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GlobusGSSCredentialTest method testImportExportMechSpecific.
public void testImportExportMechSpecific() throws Exception {
GlobusGSSCredentialImpl cred = (GlobusGSSCredentialImpl) manager.createCredential(GSSCredential.ACCEPT_ONLY);
assertTrue(cred != null);
byte[] data = cred.export(ExtendedGSSCredential.IMPEXP_MECH_SPECIFIC);
assertTrue(data != null);
String handle = new String(data);
logger.debug(handle);
GlobusGSSCredentialImpl cred2 = (GlobusGSSCredentialImpl) manager.createCredential(data, ExtendedGSSCredential.IMPEXP_MECH_SPECIFIC, GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.ACCEPT_ONLY);
assertTrue(cred2 != null);
assertEquals(cred.getPrivateKey(), cred2.getPrivateKey());
handle = handle.substring(handle.indexOf('=') + 1);
assertTrue((new File(handle)).delete());
}
use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class MyProxy method get.
/**
* Retrieves delegated credentials from the MyProxy server.
*
* @param credential
* The local GSI credentials to use for authentication.
* Can be set to null if no local credentials.
* @param params
* The parameters for the get operation.
* @return GSSCredential
* The retrieved delegated credentials.
* @exception MyProxyException
* If an error occurred during the operation.
*/
public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException {
if (params == null) {
throw new IllegalArgumentException("params == null");
}
if (credential == null) {
try {
credential = getAnonymousCredential();
} catch (GSSException e) {
throw new MyProxyException("Failed to create anonymous credentials", e);
}
}
String msg = params.makeRequest();
Socket gsiSocket = null;
OutputStream out = null;
InputStream in = null;
try {
gsiSocket = getSocket(credential);
if (credential.getName().isAnonymous()) {
this.context.requestAnonymity(true);
}
out = gsiSocket.getOutputStream();
in = gsiSocket.getInputStream();
if (!((GssSocket) gsiSocket).getContext().getConfState())
throw new Exception("Confidentiality requested but not available");
// send message
out.write(msg.getBytes());
out.flush();
if (logger.isDebugEnabled()) {
logger.debug("Req sent:" + params);
}
// may require authz handshake
handleReply(in, out, params.getAuthzCreds(), params.getWantTrustroots());
// start delegation - generate key pair
KeyPair keyPair = CertificateUtil.generateKeyPair("RSA", DEFAULT_KEYBITS);
// According to the MyProxy protocol, the MyProxy server
// will ignore the subject in the client's certificate
// signing request (CSR). However, in some cases it is
// helpful to control the CSR subject (for example, when
// the MyProxy server is using a CA back-end that can only
// issue certificates with subjects matching the request).
// So we construct the CSR subject using the given MyProxy
// username (if possible).
String CSRsubjectString = params.getUserName();
CSRsubjectString = CSRsubjectString.trim();
if (CSRsubjectString.contains("CN=") || CSRsubjectString.contains("cn=")) {
// If the MyProxy username is a DN, use it.
if (CSRsubjectString.charAt(0) == '/') {
// "good enough" conversion of OpenSSL DN strings
CSRsubjectString = CSRsubjectString.substring(1);
CSRsubjectString = CSRsubjectString.replace('/', ',');
}
} else {
CSRsubjectString = "CN=" + CSRsubjectString;
}
X509Name CSRsubjectName;
try {
CSRsubjectName = new X509Name(CSRsubjectString);
} catch (Exception e) {
// If our X509Name construction fails for any reason,
// just use a default value (as in the past).
CSRsubjectName = new X509Name("CN=ignore");
}
if (logger.isDebugEnabled()) {
logger.debug("CSR subject: " + CSRsubjectName.toString());
}
BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault();
byte[] req = null;
req = certFactory.createCertificateRequest(CSRsubjectName, "SHA1WithRSAEncryption", keyPair);
// send the request to server
out.write(req);
out.flush();
// read the number of certificates
int size = in.read();
if (logger.isDebugEnabled()) {
logger.debug("Reading " + size + " certs");
}
X509Certificate[] chain = new X509Certificate[size];
for (int i = 0; i < size; i++) {
chain[i] = certFactory.loadCertificate(in);
// DEBUG: display the cert names
if (logger.isDebugEnabled()) {
logger.debug("Received cert: " + chain[i].getSubjectDN());
}
}
// get the response
handleReply(in);
// make sure the private key belongs to the right public key
// currently only works with RSA keys
RSAPublicKey pkey = (RSAPublicKey) chain[0].getPublicKey();
RSAPrivateKey prkey = (RSAPrivateKey) keyPair.getPrivate();
if (!pkey.getModulus().equals(prkey.getModulus())) {
throw new MyProxyException("Private/Public key mismatch!");
}
X509Credential newCredential = null;
newCredential = new X509Credential(keyPair.getPrivate(), chain);
return new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
} catch (Exception e) {
throw new MyProxyException("MyProxy get failed.", e);
} finally {
// close socket
close(out, in, gsiSocket);
}
}
use of org.globus.gsi.gssapi.GlobusGSSCredentialImpl in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class MyProxyCLI method createNewProxy.
private static GSSCredential createNewProxy(String userCertFile, String userKeyFile, int lifetime, boolean stdin) {
X509Certificate[] userCerts = null;
PrivateKey userKey = null;
try {
OpenSSLKey key = new BouncyCastleOpenSSLKey(userKeyFile);
if (key.isEncrypted()) {
String prompt = "Enter GRID pass phrase: ";
String pwd = (stdin) ? Util.getInput(prompt) : Util.getPrivateInput(prompt);
if (pwd == null) {
System.exit(-1);
}
key.decrypt(pwd);
}
userKey = key.getPrivateKey();
} catch (IOException e) {
System.err.println("Error: Failed to load key: " + userKeyFile);
System.exit(-1);
} catch (GeneralSecurityException e) {
System.err.println("Error: Wrong pass phrase");
System.exit(-1);
}
try {
userCerts = CertificateLoadUtil.loadCertificates(userCertFile);
} catch (IOException e) {
System.err.println("Error: Failed to load cert: " + userCertFile);
System.exit(-1);
} catch (GeneralSecurityException e) {
System.err.println("Error: Unable to load user certificate: " + userCertFile + " : " + e.getMessage());
System.exit(-1);
}
BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault();
int bits = org.globus.myproxy.MyProxy.DEFAULT_KEYBITS;
boolean limited = false;
GSIConstants.DelegationType proxyType = (limited) ? GSIConstants.DelegationType.LIMITED : GSIConstants.DelegationType.FULL;
try {
X509Credential proxy = factory.createCredential(userCerts, userKey, bits, lifetime, proxyType);
return new GlobusGSSCredentialImpl(proxy, GSSCredential.INITIATE_ONLY);
} catch (Exception e) {
System.err.println("Failed to create a proxy: " + e.getMessage());
System.exit(-1);
}
return null;
}
Aggregations