use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class HTTPSSender method getSocket.
protected void getSocket(SocketHolder sockHolder, MessageContext msgContext, String protocol, String host, int port, int timeout, StringBuffer otherHeaders, BooleanHolder useFullURL) throws Exception {
if (!protocol.equalsIgnoreCase("https")) {
throw new IOException("Invalid protocol");
}
int lport = (port == -1) ? 8443 : port;
SSLContextHelper helper = new SSLContextHelper(msgContext, host, lport);
super.getSocket(sockHolder, msgContext, "http", host, lport, timeout, otherHeaders, useFullURL);
GssSocket gsiSocket = helper.wrapSocket(sockHolder.getSocket());
sockHolder.setSocket(gsiSocket);
}
use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GassClientHandler method shutdown.
/**
* Shutdowns a remote gass server. The server must have the
* CLIENT_SHUTDOWN option enabled for this to work.
*
* @param cred credentials to use.
* @param gassURL the url of the remote gass server.
*/
public static void shutdown(GSSCredential cred, GlobusURL gassURL) throws IOException, GSSException {
OutputStream output = null;
InputStream input = null;
Socket socket = null;
try {
if (gassURL.getProtocol().equalsIgnoreCase("https")) {
GSSManager manager = ExtendedGSSManager.getInstance();
ExtendedGSSContext context = (ExtendedGSSContext) manager.createContext(null, GSSConstants.MECH_OID, cred, GSSContext.DEFAULT_LIFETIME);
context.setOption(GSSConstants.GSS_MODE, GSIConstants.MODE_SSL);
GssSocketFactory factory = GssSocketFactory.getDefault();
socket = factory.createSocket(gassURL.getHost(), gassURL.getPort(), context);
((GssSocket) socket).setAuthorization(SelfAuthorization.getInstance());
} else {
SocketFactory factory = SocketFactory.getDefault();
socket = factory.createSocket(gassURL.getHost(), gassURL.getPort());
}
output = socket.getOutputStream();
input = socket.getInputStream();
String msg = GASSProtocol.SHUTDOWN(SHUTDOWN_STR, gassURL.getHost());
if (logger.isTraceEnabled()) {
logger.trace("Shutdown msg: " + msg);
}
output.write(msg.getBytes());
output.flush();
HttpResponse rp = new HttpResponse(input);
if (rp.httpCode == -1 && rp.httpMsg == null) {
/* this is a workaround for C gass-server.
* The server just shuts down - it does
* not send the reply */
} else if (rp.httpCode != 200) {
throw new IOException("Remote shutdown failed (" + rp.httpCode + " " + rp.httpMsg + ")");
}
} finally {
try {
if (output != null)
output.close();
if (input != null)
input.close();
if (socket != null)
socket.close();
} catch (Exception e) {
}
}
}
use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class GssClient method connect.
public void connect(String host, int port, GetOpts opts) {
// to make sure we use right impl
GSSManager manager = new GlobusGSSManagerImpl();
ExtendedGSSContext context = null;
Socket s = null;
try {
context = (ExtendedGSSContext) manager.createContext(this.targetName, GSSConstants.MECH_OID, getCredential(manager), opts.lifetime);
context.requestCredDeleg(opts.deleg);
context.requestConf(opts.conf);
context.requestAnonymity(opts.anonymity);
context.setOption(GSSConstants.GSS_MODE, (opts.gsiMode) ? GSIConstants.MODE_GSI : GSIConstants.MODE_SSL);
if (opts.deleg) {
context.setOption(GSSConstants.DELEGATION_TYPE, (opts.limitedDeleg) ? GSIConstants.DELEGATION_TYPE_LIMITED : GSIConstants.DELEGATION_TYPE_FULL);
}
context.setOption(GSSConstants.REJECT_LIMITED_PROXY, new Boolean(opts.rejectLimitedProxy));
s = GssSocketFactory.getDefault().createSocket(host, port, context);
((GssSocket) s).setWrapMode(opts.wrapMode);
((GssSocket) s).setAuthorization(this.auth);
OutputStream out = s.getOutputStream();
InputStream in = s.getInputStream();
System.out.println("Context established.");
System.out.println("Initiator : " + context.getSrcName());
System.out.println("Acceptor : " + context.getTargName());
System.out.println("Lifetime : " + context.getLifetime());
System.out.println("Privacy : " + context.getConfState());
System.out.println("Anonymity : " + context.getAnonymityState());
String msg = "POST ping/jobmanager HTTP/1.1\r\n" + "Host: " + host + "\r\n" + "Content-Type: application/x-globus-gram\r\n" + "Content-Length: 0\r\n\r\n";
byte[] tmp = msg.getBytes();
out.write(tmp);
out.flush();
String line = null;
BufferedReader r = new BufferedReader(new InputStreamReader(in));
while ((line = r.readLine()) != null) {
System.out.println(line);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (s != null) {
try {
s.close();
} catch (Exception e) {
}
}
}
}
use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class MyProxy method get.
/**
* Retrieves delegated credentials from the MyProxy server.
*
* @param credential
* The local GSI credentials to use for authentication.
* Can be set to null if no local credentials.
* @param params
* The parameters for the get operation.
* @return GSSCredential
* The retrieved delegated credentials.
* @exception MyProxyException
* If an error occurred during the operation.
*/
public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException {
if (params == null) {
throw new IllegalArgumentException("params == null");
}
if (credential == null) {
try {
credential = getAnonymousCredential();
} catch (GSSException e) {
throw new MyProxyException("Failed to create anonymous credentials", e);
}
}
String msg = params.makeRequest();
Socket gsiSocket = null;
OutputStream out = null;
InputStream in = null;
try {
gsiSocket = getSocket(credential);
if (credential.getName().isAnonymous()) {
this.context.requestAnonymity(true);
}
out = gsiSocket.getOutputStream();
in = gsiSocket.getInputStream();
if (!((GssSocket) gsiSocket).getContext().getConfState())
throw new Exception("Confidentiality requested but not available");
// send message
out.write(msg.getBytes());
out.flush();
if (logger.isDebugEnabled()) {
logger.debug("Req sent:" + params);
}
// may require authz handshake
handleReply(in, out, params.getAuthzCreds(), params.getWantTrustroots());
// start delegation - generate key pair
KeyPair keyPair = CertificateUtil.generateKeyPair("RSA", DEFAULT_KEYBITS);
// According to the MyProxy protocol, the MyProxy server
// will ignore the subject in the client's certificate
// signing request (CSR). However, in some cases it is
// helpful to control the CSR subject (for example, when
// the MyProxy server is using a CA back-end that can only
// issue certificates with subjects matching the request).
// So we construct the CSR subject using the given MyProxy
// username (if possible).
String CSRsubjectString = params.getUserName();
CSRsubjectString = CSRsubjectString.trim();
if (CSRsubjectString.contains("CN=") || CSRsubjectString.contains("cn=")) {
// If the MyProxy username is a DN, use it.
if (CSRsubjectString.charAt(0) == '/') {
// "good enough" conversion of OpenSSL DN strings
CSRsubjectString = CSRsubjectString.substring(1);
CSRsubjectString = CSRsubjectString.replace('/', ',');
}
} else {
CSRsubjectString = "CN=" + CSRsubjectString;
}
X509Name CSRsubjectName;
try {
CSRsubjectName = new X509Name(CSRsubjectString);
} catch (Exception e) {
// If our X509Name construction fails for any reason,
// just use a default value (as in the past).
CSRsubjectName = new X509Name("CN=ignore");
}
if (logger.isDebugEnabled()) {
logger.debug("CSR subject: " + CSRsubjectName.toString());
}
BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault();
byte[] req = null;
req = certFactory.createCertificateRequest(CSRsubjectName, "SHA1WithRSAEncryption", keyPair);
// send the request to server
out.write(req);
out.flush();
// read the number of certificates
int size = in.read();
if (logger.isDebugEnabled()) {
logger.debug("Reading " + size + " certs");
}
X509Certificate[] chain = new X509Certificate[size];
for (int i = 0; i < size; i++) {
chain[i] = certFactory.loadCertificate(in);
// DEBUG: display the cert names
if (logger.isDebugEnabled()) {
logger.debug("Received cert: " + chain[i].getSubjectDN());
}
}
// get the response
handleReply(in);
// make sure the private key belongs to the right public key
// currently only works with RSA keys
RSAPublicKey pkey = (RSAPublicKey) chain[0].getPublicKey();
RSAPrivateKey prkey = (RSAPrivateKey) keyPair.getPrivate();
if (!pkey.getModulus().equals(prkey.getModulus())) {
throw new MyProxyException("Private/Public key mismatch!");
}
X509Credential newCredential = null;
newCredential = new X509Credential(keyPair.getPrivate(), chain);
return new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
} catch (Exception e) {
throw new MyProxyException("MyProxy get failed.", e);
} finally {
// close socket
close(out, in, gsiSocket);
}
}
use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.
the class MyProxy method info.
/**
* Retrieves credential information from MyProxy server.
*
* @param credential
* The local GSI credentials to use for authentication.
* @param params
* The parameters for the info operation.
* @exception MyProxyException
* If an error occurred during the operation.
* @return The array of credential information of all
* the user's credentials.
*/
public CredentialInfo[] info(GSSCredential credential, InfoParams params) throws MyProxyException {
if (credential == null) {
throw new IllegalArgumentException("credential == null");
}
if (params == null) {
throw new IllegalArgumentException("params == null");
}
String msg = params.makeRequest();
CredentialInfo[] creds = null;
Socket gsiSocket = null;
OutputStream out = null;
InputStream in = null;
try {
gsiSocket = getSocket(credential);
out = gsiSocket.getOutputStream();
in = gsiSocket.getInputStream();
if (!((GssSocket) gsiSocket).getContext().getConfState())
throw new Exception("Confidentiality requested but not available");
// send message
out.write(msg.getBytes());
out.flush();
if (logger.isDebugEnabled()) {
logger.debug("Req sent:" + params);
}
InputStream reply = handleReply(in);
String line = null;
String value = null;
Map credMap = new HashMap();
CredentialInfo info = new CredentialInfo();
while ((line = readLine(reply)) != null) {
if (line.startsWith(CRED_START_TIME)) {
value = line.substring(CRED_START_TIME.length());
info.setStartTime(Long.parseLong(value) * 1000);
} else if (line.startsWith(CRED_END_TIME)) {
value = line.substring(CRED_END_TIME.length());
info.setEndTime(Long.parseLong(value) * 1000);
} else if (line.startsWith(CRED_OWNER)) {
info.setOwner(line.substring(CRED_OWNER.length()));
} else if (line.startsWith(CRED_NAME)) {
info.setName(line.substring(CRED_NAME.length()));
} else if (line.startsWith(CRED_DESC)) {
info.setDescription(line.substring(CRED_DESC.length()));
} else if (line.startsWith(CRED_RENEWER)) {
info.setRenewers(line.substring(CRED_RENEWER.length()));
} else if (line.startsWith(CRED_RETRIEVER)) {
info.setRetrievers(line.substring(CRED_RETRIEVER.length()));
} else if (line.startsWith(CRED)) {
int pos = line.indexOf('=', CRED.length());
if (pos == -1) {
continue;
}
value = line.substring(pos + 1);
if (matches(line, pos + 1, OWNER)) {
String name = getCredName(line, pos, OWNER);
getCredentialInfo(credMap, name).setOwner(value);
} else if (matches(line, pos + 1, START_TIME)) {
String name = getCredName(line, pos, START_TIME);
getCredentialInfo(credMap, name).setStartTime(Long.parseLong(value) * 1000);
} else if (matches(line, pos + 1, END_TIME)) {
String name = getCredName(line, pos, END_TIME);
getCredentialInfo(credMap, name).setEndTime(Long.parseLong(value) * 1000);
} else if (matches(line, pos + 1, DESC)) {
String name = getCredName(line, pos, DESC);
getCredentialInfo(credMap, name).setDescription(value);
} else if (matches(line, pos + 1, RENEWER)) {
String name = getCredName(line, pos, RENEWER);
getCredentialInfo(credMap, name).setRenewers(value);
} else if (matches(line, pos + 1, RETRIEVER)) {
String name = getCredName(line, pos, RETRIEVER);
getCredentialInfo(credMap, name).setRetrievers(value);
}
}
}
creds = new CredentialInfo[1 + credMap.size()];
// defailt creds at position 0
creds[0] = info;
if (credMap.size() > 0) {
int i = 1;
Iterator iter = credMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next();
creds[i++] = (CredentialInfo) entry.getValue();
}
}
return creds;
} catch (Exception e) {
throw new MyProxyException("MyProxy info failed.", e);
} finally {
// close socket
close(out, in, gsiSocket);
}
}
Aggregations