Search in sources :

Example 1 with GssSocket

use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class HTTPSSender method getSocket.

protected void getSocket(SocketHolder sockHolder, MessageContext msgContext, String protocol, String host, int port, int timeout, StringBuffer otherHeaders, BooleanHolder useFullURL) throws Exception {
    if (!protocol.equalsIgnoreCase("https")) {
        throw new IOException("Invalid protocol");
    }
    int lport = (port == -1) ? 8443 : port;
    SSLContextHelper helper = new SSLContextHelper(msgContext, host, lport);
    super.getSocket(sockHolder, msgContext, "http", host, lport, timeout, otherHeaders, useFullURL);
    GssSocket gsiSocket = helper.wrapSocket(sockHolder.getSocket());
    sockHolder.setSocket(gsiSocket);
}
Also used : GssSocket(org.globus.gsi.gssapi.net.GssSocket) IOException(java.io.IOException)

Example 2 with GssSocket

use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GassClientHandler method shutdown.

/**
 * Shutdowns a remote gass server. The server must have the
 * CLIENT_SHUTDOWN option enabled for this to work.
 *
 * @param  cred    credentials to use.
 * @param  gassURL the url of the remote gass server.
 */
public static void shutdown(GSSCredential cred, GlobusURL gassURL) throws IOException, GSSException {
    OutputStream output = null;
    InputStream input = null;
    Socket socket = null;
    try {
        if (gassURL.getProtocol().equalsIgnoreCase("https")) {
            GSSManager manager = ExtendedGSSManager.getInstance();
            ExtendedGSSContext context = (ExtendedGSSContext) manager.createContext(null, GSSConstants.MECH_OID, cred, GSSContext.DEFAULT_LIFETIME);
            context.setOption(GSSConstants.GSS_MODE, GSIConstants.MODE_SSL);
            GssSocketFactory factory = GssSocketFactory.getDefault();
            socket = factory.createSocket(gassURL.getHost(), gassURL.getPort(), context);
            ((GssSocket) socket).setAuthorization(SelfAuthorization.getInstance());
        } else {
            SocketFactory factory = SocketFactory.getDefault();
            socket = factory.createSocket(gassURL.getHost(), gassURL.getPort());
        }
        output = socket.getOutputStream();
        input = socket.getInputStream();
        String msg = GASSProtocol.SHUTDOWN(SHUTDOWN_STR, gassURL.getHost());
        if (logger.isTraceEnabled()) {
            logger.trace("Shutdown msg: " + msg);
        }
        output.write(msg.getBytes());
        output.flush();
        HttpResponse rp = new HttpResponse(input);
        if (rp.httpCode == -1 && rp.httpMsg == null) {
        /* this is a workaround for C gass-server.
		 * The server just shuts down - it does
		 * not send the reply */
        } else if (rp.httpCode != 200) {
            throw new IOException("Remote shutdown failed (" + rp.httpCode + " " + rp.httpMsg + ")");
        }
    } finally {
        try {
            if (output != null)
                output.close();
            if (input != null)
                input.close();
            if (socket != null)
                socket.close();
        } catch (Exception e) {
        }
    }
}
Also used : GssSocket(org.globus.gsi.gssapi.net.GssSocket) ExtendedGSSContext(org.gridforum.jgss.ExtendedGSSContext) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) GssSocketFactory(org.globus.gsi.gssapi.net.GssSocketFactory) SocketFactory(org.globus.net.SocketFactory) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) ExtendedGSSManager(org.gridforum.jgss.ExtendedGSSManager) GSSManager(org.ietf.jgss.GSSManager) GssSocketFactory(org.globus.gsi.gssapi.net.GssSocketFactory) HttpResponse(org.globus.util.http.HttpResponse) IOException(java.io.IOException) Socket(java.net.Socket) GssSocket(org.globus.gsi.gssapi.net.GssSocket) AuthorizationException(org.globus.gsi.gssapi.auth.AuthorizationException) IOException(java.io.IOException) GSSException(org.ietf.jgss.GSSException) FileNotFoundException(java.io.FileNotFoundException)

Example 3 with GssSocket

use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class GssClient method connect.

public void connect(String host, int port, GetOpts opts) {
    // to make sure we use right impl
    GSSManager manager = new GlobusGSSManagerImpl();
    ExtendedGSSContext context = null;
    Socket s = null;
    try {
        context = (ExtendedGSSContext) manager.createContext(this.targetName, GSSConstants.MECH_OID, getCredential(manager), opts.lifetime);
        context.requestCredDeleg(opts.deleg);
        context.requestConf(opts.conf);
        context.requestAnonymity(opts.anonymity);
        context.setOption(GSSConstants.GSS_MODE, (opts.gsiMode) ? GSIConstants.MODE_GSI : GSIConstants.MODE_SSL);
        if (opts.deleg) {
            context.setOption(GSSConstants.DELEGATION_TYPE, (opts.limitedDeleg) ? GSIConstants.DELEGATION_TYPE_LIMITED : GSIConstants.DELEGATION_TYPE_FULL);
        }
        context.setOption(GSSConstants.REJECT_LIMITED_PROXY, new Boolean(opts.rejectLimitedProxy));
        s = GssSocketFactory.getDefault().createSocket(host, port, context);
        ((GssSocket) s).setWrapMode(opts.wrapMode);
        ((GssSocket) s).setAuthorization(this.auth);
        OutputStream out = s.getOutputStream();
        InputStream in = s.getInputStream();
        System.out.println("Context established.");
        System.out.println("Initiator : " + context.getSrcName());
        System.out.println("Acceptor  : " + context.getTargName());
        System.out.println("Lifetime  : " + context.getLifetime());
        System.out.println("Privacy   : " + context.getConfState());
        System.out.println("Anonymity : " + context.getAnonymityState());
        String msg = "POST ping/jobmanager HTTP/1.1\r\n" + "Host: " + host + "\r\n" + "Content-Type: application/x-globus-gram\r\n" + "Content-Length: 0\r\n\r\n";
        byte[] tmp = msg.getBytes();
        out.write(tmp);
        out.flush();
        String line = null;
        BufferedReader r = new BufferedReader(new InputStreamReader(in));
        while ((line = r.readLine()) != null) {
            System.out.println(line);
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (s != null) {
            try {
                s.close();
            } catch (Exception e) {
            }
        }
    }
}
Also used : GssSocket(org.globus.gsi.gssapi.net.GssSocket) ExtendedGSSContext(org.gridforum.jgss.ExtendedGSSContext) InputStreamReader(java.io.InputStreamReader) GlobusGSSManagerImpl(org.globus.gsi.gssapi.GlobusGSSManagerImpl) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) GSSManager(org.ietf.jgss.GSSManager) BufferedReader(java.io.BufferedReader) Socket(java.net.Socket) GssSocket(org.globus.gsi.gssapi.net.GssSocket)

Example 4 with GssSocket

use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class MyProxy method get.

/**
 * Retrieves delegated credentials from the MyProxy server.
 *
 * @param  credential
 *         The local GSI credentials to use for authentication.
 *         Can be set to null if no local credentials.
 * @param  params
 *         The parameters for the get operation.
 * @return GSSCredential
 *         The retrieved delegated credentials.
 * @exception MyProxyException
 *         If an error occurred during the operation.
 */
public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException {
    if (params == null) {
        throw new IllegalArgumentException("params == null");
    }
    if (credential == null) {
        try {
            credential = getAnonymousCredential();
        } catch (GSSException e) {
            throw new MyProxyException("Failed to create anonymous credentials", e);
        }
    }
    String msg = params.makeRequest();
    Socket gsiSocket = null;
    OutputStream out = null;
    InputStream in = null;
    try {
        gsiSocket = getSocket(credential);
        if (credential.getName().isAnonymous()) {
            this.context.requestAnonymity(true);
        }
        out = gsiSocket.getOutputStream();
        in = gsiSocket.getInputStream();
        if (!((GssSocket) gsiSocket).getContext().getConfState())
            throw new Exception("Confidentiality requested but not available");
        // send message
        out.write(msg.getBytes());
        out.flush();
        if (logger.isDebugEnabled()) {
            logger.debug("Req sent:" + params);
        }
        // may require authz handshake
        handleReply(in, out, params.getAuthzCreds(), params.getWantTrustroots());
        // start delegation - generate key pair
        KeyPair keyPair = CertificateUtil.generateKeyPair("RSA", DEFAULT_KEYBITS);
        // According to the MyProxy protocol, the MyProxy server
        // will ignore the subject in the client's certificate
        // signing request (CSR). However, in some cases it is
        // helpful to control the CSR subject (for example, when
        // the MyProxy server is using a CA back-end that can only
        // issue certificates with subjects matching the request).
        // So we construct the CSR subject using the given MyProxy
        // username (if possible).
        String CSRsubjectString = params.getUserName();
        CSRsubjectString = CSRsubjectString.trim();
        if (CSRsubjectString.contains("CN=") || CSRsubjectString.contains("cn=")) {
            // If the MyProxy username is a DN, use it.
            if (CSRsubjectString.charAt(0) == '/') {
                // "good enough" conversion of OpenSSL DN strings
                CSRsubjectString = CSRsubjectString.substring(1);
                CSRsubjectString = CSRsubjectString.replace('/', ',');
            }
        } else {
            CSRsubjectString = "CN=" + CSRsubjectString;
        }
        X509Name CSRsubjectName;
        try {
            CSRsubjectName = new X509Name(CSRsubjectString);
        } catch (Exception e) {
            // If our X509Name construction fails for any reason,
            // just use a default value (as in the past).
            CSRsubjectName = new X509Name("CN=ignore");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("CSR subject: " + CSRsubjectName.toString());
        }
        BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault();
        byte[] req = null;
        req = certFactory.createCertificateRequest(CSRsubjectName, "SHA1WithRSAEncryption", keyPair);
        // send the request to server
        out.write(req);
        out.flush();
        // read the number of certificates
        int size = in.read();
        if (logger.isDebugEnabled()) {
            logger.debug("Reading " + size + " certs");
        }
        X509Certificate[] chain = new X509Certificate[size];
        for (int i = 0; i < size; i++) {
            chain[i] = certFactory.loadCertificate(in);
            // DEBUG: display the cert names
            if (logger.isDebugEnabled()) {
                logger.debug("Received cert: " + chain[i].getSubjectDN());
            }
        }
        // get the response
        handleReply(in);
        // make sure the private key belongs to the right public key
        // currently only works with RSA keys
        RSAPublicKey pkey = (RSAPublicKey) chain[0].getPublicKey();
        RSAPrivateKey prkey = (RSAPrivateKey) keyPair.getPrivate();
        if (!pkey.getModulus().equals(prkey.getModulus())) {
            throw new MyProxyException("Private/Public key mismatch!");
        }
        X509Credential newCredential = null;
        newCredential = new X509Credential(keyPair.getPrivate(), chain);
        return new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT);
    } catch (Exception e) {
        throw new MyProxyException("MyProxy get failed.", e);
    } finally {
        // close socket
        close(out, in, gsiSocket);
    }
}
Also used : GlobusGSSCredentialImpl(org.globus.gsi.gssapi.GlobusGSSCredentialImpl) GssSocket(org.globus.gsi.gssapi.net.GssSocket) KeyPair(java.security.KeyPair) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) DataOutputStream(java.io.DataOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) GSSException(org.ietf.jgss.GSSException) EOFException(java.io.EOFException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) X509Certificate(java.security.cert.X509Certificate) X509Name(org.bouncycastle.asn1.x509.X509Name) X509Credential(org.globus.gsi.X509Credential) GSSException(org.ietf.jgss.GSSException) RSAPublicKey(java.security.interfaces.RSAPublicKey) BouncyCastleCertProcessingFactory(org.globus.gsi.bc.BouncyCastleCertProcessingFactory) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) SSLSocket(javax.net.ssl.SSLSocket) GssSocket(org.globus.gsi.gssapi.net.GssSocket) Socket(java.net.Socket)

Example 5 with GssSocket

use of org.globus.gsi.gssapi.net.GssSocket in project Falcon-File-Transfer-Optimizer by arif-zaman.

the class MyProxy method info.

/**
 * Retrieves credential information from MyProxy server.
 *
 * @param  credential
 *         The local GSI credentials to use for authentication.
 * @param  params
 *         The parameters for the info operation.
 * @exception MyProxyException
 *         If an error occurred during the operation.
 * @return The array of credential information of all
 *         the user's credentials.
 */
public CredentialInfo[] info(GSSCredential credential, InfoParams params) throws MyProxyException {
    if (credential == null) {
        throw new IllegalArgumentException("credential == null");
    }
    if (params == null) {
        throw new IllegalArgumentException("params == null");
    }
    String msg = params.makeRequest();
    CredentialInfo[] creds = null;
    Socket gsiSocket = null;
    OutputStream out = null;
    InputStream in = null;
    try {
        gsiSocket = getSocket(credential);
        out = gsiSocket.getOutputStream();
        in = gsiSocket.getInputStream();
        if (!((GssSocket) gsiSocket).getContext().getConfState())
            throw new Exception("Confidentiality requested but not available");
        // send message
        out.write(msg.getBytes());
        out.flush();
        if (logger.isDebugEnabled()) {
            logger.debug("Req sent:" + params);
        }
        InputStream reply = handleReply(in);
        String line = null;
        String value = null;
        Map credMap = new HashMap();
        CredentialInfo info = new CredentialInfo();
        while ((line = readLine(reply)) != null) {
            if (line.startsWith(CRED_START_TIME)) {
                value = line.substring(CRED_START_TIME.length());
                info.setStartTime(Long.parseLong(value) * 1000);
            } else if (line.startsWith(CRED_END_TIME)) {
                value = line.substring(CRED_END_TIME.length());
                info.setEndTime(Long.parseLong(value) * 1000);
            } else if (line.startsWith(CRED_OWNER)) {
                info.setOwner(line.substring(CRED_OWNER.length()));
            } else if (line.startsWith(CRED_NAME)) {
                info.setName(line.substring(CRED_NAME.length()));
            } else if (line.startsWith(CRED_DESC)) {
                info.setDescription(line.substring(CRED_DESC.length()));
            } else if (line.startsWith(CRED_RENEWER)) {
                info.setRenewers(line.substring(CRED_RENEWER.length()));
            } else if (line.startsWith(CRED_RETRIEVER)) {
                info.setRetrievers(line.substring(CRED_RETRIEVER.length()));
            } else if (line.startsWith(CRED)) {
                int pos = line.indexOf('=', CRED.length());
                if (pos == -1) {
                    continue;
                }
                value = line.substring(pos + 1);
                if (matches(line, pos + 1, OWNER)) {
                    String name = getCredName(line, pos, OWNER);
                    getCredentialInfo(credMap, name).setOwner(value);
                } else if (matches(line, pos + 1, START_TIME)) {
                    String name = getCredName(line, pos, START_TIME);
                    getCredentialInfo(credMap, name).setStartTime(Long.parseLong(value) * 1000);
                } else if (matches(line, pos + 1, END_TIME)) {
                    String name = getCredName(line, pos, END_TIME);
                    getCredentialInfo(credMap, name).setEndTime(Long.parseLong(value) * 1000);
                } else if (matches(line, pos + 1, DESC)) {
                    String name = getCredName(line, pos, DESC);
                    getCredentialInfo(credMap, name).setDescription(value);
                } else if (matches(line, pos + 1, RENEWER)) {
                    String name = getCredName(line, pos, RENEWER);
                    getCredentialInfo(credMap, name).setRenewers(value);
                } else if (matches(line, pos + 1, RETRIEVER)) {
                    String name = getCredName(line, pos, RETRIEVER);
                    getCredentialInfo(credMap, name).setRetrievers(value);
                }
            }
        }
        creds = new CredentialInfo[1 + credMap.size()];
        // defailt creds at position 0
        creds[0] = info;
        if (credMap.size() > 0) {
            int i = 1;
            Iterator iter = credMap.entrySet().iterator();
            while (iter.hasNext()) {
                Map.Entry entry = (Map.Entry) iter.next();
                creds[i++] = (CredentialInfo) entry.getValue();
            }
        }
        return creds;
    } catch (Exception e) {
        throw new MyProxyException("MyProxy info failed.", e);
    } finally {
        // close socket
        close(out, in, gsiSocket);
    }
}
Also used : GssSocket(org.globus.gsi.gssapi.net.GssSocket) HashMap(java.util.HashMap) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) DataOutputStream(java.io.DataOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) GSSException(org.ietf.jgss.GSSException) EOFException(java.io.EOFException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) Iterator(java.util.Iterator) Map(java.util.Map) HashMap(java.util.HashMap) SSLSocket(javax.net.ssl.SSLSocket) GssSocket(org.globus.gsi.gssapi.net.GssSocket) Socket(java.net.Socket)

Aggregations

GssSocket (org.globus.gsi.gssapi.net.GssSocket)21 IOException (java.io.IOException)14 InputStream (java.io.InputStream)12 OutputStream (java.io.OutputStream)12 GSSException (org.ietf.jgss.GSSException)12 GSSManager (org.ietf.jgss.GSSManager)12 GssSocketFactory (org.globus.gsi.gssapi.net.GssSocketFactory)11 ExtendedGSSContext (org.gridforum.jgss.ExtendedGSSContext)11 Socket (java.net.Socket)10 ExtendedGSSManager (org.gridforum.jgss.ExtendedGSSManager)10 FileInputStream (java.io.FileInputStream)8 FileOutputStream (java.io.FileOutputStream)8 UnknownHostException (java.net.UnknownHostException)8 SSLSocket (javax.net.ssl.SSLSocket)8 ByteArrayInputStream (java.io.ByteArrayInputStream)7 ByteArrayOutputStream (java.io.ByteArrayOutputStream)7 DataOutputStream (java.io.DataOutputStream)7 EOFException (java.io.EOFException)7 GeneralSecurityException (java.security.GeneralSecurityException)7 GlobusGSSCredentialImpl (org.globus.gsi.gssapi.GlobusGSSCredentialImpl)4