Package edu.uiuc.ncsa.myproxy

Class MyProxyLogon

  • Direct Known Subclasses:
    AbstractAuthorizationServlet.MyMyProxyLogon
    public class MyProxyLogon
extends Object
    The MyProxyLogon class provides an interface for retrieving credentials from a MyProxy server.

    First, use

    • setHost
    • setPort
    • setUsername
    • setPassphrase
    • setCredentialName
    • setLifetime
    • requestTrustRoots
    to configure. Then call
    • logon
    • getCredentials
    • disconnect
     Use getCertificates and getPrivateKey to access the retrieved credentials, or writeProxyFile or saveCredentialsToFile to write them to a file. Use writeTrustRoots, getTrustedCAs, getCRLs, getTrustRootData, and getTrustRootFilenames for trust root information.
    Version:
    1.6
    See Also:
    MyProxy Project Home Page

    • Constructor Detail

      • MyProxyLogon

        public MyProxyLogon​(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade)

      • MyProxyLogon

        public MyProxyLogon​(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade,
                    String serverDN)

      • MyProxyLogon

        public MyProxyLogon()
        Constructs a MyProxyLogon object. This turns off any logging, so only use this constructor if you need to do that. Otherwise, inject your favorite logger wrapped in an MyLoggingFacade object.

    • Method Detail

      • getMlf

        public edu.uiuc.ncsa.security.core.util.MyLoggingFacade getMlf()

      • getSocketTimeout

        public long getSocketTimeout()
        Set the socket timeout (in milliseconds) for this connection. If this is not set, then this is equivalent to setting it to 0, which in turn means that whatever the system default is will be used.
        Returns:

      • setSocketTimeout

        public void setSocketTimeout​(long socketTimeout)

      • getHost

        public String getHost()
        Gets the hostname of the MyProxy server.
        Returns:
        MyProxy server hostname

      • hostLookup

        protected String hostLookup()
                     throws UnknownHostException
        This is the *real* host. The user may set the host property but this should be used internally since it will do any reverse lookups needed.
        Returns:
        Throws:
        UnknownHostException

      • setHost

        public void setHost​(String host)
        Sets the hostname of the MyProxy server. Defaults to localhost.
        Parameters:
        host - MyProxy server hostname

      • getPort

        public int getPort()
        Gets the port of the MyProxy server.
        Returns:
        MyProxy server port

      • setPort

        public void setPort​(int port)
        Sets the port of the MyProxy server. Defaults to 7512.
        Parameters:
        port - MyProxy server port

      • getKeySize

        public int getKeySize()
        Gets the key size. If this has not been set, it will be set to the default
        Returns:
        MyProxy key size

      • setKeySize

        public void setKeySize​(int keySize)
        Sets the key size.
        Parameters:
        keySize -

      • getUsername

        public String getUsername()
        Gets the MyProxy username.
        Returns:
        MyProxy server port

      • setUsername

        public void setUsername​(String username)
        Sets the MyProxy username. Defaults to user.name.
        Parameters:
        username - MyProxy username

      • getCredentialName

        public String getCredentialName()
        Gets the optional MyProxy credential name.
        Returns:
        credential name

      • setCredentialName

        public void setCredentialName​(String credname)
        Sets the optional MyProxy credential name.
        Parameters:
        credname - credential name

      • setPassphrase

        public void setPassphrase​(String passphrase)
        Sets the MyProxy passphrase.
        Parameters:
        passphrase - MyProxy passphrase

      • getLifetime

        public int getLifetime()
        Gets the requested credential lifetime.
        Returns:
        Credential lifetime

      • setLifetime

        public void setLifetime​(int seconds)
        Sets the requested credential lifetime. Defaults to 43200 seconds (12 hours).
        Parameters:
        seconds - Credential lifetime

      • getCertificates

        public Collection<X509Certificate> getCertificates()
        Gets the certificates returned from the MyProxy server by getCredentials().
        Returns:
        Collection of java.security.cert.Certificate objects

      • getPrivateKey

        public PrivateKey getPrivateKey()
        Gets the private key generated by getCredentials().
        Returns:
        PrivateKey

      • requestTrustRoots

        public void requestTrustRoots​(boolean flag)
        Sets whether to request trust roots (CA certificates, CRLs, signing policy files) from the MyProxy server. Defaults to false (i.e., not to request trust roots).
        Parameters:
        flag - If true, request trust roots. If false, don't request trust roots.

      • getTrustRootFilenames

        public String[] getTrustRootFilenames()
        Gets trust root filenames.
        Returns:
        trust root filenames

      • getTrustRootData

        public String[] getTrustRootData()
        Gets trust root data corresponding to the trust root filenames.
        Returns:
        trust root data

      • getServerDN

        public String getServerDN()
        This will be used against the server's DN by the trust manager when checking the certificate. This allows for setting a single DN across a set of servers (e.g. for load balancing).
        Returns:

      • setServerDN

        public void setServerDN​(String serverDN)

      • connect

        public void connect()
             throws IOException,
                    GeneralSecurityException
        Connects to the MyProxy server at the desired host and port. Requires host authentication via SSL. The host's certificate subject must match the requested hostname. If CA certificates are found in the standard GSI locations, they will be used to verify the server's certificate. If trust roots are requested and no CA certificates are found, the server's certificate will still be accepted.
        Throws:
        IOException
        GeneralSecurityException

      • getKeyManagerFactory

        public KeyManagerFactory getKeyManagerFactory()
        Get the key manager factory set by setKeyManagerFactory().
        Returns:
        KeyManagerFactory

      • setKeyManagerFactory

        public void setKeyManagerFactory​(KeyManagerFactory keyManagerFactory)
        Set the key manager factory for use in client-side SSLSocket certificate-based authentication to the MyProxy server. Call this before connect().
        Parameters:
        keyManagerFactory - Key manager factory to use

      • writeTrustRoots

        public boolean writeTrustRoots()
                        throws IOException
        Writes the retrieved trust roots to the Globus trusted certificates directory.
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        IOException

      • writeTrustRoots

        public boolean writeTrustRoots​(String directory)
                        throws IOException
        Writes the retrieved trust roots to a trusted certificates directory.
        Parameters:
        directory - path where the trust roots should be written
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        IOException

      • getTrustRootPath

        public static String getTrustRootPath()
        Returns the trusted certificates directory location where writeTrustRoots() will store certificates.

      • getExistingTrustRootPath

        public static String getExistingTrustRootPath()
        Gets the existing trusted CA certificates directory.
        Returns:
        directory path string or null if none found

      • getProxyLocation

        public static String getProxyLocation()
                               throws IOException
        Returns the default Globus proxy file location.
        Throws:
        IOException

      • main

        public static void main​(String[] args)
        Provides a simple command-line interface.

      • isReady

        public boolean isReady()

      • isConnected

        public boolean isConnected()

      • isLoggedOn

        public boolean isLoggedOn()

      • isDone

        public boolean isDone()