Package edu.uiuc.ncsa.myproxy
Class MyProxyLogon
- java.lang.Object
-
- edu.uiuc.ncsa.myproxy.MyProxyLogon
-
- Direct Known Subclasses:
AbstractAuthorizationServlet.MyMyProxyLogon
public class MyProxyLogon extends Object
The MyProxyLogon class provides an interface for retrieving credentials from a MyProxy server. First, use- setHost
- setPort
- setUsername
- setPassphrase
- setCredentialName
- setLifetime
- requestTrustRoots
- logon
- getCredentials
- disconnect
getCertificates
andgetPrivateKey
to access the retrieved credentials, orwriteProxyFile
orsaveCredentialsToFile
to write them to a file. UsewriteTrustRoots
,getTrustedCAs
,getCRLs
,getTrustRootData
, andgetTrustRootFilenames
for trust root information.- Version:
- 1.6
- See Also:
- MyProxy Project Home Page
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
MyProxyLogon.State
-
Field Summary
Fields Modifier and Type Field Description protected Collection<X509Certificate>
certificateChain
protected String
credname
int
DEFAULT_KEY_SIZE
protected String
host
protected static String
keyAlg
protected KeyPair
keypair
protected int
keySize
protected int
lifetime
protected int
MIN_PASS_PHRASE_LEN
protected String
passphrase
protected static String
pkcs10Provider
protected static String
pkcs10SigAlgName
protected int
port
protected boolean
requestTrustRoots
protected SSLSocket
socket
protected BufferedInputStream
socketIn
protected BufferedOutputStream
socketOut
protected MyProxyLogon.State
state
protected String[]
trustrootData
protected String[]
trustrootFilenames
protected String
username
-
Constructor Summary
Constructors Constructor Description MyProxyLogon()
Constructs a MyProxyLogon object.MyProxyLogon(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade)
MyProxyLogon(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade, String serverDN)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
connect()
Connects to the MyProxy server at the desired host and port.void
disconnect()
Disconnects from the MyProxy server.X509Certificate
getCertificate()
Collection<X509Certificate>
getCertificates()
Gets the certificates returned from the MyProxy server by getCredentials().String
getCredentialName()
Gets the optional MyProxy credential name.void
getCredentials()
Retrieves credentials from the MyProxy server.void
getCredentials(byte[] derEncodedCertRequest)
X509CRL[]
getCRLs()
Gets the CRLs returned by the MyProxy server.static String
getExistingTrustRootPath()
Gets the existing trusted CA certificates directory.String
getHost()
Gets the hostname of the MyProxy server.KeyManagerFactory
getKeyManagerFactory()
Get the key manager factory set by setKeyManagerFactory().int
getKeySize()
Gets the key size.int
getLifetime()
Gets the requested credential lifetime.edu.uiuc.ncsa.security.core.util.MyLoggingFacade
getMlf()
int
getPort()
Gets the port of the MyProxy server.PrivateKey
getPrivateKey()
Gets the private key generated by getCredentials().static String
getProxyLocation()
Returns the default Globus proxy file location.String
getServerDN()
This will be used against the server's DN by the trust manager when checking the certificate.long
getSocketTimeout()
Set the socket timeout (in milliseconds) for this connection.X509Certificate[]
getTrustedCAs()
Gets the trusted CA certificates returned by the MyProxy server.String[]
getTrustRootData()
Gets trust root data corresponding to the trust root filenames.String[]
getTrustRootFilenames()
Gets trust root filenames.static String
getTrustRootPath()
Returns the trusted certificates directory location where writeTrustRoots() will store certificates.String
getUsername()
Gets the MyProxy username.protected void
handleException(Throwable t, String msg)
protected String
hostLookup()
This is the *real* host.boolean
isConnected()
boolean
isDone()
boolean
isLoggedOn()
boolean
isReady()
void
logon()
Logs on to the MyProxy server by issuing the MyProxy GET command.static void
main(String[] args)
Provides a simple command-line interface.void
requestTrustRoots(boolean flag)
Sets whether to request trust roots (CA certificates, CRLs, signing policy files) from the MyProxy server.void
saveCredentials(OutputStream os)
Writes the retrieved credentials to the specified output stream.void
saveCredentialsToFile(String filename)
Writes the retrieved credentials to the specified filename.void
setCredentialName(String credname)
Sets the optional MyProxy credential name.void
setHost(String host)
Sets the hostname of the MyProxy server.void
setKeyManagerFactory(KeyManagerFactory keyManagerFactory)
Set the key manager factory for use in client-side SSLSocket certificate-based authentication to the MyProxy server.void
setKeySize(int keySize)
Sets the key size.void
setLifetime(int seconds)
Sets the requested credential lifetime.void
setPassphrase(String passphrase)
Sets the MyProxy passphrase.void
setPort(int port)
Sets the port of the MyProxy server.void
setServerDN(String serverDN)
void
setSocketTimeout(long socketTimeout)
void
setUsername(String username)
Sets the MyProxy username.String
toString()
void
writeProxyFile()
Writes the retrieved credentials to the Globus proxy file location.boolean
writeTrustRoots()
Writes the retrieved trust roots to the Globus trusted certificates directory.boolean
writeTrustRoots(String directory)
Writes the retrieved trust roots to a trusted certificates directory.
-
-
-
Field Detail
-
DEFAULT_KEY_SIZE
public final int DEFAULT_KEY_SIZE
- See Also:
- Constant Field Values
-
keySize
protected int keySize
-
MIN_PASS_PHRASE_LEN
protected final int MIN_PASS_PHRASE_LEN
- See Also:
- Constant Field Values
-
keyAlg
protected static final String keyAlg
- See Also:
- Constant Field Values
-
pkcs10SigAlgName
protected static final String pkcs10SigAlgName
- See Also:
- Constant Field Values
-
pkcs10Provider
protected static final String pkcs10Provider
- See Also:
- Constant Field Values
-
state
protected MyProxyLogon.State state
-
host
protected String host
-
username
protected String username
-
credname
protected String credname
-
passphrase
protected String passphrase
-
port
protected int port
-
lifetime
protected int lifetime
-
requestTrustRoots
protected boolean requestTrustRoots
-
socket
protected SSLSocket socket
-
socketIn
protected BufferedInputStream socketIn
-
socketOut
protected BufferedOutputStream socketOut
-
keypair
protected KeyPair keypair
-
certificateChain
protected Collection<X509Certificate> certificateChain
-
trustrootFilenames
protected String[] trustrootFilenames
-
trustrootData
protected String[] trustrootData
-
-
Constructor Detail
-
MyProxyLogon
public MyProxyLogon(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade)
-
MyProxyLogon
public MyProxyLogon(edu.uiuc.ncsa.security.core.util.MyLoggingFacade myLoggingFacade, String serverDN)
-
MyProxyLogon
public MyProxyLogon()
Constructs a MyProxyLogon object. This turns off any logging, so only use this constructor if you need to do that. Otherwise, inject your favorite logger wrapped in anMyLoggingFacade
object.
-
-
Method Detail
-
getMlf
public edu.uiuc.ncsa.security.core.util.MyLoggingFacade getMlf()
-
getSocketTimeout
public long getSocketTimeout()
Set the socket timeout (in milliseconds) for this connection. If this is not set, then this is equivalent to setting it to 0, which in turn means that whatever the system default is will be used.- Returns:
-
setSocketTimeout
public void setSocketTimeout(long socketTimeout)
-
getHost
public String getHost()
Gets the hostname of the MyProxy server.- Returns:
- MyProxy server hostname
-
hostLookup
protected String hostLookup() throws UnknownHostException
This is the *real* host. The user may set the host property but this should be used internally since it will do any reverse lookups needed.- Returns:
- Throws:
UnknownHostException
-
setHost
public void setHost(String host)
Sets the hostname of the MyProxy server. Defaults to localhost.- Parameters:
host
- MyProxy server hostname
-
getPort
public int getPort()
Gets the port of the MyProxy server.- Returns:
- MyProxy server port
-
setPort
public void setPort(int port)
Sets the port of the MyProxy server. Defaults to 7512.- Parameters:
port
- MyProxy server port
-
getKeySize
public int getKeySize()
Gets the key size. If this has not been set, it will be set to the default- Returns:
- MyProxy key size
-
setKeySize
public void setKeySize(int keySize)
Sets the key size.- Parameters:
keySize
-
-
getUsername
public String getUsername()
Gets the MyProxy username.- Returns:
- MyProxy server port
-
setUsername
public void setUsername(String username)
Sets the MyProxy username. Defaults to user.name.- Parameters:
username
- MyProxy username
-
getCredentialName
public String getCredentialName()
Gets the optional MyProxy credential name.- Returns:
- credential name
-
setCredentialName
public void setCredentialName(String credname)
Sets the optional MyProxy credential name.- Parameters:
credname
- credential name
-
setPassphrase
public void setPassphrase(String passphrase)
Sets the MyProxy passphrase.- Parameters:
passphrase
- MyProxy passphrase
-
getLifetime
public int getLifetime()
Gets the requested credential lifetime.- Returns:
- Credential lifetime
-
setLifetime
public void setLifetime(int seconds)
Sets the requested credential lifetime. Defaults to 43200 seconds (12 hours).- Parameters:
seconds
- Credential lifetime
-
getCertificates
public Collection<X509Certificate> getCertificates()
Gets the certificates returned from the MyProxy server by getCredentials().- Returns:
- Collection of java.security.cert.Certificate objects
-
getPrivateKey
public PrivateKey getPrivateKey()
Gets the private key generated by getCredentials().- Returns:
- PrivateKey
-
requestTrustRoots
public void requestTrustRoots(boolean flag)
Sets whether to request trust roots (CA certificates, CRLs, signing policy files) from the MyProxy server. Defaults to false (i.e., not to request trust roots).- Parameters:
flag
- If true, request trust roots. If false, don't request trust roots.
-
getTrustRootFilenames
public String[] getTrustRootFilenames()
Gets trust root filenames.- Returns:
- trust root filenames
-
getTrustRootData
public String[] getTrustRootData()
Gets trust root data corresponding to the trust root filenames.- Returns:
- trust root data
-
getServerDN
public String getServerDN()
This will be used against the server's DN by the trust manager when checking the certificate. This allows for setting a single DN across a set of servers (e.g. for load balancing).- Returns:
-
setServerDN
public void setServerDN(String serverDN)
-
connect
public void connect() throws IOException, GeneralSecurityException
Connects to the MyProxy server at the desired host and port. Requires host authentication via SSL. The host's certificate subject must match the requested hostname. If CA certificates are found in the standard GSI locations, they will be used to verify the server's certificate. If trust roots are requested and no CA certificates are found, the server's certificate will still be accepted.- Throws:
IOException
GeneralSecurityException
-
handleException
protected void handleException(Throwable t, String msg) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
getKeyManagerFactory
public KeyManagerFactory getKeyManagerFactory()
Get the key manager factory set by setKeyManagerFactory().- Returns:
- KeyManagerFactory
-
setKeyManagerFactory
public void setKeyManagerFactory(KeyManagerFactory keyManagerFactory)
Set the key manager factory for use in client-side SSLSocket certificate-based authentication to the MyProxy server. Call this before connect().- Parameters:
keyManagerFactory
- Key manager factory to use
-
disconnect
public void disconnect() throws IOException, GeneralSecurityException
Disconnects from the MyProxy server.- Throws:
IOException
GeneralSecurityException
-
logon
public void logon() throws IOException, GeneralSecurityException
Logs on to the MyProxy server by issuing the MyProxy GET command.- Throws:
IOException
GeneralSecurityException
-
getCredentials
public void getCredentials(byte[] derEncodedCertRequest) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
getCredentials
public void getCredentials() throws IOException, GeneralSecurityException
Retrieves credentials from the MyProxy server.- Throws:
IOException
GeneralSecurityException
-
writeProxyFile
public void writeProxyFile() throws IOException, GeneralSecurityException
Writes the retrieved credentials to the Globus proxy file location.- Throws:
IOException
GeneralSecurityException
-
saveCredentials
public void saveCredentials(OutputStream os) throws IOException, GeneralSecurityException
Writes the retrieved credentials to the specified output stream.- Parameters:
os
- OutputStream to write to- Throws:
IOException
GeneralSecurityException
-
getCertificate
public X509Certificate getCertificate()
-
saveCredentialsToFile
public void saveCredentialsToFile(String filename) throws IOException, GeneralSecurityException
Writes the retrieved credentials to the specified filename.- Throws:
IOException
GeneralSecurityException
-
writeTrustRoots
public boolean writeTrustRoots() throws IOException
Writes the retrieved trust roots to the Globus trusted certificates directory.- Returns:
- true if trust roots are written successfully, false if no trust roots are available to be written
- Throws:
IOException
-
writeTrustRoots
public boolean writeTrustRoots(String directory) throws IOException
Writes the retrieved trust roots to a trusted certificates directory.- Parameters:
directory
- path where the trust roots should be written- Returns:
- true if trust roots are written successfully, false if no trust roots are available to be written
- Throws:
IOException
-
getTrustedCAs
public X509Certificate[] getTrustedCAs() throws CertificateException
Gets the trusted CA certificates returned by the MyProxy server.- Returns:
- trusted CA certificates, or null if none available
- Throws:
CertificateException
-
getCRLs
public X509CRL[] getCRLs() throws CertificateException
Gets the CRLs returned by the MyProxy server.- Returns:
- CRLs or null if none available
- Throws:
CertificateException
-
getTrustRootPath
public static String getTrustRootPath()
Returns the trusted certificates directory location where writeTrustRoots() will store certificates.
-
getExistingTrustRootPath
public static String getExistingTrustRootPath()
Gets the existing trusted CA certificates directory.- Returns:
- directory path string or null if none found
-
getProxyLocation
public static String getProxyLocation() throws IOException
Returns the default Globus proxy file location.- Throws:
IOException
-
main
public static void main(String[] args)
Provides a simple command-line interface.
-
isReady
public boolean isReady()
-
isConnected
public boolean isConnected()
-
isLoggedOn
public boolean isLoggedOn()
-
isDone
public boolean isDone()
-
-