Package edu.uiuc.ncsa.myproxy
Class MyProxyServiceFacade
- java.lang.Object
-
- edu.uiuc.ncsa.myproxy.MyProxyServiceFacade
-
public class MyProxyServiceFacade extends Object
A very simple facade that will carry out getting certificates using MyProxy Logon. This is intended for server-side use where there is a set configuration for repeated requests. There are two basic modes of operation:- Username and passphrase are supplied on a per request basis
- A trust relation exists with the MyProxy server and credentials are retrieved by username.
null
one could be supplied).LOAs, that is to say different levels of assurance are also supported here if they are set in the
ServiceFacadeConfiguration
.Created by Jeff Gaynor
on May 16, 2011 at 5:11:24 PM
-
-
Constructor Summary
Constructors Constructor Description MyProxyServiceFacade(ServiceFacadeConfiguration facadeConfiguration)
Constructor for first case, where the username and password is used for each call, so no keystore is required.MyProxyServiceFacade(ServiceFacadeConfiguration facadeConfiguration, edu.uiuc.ncsa.security.util.ssl.SSLKeystoreConfiguration sslKeystoreConfiguration)
Constructor for second case, where the server will use a host cert to connect to MyProxy.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Collection<X509Certificate>
getCerts(String userDN, byte[] derCertRequest, long lifetime, String loa)
Method to get certs if the server is using a host cert.Collection<X509Certificate>
getCerts(String userDN, int port, long lifetime, byte[] derCertRequest)
This method is to be used when the server logs on to MyProxy using a host cert, so no passphrase is required.Collection<X509Certificate>
getCerts(String userDN, long lifetime, byte[] derCertRequest, String loa)
Deprecated.Collection<X509Certificate>
getCerts(String userDN, String password, byte[] derCertRequest, long lifetime)
Collection<X509Certificate>
getCerts(String userDN, String password, int port, byte[] derCertRequest)
Most basic call.Collection<X509Certificate>
getCerts(String userDN, String password, int port, long lifetime, byte[] derCertRequest)
The method that does the work, actually.Collection<X509Certificate>
getCerts(String userDN, String password, long lifetime, byte[] derCertRequest)
Deprecated.Collection<X509Certificate>
getCerts(String userDN, String password, long lifetime, byte[] derCertRequest, String loa)
Call that allows specification of the level of assurance and the lifetime.ServiceFacadeConfiguration
getFacadeConfiguration()
Get the current configuration.protected KeyManagerFactory
getKeyManagerFactory()
Gets the key manager associated with the given keystore.protected int
getLOAPort(String id)
edu.uiuc.ncsa.security.util.ssl.SSLKeystoreConfiguration
getSslKeystoreConfiguration()
Get the current keystore.boolean
hasSSL()
-
-
-
Constructor Detail
-
MyProxyServiceFacade
public MyProxyServiceFacade(ServiceFacadeConfiguration facadeConfiguration)
Constructor for first case, where the username and password is used for each call, so no keystore is required.- Parameters:
facadeConfiguration
-
-
MyProxyServiceFacade
public MyProxyServiceFacade(ServiceFacadeConfiguration facadeConfiguration, edu.uiuc.ncsa.security.util.ssl.SSLKeystoreConfiguration sslKeystoreConfiguration)
Constructor for second case, where the server will use a host cert to connect to MyProxy.- Parameters:
facadeConfiguration
-sslKeystoreConfiguration
-
-
-
Method Detail
-
getLOAPort
protected int getLOAPort(String id)
-
getFacadeConfiguration
public ServiceFacadeConfiguration getFacadeConfiguration()
Get the current configuration.- Returns:
-
getSslKeystoreConfiguration
public edu.uiuc.ncsa.security.util.ssl.SSLKeystoreConfiguration getSslKeystoreConfiguration()
Get the current keystore.- Returns:
-
hasSSL
public boolean hasSSL()
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, String password, int port, byte[] derCertRequest) throws IOException, GeneralSecurityException
Most basic call. Just the username, password and cert request are required. Note that the lifetime is set to zero as a default.- Parameters:
userDN
-password
-derCertRequest
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, int port, long lifetime, byte[] derCertRequest) throws IOException, GeneralSecurityException
This method is to be used when the server logs on to MyProxy using a host cert, so no passphrase is required.- Parameters:
userDN
-port
-lifetime
-derCertRequest
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, String password, int port, long lifetime, byte[] derCertRequest) throws IOException, GeneralSecurityException
The method that does the work, actually. Every other method simply invokes this one.- Parameters:
userDN
-password
-port
-lifetime
-derCertRequest
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, String password, long lifetime, byte[] derCertRequest, String loa) throws IOException, GeneralSecurityException
Call that allows specification of the level of assurance and the lifetime.- Parameters:
userDN
-password
-loa
-lifetime
- Set equal to zero to accept whatever the default isderCertRequest
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, String password, long lifetime, byte[] derCertRequest) throws IOException, GeneralSecurityException
Deprecated.Get a cert using the username and password as well as the default configured port.- Parameters:
userDN
-password
-lifetime
-derCertRequest
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, String password, byte[] derCertRequest, long lifetime) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, byte[] derCertRequest, long lifetime, String loa) throws IOException, GeneralSecurityException
Method to get certs if the server is using a host cert.- Parameters:
userDN
-derCertRequest
-lifetime
-loa
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getCerts
public Collection<X509Certificate> getCerts(String userDN, long lifetime, byte[] derCertRequest, String loa) throws IOException, GeneralSecurityException
Deprecated.Note this was deprecated since having the cert lifetime (a long) as the second argument lead to people misusing it and relying on Java to disambiguate the call. Java would convert the value to an int and then call the very similar method whereby the argument is a port number. UsegetCerts(String, byte[], long, String)
- Parameters:
userDN
-lifetime
-derCertRequest
-loa
-- Returns:
- Throws:
IOException
GeneralSecurityException
-
getKeyManagerFactory
protected KeyManagerFactory getKeyManagerFactory() throws IOException, GeneralSecurityException
Gets the key manager associated with the given keystore.- Returns:
- Throws:
IOException
GeneralSecurityException
-
-