/** * Installs SecureRandom provider. This function is automatically called when this class is * loaded. */ public static void installSecureRandomProvider() { CoGProperties props = CoGProperties.getDefault(); String providerName = props.getSecureRandomProvider(); try { Class providerClass = Class.forName(providerName); Security.insertProviderAt((Provider) providerClass.newInstance(), 1); } catch (Exception e) { logger.debug("Unable to install PRNG. Using default PRNG.", e); } }
private static void reloadDefaultCredential() throws CredentialException { String proxyLocation = CoGProperties.getDefault().getProxyFile(); defaultCred = new X509Credential(proxyLocation); credentialFile = new File(proxyLocation); credentialLastModified = credentialFile.lastModified(); defaultCred.verify(); }
public GSIAuthenticationClient() throws GSSException, IOException { // override the search path for the CA directory: (GSI-SSHTERM writes in the // ~/.globus/certificates so we don;t use this) // 1) java X509_CERT_DIR property // 2) override with X509_CERT_DIR env var // 3) default /etc/grid-security/certificates String x509CertDir = System.getProperty("X509_CERT_DIR"); if (x509CertDir == null) { x509CertDir = System.getenv("X509_CERT_DIR"); if (x509CertDir == null) x509CertDir = "/etc/grid-security/certificates"; System.setProperty("X509_CERT_DIR", x509CertDir); } String x509UserProxy = System.getProperty("X509_USER_PROXY"); if (x509UserProxy == null) { x509UserProxy = System.getenv("X509_USER_PROXY"); if (x509UserProxy != null) System.setProperty("X509_USER_PROXY", x509UserProxy); } if (x509UserProxy == null) x509UserProxy = CoGProperties.getDefault().getProxyFile(); if (!new File(x509UserProxy).isFile()) throw new IOException("User proxy certificate not found in environment"); logger.info("Using proxy certificate:" + x509UserProxy); try { gsscredential = createUserCredential(x509UserProxy); } catch (GlobusCredentialException e) { throw new IOException("Could not load user proxy certificate from:" + x509UserProxy); } if (gsscredential == null) { throw new IOException( "User credential not initialized !Could not load user proxy certificate. Check your environmen if you have X509_USER_CERT proxy set up"); } }
public static void main(String args[]) { boolean dryrun = false; boolean error = false; boolean debug = false; File file = null; for (int i = 0; i < args.length; i++) { if (args[i].equalsIgnoreCase("-dryrun")) { dryrun = true; } else if (args[i].equalsIgnoreCase("-help") || args[i].equalsIgnoreCase("-usage")) { System.err.println(message); System.exit(1); } else { file = new File(args[i]); if (dryrun) { System.out.println("Would remove " + file.getAbsolutePath()); continue; } Util.destroy(file); } } String fn = CoGProperties.getDefault().getProxyFile(); if (fn == null) return; file = new File(fn); if (dryrun) { System.out.println("Would remove " + file.getAbsolutePath()); return; } Util.destroy(file); }
@Override public String saveProxy() { String path = this.localPath; if (StringUtils.isBlank(this.localPath)) { path = CoGProperties.getDefault().getProxyFile(); } return saveProxy(path); }
public Socket createSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException { if (this.portRange.isEnabled() && localPort == 0) { return new PrSocket(createSocket(address, port, localAddr)); } else { Socket s = new Socket(address, port, localAddr, localPort); s.setSoTimeout(CoGProperties.getDefault().getSocketTimeout()); return s; } }
/** * Verifies the validity of the credentials. All certificate path validation is performed using * trusted certificates in default locations. * * @exception CredentialException if one of the certificates in the chain expired or if path * validiation fails. */ public void verify() throws CredentialException { try { String caCertsLocation = "file:" + CoGProperties.getDefault().getCaCertLocations(); String crlPattern = caCertsLocation + "/*.r*"; String sigPolPattern = caCertsLocation + "/*.signing_policy"; KeyStore keyStore = KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE, GlobusProvider.PROVIDER_NAME); CertStore crlStore = CertStore.getInstance( GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(null, crlPattern)); ResourceSigningPolicyStore sigPolStore = new ResourceSigningPolicyStore(new ResourceSigningPolicyStoreParameters(sigPolPattern)); keyStore.load(KeyStoreParametersFactory.createTrustStoreParameters(caCertsLocation)); X509ProxyCertPathParameters parameters = new X509ProxyCertPathParameters(keyStore, crlStore, sigPolStore, false); X509ProxyCertPathValidator validator = new X509ProxyCertPathValidator(); validator.engineValidate(CertificateUtil.getCertPath(certChain), parameters); } catch (Exception e) { throw new CredentialException(e); } }
public class GridSessionCred implements Cred { // public static boolean useGridSession = CommonGridProperties.getDefault() // .useGridSession(); static final Logger myLogger = LoggerFactory.getLogger(GridSessionCred.class.getName()); public static GridSessionCred create() { SessionClient sc; try { sc = new SessionClient(); return new GridSessionCred(sc); } catch (Exception e) { throw new CredentialException("Can't create session: " + e.getLocalizedMessage()); } } private final SessionClient session; private final String tempFilePath = CoGProperties.getDefault().getProxyFile() + "_temp_" + UUID.randomUUID().toString(); private final File tempFile = new File(tempFilePath); private AbstractCred cachedCredential = null; private Map<String, AbstractCred> cachedGroupCredentials = Maps.newHashMap(); // not used private boolean saveProxyOnCreation = true; public GridSessionCred(SessionClient client) { this(client, true); } public GridSessionCred(SessionClient client, boolean saveProxyOnCreation) { this.saveProxyOnCreation = saveProxyOnCreation; tempFile.deleteOnExit(); if (client == null) { throw new RuntimeException("Client can't be null"); } this.session = client; } public GridSessionCred(SessionClient client, Map<PROPERTY, Object> params) { this(client); init(params); } @Override public void destroy() { // session.getSession().stop(); session.getSession().destroy(); } @Override public String getDN() { return session.getSession().dn(); } @Override public String getMyProxyHost() { return session.getSession().myproxy_host(); } @Override public char[] getMyProxyPassword() { return session.getSession().myproxy_password().toCharArray(); } @Override public int getMyProxyPort() { return session.getSession().myproxy_port(); } @Override public String getMyProxyUsername() { return session.getSession().myproxy_username(); } @Override public int getRemainingLifetime() { return session.getSession().lifetime(); } @Override public void init(Map<PROPERTY, Object> config) { Map<String, Object> configTemp = Maps.newHashMap(); for (PROPERTY key : config.keySet()) { configTemp.put(key.toString(), config.get(key)); } session.getSession().start(configTemp); } @Override public boolean isRenewable() { return session.getSession().is_renewable(); } @Override public boolean isValid() { return session.getSession().is_logged_in(); } @Override public boolean refresh() { return session.getSession().refresh(); } @Override public String saveProxy() { return session.getSession().save_proxy(); } @Override public String saveProxy(String path) { return session.getSession().save_proxy(path); } @Override public void setMinimumLifetime(int lifetimeInSeconds) { session.getSession().set_min_lifetime(lifetimeInSeconds); } @Override public void setMyProxyHost(String myProxyServer) { session.getSession().set_myproxy_host(myProxyServer); } @Override public void setMyProxyPort(int port) { session.getSession().set_myproxy_port(port); } @Override public void uploadMyProxy() { session.getSession().upload(); } private synchronized AbstractCred getCachedCredential() { if (cachedCredential == null) { // might be that it's already a proxycred, then it doesn't get saved again.ls -l String temp = session.getSession().save_proxy(tempFilePath); cachedCredential = new ProxyCred(temp); } return cachedCredential; } private synchronized AbstractCred getCachedGroupCredential(String fqan) { if (StringUtils.isBlank(fqan) || Constants.NON_VO_FQAN.equals(fqan)) { return this.getCachedCredential(); } if (cachedGroupCredentials.get(fqan) == null) { String fqanNormailzed = fqan.replace('/', '_'); String path = tempFilePath + "_" + fqanNormailzed; new File(path).deleteOnExit(); session.getSession().save_group_proxy(fqan, path); ProxyCred c = new ProxyCred(path); cachedGroupCredentials.put(fqan, c); } return cachedGroupCredentials.get(fqan); } @Override public GSSCredential getGSSCredential() { return getCachedCredential().getGSSCredential(); } @Override public String getFqan() { // a session credential is always non-vomsified return Constants.NON_VO_FQAN; } @Override public Cred getGroupCredential(String fqan) { return getCachedGroupCredential(fqan); } @Override public Map<String, VO> getAvailableFqans() { return getCachedCredential().getAvailableFqans(); } @Override public void setSaveProxyOnCreation(boolean save) { this.saveProxyOnCreation = save; } @Override public boolean getSaveProxyOnCreation() { return this.saveProxyOnCreation; } @Override public String getProxyPath() { return getCachedCredential().getProxyPath(); } @Override public VOManager getVOManager() { return getCachedCredential().getVOManager(); } }
@Override protected void initCred(Map<PROPERTY, Object> config) { Object proxyTemp = null; if (config != null) { proxyTemp = config.get(PROPERTY.LocalPath); } if ((proxyTemp == null) || !(proxyTemp instanceof String) || StringUtils.isBlank((String) proxyTemp)) { proxyTemp = CoGProperties.getDefault().getProxyFile(); } getProxyFile().set((String) proxyTemp); this.localPath = proxyFile.getValue(); String mpFilePath = this.localPath + BaseCred.DEFAULT_MYPROXY_FILE_EXTENSION; File mpFile = new File(mpFilePath); if (mpFile.exists()) { myLogger.debug("Loading credential myproxy metadata from {}...", mpFilePath); try { Properties props = new Properties(); FileInputStream in = new FileInputStream(mpFile); props.load(in); in.close(); String username = null; String host = null; int port = -1; char[] password = null; for (Object o : props.keySet()) { String key = (String) o; PROPERTY p = PROPERTY.valueOf(key); String value = props.getProperty(key); switch (p) { case MyProxyHost: host = value; break; case MyProxyUsername: username = value; break; case MyProxyPort: port = Integer.parseInt(value); break; case MyProxyPassword: password = value.toCharArray(); break; default: throw new CredentialException("Property " + p + " not supported."); } } if (StringUtils.isNotBlank(host)) { setMyProxyHost(host); } if (StringUtils.isNotBlank(username)) { setMyProxyUsername(username); } if (port > 0) { setMyProxyPort(port); } if (password != null) { setMyProxyPassword(password); } isUploaded = true; } catch (Exception e) { myLogger.error("Can't load myproxy metadata file", e); } } else { myLogger.debug("No myproxy metadata file found for cred."); } }
public static void main(String[] args) { boolean bOk = parseCmdLine(args); String userCertFile = ""; String userKeyFile = ""; String userCertReqFile = ""; if (bOk) { // Get default location of cert. CoGProperties props = CoGProperties.getDefault(); // If no alternate directory specified. if (certDir == null) { userCertFile = props.getUserCertFile(); userKeyFile = props.getUserKeyFile(); // Get root dir of default cert location. int pos = userKeyFile.lastIndexOf(File.separator); certDir = userKeyFile.substring(0, pos + 1); } else { // If alternate directory specified set cert locations. if (certDir.endsWith(File.separator) == false) { certDir += File.separator; } userCertFile = certDir + prefix + "cert.pem"; userKeyFile = certDir + prefix + "key.pem"; } // Cert request file name. userCertReqFile = userCertFile.substring(0, userCertFile.length() - 4) + "_request.pem"; } File fDir = null; fDir = new File(certDir); if (bOk) { // Create dir if does not exists. if (!fDir.exists()) { fDir.mkdir(); } // Make sure directory exists. if (!fDir.exists() || !fDir.isDirectory()) { System.out.println("The directory " + certDir + " does not exists."); bOk = false; } } // Make sure we can write to it. if (bOk) { if (!fDir.canWrite()) { System.out.println("Can't write to " + certDir); bOk = false; } } // Check not to overwrite any of these files. if (bOk) { if (force == false) { boolean bFileExists = false; File f = new File(userKeyFile); if (f.exists()) { System.out.println(userKeyFile + " exists"); bFileExists = true; } f = new File(userCertFile); if (f.exists()) { System.out.println(userCertFile + " exists"); bFileExists = true; } f = new File(userCertReqFile); if (f.exists()) { System.out.println(userCertReqFile + " exists"); bFileExists = true; } if (bFileExists) { System.out.println("If you wish to overwrite, run the script again with -force."); bOk = false; } } } String password = ""; if (bOk && !noPswd) { // Get password from user. bOk = false; int attempts = 0; System.out.println(message); while (bOk == false && attempts < 3) { password = Util.getInput("Enter PEM pass phrase: "); String password2 = Util.getInput("Verify password Enter PEM pass phrase: "); if (password.compareTo(password2) != 0) { System.out.println("Verify failure"); } else { if (password.length() < 4) { System.out.println("phrase is too short, needs to be at least 4 chars"); } else { bOk = true; } } attempts++; } } // Generate cert request. if (bOk) { try { System.out.println("writing new private key to " + userKeyFile); genCertificateRequest( cn, "*****@*****.**", password, userKeyFile, userCertFile, userCertReqFile); } catch (Exception e) { System.out.println("error: " + e); e.printStackTrace(); } } }