protected void init() throws Exception {
prikey = globusCred.getPrivateKey();
pubkey = globusCred.getCertificateChain()[0].getPublicKey();
if (pubkey == null) {
throw new Exception("public key null");
}
}
/**
* Remove all associations between InvocationHelpers and the given GlobusCredential
*
* @param proxyEPR EPR of GlobusCredential that we want to be associated with no service anymore
*/
public void removeCredential(EndpointReferenceType proxyEPR) {
GlobusCredential credential = this.eprCredential.get(proxyEPR);
// First, remove Credential from the [credential, EPR] association
this.eprCredential.remove(credential);
// Verify if the received credential is associated with any service
boolean credentialIsKnown = this.servicesCredentials.containsValue(credential);
// If any service is associated with the received credential, remove each of these associations
if (credentialIsKnown) {
Set<Entry<String, GlobusCredential>> entries = this.servicesCredentials.entrySet();
Iterator<Entry<String, GlobusCredential>> entries_iter = entries.iterator();
// Iterate over the associations, removing those in which the received credential is present
while (entries_iter.hasNext()) {
Entry<String, GlobusCredential> curr_pair = entries_iter.next();
GlobusCredential curr_value = curr_pair.getValue();
if (curr_value.equals(credential)) {
String curr_key = curr_pair.getKey();
this.servicesCredentials.remove(curr_key);
}
}
}
}
public static void main(String args[]) throws Exception {
String username = "******";
String password = "******";
GridAuthenticationHelper loginHelper =
new GridAuthenticationHelper("@CAGRID_LOGIN_MODULE_NAME@");
GlobusCredential proxy = loginHelper.login(username, password);
System.out.println(proxy);
System.out.println("Identity:" + proxy.getIdentity());
}
/* (non-Javadoc)
* @see org.apache.servicemix.components.util.TransformComponentSupport#transform(javax.jbi.messaging.MessageExchange, javax.jbi.messaging.NormalizedMessage, javax.jbi.messaging.NormalizedMessage)
*/
@Override
protected boolean transform(
MessageExchange exchange, NormalizedMessage inMsg, NormalizedMessage outMsg)
throws Exception {
boolean success = false;
try {
Subject subject = inMsg.getSecuritySubject();
// Get principal
Principal principal = null;
Set<GridIdentifierPrincipal> principals =
subject.getPrincipals(GridIdentifierPrincipal.class);
if (principals == null || principals.size() == 0) {
throw new RuntimeException("No GridIdentifierPrincipal found!");
} else if (principals.size() > 1) {
throw new RuntimeException(principals.size() + " GridIdentifierPrincipals found!");
}
principal = principals.iterator().next();
System.out.println("## Principal is: " + principal.getName());
// Get cert chain
X509Certificate[] chain = null;
Set<X509Certificate[]> chains = subject.getPublicCredentials(X509Certificate[].class);
if (chains == null || chains.size() == 0) {
throw new RuntimeException("No X509Certificate[] found!");
} else if (chains.size() > 1) {
throw new RuntimeException(chains.size() + " X509Certificate[]s found!");
}
chain = chains.iterator().next();
// Get private key
PrivateKey privateKey = null;
Set<PrivateKey> privateKeys = subject.getPrivateCredentials(PrivateKey.class);
if (privateKeys == null || privateKeys.size() == 0) {
throw new RuntimeException("No PrivateKey found!");
} else if (privateKeys.size() > 1) {
throw new RuntimeException(chains.size() + " PrivateKeys found!");
}
privateKey = privateKeys.iterator().next();
GlobusCredential cred = new GlobusCredential(privateKey, chain);
System.out.println("## Identity is: " + cred.getIdentity());
String inMsgXml = new SourceTransformer().contentToString(inMsg);
outMsg.setContent(new StreamSource(new ByteArrayInputStream(inMsgXml.getBytes())));
success = true;
} catch (Exception ex) {
ex.printStackTrace();
}
return success;
}
private void setPlainProxyDetails() {
getIdentityTextField().setToolTipText(proxy.getSubject());
getIdentityTextField().setText(calculateIdentity(proxy.getSubject()));
getAuthenticatedTextField().setText("Yes");
if (timer == null) {
timer = new Timer();
timerTask = new CredentialStatusTimerTask(proxy);
timerTask.addCredentialStatusListener(this);
timer.schedule(timerTask, new Date(), 1000);
}
}
/** Extracts the identity and certificate issuer from the host certificate. */
private void configureTargetServiceInfo() throws GSSException {
GlobusCredential serviceCredential;
try {
serviceCredential =
new GlobusCredential(
_properties.getProperty(SERVICE_CERT), _properties.getProperty(SERVICE_KEY));
} catch (GlobusCredentialException gce) {
throw new GSSException(GSSException.NO_CRED, 0, HOST_CREDENTIAL_ERROR + gce.toString());
}
_targetServiceName = serviceCredential.getIdentity();
_targetServiceIssuer = X509Utils.toGlobusDN(serviceCredential.getIssuer(), true);
}
private void updateStatus() {
try {
proxy.verify();
} catch (Exception e) {
// means proxy is not valid anymore
getIdentityTextField().setText(NO_VALID_PROXY_MESSAGE);
getIdentityTextField().setToolTipText(null);
getAuthenticatedTextField().setText("No");
getRemainingTextField().setText(NO_TIME_REMAINING);
getVoTextField().setText(NO_VO_PROXY);
getDetailsButton().setEnabled(false);
return;
}
setPlainProxyDetails();
// now we try to make a voms proxy out of our credential
try {
vomsProxy = new VomsProxy(proxy);
} catch (Exception e) {
getVoTextField().setText(NO_VO_PROXY);
getDetailsButton().setEnabled(false);
return;
}
// nice, it's really a voms proxy
setVomsProxyDetails();
}
public static GSSCredential createUserCredential(String x509UserProxy)
throws GlobusCredentialException, GSSException {
if (x509UserProxy != null) {
GlobusCredential gcred = new GlobusCredential(x509UserProxy);
GSSCredential cred = new GlobusGSSCredentialImpl(gcred, GSSCredential.INITIATE_ONLY);
return cred;
}
GlobusCredential gcred = GlobusCredential.getDefaultCredential();
GSSCredential cred = new GlobusGSSCredentialImpl(gcred, GSSCredential.INITIATE_ONLY);
return cred;
}
private void writeProxy(GlobusCredential proxy, File f) throws GeneralSecurityException {
try {
OutputStream fw = openStream(f);
if (!SHARED_PROXIES) {
f.deleteOnExit();
}
try {
proxy.save(fw);
} finally {
fw.close();
}
} catch (Exception e) {
throw new GeneralSecurityException("Failed to save proxy certificate", e);
}
}
/**
* Retrieve the GlobusCredential associated with a service-operation. If credential retrieval is
* pending, caller is blocked until the credential becomes available.
*
* @param serviceOperationEPR EPR of the InvocationHelper
* @return The associated GlobusCredential, or null if no such association does exist
* @throws RemoteException
*/
public GlobusCredential getCredential(EndpointReference serviceOperationEPR)
throws RemoteException {
this.printCredentials();
String eprStr = null;
try {
WorkflowInvocationHelperClient client =
new WorkflowInvocationHelperClient(serviceOperationEPR);
eprStr = client.getEPRString();
} catch (MalformedURIException e1) {
e1.printStackTrace();
} catch (RemoteException e1) {
e1.printStackTrace();
}
GlobusCredential credential = null;
boolean serviceIsUnsecure = this.unsecureInvocations.contains(eprStr);
if (serviceIsUnsecure) {
logger.info(
"[WorkflowInstanceHelperResource.getCredential] Service is unsecure, returning null credential");
return null;
} else {
logger.info("[WorkflowInstanceHelperResource.getCredential] Service is secure");
Lock key = this.servicelLock.get(eprStr);
Condition credentialAvailability = this.serviceConditionVariable.get(eprStr);
// Mutual exclusive access session: we can only return the credential if it was already
// retrieved from the
// Credential Delegation Service
key.lock();
try {
printCredentials();
// If credential is unavailable, block until it is available
boolean credentialIsNotSet = (!this.servicesCredentials.containsKey(eprStr));
if (credentialIsNotSet) {
boolean explicitlyAwaken = credentialAvailability.await(60, TimeUnit.SECONDS);
if (!explicitlyAwaken)
throw new RemoteException(
"[WorkflowInstanceHelperResource.getCredential] Couldn't retrieve credential. "
+ "Was it registered into the InstanceHelper? Is the EndpointReference for the credential proxy valid?");
}
credential = this.servicesCredentials.get(eprStr);
logger.info("[getCredential] Retrieved credential: " + credential.getIdentity());
} catch (InterruptedException e) {
logger.error("[getCredential] Error retrieving credential");
e.printStackTrace();
} finally {
key.unlock();
}
logger.info(
"Returning credential: " + ((credential != null) ? credential.getIdentity() : null));
return credential;
}
}
protected void loadCertificate(ServerResponseTokenType srt) throws Exception {
srt.setPublicKey(globusCred.getCertificateChain()[0].getEncoded());
}
public GlobusCredServerNegotiator() throws GlobusCredentialException {
globusCred = GlobusCredential.getDefaultCredential();
trustedCerts = CapabilityUtil.getTrustedCertificates(null);
}