Class MyProxy

java.lang.Object
org.globus.myproxy.MyProxy

public class MyProxy extends Object
This class provides an API for communicating with MyProxy servers. It provides main functions for retrieving, removing and storing credentials on MyProxy server. It also provides functions for getting credential information and changing passwords.

More information about MyProxy is available on the MyProxy Home Page.

Version:
2.0
  • Field Details

  • Constructor Details

    • MyProxy

      public MyProxy()
      Initialize the MyProxy client object with the default authorization policy.
    • MyProxy

      public MyProxy(String host, int port)
      Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.
      Parameters:
      host - The hostname(s) of the MyProxy server(s) with optional port info. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
      port - The port number of the MyProxy server to use if one is not specified as part of the host string.
  • Method Details

    • setHost

      public void setHost(String host)
      Set MyProxy server hostname.
      Parameters:
      host - The hostname(s) of the MyProxy server(s). Multiple host names are comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
    • getHost

      public String getHost()
      Get MyProxy server hostname.
      Returns:
      The hostname of the MyProxy server.
    • setPort

      public void setPort(int port)
      Set MyProxy server port.
      Parameters:
      port - The port number of the MyProxy server to use if one is not specified as part of the host string. Defaults to MyProxy.DEFAULT_PORT.
    • getPort

      public int getPort()
      Get MyProxy server port.
      Returns:
      The port number of the MyProxy server.
    • setAuthorization

      public void setAuthorization(Authorization authorization)
      Set MyProxy server authorization mechanism.
      Parameters:
      authorization - The authorization mechanism for the MyProxy server.
    • getAuthorization

      public Authorization getAuthorization()
      Get MyProxy server authorization mechanism.
      Returns:
      The authorization mechanism for the MyProxy server.
    • getSocket

      private GssSocket getSocket(GSSCredential credential) throws IOException, GSSException
      Throws:
      IOException
      GSSException
    • put

      public void put(GSSCredential credential, String username, String passphrase, int lifetime) throws MyProxyException
      Delegate credentials to a MyProxy server.
      Parameters:
      credential - The GSI credentials to use.
      username - The username to store the credentials under.
      passphrase - The passphrase to use to encrypt the stored credentials.
      lifetime - The maximum lifetime of credentials delegated by the server (in seconds).
      Throws:
      MyProxyException - If an error occurred during the operation.
    • put

      public void put(GSSCredential credential, InitParams params) throws MyProxyException
      Delegate credentials to a MyProxy server.
      Parameters:
      credential - The GSI credentials to use.
      params - The parameters for the put operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • store

      public void store(GSSCredential credential, X509Certificate[] certs, OpenSSLKey key, StoreParams params) throws MyProxyException
      Store credentials on a MyProxy server. Copies certificate(s) and private key directly to the server rather than delegating an X.509 proxy credential.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      certs - The certificate(s) to store.
      key - The private key to store (typically encrypted).
      params - The parameters for the store operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • destroy

      public void destroy(GSSCredential credential, String username, String passphrase) throws MyProxyException
      Removes delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      username - The username of the credentials to remove.
      passphrase - The passphrase of the credentials to remove.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • destroy

      public void destroy(GSSCredential credential, DestroyParams params) throws MyProxyException
      Removes delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the destroy operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • changePassword

      public void changePassword(GSSCredential credential, ChangePasswordParams params) throws MyProxyException
      Changes the password of the credential on the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the change password operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • info

      public CredentialInfo info(GSSCredential credential, String username, String passphrase) throws MyProxyException
      Retrieves credential information from MyProxy server. Only the information of the default credential is returned by this operation.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      username - The username of the credentials to remove.
      passphrase - The passphrase of the credentials to remove.
      Returns:
      The credential information of the default credential.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • info

      public CredentialInfo[] info(GSSCredential credential, InfoParams params) throws MyProxyException
      Retrieves credential information from MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the info operation.
      Returns:
      The array of credential information of all the user's credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • matches

      private boolean matches(String line, int pos, String arg)
    • getCredName

      private String getCredName(String line, int pos, String arg)
    • getCredentialInfo

      private CredentialInfo getCredentialInfo(Map map, String name)
    • get

      public GSSCredential get(String username, String passphrase, int lifetime) throws MyProxyException
      Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
      Parameters:
      username - The username of the credentials to retrieve.
      passphrase - The passphrase of the credentials to retrieve.
      lifetime - The requested lifetime of the retrieved credential (in seconds).
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • get

      public GSSCredential get(GSSCredential credential, String username, String passphrase, int lifetime) throws MyProxyException
      Retrieves delegated credentials from the MyProxy server. Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      username - The username of the credentials to retrieve.
      passphrase - The passphrase of the credentials to retrieve.
      lifetime - The requested lifetime of the retrieved credential (in seconds).
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • get

      public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException
      Retrieves delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      params - The parameters for the get operation.
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • getTrustroots

      public void getTrustroots(GSSCredential credential, GetTrustrootsParams params) throws MyProxyException
      Retrieves trustroot information from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      params - The parameters for the get-trustroots operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • bootstrapTrust

      public void bootstrapTrust() throws MyProxyException
      Bootstraps trustroot information from the MyProxy server.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • readLine

      private static String readLine(InputStream is) throws IOException
      Throws:
      IOException
    • handleReply

      private InputStream handleReply(InputStream in) throws IOException, MyProxyException
      Throws:
      IOException
      MyProxyException
    • handleReply

      private InputStream handleReply(InputStream in, OutputStream out, GSSCredential authzcreds, boolean wantTrustroots) throws IOException, MyProxyException
      Throws:
      IOException
      MyProxyException
    • close

      private static void close(OutputStream out, InputStream in, Socket sock)
    • getAuthorization

      private static Authorization getAuthorization(String subjectDN)
    • getAnonymousCredential

      private GSSCredential getAnonymousCredential() throws GSSException
      Throws:
      GSSException
    • getTrustRootPath

      public static String getTrustRootPath()
      Returns the trusted certificates directory location where writeTrustRoots() will store certificates. It first checks the X509_CERT_DIR system property. If that property is not set, it uses ${user.home}/.globus/certificates. Note that, unlike CoGProperties.getCaCertLocations(), it does not return /etc/grid-security/certificates or ${GLOBUS_LOCATION}/share/certificates.
    • writeTrustRoots

      public boolean writeTrustRoots() throws IOException
      Writes the retrieved trust roots to the Globus trusted certificates directory.
      Returns:
      true if trust roots are written successfully, false if no trust roots are available to be written
      Throws:
      IOException
    • writeTrustRoots

      public boolean writeTrustRoots(String directory) throws IOException
      Writes the retrieved trust roots to a trusted certificates directory.
      Parameters:
      directory - path where the trust roots should be written
      Returns:
      true if trust roots are written successfully, false if no trust roots are available to be written
      Throws:
      IOException
    • opensslHash

      private static String opensslHash(X509Certificate cert)
    • openssl_X509_NAME_hash

      private static String openssl_X509_NAME_hash(X500Principal p) throws Exception
      Generates a hex X509_NAME hash (like openssl x509 -hash -in cert.pem) Based on openssl's crypto/x509/x509_cmp.c line 321
      Throws:
      Exception
    • toHex

      private static String toHex(byte[] bin)