Class MyProxy


  • public class MyProxy
    extends Object
    This class provides an API for communicating with MyProxy servers. It provides main functions for retrieving, removing and storing credentials on MyProxy server. It also provides functions for getting credential information and changing passwords.

    More information about MyProxy is available on the MyProxy Home Page.

    Version:
    2.0
    • Field Detail

      • DEFAULT_PORT

        public static final int DEFAULT_PORT
        The default MyProxy server port (7512).
        See Also:
        Constant Field Values
      • DEFAULT_KEYBITS

        public static final int DEFAULT_KEYBITS
        The default key size (2048 bits).
        See Also:
        Constant Field Values
      • GET_PROXY

        public static final int GET_PROXY
        The integer command number for the MyProxy 'Get' command (0).
        See Also:
        Constant Field Values
      • PUT_PROXY

        public static final int PUT_PROXY
        The integer command number for the MyProxy 'Put' command (1).
        See Also:
        Constant Field Values
      • INFO_PROXY

        public static final int INFO_PROXY
        The integer command number for the MyProxy 'Info' command (2).
        See Also:
        Constant Field Values
      • DESTROY_PROXY

        public static final int DESTROY_PROXY
        The integer command number for the MyProxy 'Destroy' command (3).
        See Also:
        Constant Field Values
      • CHANGE_PASSWORD

        public static final int CHANGE_PASSWORD
        The integer command number for the MyProxy Password Change command (4).
        See Also:
        Constant Field Values
      • STORE_CREDENTIAL

        public static final int STORE_CREDENTIAL
        The integer command number for the MyProxy 'Store' command (5).
        See Also:
        Constant Field Values
      • RETRIEVE_CREDENTIAL

        public static final int RETRIEVE_CREDENTIAL
        The integer command number for the MyProxy 'Retrieve' command (6).
        See Also:
        Constant Field Values
      • GET_TRUSTROOTS

        public static final int GET_TRUSTROOTS
        The integer command number for the MyProxy 'Get Trustroots' command (7).
        See Also:
        Constant Field Values
      • host

        protected String host
        The hostname(s) of the target MyProxy server(s). Multiple host names can be specified comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
      • port

        protected int port
        The port of the target MyProxy server (default 7512).
      • authorization

        protected Authorization authorization
        The authorization policy in effect for the target MyProxy server.
      • context

        protected GSSContext context
        The GSSContext for communication with the MyProxy server.
      • trustrootFilenames

        protected String[] trustrootFilenames
        Trustroot information and path constant.
      • trustrootData

        protected String[] trustrootData
    • Constructor Detail

      • MyProxy

        public MyProxy()
        Initialize the MyProxy client object with the default authorization policy.
      • MyProxy

        public MyProxy​(String host,
                       int port)
        Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.
        Parameters:
        host - The hostname(s) of the MyProxy server(s) with optional port info. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
        port - The port number of the MyProxy server to use if one is not specified as part of the host string.
    • Method Detail

      • setHost

        public void setHost​(String host)
        Set MyProxy server hostname.
        Parameters:
        host - The hostname(s) of the MyProxy server(s). Multiple host names are comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
      • getHost

        public String getHost()
        Get MyProxy server hostname.
        Returns:
        The hostname of the MyProxy server.
      • setPort

        public void setPort​(int port)
        Set MyProxy server port.
        Parameters:
        port - The port number of the MyProxy server to use if one is not specified as part of the host string. Defaults to MyProxy.DEFAULT_PORT.
      • getPort

        public int getPort()
        Get MyProxy server port.
        Returns:
        The port number of the MyProxy server.
      • setAuthorization

        public void setAuthorization​(Authorization authorization)
        Set MyProxy server authorization mechanism.
        Parameters:
        authorization - The authorization mechanism for the MyProxy server.
      • getAuthorization

        public Authorization getAuthorization()
        Get MyProxy server authorization mechanism.
        Returns:
        The authorization mechanism for the MyProxy server.
      • put

        public void put​(GSSCredential credential,
                        String username,
                        String passphrase,
                        int lifetime)
                 throws MyProxyException
        Delegate credentials to a MyProxy server.
        Parameters:
        credential - The GSI credentials to use.
        username - The username to store the credentials under.
        passphrase - The passphrase to use to encrypt the stored credentials.
        lifetime - The maximum lifetime of credentials delegated by the server (in seconds).
        Throws:
        MyProxyException - If an error occurred during the operation.
      • put

        public void put​(GSSCredential credential,
                        InitParams params)
                 throws MyProxyException
        Delegate credentials to a MyProxy server.
        Parameters:
        credential - The GSI credentials to use.
        params - The parameters for the put operation.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • store

        public void store​(GSSCredential credential,
                          X509Certificate[] certs,
                          OpenSSLKey key,
                          StoreParams params)
                   throws MyProxyException
        Store credentials on a MyProxy server. Copies certificate(s) and private key directly to the server rather than delegating an X.509 proxy credential.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        certs - The certificate(s) to store.
        key - The private key to store (typically encrypted).
        params - The parameters for the store operation.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • destroy

        public void destroy​(GSSCredential credential,
                            String username,
                            String passphrase)
                     throws MyProxyException
        Removes delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        username - The username of the credentials to remove.
        passphrase - The passphrase of the credentials to remove.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • destroy

        public void destroy​(GSSCredential credential,
                            DestroyParams params)
                     throws MyProxyException
        Removes delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the destroy operation.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • changePassword

        public void changePassword​(GSSCredential credential,
                                   ChangePasswordParams params)
                            throws MyProxyException
        Changes the password of the credential on the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the change password operation.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • info

        public CredentialInfo info​(GSSCredential credential,
                                   String username,
                                   String passphrase)
                            throws MyProxyException
        Retrieves credential information from MyProxy server. Only the information of the default credential is returned by this operation.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        username - The username of the credentials to remove.
        passphrase - The passphrase of the credentials to remove.
        Returns:
        The credential information of the default credential.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • info

        public CredentialInfo[] info​(GSSCredential credential,
                                     InfoParams params)
                              throws MyProxyException
        Retrieves credential information from MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication.
        params - The parameters for the info operation.
        Returns:
        The array of credential information of all the user's credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • get

        public GSSCredential get​(String username,
                                 String passphrase,
                                 int lifetime)
                          throws MyProxyException
        Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
        Parameters:
        username - The username of the credentials to retrieve.
        passphrase - The passphrase of the credentials to retrieve.
        lifetime - The requested lifetime of the retrieved credential (in seconds).
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • get

        public GSSCredential get​(GSSCredential credential,
                                 String username,
                                 String passphrase,
                                 int lifetime)
                          throws MyProxyException
        Retrieves delegated credentials from the MyProxy server. Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        username - The username of the credentials to retrieve.
        passphrase - The passphrase of the credentials to retrieve.
        lifetime - The requested lifetime of the retrieved credential (in seconds).
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • get

        public GSSCredential get​(GSSCredential credential,
                                 GetParams params)
                          throws MyProxyException
        Retrieves delegated credentials from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        params - The parameters for the get operation.
        Returns:
        GSSCredential The retrieved delegated credentials.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • getTrustroots

        public void getTrustroots​(GSSCredential credential,
                                  GetTrustrootsParams params)
                           throws MyProxyException
        Retrieves trustroot information from the MyProxy server.
        Parameters:
        credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
        params - The parameters for the get-trustroots operation.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • bootstrapTrust

        public void bootstrapTrust()
                            throws MyProxyException
        Bootstraps trustroot information from the MyProxy server.
        Throws:
        MyProxyException - If an error occurred during the operation.
      • getTrustRootPath

        public static String getTrustRootPath()
        Returns the trusted certificates directory location where writeTrustRoots() will store certificates. It first checks the X509_CERT_DIR system property. If that property is not set, it uses ${user.home}/.globus/certificates. Note that, unlike CoGProperties.getCaCertLocations(), it does not return /etc/grid-security/certificates or ${GLOBUS_LOCATION}/share/certificates.
      • writeTrustRoots

        public boolean writeTrustRoots()
                                throws IOException
        Writes the retrieved trust roots to the Globus trusted certificates directory.
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        IOException
      • writeTrustRoots

        public boolean writeTrustRoots​(String directory)
                                throws IOException
        Writes the retrieved trust roots to a trusted certificates directory.
        Parameters:
        directory - path where the trust roots should be written
        Returns:
        true if trust roots are written successfully, false if no trust roots are available to be written
        Throws:
        IOException