View Javadoc

1   package fr.in2p3.jsaga.adaptor.security;
2   
3   import fr.in2p3.jsaga.adaptor.base.defaults.Default;
4   import fr.in2p3.jsaga.adaptor.base.defaults.EnvironmentVariables;
5   import fr.in2p3.jsaga.adaptor.base.usage.*;
6   import fr.in2p3.jsaga.adaptor.security.impl.InMemoryProxySecurityCredential;
7   import fr.in2p3.jsaga.adaptor.security.usage.UProxyFile;
8   import fr.in2p3.jsaga.adaptor.security.usage.UProxyObject;
9   import org.globus.common.CoGProperties;
10  import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
11  import org.globus.myproxy.MyProxy;
12  import org.globus.myproxy.MyProxyException;
13  import org.globus.myproxy.InitParams;
14  import org.globus.myproxy.InfoParams;
15  import org.globus.myproxy.DestroyParams;
16  import org.globus.myproxy.GetParams;
17  import org.globus.util.Util;
18  import org.gridforum.jgss.ExtendedGSSCredential;
19  import org.ietf.jgss.GSSCredential;
20  import org.ietf.jgss.GSSException;
21  import org.ogf.saga.context.Context;
22  import org.ogf.saga.error.IncorrectStateException;
23  import org.ogf.saga.error.NoSuccessException;
24  
25  import java.io.*;
26  import java.net.URISyntaxException;
27  import java.text.ParseException;
28  import java.util.Map;
29  
30  /* ***************************************************
31  * *** Centre de Calcul de l'IN2P3 - Lyon (France) ***
32  * ***             http://cc.in2p3.fr/             ***
33  * ***************************************************
34  * File:   MyProxySecurityAdaptor
35  * Author: Sylvain Reynaud (sreynaud@in2p3.fr)
36  * Date:   13 ao�t 2007
37  * ***************************************************
38  * Description:                                      */
39  /**
40   *
41   */
42  public class MyProxySecurityAdaptor extends GlobusSecurityAdaptor {
43      public static final int USAGE_GET_DELEGATED_MEMORY = 20;
44      public static final int USAGE_GET_DELEGATED_LOAD = 21;
45  
46  //    private static final int MIN_LIFETIME_FOR_USING = 3*3600;   // 3 hours
47      private static final int DEFAULT_STORED_PROXY_LIFETIME = 7*24*3600;
48      private static final int DEFAULT_DELEGATED_PROXY_LIFETIME = 12*3600;
49  
50      @Override
51      public String getType() {
52          return "MyProxy";
53      }
54  
55      @Override
56      public Class getSecurityCredentialClass() {
57          return MyProxySecurityCredential.class;
58      }
59  
60      @Override
61      public Usage getUsage() {
62          return new UAnd.Builder()
63                  .and(new UOr.Builder()
64                          // get delegated proxy from server
65                          .or(new UAnd.Builder()
66                                      .id(USAGE_GET_DELEGATED_MEMORY)
67                                      .and(new UNoPrompt(GlobusContext.USERPROXYOBJECT))
68                                      .and(new UDuration(GlobusContext.DELEGATIONLIFETIME))
69                                      .build()
70                          )
71                          .or(new UAnd.Builder()
72                                      .id(USAGE_GET_DELEGATED_LOAD)
73                                      .and(new UFile(Context.USERPROXY))
74                                      .and(new UDuration(GlobusContext.DELEGATIONLIFETIME))
75                                      .build()
76                          )
77                          // local proxy
78                          .or(new UNoPrompt(USAGE_MEMORY, GlobusContext.USERPROXYOBJECT/*, MIN_LIFETIME_FOR_USING*/))
79                          .or(new UFile(USAGE_LOAD, Context.USERPROXY/*, MIN_LIFETIME_FOR_USING*/))
80  
81                          // create and store proxy
82                          .or(getPKCS12orPEM())
83                          .build()
84                  )
85                  .and(new U(Context.SERVER))
86                  .and(new UOptional(Context.USERID))
87                  .and(new UOptional(GlobusContext.MYPROXYPASS))
88                  .and(new UFile(Context.CERTREPOSITORY))
89                  .build();
90      }
91  
92      @Override
93      public Default[] getDefaults(Map map) throws IncorrectStateException {
94          EnvironmentVariables env = EnvironmentVariables.getInstance();
95  //        return new Default[]{
96  //                // concat with ".myproxy" to avoid conflict with Globus context type
97  //                new Default(Context.USERPROXY, new String[]{
98  //                        env.getProperty("X509_USER_PROXY")!=null ? env.getProperty("X509_USER_PROXY")+".myproxy" : null,
99  //                        System.getProperty("java.io.tmpdir")+System.getProperty("file.separator")+"x509up_u"+
100 //                                (System.getProperty("os.name").toLowerCase().startsWith("windows")
101 //                                        ? "_"+System.getProperty("user.name").toLowerCase()
102 //                                        : (env.getProperty("UID")!=null
103 //                                                ? env.getProperty("UID")
104 //                                                : getUnixUID()
105 //                                          )
106 //                                )+".myproxy"}),
107 //                new Default(Context.USERCERT, new File[]{
108 //                        new File(env.getProperty("X509_USER_CERT")+""),
109 //                        new File(System.getProperty("user.home")+"/.globus/usercert.pem")}),
110 //                new Default(Context.USERKEY, new File[]{
111 //                        new File(env.getProperty("X509_USER_KEY")+""),
112 //                        new File(System.getProperty("user.home")+"/.globus/userkey.pem")}),
113 //                new Default(Context.CERTREPOSITORY, new File[]{
114 //                        new File(env.getProperty("X509_CERT_DIR")+""),
115 //                        new File(System.getProperty("user.home")+"/.globus/certificates/"),
116 //                        new File("/etc/grid-security/certificates/")}),
117 //                new Default(Context.SERVER, env.getProperty("MYPROXY_SERVER")),
118 //        };
119         Default[] parentDefault = super.getDefaults(map);
120         Default[] thisDefault = new Default[parentDefault.length+1];
121         System.arraycopy(parentDefault, 0, thisDefault, 0, parentDefault.length);
122         thisDefault[parentDefault.length] = new Default(Context.SERVER, env.getProperty("MYPROXY_SERVER"));
123         return thisDefault;
124     }
125 
126     public SecurityCredential createSecurityCredential(int usage, Map attributes, String contextId) throws IncorrectStateException, NoSuccessException {
127         try {
128             switch(usage) {
129                 case USAGE_INIT_PEM:
130                 {
131                     // build proxy
132 //                    GSSCredential cred = new GlobusProxyFactory(attributes, GlobusProxyFactory.OID_OLD, GlobusProxyFactory.CERTIFICATE_PEM).createProxy();
133                     GSSCredential cred = ((GlobusSecurityCredential)super.createSecurityCredential(usage, attributes, contextId)).getGSSCredential();
134 
135                     InitParams proxyParameters = new InitParams();
136 
137                     // send it to MyProxy server
138                     String userId = getUserName(cred, attributes);
139                     proxyParameters.setUserName(userId);
140 
141                     if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
142                     	proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
143                     }
144                     
145                     int storedLifetime = attributes.containsKey(Context.LIFETIME)
146                             ? UDuration.toInt(attributes.get(Context.LIFETIME))
147                             : DEFAULT_STORED_PROXY_LIFETIME;  // default lifetime for stored proxies
148                     proxyParameters.setLifetime(storedLifetime);
149 
150                     MyProxy server = getServer(attributes);
151                     server.put(cred, proxyParameters);
152 
153                     // destroy local temporary proxy (requires anonymous to be authorized by server's default trusted_retrievers policy)
154                     //Util.destroy(tempFile);
155 
156                     // returns
157                     return this.createSecurityAdaptor(cred, attributes);
158                 }
159                 case USAGE_MEMORY:
160 //                {
161 //                    GSSCredential cred = InMemoryProxySecurityCredential.toGSSCredential((String) attributes.get(GlobusContext.USERPROXYOBJECT));
162 //                    return this.createSecurityAdaptor(cred, attributes);
163 //                }
164                 case USAGE_LOAD:
165                 {
166 //                    CoGProperties.getDefault().setCaCertLocations((String) attributes.get(Context.CERTREPOSITORY));
167 //                    GSSCredential cred = load(new File((String) attributes.get(Context.USERPROXY)));
168 //                    return this.createSecurityAdaptor(cred, attributes);
169                     return super.createSecurityCredential(usage, attributes, contextId);
170                 }
171                 case USAGE_GET_DELEGATED_MEMORY:
172                 {
173                     // get old proxy (required unless anonymous is authorized by server's default trusted_retrievers policy)
174                     GSSCredential oldCred = InMemoryProxySecurityCredential.toGSSCredential((String) attributes.get(GlobusContext.USERPROXYOBJECT));
175 
176                     // get delegated proxy
177                     GSSCredential cred = getDelegatedCredential(oldCred, attributes);
178                     return this.createSecurityAdaptor(cred, attributes);
179                 }
180                 case USAGE_GET_DELEGATED_LOAD:
181                 {
182                     // get old proxy (required unless anonymous is authorized by server's default trusted_retrievers policy)
183                     CoGProperties.getDefault().setCaCertLocations((String) attributes.get(Context.CERTREPOSITORY));
184                     GSSCredential oldCred = load(new File((String) attributes.get(Context.USERPROXY)));
185 
186                     // get delegated proxy
187                     GSSCredential cred = getDelegatedCredential(oldCred, attributes);
188                     save(new File((String) attributes.get(Context.USERPROXY)), cred);
189                     return this.createSecurityAdaptor(cred, attributes);
190                 }
191                 default:
192                     throw new NoSuccessException("INTERNAL ERROR: unexpected exception");
193             }
194         } catch(IncorrectStateException e) {
195             throw e;
196         } catch(NoSuccessException e) {
197             throw e;
198         } catch(Exception e) {
199             throw new NoSuccessException(e);
200         }
201     }
202     
203     private SecurityCredential createSecurityAdaptor(GSSCredential cred, Map attributes) throws IncorrectStateException {
204         File certRepository = new File((String) attributes.get(Context.CERTREPOSITORY));
205         String server = (String) attributes.get(Context.SERVER);
206 
207         InfoParams proxyParameters = new InfoParams();
208         String userId = getUserName(cred, attributes);
209         proxyParameters.setUserName(userId);
210 
211         if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
212         	proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
213         }
214 
215         return new MyProxySecurityCredential(cred, certRepository, server, proxyParameters);
216     }
217 
218     public void destroySecurityAdaptor(Map attributes, String contextId) throws Exception {
219         // get attributes
220         File proxy = new File((String) attributes.get(Context.USERPROXY));
221         if (!proxy.exists()) {
222             return;
223         }
224         GSSCredential cred = load(proxy);
225         DestroyParams proxyParameters = new DestroyParams();
226 
227         String userId = getUserName(cred, attributes);
228         proxyParameters.setUserName(userId);
229         
230         if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
231         	proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
232         }
233         
234         // destroy remote proxy
235         MyProxy server = getServer(attributes);
236         server.destroy(cred, proxyParameters);
237         
238         // destroy local proxy
239 //        Util.destroy(proxy);
240         super.destroySecurityAdaptor(attributes, contextId);
241     }
242 
243     private static GSSCredential getDelegatedCredential(GSSCredential oldCred, Map attributes) throws ParseException, URISyntaxException, MyProxyException, GSSException {
244         GetParams proxyParameters = new GetParams();
245 
246         String userId = getUserName(oldCred, attributes);
247         proxyParameters.setUserName(userId);
248 
249         if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
250         	proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
251         }
252 
253         int delegatedLifetime = attributes.containsKey(GlobusContext.DELEGATIONLIFETIME)
254         		? UDuration.toInt(attributes.get(GlobusContext.DELEGATIONLIFETIME))
255                 : DEFAULT_DELEGATED_PROXY_LIFETIME;  // effective lifetime for delegated proxy
256         proxyParameters.setLifetime(delegatedLifetime);
257         
258         MyProxy server = getServer(attributes);
259 
260         return server.get(oldCred, proxyParameters);
261     }
262 
263     private static MyProxy getServer(Map attributes) throws URISyntaxException {
264         String server = (String) attributes.get(Context.SERVER);
265         return getServer(server);
266     }
267     static MyProxy getServer(String server) {
268         String[] array = (server).split(":");
269         String host = array[0];
270         int port = (array.length>1 ? Integer.parseInt(array[1]) : MyProxy.DEFAULT_PORT);
271         MyProxy myProxy = new MyProxy(host, port);
272 /*
273         String subjectDN = null;
274         if (subjectDN != null) {
275             myProxy.setAuthorization(new IdentityAuthorization(subjectDN));
276         }
277 */
278         return myProxy;
279     }
280 
281     private static void save(File proxyFile, GSSCredential cred) throws GSSException, IOException {
282         byte[] proxyBytes = ((ExtendedGSSCredential) cred).export(ExtendedGSSCredential.IMPEXP_OPAQUE);
283         FileOutputStream out = new FileOutputStream(proxyFile);
284         out.write(proxyBytes);
285         out.close();
286     }
287     
288     private static String getUserName(GSSCredential cred, Map attributes) {
289         return attributes.get(Context.USERID) != null 
290         			? (String) attributes.get(Context.USERID) 
291         			: ((GlobusGSSCredentialImpl)cred).getX509Credential().getIdentity();
292     }
293 }