1 package fr.in2p3.jsaga.adaptor.security;
2
3 import fr.in2p3.jsaga.adaptor.base.defaults.Default;
4 import fr.in2p3.jsaga.adaptor.base.defaults.EnvironmentVariables;
5 import fr.in2p3.jsaga.adaptor.base.usage.*;
6 import fr.in2p3.jsaga.adaptor.security.impl.InMemoryProxySecurityCredential;
7 import fr.in2p3.jsaga.adaptor.security.usage.UProxyFile;
8 import fr.in2p3.jsaga.adaptor.security.usage.UProxyObject;
9 import org.globus.common.CoGProperties;
10 import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
11 import org.globus.myproxy.MyProxy;
12 import org.globus.myproxy.MyProxyException;
13 import org.globus.myproxy.InitParams;
14 import org.globus.myproxy.InfoParams;
15 import org.globus.myproxy.DestroyParams;
16 import org.globus.myproxy.GetParams;
17 import org.globus.util.Util;
18 import org.gridforum.jgss.ExtendedGSSCredential;
19 import org.ietf.jgss.GSSCredential;
20 import org.ietf.jgss.GSSException;
21 import org.ogf.saga.context.Context;
22 import org.ogf.saga.error.IncorrectStateException;
23 import org.ogf.saga.error.NoSuccessException;
24
25 import java.io.*;
26 import java.net.URISyntaxException;
27 import java.text.ParseException;
28 import java.util.Map;
29
30
31
32
33
34
35
36
37
38
39
40
41
42 public class MyProxySecurityAdaptor extends GlobusSecurityAdaptor {
43 public static final int USAGE_GET_DELEGATED_MEMORY = 20;
44 public static final int USAGE_GET_DELEGATED_LOAD = 21;
45
46
47 private static final int DEFAULT_STORED_PROXY_LIFETIME = 7*24*3600;
48 private static final int DEFAULT_DELEGATED_PROXY_LIFETIME = 12*3600;
49
50 @Override
51 public String getType() {
52 return "MyProxy";
53 }
54
55 @Override
56 public Class getSecurityCredentialClass() {
57 return MyProxySecurityCredential.class;
58 }
59
60 @Override
61 public Usage getUsage() {
62 return new UAnd.Builder()
63 .and(new UOr.Builder()
64
65 .or(new UAnd.Builder()
66 .id(USAGE_GET_DELEGATED_MEMORY)
67 .and(new UNoPrompt(GlobusContext.USERPROXYOBJECT))
68 .and(new UDuration(GlobusContext.DELEGATIONLIFETIME))
69 .build()
70 )
71 .or(new UAnd.Builder()
72 .id(USAGE_GET_DELEGATED_LOAD)
73 .and(new UFile(Context.USERPROXY))
74 .and(new UDuration(GlobusContext.DELEGATIONLIFETIME))
75 .build()
76 )
77
78 .or(new UNoPrompt(USAGE_MEMORY, GlobusContext.USERPROXYOBJECT
79 .or(new UFile(USAGE_LOAD, Context.USERPROXY
80
81
82 .or(getPKCS12orPEM())
83 .build()
84 )
85 .and(new U(Context.SERVER))
86 .and(new UOptional(Context.USERID))
87 .and(new UOptional(GlobusContext.MYPROXYPASS))
88 .and(new UFile(Context.CERTREPOSITORY))
89 .build();
90 }
91
92 @Override
93 public Default[] getDefaults(Map map) throws IncorrectStateException {
94 EnvironmentVariables env = EnvironmentVariables.getInstance();
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119 Default[] parentDefault = super.getDefaults(map);
120 Default[] thisDefault = new Default[parentDefault.length+1];
121 System.arraycopy(parentDefault, 0, thisDefault, 0, parentDefault.length);
122 thisDefault[parentDefault.length] = new Default(Context.SERVER, env.getProperty("MYPROXY_SERVER"));
123 return thisDefault;
124 }
125
126 public SecurityCredential createSecurityCredential(int usage, Map attributes, String contextId) throws IncorrectStateException, NoSuccessException {
127 try {
128 switch(usage) {
129 case USAGE_INIT_PEM:
130 {
131
132
133 GSSCredential cred = ((GlobusSecurityCredential)super.createSecurityCredential(usage, attributes, contextId)).getGSSCredential();
134
135 InitParams proxyParameters = new InitParams();
136
137
138 String userId = getUserName(cred, attributes);
139 proxyParameters.setUserName(userId);
140
141 if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
142 proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
143 }
144
145 int storedLifetime = attributes.containsKey(Context.LIFETIME)
146 ? UDuration.toInt(attributes.get(Context.LIFETIME))
147 : DEFAULT_STORED_PROXY_LIFETIME;
148 proxyParameters.setLifetime(storedLifetime);
149
150 MyProxy server = getServer(attributes);
151 server.put(cred, proxyParameters);
152
153
154
155
156
157 return this.createSecurityAdaptor(cred, attributes);
158 }
159 case USAGE_MEMORY:
160
161
162
163
164 case USAGE_LOAD:
165 {
166
167
168
169 return super.createSecurityCredential(usage, attributes, contextId);
170 }
171 case USAGE_GET_DELEGATED_MEMORY:
172 {
173
174 GSSCredential oldCred = InMemoryProxySecurityCredential.toGSSCredential((String) attributes.get(GlobusContext.USERPROXYOBJECT));
175
176
177 GSSCredential cred = getDelegatedCredential(oldCred, attributes);
178 return this.createSecurityAdaptor(cred, attributes);
179 }
180 case USAGE_GET_DELEGATED_LOAD:
181 {
182
183 CoGProperties.getDefault().setCaCertLocations((String) attributes.get(Context.CERTREPOSITORY));
184 GSSCredential oldCred = load(new File((String) attributes.get(Context.USERPROXY)));
185
186
187 GSSCredential cred = getDelegatedCredential(oldCred, attributes);
188 save(new File((String) attributes.get(Context.USERPROXY)), cred);
189 return this.createSecurityAdaptor(cred, attributes);
190 }
191 default:
192 throw new NoSuccessException("INTERNAL ERROR: unexpected exception");
193 }
194 } catch(IncorrectStateException e) {
195 throw e;
196 } catch(NoSuccessException e) {
197 throw e;
198 } catch(Exception e) {
199 throw new NoSuccessException(e);
200 }
201 }
202
203 private SecurityCredential createSecurityAdaptor(GSSCredential cred, Map attributes) throws IncorrectStateException {
204 File certRepository = new File((String) attributes.get(Context.CERTREPOSITORY));
205 String server = (String) attributes.get(Context.SERVER);
206
207 InfoParams proxyParameters = new InfoParams();
208 String userId = getUserName(cred, attributes);
209 proxyParameters.setUserName(userId);
210
211 if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
212 proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
213 }
214
215 return new MyProxySecurityCredential(cred, certRepository, server, proxyParameters);
216 }
217
218 public void destroySecurityAdaptor(Map attributes, String contextId) throws Exception {
219
220 File proxy = new File((String) attributes.get(Context.USERPROXY));
221 if (!proxy.exists()) {
222 return;
223 }
224 GSSCredential cred = load(proxy);
225 DestroyParams proxyParameters = new DestroyParams();
226
227 String userId = getUserName(cred, attributes);
228 proxyParameters.setUserName(userId);
229
230 if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
231 proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
232 }
233
234
235 MyProxy server = getServer(attributes);
236 server.destroy(cred, proxyParameters);
237
238
239
240 super.destroySecurityAdaptor(attributes, contextId);
241 }
242
243 private static GSSCredential getDelegatedCredential(GSSCredential oldCred, Map attributes) throws ParseException, URISyntaxException, MyProxyException, GSSException {
244 GetParams proxyParameters = new GetParams();
245
246 String userId = getUserName(oldCred, attributes);
247 proxyParameters.setUserName(userId);
248
249 if (attributes.get(GlobusContext.MYPROXYPASS) != null) {
250 proxyParameters.setPassphrase((String)attributes.get(GlobusContext.MYPROXYPASS));
251 }
252
253 int delegatedLifetime = attributes.containsKey(GlobusContext.DELEGATIONLIFETIME)
254 ? UDuration.toInt(attributes.get(GlobusContext.DELEGATIONLIFETIME))
255 : DEFAULT_DELEGATED_PROXY_LIFETIME;
256 proxyParameters.setLifetime(delegatedLifetime);
257
258 MyProxy server = getServer(attributes);
259
260 return server.get(oldCred, proxyParameters);
261 }
262
263 private static MyProxy getServer(Map attributes) throws URISyntaxException {
264 String server = (String) attributes.get(Context.SERVER);
265 return getServer(server);
266 }
267 static MyProxy getServer(String server) {
268 String[] array = (server).split(":");
269 String host = array[0];
270 int port = (array.length>1 ? Integer.parseInt(array[1]) : MyProxy.DEFAULT_PORT);
271 MyProxy myProxy = new MyProxy(host, port);
272
273
274
275
276
277
278 return myProxy;
279 }
280
281 private static void save(File proxyFile, GSSCredential cred) throws GSSException, IOException {
282 byte[] proxyBytes = ((ExtendedGSSCredential) cred).export(ExtendedGSSCredential.IMPEXP_OPAQUE);
283 FileOutputStream out = new FileOutputStream(proxyFile);
284 out.write(proxyBytes);
285 out.close();
286 }
287
288 private static String getUserName(GSSCredential cred, Map attributes) {
289 return attributes.get(Context.USERID) != null
290 ? (String) attributes.get(Context.USERID)
291 : ((GlobusGSSCredentialImpl)cred).getX509Credential().getIdentity();
292 }
293 }