Class MyProxy

java.lang.Object
org.globus.myproxy.MyProxy

public class MyProxy extends Object
This class provides an API for communicating with MyProxy servers. It provides main functions for retrieving, removing and storing credentials on MyProxy server. It also provides functions for getting credential information and changing passwords.

More information about MyProxy is available on the MyProxy Home Page.

Version:
2.0
  • Field Details

    • version

      public static final String version
      See Also:
    • MIN_PASSWORD_LENGTH

      public static final int MIN_PASSWORD_LENGTH
      See Also:
    • MYPROXY_PROTOCOL_VERSION

      public static final String MYPROXY_PROTOCOL_VERSION
      See Also:
    • DEFAULT_PORT

      public static final int DEFAULT_PORT
      The default MyProxy server port (7512).
      See Also:
    • DEFAULT_KEYBITS

      public static final int DEFAULT_KEYBITS
      The default key size (2048 bits).
      See Also:
    • GET_PROXY

      public static final int GET_PROXY
      The integer command number for the MyProxy 'Get' command (0).
      See Also:
    • PUT_PROXY

      public static final int PUT_PROXY
      The integer command number for the MyProxy 'Put' command (1).
      See Also:
    • INFO_PROXY

      public static final int INFO_PROXY
      The integer command number for the MyProxy 'Info' command (2).
      See Also:
    • DESTROY_PROXY

      public static final int DESTROY_PROXY
      The integer command number for the MyProxy 'Destroy' command (3).
      See Also:
    • CHANGE_PASSWORD

      public static final int CHANGE_PASSWORD
      The integer command number for the MyProxy Password Change command (4).
      See Also:
    • STORE_CREDENTIAL

      public static final int STORE_CREDENTIAL
      The integer command number for the MyProxy 'Store' command (5).
      See Also:
    • RETRIEVE_CREDENTIAL

      public static final int RETRIEVE_CREDENTIAL
      The integer command number for the MyProxy 'Retrieve' command (6).
      See Also:
    • GET_TRUSTROOTS

      public static final int GET_TRUSTROOTS
      The integer command number for the MyProxy 'Get Trustroots' command (7).
      See Also:
    • host

      protected String host
      The hostname(s) of the target MyProxy server(s). Multiple host names can be specified comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
    • port

      protected int port
      The port of the target MyProxy server (default 7512).
    • authorization

      protected Authorization authorization
      The authorization policy in effect for the target MyProxy server.
    • context

      protected GSSContext context
      The GSSContext for communication with the MyProxy server.
    • trustrootFilenames

      protected String[] trustrootFilenames
      Trustroot information and path constant.
    • trustrootData

      protected String[] trustrootData
  • Constructor Details

    • MyProxy

      public MyProxy()
      Initialize the MyProxy client object with the default authorization policy.
    • MyProxy

      public MyProxy(String host, int port)
      Prepare to connect to the MyProxy server at the specified host and port using the default authorization policy.
      Parameters:
      host - The hostname(s) of the MyProxy server(s) with optional port info. Multiple hostnames can be specified in a comma separated list with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
      port - The port number of the MyProxy server to use if one is not specified as part of the host string.
  • Method Details

    • setHost

      public void setHost(String host)
      Set MyProxy server hostname.
      Parameters:
      host - The hostname(s) of the MyProxy server(s). Multiple host names are comma delimited with each hostname optionally followed by a ':' and port number. The client will communicate with the first server it has a successful network connection with.
    • getHost

      public String getHost()
      Get MyProxy server hostname.
      Returns:
      The hostname of the MyProxy server.
    • setPort

      public void setPort(int port)
      Set MyProxy server port.
      Parameters:
      port - The port number of the MyProxy server to use if one is not specified as part of the host string. Defaults to MyProxy.DEFAULT_PORT.
    • getPort

      public int getPort()
      Get MyProxy server port.
      Returns:
      The port number of the MyProxy server.
    • setAuthorization

      public void setAuthorization(Authorization authorization)
      Set MyProxy server authorization mechanism.
      Parameters:
      authorization - The authorization mechanism for the MyProxy server.
    • getAuthorization

      public Authorization getAuthorization()
      Get MyProxy server authorization mechanism.
      Returns:
      The authorization mechanism for the MyProxy server.
    • put

      public void put(GSSCredential credential, String username, String passphrase, int lifetime) throws MyProxyException
      Delegate credentials to a MyProxy server.
      Parameters:
      credential - The GSI credentials to use.
      username - The username to store the credentials under.
      passphrase - The passphrase to use to encrypt the stored credentials.
      lifetime - The maximum lifetime of credentials delegated by the server (in seconds).
      Throws:
      MyProxyException - If an error occurred during the operation.
    • put

      public void put(GSSCredential credential, InitParams params) throws MyProxyException
      Delegate credentials to a MyProxy server.
      Parameters:
      credential - The GSI credentials to use.
      params - The parameters for the put operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • store

      public void store(GSSCredential credential, X509Certificate[] certs, OpenSSLKey key, StoreParams params) throws MyProxyException
      Store credentials on a MyProxy server. Copies certificate(s) and private key directly to the server rather than delegating an X.509 proxy credential.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      certs - The certificate(s) to store.
      key - The private key to store (typically encrypted).
      params - The parameters for the store operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • destroy

      public void destroy(GSSCredential credential, String username, String passphrase) throws MyProxyException
      Removes delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      username - The username of the credentials to remove.
      passphrase - The passphrase of the credentials to remove.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • destroy

      public void destroy(GSSCredential credential, DestroyParams params) throws MyProxyException
      Removes delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the destroy operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • changePassword

      public void changePassword(GSSCredential credential, ChangePasswordParams params) throws MyProxyException
      Changes the password of the credential on the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the change password operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • info

      public CredentialInfo info(GSSCredential credential, String username, String passphrase) throws MyProxyException
      Retrieves credential information from MyProxy server. Only the information of the default credential is returned by this operation.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      username - The username of the credentials to remove.
      passphrase - The passphrase of the credentials to remove.
      Returns:
      The credential information of the default credential.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • info

      public CredentialInfo[] info(GSSCredential credential, InfoParams params) throws MyProxyException
      Retrieves credential information from MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication.
      params - The parameters for the info operation.
      Returns:
      The array of credential information of all the user's credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • get

      public GSSCredential get(String username, String passphrase, int lifetime) throws MyProxyException
      Retrieves delegated credentials from MyProxy server Anonymously (without local credentials) Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
      Parameters:
      username - The username of the credentials to retrieve.
      passphrase - The passphrase of the credentials to retrieve.
      lifetime - The requested lifetime of the retrieved credential (in seconds).
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • get

      public GSSCredential get(GSSCredential credential, String username, String passphrase, int lifetime) throws MyProxyException
      Retrieves delegated credentials from the MyProxy server. Notes: Performs simple verification of private/public keys of the delegated credential. Should be improved later. And only checks for RSA keys.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      username - The username of the credentials to retrieve.
      passphrase - The passphrase of the credentials to retrieve.
      lifetime - The requested lifetime of the retrieved credential (in seconds).
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • get

      public GSSCredential get(GSSCredential credential, GetParams params) throws MyProxyException
      Retrieves delegated credentials from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      params - The parameters for the get operation.
      Returns:
      GSSCredential The retrieved delegated credentials.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • getTrustroots

      public void getTrustroots(GSSCredential credential, GetTrustrootsParams params) throws MyProxyException
      Retrieves trustroot information from the MyProxy server.
      Parameters:
      credential - The local GSI credentials to use for authentication. Can be set to null if no local credentials.
      params - The parameters for the get-trustroots operation.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • bootstrapTrust

      public void bootstrapTrust() throws MyProxyException
      Bootstraps trustroot information from the MyProxy server.
      Throws:
      MyProxyException - If an error occurred during the operation.
    • getTrustRootPath

      public static String getTrustRootPath()
      Returns the trusted certificates directory location where writeTrustRoots() will store certificates. It first checks the X509_CERT_DIR system property. If that property is not set, it uses ${user.home}/.globus/certificates. Note that, unlike CoGProperties.getCaCertLocations(), it does not return /etc/grid-security/certificates or ${GLOBUS_LOCATION}/share/certificates.
    • writeTrustRoots

      public boolean writeTrustRoots() throws IOException
      Writes the retrieved trust roots to the Globus trusted certificates directory.
      Returns:
      true if trust roots are written successfully, false if no trust roots are available to be written
      Throws:
      IOException
    • writeTrustRoots

      public boolean writeTrustRoots(String directory) throws IOException
      Writes the retrieved trust roots to a trusted certificates directory.
      Parameters:
      directory - path where the trust roots should be written
      Returns:
      true if trust roots are written successfully, false if no trust roots are available to be written
      Throws:
      IOException