org.globus.myproxy.MyProxyCLI Maven / Gradle / Ivy
The newest version!
/*
* Copyright 1999-2006 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.globus.myproxy;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.BufferedReader;
import java.io.OutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509Credential;
import org.globus.gsi.OpenSSLKey;
import org.globus.gsi.bc.BouncyCastleOpenSSLKey;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.gssapi.auth.IdentityAuthorization;
import org.globus.gsi.gssapi.auth.Authorization;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.util.Util;
import org.globus.common.CoGProperties;
import org.globus.common.Version;
import org.globus.myproxy.CredentialInfo;
import org.globus.myproxy.ChangePasswordParams;
import org.globus.myproxy.DestroyParams;
import org.globus.myproxy.InitParams;
import org.globus.myproxy.GetParams;
import org.globus.myproxy.GetTrustrootsParams;
import org.globus.myproxy.InfoParams;
import org.globus.myproxy.StoreParams;
import org.gridforum.jgss.ExtendedGSSManager;
import org.gridforum.jgss.ExtendedGSSCredential;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSException;
/** MyProxy Command Line Client */
public class MyProxyCLI {
public static final int MYPROXY_SERVER_PORT = 7512;
public static final int PORTAL_LIFETIME_HOURS = 12;
public static final int CRED_LIFETIME_HOURS = 168;
public static final int MATCH_CN_ONLY = 0;
public static final int REGULAR_EXP = 1;
private static final String commonOptions =
"\tCommon Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-v | -version\n" +
"\t\tDisplays version\n" +
"\n" +
"\t-h | -host \n" +
"\t\tHostname of the myproxy-server\n" +
"\t-p | -port \n" +
"\t\tPort of the myproxy-server\n" +
"\t\t(default " + MYPROXY_SERVER_PORT + ")\n" +
"\t-s | -subject \n" +
"\t\tPerforms subject authorization\n" +
"\t-l | -username \n" +
"\t\tUsername for the delegated proxy\n" +
"\t-d | -dn_as_username\n" +
"\t\tUse the proxy certificate subject (DN) as the default\n" +
"\t\tusername instead of the \"user.name\" system property.\n" +
"\t-S | -stdin_pass\n" +
"\t\tAllows passphrase from stdin.\n";
private static final String message =
"\n" +
"Syntax: java MyProxyCLI [common options] command [command options]\n" +
" java MyProxyCLI -version\n" +
" java MyProxyCLI -help\n\n" +
commonOptions +
"\n" +
"\tCommands:\n" +
"\t put - put proxy\n" +
"\t store - store credentials\n" +
"\t get - get proxy\n" +
"\t anonget - get proxy without local credentials\n" +
"\t get-trustroots - get trustroots information\n" +
"\t destroy - remove proxy\n" +
"\t info - credential information\n" +
"\t pwd - change credential password\n\n" +
"\tSpecify -help after a command name for command-specific help.\n";
private static final String destroyMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] destroy [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-k | -credname \n" +
"\t\tSpecifies credential name\n";
private static final String pwdMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] pwd [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-k | -credname \n" +
"\t\tSpecifies credential name\n";
private static final String infoMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] info [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n";
private static final String getMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] [get|anonget] [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-t | -portal_lifetime \n" +
"\t\tLifetime of delegated proxy on\n" +
"\t\tthe portal (default " + PORTAL_LIFETIME_HOURS + " hours)\n" +
"\t-o | -out \n" +
"\t\tLocation of delegated proxy\n" +
"\t-T | -trustroots\n" +
"\t\tManage trust roots\n" +
"\t-k | -credname \n" +
"\t\tSpecifies credential name\n" +
"\t-a | -authorization \n" +
"\t\tSpecifies path to credentials to renew\n" +
"\t-m | -voms \n" +
"\t\tInclude VOMS attributes\n";
private static final String putMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] put [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-cert \n" +
"\t\tNon-standard location of user certificate\n" +
"\t-key \n" +
"\t\tNon-standard location of user key\n" +
"\t-t | -portal_lifetime \n" +
"\t\tLifetime of delegated proxy on\n" +
"\t\tthe portal (default " + PORTAL_LIFETIME_HOURS + " hours)\n" +
"\t-c | -cred_lifetime \n" +
"\t\tLifetime of delegated proxy\n" +
"\t\t(default 1 week - 168 hours)\n" +
"\t-a | -allow_anonymous_retrievers\n" +
"\t\tAllow credentials to be retrieved with just username/passphrase\n" +
"\t-A | -allow_anonymous_renewers\n" +
"\t\tAllow credentials to be renewed by any client (not recommended)\n" +
"\t-r | -retrievable_by \n" +
"\t\tAllow specified entity to retrieve credential\n" +
"\t-R | -renewable_by \n" +
"\t\tAllow specified entity to renew credential\n" +
"\t-x | -regex_dn_match\n" +
"\t\tSpecifies that the DN used by options -r and -R\n" +
"\t\twill be matched as a regular expression\n " +
"\t-X | -match_cn_only\n" +
"\t\tSpecifies that the DN used by options -r and -R\n" +
"\t\twill be matched against the Common Name (CN) of the\n" +
"\t\tsubject\n" +
"\t-n | -no_passphrase\n" +
"\t\tDisable passphrase authentication\n" +
"\t-k | -credname \n" +
"\t\tSpecifies credential name\n" +
"\t-K | -creddesc \n" +
"\t\tSpecifies credential description\n";
private static final String storeMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] store [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n" +
"\t-cert \n" +
"\t\tNon-standard location of user certificate\n" +
"\t-key \n" +
"\t\tNon-standard location of user key\n" +
"\t-t | -portal_lifetime \n" +
"\t\tLifetime of delegated proxy on\n" +
"\t\tthe portal (default " + PORTAL_LIFETIME_HOURS + " hours)\n" +
"\t-a | -allow_anonymous_retrievers\n" +
"\t\tAllow credentials to be retrieved with just username/passphrase\n" +
"\t-A | -allow_anonymous_renewers\n" +
"\t\tAllow credentials to be renewed by any client (not recommended)\n" +
"\t-r | -retrievable_by \n" +
"\t\tAllow specified entity to retrieve credential\n" +
"\t-R | -renewable_by \n" +
"\t\tAllow specified entity to renew credential\n" +
"\t-x | -regex_dn_match\n" +
"\t\tSpecifies that the DN used by options -r and -R\n" +
"\t\twill be matched as a regular expression\n " +
"\t-X | -match_cn_only\n" +
"\t\tSpecifies that the DN used by options -r and -R\n" +
"\t\twill be matched against the Common Name (CN) of the\n" +
"\t\tsubject\n" +
"\t-k | -credname \n" +
"\t\tSpecifies credential name\n" +
"\t-K | -creddesc \n" +
"\t\tSpecifies credential description\n";
private static final String getTrustrootsMessage =
"\n" +
"Syntax: java MyProxyCLI [common options] get-trustroots [command options]\n\n" +
commonOptions +
"\n" +
"\tCommand Options:\n" +
"\t-help\n" +
"\t\tDisplays usage\n";
private int port = MYPROXY_SERVER_PORT;
private String hostname;
private String username;
private String subjectDN;
private boolean debug = false;
private boolean dnAsUsername = false;
private boolean stdin = false;
private boolean wantTrustroots = false;
protected void parseCmdLine(String [] args) {
for (int i = 0; i < args.length; i++) {
if (args[i].charAt(0) != '-') {
CertificateLoadUtil.init();
if (args[i].equalsIgnoreCase("get")) {
doGet(args, i+1, false);
} else if (args[i].equalsIgnoreCase("anonget")) {
doGet(args, i+1, true);
} else if (args[i].equalsIgnoreCase("get-trustroots")) {
doGetTrustroots(args, i+1, true);
} else if (args[i].equalsIgnoreCase("put")) {
doPut(args, i+1);
} else if (args[i].equalsIgnoreCase("store")) {
doStore(args, i+1);
} else if (args[i].equalsIgnoreCase("destroy")) {
doDestroy(args, i+1);
} else if (args[i].equalsIgnoreCase("info")) {
doInfo(args, i+1);
} else if (args[i].equalsIgnoreCase("pwd")) {
doChangePassword(args, i+1);
} else {
error("Error: unknown command (" + args[i] +")");
}
} else if (args[i].equals("-h") ||
args[i].equalsIgnoreCase("-host")) {
++i;
if (i == args.length) {
error("Error: -h requires hostname");
} else {
this.hostname = args[i];
}
} else if (args[i].equals("-p") ||
args[i].equalsIgnoreCase("-port")) {
++i;
if (i == args.length) {
error("Error: -p requires port number");
} else {
this.port = Integer.parseInt(args[i]);
}
} else if (args[i].equals("-l") ||
args[i].equalsIgnoreCase("-username")) {
++i;
if (i == args.length) {
error("Error: -l requires username");
} else {
this.username = args[i];
}
} else if (args[i].equals("-d") ||
args[i].equalsIgnoreCase("-dn_as_username")) {
this.dnAsUsername = true;
} else if (args[i].equalsIgnoreCase("-debug")) {
this.debug = true;
} else if (args[i].equals("-S") ||
args[i].equalsIgnoreCase("-stdin_pass")) {
this.stdin = true;
} else if (args[i].equals("-s") ||
args[i].equalsIgnoreCase("-subject")) {
++i;
if (i == args.length) {
error("Error: -subject requires an argument");
} else {
this.subjectDN = args[i];
}
} else if (args[i].equals("-v") ||
args[i].equalsIgnoreCase("-version")) {
// display version info
System.out.println(Version.getVersion());
System.exit(1);
} else if (args[i].equalsIgnoreCase("-help") ||
args[i].equalsIgnoreCase("-usage")) {
System.err.println(message);
System.exit(1);
} else {
error("Error: argument #" + i + " (" + args[i] +") : unknown");
}
}
error("Error: No command specified");
}
private String getUsername() {
if (dnAsUsername) {
GSSCredential cred = getDefaultCredential();
try {
return cred.getName().toString();
} catch (Exception e) {
exit("Failed to get credential name: " + e.getMessage(), e);
}
} if (this.username == null) {
return System.getProperty("user.name");
} else {
return this.username;
}
}
private void verifyCommonCmdLine() {
if (this.hostname == null) {
error("Error: myproxy-server hostname not specified");
}
}
private org.globus.myproxy.MyProxy getMyProxy() {
org.globus.myproxy.MyProxy myProxy =
new org.globus.myproxy.MyProxy(this.hostname,
this.port);
if (this.subjectDN != null) {
myProxy.setAuthorization(new IdentityAuthorization(this.subjectDN));
}
return myProxy;
}
protected void doInfo(String args[], int start) {
for (int i=start;i now) {
System.out.println ("\tTime left : " +
Util.formatTimeSec((info[i].getEndTime() - now)/1000));
} else {
System.out.println ("\tTime left : expired");
}
tmp = info[i].getRetrievers();
if (tmp != null) {
System.out.println ("\tRetrievers : "+tmp);
}
tmp = info[i].getRenewers();
if (tmp != null) {
System.out.println ("\tRenewers : "+tmp);
}
tmp = info[i].getDescription();
if (tmp != null) {
System.out.println ("\tDescription : "+tmp);
}
}
} catch(Exception e) {
exit("Error: " + e.getMessage(), e);
}
exit();
}
protected void doDestroy(String args[], int start) {
String credName = null;
for (int i=start;i © 2015 - 2025 Weber Informatics LLC | Privacy Policy