org.italiangrid.voms.credential.impl.DefaultLoadCredentialsStrategy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of voms-api-java Show documentation
Show all versions of voms-api-java Show documentation
Java APIs to validate and request VOMS attribute certificates
/**
* Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2012.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.italiangrid.voms.credential.impl;
import org.bouncycastle.openssl.PasswordFinder;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.credential.LoadCredentialsEventListener;
import org.italiangrid.voms.credential.ProxyNamingPolicy;
import org.italiangrid.voms.util.NullListener;
import eu.emi.security.authn.x509.X509Credential;
/**
* The default strategy used to load user credentials when no file is explicitly
* pointed out by the user of this API.
*
* Credentials are searched in the following places (in sequence):
*
*
*
* - If the
X509_USER_CERT and X509_USER_KEY
* environment variables are set, their values are used to load the user
* credentials
*
* - If the
X509_USER_CERT and X509_USER_KEY
* system properties are set, their values are used to load the user
* credentials
*
* - If the
PKCS12_USER_CERT environment variable is set, its
* value is used to load the user credentials.
*
* - If the
PKCS12_USER_CERT system property is set, its
* value is used to load the user credentials.
*
* - The content of the
.globus directory in the user's home
* is searched for a PEM certificate (in the usercert.pem and
* userkey.pem files).
*
* - The content of the .globus directory in the user's home is searched
* for a PKC12 certificate (in the
usercert.p12 file).
*
*
*/
public class DefaultLoadCredentialsStrategy extends AbstractLoadCredentialsStrategy {
private static final String GLOBUS_PKCS12_CRED_PATH_SUFFIX = ".globus/usercred.p12";
private static final String GLOBUS_PEM_CERT_PATH_SUFFIX = ".globus/usercert.pem";
private static final String GLOBUS_PEM_KEY_PATH_SUFFIX = ".globus/userkey.pem";
public static final String HOME_PROPERTY = "user.home";
public static final String TMPDIR_PROPERTY = "java.io.tmpdir";
public static final String TMPDIR_PATH = "/tmp";
private static final ProxyNamingPolicy proxyPathBuilder = new DefaultProxyPathBuilder();
private String home;
private String tmpDir;
public DefaultLoadCredentialsStrategy(String homeFolder, String tempDir, LoadCredentialsEventListener listener) {
super(listener);
this.home = homeFolder;
this.tmpDir = tempDir;
if (home == null)
throw new VOMSError(HOME_PROPERTY+" not found in system properties!");
}
public DefaultLoadCredentialsStrategy(String homeFolder) {
this(homeFolder, System.getProperty(TMPDIR_PROPERTY), NullListener.INSTANCE);
}
public DefaultLoadCredentialsStrategy() {
this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY), NullListener.INSTANCE);
}
public DefaultLoadCredentialsStrategy(LoadCredentialsEventListener listener){
this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY), listener);
}
/**
* Looks for the value of a given property in the environment or in the
* system properties
* @param propName the property that will be looked for
* @return the property value, or null if no property was found
*/
public String getFromEnvOrSystemProperty(String propName){
String val = System.getenv(propName);
if (val == null)
val = System.getProperty(propName);
return val;
}
public X509Credential loadCredentials(PasswordFinder pf) {
if (pf == null)
throw new IllegalArgumentException("Please provide a non-null password finder!");
try {
X509Credential cred = loadPEMCredentialFromEnv(pf);
if (cred == null)
cred = loadPKCS12CredentialFromEnv(pf);
if (cred == null)
cred = loadPEMCredentialsFromGlobusDir(pf);
if (cred == null)
cred = loadPKCS12CredentialsFromGlobusDir(pf);
return cred;
} catch (Exception e) {
throw new VOMSError("Error loading credential: "+e.getMessage(),e);
}
}
protected X509Credential loadProxyFromUID(){
String uid = getFromEnvOrSystemProperty(VOMS_USER_ID);
if (uid != null){
String proxyFile = proxyPathBuilder.buildProxyFileName(tmpDir, Integer.parseInt(uid));
return loadProxyCredential(proxyFile);
}
return null;
}
protected X509Credential loadProxyFromEnv() {
String proxyPath = getFromEnvOrSystemProperty(X509_USER_PROXY);
if (proxyPath != null)
return loadProxyCredential(proxyPath);
return null;
}
protected X509Credential loadPEMCredentialFromEnv(PasswordFinder pf) {
String certPath = getFromEnvOrSystemProperty(X509_USER_CERT);
String keyPath = getFromEnvOrSystemProperty(X509_USER_KEY);
if (certPath != null && keyPath != null){
return loadPEMCredential(keyPath, certPath, pf);
}
return null;
}
protected X509Credential loadPKCS12CredentialFromEnv(PasswordFinder pf) {
String pkcs12Path = getFromEnvOrSystemProperty(PKCS12_USER_CERT);
if (pkcs12Path != null){
return loadPKCS12Credential(pkcs12Path, pf);
}
return null;
}
protected X509Credential loadPKCS12CredentialsFromGlobusDir(PasswordFinder pf) {
String credPath = String.format("%s/%s", home, GLOBUS_PKCS12_CRED_PATH_SUFFIX);
return loadPKCS12Credential(credPath, pf);
}
protected X509Credential loadPEMCredentialsFromGlobusDir(PasswordFinder pf) {
String certPath = String.format("%s/%s", home, GLOBUS_PEM_CERT_PATH_SUFFIX);
String keyPath = String.format("%s/%s", home, GLOBUS_PEM_KEY_PATH_SUFFIX);
return loadPEMCredential(keyPath, certPath, pf);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy