Commit e08d13fd authored by Spiros Koulouzis's avatar Spiros Koulouzis

use jglobus api to get proxy cert from myproxy

parent 5839e8d0
FROM agaveapi/myproxy:latest
RUN yum update -y
RUN yum install wget -y
RUN wget https://raw.githubusercontent.com/EGI-FCTF/fedcloud-userinterface/master/fedcloud-ui.sh
#Build: docker build -t drip-myproxy .
# Run: docker run --name drip-myproxy-inst -d drip-myproxy
...@@ -74,6 +74,18 @@ ...@@ -74,6 +74,18 @@
<version>4.2.1.RELEASE</version> <version>4.2.1.RELEASE</version>
<type>jar</type> <type>jar</type>
</dependency> </dependency>
<dependency>
<groupId>org.jglobus</groupId>
<artifactId>ssl-proxies</artifactId>
<version>2.1.0</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.jglobus</groupId>
<artifactId>myproxy</artifactId>
<version>2.1.0</version>
<type>jar</type>
</dependency>
</dependencies> </dependencies>
<properties> <properties>
<maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.source>1.8</maven.compiler.source>
......
/*
* Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.utils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.CertificateEncodingException;
import java.util.List;
import org.globus.common.CoGProperties;
import org.globus.myproxy.GetParams;
import org.globus.myproxy.MyProxyException;
import org.globus.util.Util;
import org.gridforum.jgss.ExtendedGSSCredential;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
/**
*
* @author S. Koulouzis
*/
public class AAUtils {
public static String generateProxy(String accessKeyId, String secretKey, SOURCE source) {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
public enum SOURCE {
MY_PROXY,
CERTIFICATE
}
public static String generateProxy(String accessKeyId, String secretKey, SOURCE source, String myProxyEndpoint, List voname) throws IOException, CertificateEncodingException, GSSException, MyProxyException {
File proxy_file = null;
if (source.equals(SOURCE.MY_PROXY)) {
GetParams getRequest = new GetParams();
getRequest.setUserName(accessKeyId);
getRequest.setCredentialName(null);
getRequest.setLifetime(43200);
getRequest.setWantTrustroots(false);
getRequest.setPassphrase(secretKey);
getRequest.setVoname(voname);
GSSManager manager = ExtendedGSSManager.getInstance();
GSSCredential credential = manager.createCredential(GSSCredential.INITIATE_ONLY);
org.globus.myproxy.MyProxy myProxy = new org.globus.myproxy.MyProxy(myProxyEndpoint, 7512);
GSSCredential newCred = myProxy.get(credential, getRequest);
CoGProperties properties = CoGProperties.getDefault();
String outputFile = properties.getProxyFile();
proxy_file = new File(outputFile);
String path = proxy_file.getPath();
try (FileOutputStream out = new FileOutputStream(path);) {
// set read only permissions
Util.setOwnerAccessOnly(path);
byte[] data
= ((ExtendedGSSCredential) newCred).export(ExtendedGSSCredential.IMPEXP_OPAQUE);
out.write(data);
}
} else if (source.equals(SOURCE.CERTIFICATE)) {
}
return proxy_file.getAbsolutePath();
}
public static void pipeStream(InputStream input, OutputStream output)
throws IOException {
byte buffer[] = new byte[1024];
int numRead;
do {
numRead = input.read(buffer);
output.write(buffer, 0, numRead);
} while (input.available() > 0);
output.flush();
}
}
...@@ -18,14 +18,12 @@ package nl.uva.sne.drip.drip.provisioner.utils; ...@@ -18,14 +18,12 @@ package nl.uva.sne.drip.drip.provisioner.utils;
import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
...@@ -33,11 +31,15 @@ import java.nio.channels.Channels; ...@@ -33,11 +31,15 @@ import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel; import java.nio.channels.ReadableByteChannel;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import nl.uva.sne.drip.commons.utils.AAUtils;
import nl.uva.sne.drip.commons.utils.AAUtils.SOURCE;
import nl.uva.sne.drip.drip.commons.data.internal.MessageParameter; import nl.uva.sne.drip.drip.commons.data.internal.MessageParameter;
import nl.uva.sne.drip.drip.commons.data.v1.external.CloudCredentials; import nl.uva.sne.drip.drip.commons.data.v1.external.CloudCredentials;
import org.globus.myproxy.MyProxyException; import org.globus.myproxy.MyProxyException;
import org.ietf.jgss.GSSException;
import org.json.JSONArray; import org.json.JSONArray;
import org.json.JSONException; import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
...@@ -52,11 +54,6 @@ import provisioning.credential.EGICredential; ...@@ -52,11 +54,6 @@ import provisioning.credential.EGICredential;
*/ */
public class MessageParsing { public class MessageParsing {
enum SOURCE {
MY_PROXY,
CERTIFICATE
}
public static List<File> getTopologies(JSONArray parameters, String tempInputDirPath, int level) throws JSONException, IOException { public static List<File> getTopologies(JSONArray parameters, String tempInputDirPath, int level) throws JSONException, IOException {
List<File> topologyFiles = new ArrayList<>(); List<File> topologyFiles = new ArrayList<>();
for (int i = 0; i < parameters.length(); i++) { for (int i = 0; i < parameters.length(); i++) {
...@@ -140,7 +137,7 @@ public class MessageParsing { ...@@ -140,7 +137,7 @@ public class MessageParsing {
return map; return map;
} }
public static List<Credential> getCloudCredentials(JSONArray parameters, String tempInputDirPath) throws JSONException, FileNotFoundException, IOException, MyProxyException, CertificateEncodingException { public static List<Credential> getCloudCredentials(JSONArray parameters, String tempInputDirPath) throws JSONException, FileNotFoundException, IOException, MyProxyException, CertificateEncodingException, GSSException {
List<Credential> credentials = new ArrayList<>(); List<Credential> credentials = new ArrayList<>();
for (int i = 0; i < parameters.length(); i++) { for (int i = 0; i < parameters.length(); i++) {
JSONObject param = (JSONObject) parameters.get(i); JSONObject param = (JSONObject) parameters.get(i);
...@@ -181,9 +178,11 @@ public class MessageParsing { ...@@ -181,9 +178,11 @@ public class MessageParsing {
myProxyEndpoint = PropertyValues.MY_PROXY_ENDPOINT; myProxyEndpoint = PropertyValues.MY_PROXY_ENDPOINT;
} }
if (myProxyEndpoint != null) { if (myProxyEndpoint != null) {
egi.proxyFilePath = generateProxy(cred.getAccessKeyId(), cred.getSecretKey(), SOURCE.MY_PROXY); String[] myVOs = ((String) att.get("vo_names")).split(",");
List voNames = (List) Arrays.asList(myVOs);
egi.proxyFilePath = AAUtils.generateProxy(cred.getAccessKeyId(), cred.getSecretKey(), SOURCE.MY_PROXY, myProxyEndpoint, voNames);
} else { } else {
egi.proxyFilePath = generateProxy(cred.getAccessKeyId(), cred.getSecretKey(), SOURCE.CERTIFICATE); egi.proxyFilePath = AAUtils.generateProxy(cred.getAccessKeyId(), cred.getSecretKey(), SOURCE.CERTIFICATE);
} }
egi.trustedCertPath = PropertyValues.TRUSTED_CERTIFICATE_FOLDER; egi.trustedCertPath = PropertyValues.TRUSTED_CERTIFICATE_FOLDER;
credential = egi; credential = egi;
...@@ -210,47 +209,6 @@ public class MessageParsing { ...@@ -210,47 +209,6 @@ public class MessageParsing {
return credentials; return credentials;
} }
private static String generateProxy(String accessKeyId, String secretKey, SOURCE source) throws MyProxyException, IOException, CertificateEncodingException {
if (source.equals(SOURCE.MY_PROXY)) {
//After 10 years of grid comuting and using certificates we still can't get it to work.
// MyProxy myProxy = new MyProxy(PropertyValues.MY_PROXY_ENDPOINT, 7512);
// myProxy.writeTrustRoots(PropertyValues.TRUSTED_CERTIFICATE_FOLDER);
//
// GSSCredential cert = myProxy.get(accessKeyId, secretKey, 2 * 3600);
// X509Credential gCred = ((GlobusGSSCredentialImpl) cert).getX509Credential();
// gCred.save(new FileOutputStream("/tmp/x509up_u0"));
String cmd = "myproxy-logon "
+ "--voms fedcloud.egi.eu "
+ "-s " + PropertyValues.MY_PROXY_ENDPOINT
+ " -l " + accessKeyId
+ " --stdin_pass"
+ " --out /tmp/x509up_u0";
//
InputStream fileIn = new ByteArrayInputStream(secretKey.getBytes());
Process process = Runtime.getRuntime().exec(cmd);
OutputStream stdin = process.getOutputStream();
InputStream stdout = process.getInputStream();
InputStream stderr = process.getErrorStream();
pipeStream(fileIn, stdin);
}else if (source.equals(SOURCE.CERTIFICATE)) {
}
return "/tmp/x509up_u0";
}
public static void pipeStream(InputStream input, OutputStream output)
throws IOException {
byte buffer[] = new byte[1024];
int numRead;
do {
numRead = input.read(buffer);
output.write(buffer, 0, numRead);
} while (input.available() > 0);
output.flush();
}
private static void downloadCACertificates(URL url) throws MalformedURLException, IOException { private static void downloadCACertificates(URL url) throws MalformedURLException, IOException {
String[] parts = url.getFile().split("/"); String[] parts = url.getFile().split("/");
String fileName = parts[parts.length - 1]; String fileName = parts[parts.length - 1];
......
...@@ -44,6 +44,7 @@ import nl.uva.sne.drip.drip.provisioner.utils.PropertyValues; ...@@ -44,6 +44,7 @@ import nl.uva.sne.drip.drip.provisioner.utils.PropertyValues;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.FilenameUtils;
import org.globus.myproxy.MyProxyException; import org.globus.myproxy.MyProxyException;
import org.ietf.jgss.GSSException;
import org.json.JSONArray; import org.json.JSONArray;
import org.json.JSONException; import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
...@@ -456,7 +457,7 @@ public class Consumer extends DefaultConsumer { ...@@ -456,7 +457,7 @@ public class Consumer extends DefaultConsumer {
EGIDatabase egiDatabase = new EGIDatabase(); EGIDatabase egiDatabase = new EGIDatabase();
egiDatabase.loadDomainInfoFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "EGI_Domain_Info"); egiDatabase.loadDomainInfoFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "EGI_Domain_Info");
EC2Database ec2Database = new EC2Database(); EC2Database ec2Database = new EC2Database();
ec2Database.loadDomainFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "domains"); ec2Database.loadDomainInfoFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "domains");
ec2Database.loadAmiFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "OS_Domain_AMI"); ec2Database.loadAmiFromFile(PropertyValues.DOMAIN_INFO_PATH + File.separator + "OS_Domain_AMI");
if (userDatabase.databases == null) { if (userDatabase.databases == null) {
userDatabase.databases = new HashMap<>(); userDatabase.databases = new HashMap<>();
...@@ -466,7 +467,7 @@ public class Consumer extends DefaultConsumer { ...@@ -466,7 +467,7 @@ public class Consumer extends DefaultConsumer {
return userDatabase; return userDatabase;
} }
private UserCredential getUserCredential(JSONArray parameters, String tempInputDirPath) throws JSONException, IOException, FileNotFoundException, MyProxyException, CertificateEncodingException { private UserCredential getUserCredential(JSONArray parameters, String tempInputDirPath) throws JSONException, IOException, FileNotFoundException, MyProxyException, CertificateEncodingException, GSSException {
UserCredential userCredential = new UserCredential(); UserCredential userCredential = new UserCredential();
List<Credential> credentials = MessageParsing.getCloudCredentials(parameters, tempInputDirPath); List<Credential> credentials = MessageParsing.getCloudCredentials(parameters, tempInputDirPath);
for (Credential cred : credentials) { for (Credential cred : credentials) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment