Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
C
CONF
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
UvA
CONF
Commits
e08d13fd
Commit
e08d13fd
authored
Jun 28, 2017
by
Spiros Koulouzis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
use jglobus api to get proxy cert from myproxy
parent
5839e8d0
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
123 additions
and
61 deletions
+123
-61
Dockerfile
Dockerfiles/myproxy/Dockerfile
+0
-8
pom.xml
drip-commons/pom.xml
+12
-0
AAUtils.java
.../src/main/java/nl/uva/sne/drip/commons/utils/AAUtils.java
+99
-0
MessageParsing.java
...l/uva/sne/drip/drip/provisioner/utils/MessageParsing.java
+9
-51
Consumer.java
...in/java/nl/uva/sne/drip/drip/provisioner/v1/Consumer.java
+3
-2
No files found.
Dockerfiles/myproxy/Dockerfile
deleted
100644 → 0
View file @
5839e8d0
FROM
agaveapi/myproxy:latest
RUN
yum update
-y
RUN
yum
install
wget
-y
RUN
wget https://raw.githubusercontent.com/EGI-FCTF/fedcloud-userinterface/master/fedcloud-ui.sh
#Build: docker build -t drip-myproxy .
# Run: docker run --name drip-myproxy-inst -d drip-myproxy
drip-commons/pom.xml
View file @
e08d13fd
...
...
@@ -74,6 +74,18 @@
<version>
4.2.1.RELEASE
</version>
<type>
jar
</type>
</dependency>
<dependency>
<groupId>
org.jglobus
</groupId>
<artifactId>
ssl-proxies
</artifactId>
<version>
2.1.0
</version>
<type>
jar
</type>
</dependency>
<dependency>
<groupId>
org.jglobus
</groupId>
<artifactId>
myproxy
</artifactId>
<version>
2.1.0
</version>
<type>
jar
</type>
</dependency>
</dependencies>
<properties>
<maven.compiler.source>
1.8
</maven.compiler.source>
...
...
drip-commons/src/main/java/nl/uva/sne/drip/commons/utils/AAUtils.java
0 → 100644
View file @
e08d13fd
/*
* Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
nl
.
uva
.
sne
.
drip
.
commons
.
utils
;
import
java.io.ByteArrayInputStream
;
import
java.io.File
;
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.OutputStream
;
import
java.security.cert.CertificateEncodingException
;
import
java.util.List
;
import
org.globus.common.CoGProperties
;
import
org.globus.myproxy.GetParams
;
import
org.globus.myproxy.MyProxyException
;
import
org.globus.util.Util
;
import
org.gridforum.jgss.ExtendedGSSCredential
;
import
org.gridforum.jgss.ExtendedGSSManager
;
import
org.ietf.jgss.GSSCredential
;
import
org.ietf.jgss.GSSException
;
import
org.ietf.jgss.GSSManager
;
/**
*
* @author S. Koulouzis
*/
public
class
AAUtils
{
public
static
String
generateProxy
(
String
accessKeyId
,
String
secretKey
,
SOURCE
source
)
{
throw
new
UnsupportedOperationException
(
"Not supported yet."
);
//To change body of generated methods, choose Tools | Templates.
}
public
enum
SOURCE
{
MY_PROXY
,
CERTIFICATE
}
public
static
String
generateProxy
(
String
accessKeyId
,
String
secretKey
,
SOURCE
source
,
String
myProxyEndpoint
,
List
voname
)
throws
IOException
,
CertificateEncodingException
,
GSSException
,
MyProxyException
{
File
proxy_file
=
null
;
if
(
source
.
equals
(
SOURCE
.
MY_PROXY
))
{
GetParams
getRequest
=
new
GetParams
();
getRequest
.
setUserName
(
accessKeyId
);
getRequest
.
setCredentialName
(
null
);
getRequest
.
setLifetime
(
43200
);
getRequest
.
setWantTrustroots
(
false
);
getRequest
.
setPassphrase
(
secretKey
);
getRequest
.
setVoname
(
voname
);
GSSManager
manager
=
ExtendedGSSManager
.
getInstance
();
GSSCredential
credential
=
manager
.
createCredential
(
GSSCredential
.
INITIATE_ONLY
);
org
.
globus
.
myproxy
.
MyProxy
myProxy
=
new
org
.
globus
.
myproxy
.
MyProxy
(
myProxyEndpoint
,
7512
);
GSSCredential
newCred
=
myProxy
.
get
(
credential
,
getRequest
);
CoGProperties
properties
=
CoGProperties
.
getDefault
();
String
outputFile
=
properties
.
getProxyFile
();
proxy_file
=
new
File
(
outputFile
);
String
path
=
proxy_file
.
getPath
();
try
(
FileOutputStream
out
=
new
FileOutputStream
(
path
);)
{
// set read only permissions
Util
.
setOwnerAccessOnly
(
path
);
byte
[]
data
=
((
ExtendedGSSCredential
)
newCred
).
export
(
ExtendedGSSCredential
.
IMPEXP_OPAQUE
);
out
.
write
(
data
);
}
}
else
if
(
source
.
equals
(
SOURCE
.
CERTIFICATE
))
{
}
return
proxy_file
.
getAbsolutePath
();
}
public
static
void
pipeStream
(
InputStream
input
,
OutputStream
output
)
throws
IOException
{
byte
buffer
[]
=
new
byte
[
1024
];
int
numRead
;
do
{
numRead
=
input
.
read
(
buffer
);
output
.
write
(
buffer
,
0
,
numRead
);
}
while
(
input
.
available
()
>
0
);
output
.
flush
();
}
}
drip-provisioner/src/main/java/nl/uva/sne/drip/drip/provisioner/utils/MessageParsing.java
View file @
e08d13fd
...
...
@@ -18,14 +18,12 @@ package nl.uva.sne.drip.drip.provisioner.utils;
import
com.fasterxml.jackson.core.JsonParser
;
import
com.fasterxml.jackson.databind.ObjectMapper
;
import
java.io.BufferedReader
;
import
java.io.ByteArrayInputStream
;
import
java.io.File
;
import
java.io.FileNotFoundException
;
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.InputStreamReader
;
import
java.io.OutputStream
;
import
java.io.PrintWriter
;
import
java.net.MalformedURLException
;
import
java.net.URL
;
...
...
@@ -33,11 +31,15 @@ import java.nio.channels.Channels;
import
java.nio.channels.ReadableByteChannel
;
import
java.security.cert.CertificateEncodingException
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.List
;
import
java.util.Map
;
import
nl.uva.sne.drip.commons.utils.AAUtils
;
import
nl.uva.sne.drip.commons.utils.AAUtils.SOURCE
;
import
nl.uva.sne.drip.drip.commons.data.internal.MessageParameter
;
import
nl.uva.sne.drip.drip.commons.data.v1.external.CloudCredentials
;
import
org.globus.myproxy.MyProxyException
;
import
org.ietf.jgss.GSSException
;
import
org.json.JSONArray
;
import
org.json.JSONException
;
import
org.json.JSONObject
;
...
...
@@ -52,11 +54,6 @@ import provisioning.credential.EGICredential;
*/
public
class
MessageParsing
{
enum
SOURCE
{
MY_PROXY
,
CERTIFICATE
}
public
static
List
<
File
>
getTopologies
(
JSONArray
parameters
,
String
tempInputDirPath
,
int
level
)
throws
JSONException
,
IOException
{
List
<
File
>
topologyFiles
=
new
ArrayList
<>();
for
(
int
i
=
0
;
i
<
parameters
.
length
();
i
++)
{
...
...
@@ -140,7 +137,7 @@ public class MessageParsing {
return
map
;
}
public
static
List
<
Credential
>
getCloudCredentials
(
JSONArray
parameters
,
String
tempInputDirPath
)
throws
JSONException
,
FileNotFoundException
,
IOException
,
MyProxyException
,
CertificateEncodingException
{
public
static
List
<
Credential
>
getCloudCredentials
(
JSONArray
parameters
,
String
tempInputDirPath
)
throws
JSONException
,
FileNotFoundException
,
IOException
,
MyProxyException
,
CertificateEncodingException
,
GSSException
{
List
<
Credential
>
credentials
=
new
ArrayList
<>();
for
(
int
i
=
0
;
i
<
parameters
.
length
();
i
++)
{
JSONObject
param
=
(
JSONObject
)
parameters
.
get
(
i
);
...
...
@@ -181,9 +178,11 @@ public class MessageParsing {
myProxyEndpoint
=
PropertyValues
.
MY_PROXY_ENDPOINT
;
}
if
(
myProxyEndpoint
!=
null
)
{
egi
.
proxyFilePath
=
generateProxy
(
cred
.
getAccessKeyId
(),
cred
.
getSecretKey
(),
SOURCE
.
MY_PROXY
);
String
[]
myVOs
=
((
String
)
att
.
get
(
"vo_names"
)).
split
(
","
);
List
voNames
=
(
List
)
Arrays
.
asList
(
myVOs
);
egi
.
proxyFilePath
=
AAUtils
.
generateProxy
(
cred
.
getAccessKeyId
(),
cred
.
getSecretKey
(),
SOURCE
.
MY_PROXY
,
myProxyEndpoint
,
voNames
);
}
else
{
egi
.
proxyFilePath
=
generateProxy
(
cred
.
getAccessKeyId
(),
cred
.
getSecretKey
(),
SOURCE
.
CERTIFICATE
);
egi
.
proxyFilePath
=
AAUtils
.
generateProxy
(
cred
.
getAccessKeyId
(),
cred
.
getSecretKey
(),
SOURCE
.
CERTIFICATE
);
}
egi
.
trustedCertPath
=
PropertyValues
.
TRUSTED_CERTIFICATE_FOLDER
;
credential
=
egi
;
...
...
@@ -210,47 +209,6 @@ public class MessageParsing {
return
credentials
;
}
private
static
String
generateProxy
(
String
accessKeyId
,
String
secretKey
,
SOURCE
source
)
throws
MyProxyException
,
IOException
,
CertificateEncodingException
{
if
(
source
.
equals
(
SOURCE
.
MY_PROXY
))
{
//After 10 years of grid comuting and using certificates we still can't get it to work.
// MyProxy myProxy = new MyProxy(PropertyValues.MY_PROXY_ENDPOINT, 7512);
// myProxy.writeTrustRoots(PropertyValues.TRUSTED_CERTIFICATE_FOLDER);
//
// GSSCredential cert = myProxy.get(accessKeyId, secretKey, 2 * 3600);
// X509Credential gCred = ((GlobusGSSCredentialImpl) cert).getX509Credential();
// gCred.save(new FileOutputStream("/tmp/x509up_u0"));
String
cmd
=
"myproxy-logon "
+
"--voms fedcloud.egi.eu "
+
"-s "
+
PropertyValues
.
MY_PROXY_ENDPOINT
+
" -l "
+
accessKeyId
+
" --stdin_pass"
+
" --out /tmp/x509up_u0"
;
//
InputStream
fileIn
=
new
ByteArrayInputStream
(
secretKey
.
getBytes
());
Process
process
=
Runtime
.
getRuntime
().
exec
(
cmd
);
OutputStream
stdin
=
process
.
getOutputStream
();
InputStream
stdout
=
process
.
getInputStream
();
InputStream
stderr
=
process
.
getErrorStream
();
pipeStream
(
fileIn
,
stdin
);
}
else
if
(
source
.
equals
(
SOURCE
.
CERTIFICATE
))
{
}
return
"/tmp/x509up_u0"
;
}
public
static
void
pipeStream
(
InputStream
input
,
OutputStream
output
)
throws
IOException
{
byte
buffer
[]
=
new
byte
[
1024
];
int
numRead
;
do
{
numRead
=
input
.
read
(
buffer
);
output
.
write
(
buffer
,
0
,
numRead
);
}
while
(
input
.
available
()
>
0
);
output
.
flush
();
}
private
static
void
downloadCACertificates
(
URL
url
)
throws
MalformedURLException
,
IOException
{
String
[]
parts
=
url
.
getFile
().
split
(
"/"
);
String
fileName
=
parts
[
parts
.
length
-
1
];
...
...
drip-provisioner/src/main/java/nl/uva/sne/drip/drip/provisioner/v1/Consumer.java
View file @
e08d13fd
...
...
@@ -44,6 +44,7 @@ import nl.uva.sne.drip.drip.provisioner.utils.PropertyValues;
import
org.apache.commons.io.FileUtils
;
import
org.apache.commons.io.FilenameUtils
;
import
org.globus.myproxy.MyProxyException
;
import
org.ietf.jgss.GSSException
;
import
org.json.JSONArray
;
import
org.json.JSONException
;
import
org.json.JSONObject
;
...
...
@@ -456,7 +457,7 @@ public class Consumer extends DefaultConsumer {
EGIDatabase
egiDatabase
=
new
EGIDatabase
();
egiDatabase
.
loadDomainInfoFromFile
(
PropertyValues
.
DOMAIN_INFO_PATH
+
File
.
separator
+
"EGI_Domain_Info"
);
EC2Database
ec2Database
=
new
EC2Database
();
ec2Database
.
loadDomainFromFile
(
PropertyValues
.
DOMAIN_INFO_PATH
+
File
.
separator
+
"domains"
);
ec2Database
.
loadDomain
Info
FromFile
(
PropertyValues
.
DOMAIN_INFO_PATH
+
File
.
separator
+
"domains"
);
ec2Database
.
loadAmiFromFile
(
PropertyValues
.
DOMAIN_INFO_PATH
+
File
.
separator
+
"OS_Domain_AMI"
);
if
(
userDatabase
.
databases
==
null
)
{
userDatabase
.
databases
=
new
HashMap
<>();
...
...
@@ -466,7 +467,7 @@ public class Consumer extends DefaultConsumer {
return
userDatabase
;
}
private
UserCredential
getUserCredential
(
JSONArray
parameters
,
String
tempInputDirPath
)
throws
JSONException
,
IOException
,
FileNotFoundException
,
MyProxyException
,
CertificateEncodingException
{
private
UserCredential
getUserCredential
(
JSONArray
parameters
,
String
tempInputDirPath
)
throws
JSONException
,
IOException
,
FileNotFoundException
,
MyProxyException
,
CertificateEncodingException
,
GSSException
{
UserCredential
userCredential
=
new
UserCredential
();
List
<
Credential
>
credentials
=
MessageParsing
.
getCloudCredentials
(
parameters
,
tempInputDirPath
);
for
(
Credential
cred
:
credentials
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment