Using the security library
CoG JGlobus version 1.1 introduced a new security library based on GSS-API. This document shows a few examples on how to accomplish certain tasks with the new library.
Please note that most of these tasks can be accomplished directly with the org.globus.gsi.GlobusCredential class. However, we strongly recommend
(if possible) not using org.globus.gsi.GlobusCredential class as it is security-protocol
specific representation of (PKI) credentials. Instead, we recommend using
the GSS abstractions as much as possible as shown here.
Getting default (user proxy) credentials:
ExtendedGSSManager manager = (ExtendedGSSManager)ExtendedGSSManager.getInstance();
GSSCredential cred = manager.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
Please note that by default if you don't set the credentials explicitly on a library (or pass null in place of GSSCredential) the default user credentials (proxy) will automatically be used.
Saving credentials:
ExtendedGSSCredential cred = ...
byte [] data = cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE);
FileOutputStream out = new FileOutputStream("file");
out.write(data);
out.close();
Loading user proxy from a file:
File f = new File("file");
byte [] data = new byte[(int)f.length()];
FileInputStream in = new FileInputStream(f);
// read in the credential data
in.read(data);
in.close();
ExtendedGSSManager manager = (ExtendedGSSManager)ExtendedGSSManager.getInstance();
GSSCredential cred =
manager.createCredential(data,
ExtendedGSSCredential.IMPEXP_OPAQUE,
GSSCredential.DEFAULT_LIFETIME,
null, // use default mechanism - GSI
GSSCredential.INITIATE_AND_ACCEPT);
Getting remaining lifetime of the credential:
GSSCredential cred = ...
int time = cred.getRemainingLifetime();
Getting the identity of the credential (in Globus format):
GSSCredential cred = ...
String identity = cred.getName().toString();
GlobusCredential/GSSCredential conversion:
To convert org.globus.gsi.GlobusCredential to GSSCredential instance (in
cases where you need to work with GlobusCredential object directly) you must
first wrap it in org.globus.gsi.gssapi.GlobusGSSCredentialImpl class:
GlobusCredential cred = ...
GSSCredential gssCred = new GlobusGSSCredentialImpl(cred, GSSCredential.INITIATE_AND_ACCEPT);
It is also possible to retrieve the org.globus.gsi.GlobusCredential object
from the GSSCredential instance if it is of the right type:
GSSCredential cred = ...
if (GSSCredential instanceof GlobusGSSCredentialImpl) {
GlobusCredential globusCred = ((GlobusGSSCredentialImpl)cred).getGlobusCredential();
...
}