List of usage examples for org.bouncycastle.asn1.x509 AttributeCertificate AttributeCertificate
public AttributeCertificate(ASN1Sequence seq)
From source file:nl.uva.vlet.grid.voms.VomsProxyCredential.java
License:Apache License
/** * Contacts the VOMS server to get an AttributeCertificate * /* www . j a v a2s.c o m*/ * @return true if successful, false if not * @throws GSSException * @throws IOException */ private boolean createAC() throws Exception { String hostid = vo.getDefaultHost() + ":" + vo.getDefaultPort(); infoPrintf("Contacting VOMS server [" + hostid + "] for vo:" + vo.getVoName() + "\n"); // System.out.println("Contacting VOMS server [" + vo.getHost() + " on // port "+ vo.getPort()+ " ]..."); GSSManager manager = new GlobusGSSManagerImpl(); Authorization authorization = new IdentityAuthorization(vo.getDefaultHostDN()); GSSCredential clientCreds = (GSSCredential) new GlobusGSSCredentialImpl(plainProxy, GSSCredential.INITIATE_ONLY); ExtendedGSSContext context = (ExtendedGSSContext) manager.createContext(null, GSSConstants.MECH_OID, clientCreds, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestCredDeleg(false); context.requestConf(true); context.requestAnonymity(false); context.setOption(GSSConstants.GSS_MODE, GSIConstants.MODE_GSI); context.setOption(GSSConstants.REJECT_LIMITED_PROXY, new Boolean(false)); GssSocket socket = null; OutputStream out = null; InputStream in = null; // // P.T. de Boer: // Nest exception and add usefull information to exception: // try { socket = (GssSocket) GssSocketFactory.getDefault().createSocket(vo.getDefaultHost(), vo.getDefaultPort(), context); socket.setWrapMode(GssSocket.GSI_MODE); socket.setAuthorization(authorization); out = ((Socket) socket).getOutputStream(); in = ((Socket) socket).getInputStream(); } // // NoRoute= wrong port and/or hostname catch (java.net.NoRouteToHostException e) { // Wrap as nested VL Exception and provide better // information: throw new VlIOException( "Communication Error. Adres or port is wrong or server is not reachable:" + hostid, e); } catch (java.net.ConnectException e) { // Wrap as nested VL Exception and provide better // information: throw new VlIOException("Connection Error. Adres or port is wrong or server is not reachable:" + hostid, e); } catch (java.net.SocketException e) { // Generic Socket Exception. // Wrap as nested VL Exception and provide better // information: // when authentication fails, the socket is closed also. throw new VlIOException( "Communication Error. Either SSL authentication failed or the adres or port is wrong (server not reachable):" + hostid, e); } /* * if (socket.isConnected()==false) { throw new IOException("Socket not * connected:"+socket.getInetAddress()+":"+socket.getPort()); } */ if (in == null) { // VlException throw new VlIOException( "Couldn't read from socket:" + socket.getInetAddress() + ":" + socket.getPort()); } String msg = new String("<?xml version=\"1.0\" encoding = \"US-ASCII\"?>" + "<voms>" + "<command>" + command + "</command>" + "<lifetime>" + lifetimeInSeconds + "</lifetime>" + "</voms>"); debugPrintf("Sending message to:%s\n--- START ---\n%s\n--- END ---\n", hostid, msg); byte[] outToken = msg.getBytes(); out.write(outToken); out.flush(); StringBuffer voms_server_answer = new StringBuffer(); BufferedReader buff = new BufferedReader(new InputStreamReader(in)); char[] buf = new char[1024]; int numRead = 0; // // read loop: // do { numRead = buff.read(buf); if (numRead > 0) { voms_server_answer.append(buf, 0, numRead); } } while (numRead >= 0); // while not EOF if (voms_server_answer.length() <= 0) { errorPrintf("empty or null voms_server_answer\n"); // P.T. de Boer: Do error checking ! throw new VlIOException("NULL reply from socket (command=" + command + "):" + socket.getInetAddress() + ":" + socket.getPort()); } // String answer = buff.readLine(); out.close(); in.close(); buff.close(); String answer = voms_server_answer.toString(); if (answer.indexOf("<error>") > 0) { String errormsg = answer.substring(answer.indexOf("<message>") + 9, answer.indexOf("</message>")); infoPrintf("Received error message from server:%s\n", errormsg); // P.T. de Boer: // This is NOT a warning: myLogger.warn("VOMS server returned an // error => " + errormsg); // throw error: throw new VlServerException("Error when communicating with:" + hostid + ".\nError=" + errormsg); } String encoded; try { encoded = answer.substring(answer.indexOf("<ac>") + 4, answer.indexOf("</ac>")); } catch (IndexOutOfBoundsException e) { // P.T. de Boer. This is an error as well: Nest Exception: throw new VlServerException("Message Error. Could not find encoded voms proxy in server answer.", e); } // System.out.println(" succes " + encoded); try { byte[] payload = VincenzoBase64.decode(encoded); // byte[] payload = Base64Coder.decode(encoded); //Debug(4,"Payload="(new String(payload)) ByteArrayInputStream is = new ByteArrayInputStream(payload); ASN1InputStream asnInStream = new ASN1InputStream(is); // org.bouncycastle.asn1.BERTaggedObjectParser btp = // (org.bouncycastle.asn1.BERTaggedObjectParser)asnInStream.readObject(); ASN1Sequence acseq = (ASN1Sequence) asnInStream.readObject(); ac = new AttributeCertificate(acseq); return true; } catch (Exception e) { // P.T. de Boer nested VlException throw new VlException("DecodingError", "Couldn't decode server answer\n" + encoded, e); } }
From source file:nl.uva.vlet.grid.voms.VomsUtil.java
License:Apache License
/** * Static method that returns all included AttributesCertificates of a * GlobusCredential. In general we are only interested in the first one. * /* w w w .j av a2 s . c om*/ * @param vomsProxy * the voms enabled proxy credential * @return all AttributeCertificates */ public static ArrayList<AttributeCertificate> extractVOMSACs(X509Certificate[] x509s) { // the aim of this is to retrieve all VOMS ACs ArrayList<AttributeCertificate> acArrayList = new ArrayList<AttributeCertificate>(); for (int x = 0; x < x509s.length; x++) { logger.debugPrintf(" - Checking certificate[" + x + "]\n"); try { byte[] payload = x509s[x].getExtensionValue(VomsUtil.CERT_VOMS_EXTENSION_OID); if (payload == null) { logger.debugPrintf(" - #%d: No VOMS AC extension.\n", x); continue; } else logger.debugPrintf(" - #d: Found VOMS AC extension.\n", x); // Octet String encapsulation - see RFC 3280 section 4.1 payload = ((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(payload)).readObject()) .getOctets(); ASN1Sequence acSequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(payload)) .readObject(); for (Enumeration e1 = acSequence.getObjects(); e1.hasMoreElements();) { ASN1Sequence seq2 = (ASN1Sequence) e1.nextElement(); for (Enumeration e2 = seq2.getObjects(); e2.hasMoreElements();) { AttributeCertificate ac = new AttributeCertificate((ASN1Sequence) e2.nextElement()); acArrayList.add(ac); } } } catch (Exception pe) { logger.logException(ClassLogger.DEBUG, pe, " - #%d: This part of the chain has no AC\n", x); } } return acArrayList; }
From source file:org.italiangrid.voms.asn1.VOMSACUtils.java
License:Apache License
/** * Deserializes the VOMS Attribute certificates in a given certificate * extension//from w ww .ja va 2s . co m * * @param vomsExtension * the VOMS extension * @return the possibly empty {@link List} of {@link AttributeCertificate} * extracted from a given extension * @throws IOException * in case of deserialization errors */ public static List<AttributeCertificate> getACsFromVOMSExtension(byte[] vomsExtension) throws IOException { List<AttributeCertificate> acs = null; if (vomsExtension == null) return Collections.emptyList(); acs = new ArrayList<AttributeCertificate>(); // Convert extension to a DEROctetString ASN1InputStream asn1Stream = new ASN1InputStream(new ByteArrayInputStream(vomsExtension)); byte[] payload = ((DEROctetString) asn1Stream.readObject()).getOctets(); asn1Stream.close(); asn1Stream = new ASN1InputStream(new ByteArrayInputStream(payload)); // VOMS extension is SEQUENCE of SET of AttributeCertificate // now, SET is an ordered sequence, and an AC is a sequence as // well -- thus the three nested ASN.1 sequences below... ASN1Sequence baseSequence = (ASN1Sequence) asn1Stream.readObject(); asn1Stream.close(); @SuppressWarnings("unchecked") Enumeration<ASN1Sequence> setSequence = baseSequence.getObjects(); while (setSequence.hasMoreElements()) { ASN1Sequence acSequence = setSequence.nextElement(); @SuppressWarnings("unchecked") Enumeration<ASN1Sequence> theACs = acSequence.getObjects(); while (theACs.hasMoreElements()) { AttributeCertificate parsedAC = new AttributeCertificate(theACs.nextElement()); acs.add(parsedAC); } } return acs; }