pax_global_header00006660000000000000000000000064120740262550014515gustar00rootroot0000000000000052 comment=ba50cd5ac99ea37d6ee99a0cb198ffa791df1495 voms-api-java-2_0_10/000077500000000000000000000000001207402625500144115ustar00rootroot00000000000000voms-api-java-2_0_10/.gitignore000066400000000000000000000001541207402625500164010ustar00rootroot00000000000000/.settings /bin /dist /target /.classpath /.project /spec/voms-api-java.spec /rpmbuild /debbuild /RPMS /tgz voms-api-java-2_0_10/AUTHORS000066400000000000000000000001431207402625500154570ustar00rootroot00000000000000Vincenzo Ciaschini Andrea Ceccanti voms-api-java-2_0_10/LICENSE000066400000000000000000000261361207402625500154260ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-api-java-2_0_10/Makefile000066400000000000000000000025321207402625500160530ustar00rootroot00000000000000name=voms-api-java spec=spec/$(name).spec version=$(shell grep "Version:" $(spec) | sed -e "s/Version://g" -e "s/[ \t]*//g") pom=pom.xml pom_version=$(shell grep "" $(pom) | head -1 | sed -e 's///g' -e 's/<\/version>//g' -e "s/[ \t]*//g") release=1 tarbuild_dir=$(shell pwd)/tarbuild rpmbuild_dir=$(shell pwd)/rpmbuild bc_version=1.45 #mvn_settings=-s src/config/emi-build-settings.xml .PHONY: clean rpm prepare-sources prepare-spec all: dist rpm prepare-sources: prepare-spec rm -rf $(tarbuild_dir) mkdir -p $(tarbuild_dir)/$(name) cp -r AUTHORS LICENSE Makefile README.md pom.xml spec src $(tarbuild_dir)/$(name) cd $(tarbuild_dir) && tar cvzf $(tarbuild_dir)/$(name)-$(version).tar.gz $(name) prepare-spec: sed -e 's#@@MVN_SETTINGS@@#$(mvn_settings)#g' \ -e 's#@@BC_VERSION@@#$(bc_version)#g' \ -e 's#@@POM_VERSION@@#$(pom_version)#g' \ spec/voms-api-java.spec.in > spec/voms-api-java.spec clean: rm -rf target $(rpmbuild_dir) $(tarbuild_dir) tgz RPMS dir spec/voms-api-java.spec dist: prepare-sources rpm: mkdir -p $(rpmbuild_dir)/BUILD $(rpmbuild_dir)/RPMS \ $(rpmbuild_dir)/SOURCES $(rpmbuild_dir)/SPECS \ $(rpmbuild_dir)/SRPMS cp $(tarbuild_dir)/$(name)-$(version).tar.gz $(rpmbuild_dir)/SOURCES/$(name)-$(version).tar.gz rpmbuild --nodeps -v -ba $(spec) --define "_topdir $(rpmbuild_dir)" voms-api-java-2_0_10/README.md000066400000000000000000000061371207402625500156770ustar00rootroot00000000000000# VOMS Java API Java binding for the Virtual Organization Membership Service (VOMS) API. The VOMS API can be used for - validating attribute certifcates (ACs) inside a proxy and reading the attributes (VOSM FQANs or VOMS generic attributes) - contacting a VOMS service in order to get an AC and for creating proxy certificates that contains an AC ## Installing If using Maven, add the dependencies to your pom file ```bash org.italiangrid voms-api-java ${voms-api-java-version} ``` ### Configure logging VOMS Java API uses [Log4j](http://logging.apache.org/log4j/1.2/) for logging. In order to setup logging you first need to add the log4j1.2.xj jar file to your classpath. If you use maven, you can use the following snippet: ```bash log4j log4j 1.2.17 ``` and have a log4j.properties file in the classpath: ```bash # Root logger option log4j.rootLogger=DEBUG, stdout # Direct log messages to stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n ``` An example log4j.properties configuration file can be found under src/test/resources. ## Getting started ### Validation In order to validate and access the VOMS attribute certificates in a given certificate chain, you should use the ```java org.glite.voms.VOMSValidator ``` class. ```java /* certificate chain may come either from loading (and validating) using BouncyCastle or from an authenticated HTTPS session */ X509Certificate[] theChain = ...; VOMSValidator validator = new VOMSValidator(theChain); validator.validate(); List attrs = validator.getVOMSAttributes(); for ( VOMSAttribute voAttr : attrs ) { List fqanAttrs = voAttr.getFullyQualifiedAttributes(); // Do something with the fqans... } ``` ### Contacting a remote VOMS server and creating a proxy Proxy creation functionalities are provided by the class VOMSProxyInit ```java UserCredentials credentials = UserCredentials.instance("/home/vinz/.globus/usercert.pem", "/home/vinz/.globus/userkey.pem", "passphrase"); VOMSProxyInit vomsProxyInit = VOMSProxyInit.instance(credentials); X509Certificate[] proxyCertificateChain = vomsProxyInit.getVomsProxy().getUserChain(); ``` ## Documentation More details on the APIs can be found in the Javadoc. ## Licence Licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-api-java-2_0_10/pom.xml000066400000000000000000000106671207402625500157400ustar00rootroot00000000000000 4.0.0 org.italiangrid voms-api-java 2.0.10 jar voms-api-java https://twiki.cnaf.infn.it/twiki/bin/view/VOMS UTF-8 UTF-8 /usr/share/java /usr/share/doc/${project.name}-${project.version} /usr/share/javadoc/${project.name} 1.45 **/LoadTest.java enableLoadTests none andreac Andrea Ceccanti andrea.ceccanti@cnaf.infn.it INFN CNAF Developer vciaschi Vincenzo Ciaschini vincenzo.ciaschini@cnaf.infn.it INFN CNAF Developer org.apache.maven.plugins maven-compiler-plugin 2.3.2 1.5 1.5 org.apache.maven.plugins maven-assembly-plugin voms-api-java ${basedir}/src/main/assembly/voms-api-java.xml org.apache.maven.plugins maven-javadoc-plugin 2.8 ${project.build.directory}/javadoc ${project.reporting.outputDirectory}/javadoc attach-javadocs site aggregate org.apache.maven.plugins maven-surefire-plugin 2.13 ${excludedTests} always -Xmx128M junit junit 3.8.1 test org.bouncycastle bcprov-ext-jdk16 ${bouncycastle.version} log4j log4j 1.2.14 commons-cli commons-cli 1.1 commons-lang commons-lang 2.3 commons-io commons-io 2.0.1 test cnaf-releases CNAF releases http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-releases/ cnaf-snapshots CNAF snapshots http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-snapshots/ voms-api-java-2_0_10/spec/000077500000000000000000000000001207402625500153435ustar00rootroot00000000000000voms-api-java-2_0_10/spec/voms-api-java.spec.in000066400000000000000000000061201207402625500212750ustar00rootroot00000000000000%define pom_version @@POM_VERSION@@ %define bc_version @@BC_VERSION@@ %define mvn_settings @@MVN_SETTINGS@@ Name: voms-api-java Version: 2.0.10 Release: 1%{?dist} Summary: The Virtual Organisation Membership Service Java APIs Group: System Environment/Libraries License: ASL 2.0 URL: https://twiki.cnaf.infn.it/twiki/bin/view/VOMS Source: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: maven BuildRequires: jpackage-utils BuildRequires: java-devel Requires: jpackage-utils Requires: bouncycastle = %{bc_version} Requires: jakarta-commons-cli Requires: jakarta-commons-lang Requires: log4j Requires: java Provides: vomsjapi = %{version}-%{release} Obsoletes: vomsjapi < %{version}-%{release} %description The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides a java client APIs for VOMS. %package javadoc Summary: Javadoc for the VOMS Java APIs Group: Documentation BuildArch: noarch Requires: jpackage-utils Requires: %{name} = %{version}-%{release} Provides: vomsjapi-javadoc = %{version}-%{release} Obsoletes: vomsjapi-javadoc < %{version}-%{release} %description javadoc Virtual Organization Membership Service (VOMS) Java API Documentation. %prep %setup -q -n voms-api-java %build mvn %{?mvn_settings} -U clean -Dmaven.test.skip=true -Dbouncycastle.version=%{bc_version} -B clean javadoc:javadoc assembly:assembly %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT tar -C $RPM_BUILD_ROOT -xvzf target/%{name}.tar.gz ln -s %{name}-%{pom_version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar ln -s %{name}-%{pom_version}.jar $RPM_BUILD_ROOT%{_javadir}/vomsjapi.jar mv $RPM_BUILD_ROOT%{_javadocdir}/%{name} $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{pom_version} ln -s %{name}-%{pom_version} $RPM_BUILD_ROOT%{_javadocdir}/%{name} %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %{_javadir}/%{name}.jar %{_javadir}/%{name}-%{pom_version}.jar # Backward compatibility naming %{_javadir}/vomsjapi.jar %doc AUTHORS LICENSE %files javadoc %defattr(-,root,root,-) %doc %{_javadocdir}/%{name} %doc %{_javadocdir}/%{name}-%{pom_version} %changelog * Fri Dec 7 2012 Andrea Ceccanti - 2.0.10-1 - Fix for http://issues.cnaf.infn.it/browse/VOMS-174 * Wed Oct 24 2012 Andrea Ceccanti - 2.0.9-1 - Fix for https://savannah.cern.ch/bugs/?98296 * Tue Apr 10 2012 Andrea Ceccanti - 2.0.8-1 - Fix for https://savannah.cern.ch/bugs/?93551 - Fix for https://savannah.cern.ch/bugs/?90112 * Fri Dec 16 2011 Andrea Ceccanti - 2.0.7-1 - Self-managed packaging - maven-based build voms-api-java-2_0_10/src/000077500000000000000000000000001207402625500152005ustar00rootroot00000000000000voms-api-java-2_0_10/src/config/000077500000000000000000000000001207402625500164455ustar00rootroot00000000000000voms-api-java-2_0_10/src/config/cnaf-build-settings.xml000066400000000000000000000007771207402625500230440ustar00rootroot00000000000000 false cern-maven-mirror CERN maven mirror http://itgt-maven.cern.ch:8081/nexus/content/groups/public * voms-api-java-2_0_10/src/config/emi-build-settings.xml000066400000000000000000000010461207402625500226750ustar00rootroot00000000000000 /tmp/m2-repository false cern-maven-mirror CERN maven mirror http://itgt-maven.cern.ch:8081/nexus/content/groups/public * voms-api-java-2_0_10/src/main/000077500000000000000000000000001207402625500161245ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/assembly/000077500000000000000000000000001207402625500177435ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/assembly/voms-api-java-src.xml000066400000000000000000000014611207402625500237260ustar00rootroot00000000000000 src tar.gz ${project.basedir} / true **/target/** **/.git/** **/.* **/.*/** **/rpmbuild/** **/spec/*.in voms-api-java-2_0_10/src/main/assembly/voms-api-java.xml000066400000000000000000000015651207402625500231460ustar00rootroot00000000000000 tar.gz false target/site/javadoc/apidocs ${assembly.javadoc.dir} 0644 target/${project.build.finalName}.jar ${project.build.finalName}.jar ${assembly.java.dir} 0644 voms-api-java-2_0_10/src/main/java/000077500000000000000000000000001207402625500170455ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/000077500000000000000000000000001207402625500176345ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/000077500000000000000000000000001207402625500207405ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/voms/000077500000000000000000000000001207402625500217245ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/voms/BasicVOMSTrustStore.java000066400000000000000000000132441207402625500264000ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Timer; import java.util.TimerTask; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.glite.voms.ac.ACTrustStore; /** * @deprecated This class does not expose the necessary information. Use * PKIStore instead. * * Implementation of a AC trust store for use with VOMS. The store * keeps an in-memory cache of issuer certificates, which can be * refreshed periodically. * * @author mulmo * @author Vincenzo Ciaschini */ public final class BasicVOMSTrustStore implements ACTrustStore { static Logger log = Logger.getLogger(BasicVOMSTrustStore.class); public static final String DEFAULT_TRUST_STORE_LISTING = PKIStore.DEFAULT_VOMSDIR; String trustedDirList = null; private Hashtable issuerCerts = new Hashtable(); private long refreshPeriod = -1; private Timer theTimer = null; /** * Creates a default VOMS trust store. Equivalent to
* new BasicVOMSTrustStore(DEFAULT_TRUST_STORE_LISTING, 300000); */ public BasicVOMSTrustStore() { this(DEFAULT_TRUST_STORE_LISTING, 300000); } /** * Creates and manages an in-memory cache of VOMS issuers by * periodically scanning a directory containing the trusted * issuers. * * If refreshPeriod is 0, it never refreshes.
* * @param trustedDirList directory listing containing trusted VOMS certs * @param refreshPeriod refresh period in milliseconds * * @see DirectoryList */ public BasicVOMSTrustStore(String trustedDirList, long refreshPeriod) { super(); if (refreshPeriod < 0) { throw new IllegalArgumentException("refreshPeriod is negative"); } List l; try { l = new DirectoryList(trustedDirList).getListing(); } catch (IOException e) { l = null; } if ((l == null) || l.isEmpty()) { String msg = "VOMS trust anchors " + trustedDirList + " does not appear to exist"; log.fatal(msg); throw new IllegalArgumentException(msg); } this.trustedDirList = trustedDirList; this.refreshPeriod = refreshPeriod; if (refreshPeriod == 0) { refresh(); } if (refreshPeriod > 0) { theTimer = new Timer(true); theTimer.scheduleAtFixedRate(new Refreshener(), 0, refreshPeriod); } } public String getDirList() { return trustedDirList; } public void stopRefresh() { if (theTimer != null) theTimer.cancel(); theTimer = null; } /** * Refreshes the in-memory cache of trusted signer certificates. */ public void refresh() { try { if (log.isDebugEnabled()) { log.debug("Refreshing in-memory VOMS issuer cache from " + trustedDirList); } Hashtable newTable = new Hashtable(); List certs = new FileCertReader().readCerts(trustedDirList); for (Iterator i = certs.iterator(); i.hasNext();) { X509Certificate cert = (X509Certificate) i.next(); Object key = cert.getSubjectX500Principal(); List l = (List) newTable.get(key); if (l == null) { l = new Vector(); } l.add(cert); newTable.put(key, l); } issuerCerts = newTable; if (log.isDebugEnabled()) { log.debug("Refreshing of in-memory VOMS issuer cache done. Read " + certs.size() + " certs"); } } catch (Exception e) { log.error("Unexpected error while refreshing in-memory VOMS issuer cache from " + trustedDirList + " : " + e.getMessage()); } } /* (non-Javadoc) * @see org.glite.voms.ac.ACTrustStore#getAACandidate(org.glite.voms.ac.AttributeCertificate) */ public X509Certificate[] getAACandidate(X500Principal issuer) { if (refreshPeriod < 0) { refresh(); } List l = (List) issuerCerts.get(issuer); if (l != null) { return (X509Certificate[]) l.toArray(new X509Certificate[l.size()]); } return null; } private class Refreshener extends TimerTask { public void run() { refresh(); } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/DirectoryList.java000066400000000000000000000117521207402625500253750ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ /* * Copyright (c) 2002 on behalf of the EU DataGrid Project: * The European Organization for Nuclear Research (CERN), * the Particle Physics and Astronomy Research Council (PPARC), * the Helsinki Institute of Physics and * the Swedish Research Council (SRC). All rights reserved. * see LICENSE file for details * * DirectoryList.java * * @author Joni Hahkala * Created on December 10, 2001, 6:50 PM */ package org.glite.voms; import org.apache.log4j.Logger; import java.io.File; import java.io.IOException; import java.util.Arrays; import java.util.Iterator; import java.util.List; import java.util.Vector; /** This class lists all the files defined in the constructor. * The definitions can be in three forms. * 1. absolute file (/tmp/test.txt) * 2. absolute path (/tmp) * 3. a wildcard file (/tmp/*.txt) * * In case 1. only the file is returned. * In case 2. all files in the directory are returned * In case 3. all the files in the directory tmp having * the .txt ending are returned. * * The returning means the return of the getListing method. */ class DirectoryList { static Logger logger = Logger.getLogger(DirectoryList.class.getName()); List files = null; /** Creates a new instance of DirectoryList * @param path The file definition, see class description above. * @throws Exception Thrown if the path was invalid */ public DirectoryList(String path) throws IOException { // splits the absolute? filename from the wildcard String[] parts = path.split("\\*"); // accept only one wildcard, so file is of the form /tmp/*.x or /tmp/a.x if ((parts.length < 1) || (parts.length > 2)) { return; } // check whether the first and only part is a file or directory if (parts.length == 1) { // open the directory or file File fileOrDir = new File(parts[0]); // if the path given was fully specified filename if (fileOrDir.isFile()) { // set the file as the only member in the vector and finish files = new Vector(); files.add(fileOrDir); return; } // the path defined a directory, so get all files File[] fileDirArray; // list the files and dirs inside fileDirArray = fileOrDir.listFiles(); if (fileDirArray == null) { logger.error("No files found matching " + path); throw new IOException("No files found matching " + path); } // get the array containing all the files and directories Iterator filesAndDirs = Arrays.asList(fileDirArray).iterator(); files = new Vector(); // add all the files to the files list and finish while (filesAndDirs.hasNext()) { File nextFile = (File) filesAndDirs.next(); if (nextFile.isFile()) { files.add(nextFile); } } return; } else { // this is a directory+ending combination files = new Vector(); // get all the files matching the definition. FileEndingIterator iterator = new FileEndingIterator(parts[0], parts[1]); while (iterator.hasNext()) { files.add(iterator.next()); } return; } } /** Used to get the file listing, the list of files matching * the definition in constructor. * @return Returns the list of files matching the definition * given in the constructor. */ public List getListing() { return files; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/FQAN.java000066400000000000000000000066311207402625500233220ustar00rootroot00000000000000/********************************************************************* * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms; /** * Parses and assembles Fully Qualified Attribute Names * (FQANs) used by VOMS. * * FQANs are defined as
* <group>[/Role=[<role>][/Capability=<capability>]] * * @author mulmo */ public class FQAN { String fqan; String group; String role; String capability; boolean split = false; public FQAN(String fqan) { this.fqan = fqan; } public FQAN(String group, String role, String capability) { this.group = group; this.role = role; this.capability = capability; this.split = true; } public String getFQAN() { if (fqan != null) { return fqan; } fqan = group + "/Role=" + ((role != null) ? role : "") + ((capability != null) ? ("/Capability=" + capability) : ""); return fqan; } protected void split() { if (split) { return; } split = true; if (fqan == null) { return; } int i = fqan.indexOf("/Role="); if (i < 0) { group = fqan; return; } group = fqan.substring(0, i); int j = fqan.indexOf("/Capability=", i + 6); String s = (j < 0) ? fqan.substring(i + 6) : fqan.substring(i + 6, j); role = (s.length() == 0) ? null : s; s = (j < 0) ? null : fqan.substring(j + 12); capability = ((s == null) || (s.length() == 0)) ? null : s; } public String getGroup() { if (!split) { split(); } return group; } public String getRole() { if (!split) { split(); } return role; } public String getCapability() { if (!split) { split(); } return capability; } public boolean equals(Object o) { if (o == null) { return false; } if (o instanceof FQAN || o instanceof String) { return toString().equals(o.toString()); } return false; } public int hashCode() { return toString().hashCode(); } public String toString() { return getFQAN(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/FileCertReader.java000066400000000000000000000452401207402625500254140ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ /* * Copyright (c) 2002 on behalf of the EU DataGrid Project: * The European Organization for Nuclear Research (CERN), * the Particle Physics and Astronomy Research Council (PPARC), * the Helsinki Institute of Physics and * the Swedish Research Council (SRC). All rights reserved. * see LICENSE file for details * * FileCertReader.java * * @author Joni Hahkala * Created on March 27, 2002, 8:24 PM */ package org.glite.voms; import org.apache.log4j.Logger; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.security.PrivateKey; import java.security.Provider; import java.security.Security; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertificateParsingException; import java.security.cert.TrustAnchor; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.Vector; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.ASN1InputStream; /** Reads all certificates from given files, accepts binary form of DER encoded certs and * the Base64 form of the DER encoded certs (PEM). The base64 certs can contain garbage in front of * the actual certificate that has to begin with "-----BEGIN". * Should accept multiple certs in one file, not tested! */ class FileCertReader { static Logger logger = Logger.getLogger(FileCertReader.class.getName()); static final int BUF_LEN = 1000; static final byte CARR = '\r'; static final byte NL = '\n'; /** The type for TrustAnchor */ static final int TYPE_ANCHOR = 100; /** The type for certificate revocation list */ static final int TYPE_CRL = 101; /** the type for X509 certificate */ static final int TYPE_CERT = 102; static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } CertificateFactory certFactory; /** Creates a new instance of CertReader. */ public FileCertReader() throws CertificateException { try { certFactory = CertificateFactory.getInstance("X.509", "BC"); } catch (Exception e) { logger.error("Error while creating a FileCertReader: " + e.getMessage()); throw new CertificateException("Error while creating a FileCertReader: " + e.getMessage(), e); } } /** * Creates a new instance of CertReader with the * specified provider. * * @param provider the provider to be used in creating the * certificates etc. */ public FileCertReader(Provider provider) throws CertificateException { try { certFactory = CertificateFactory.getInstance("X.509", provider); } catch (Exception e) { logger.error("Error while creating a FileCertReader: " + e.getMessage()); throw new CertificateException("Error while creating a FileCertReader: " + e.getMessage(), e); } } /** * Creates a new instance of CertReader with the * specified provider * * @param provider the provider to be used in creating the * certificates etc. */ public FileCertReader(String provider) throws CertificateException { try { certFactory = CertificateFactory.getInstance("X.509", provider); } catch (Exception e) { logger.error("Error while creating a FileCertReader: " + e.getMessage()); throw new CertificateException("Error while creating a FileCertReader: " + e.getMessage(), e); } } /** Reads the certificates from the files defined in the * argument. See DirectoryList for file definition format. * @param files The file definition. * @throws Exception Thrown if certificate reading from the files * fails. * @return Returns the Vector of certificates read. * @see org.glite.voms.DirectoryList */ public Vector readCerts(String files) throws IOException, CertificateException { Vector certs = readFiles(files, TYPE_CERT); Iterator certIter = certs.iterator(); logger.debug("read certs: "); while (certIter.hasNext()) { X509Certificate cert = (X509Certificate) certIter.next(); logger.debug("Read cert: " + cert.getSubjectDN().toString()); } return certs; } public PrivateKey readPrivateKey(String file) throws IOException { File keyfile = new File(file); BufferedInputStream fis = new BufferedInputStream(new FileInputStream(keyfile)); skipToKeyBeginning(fis); return (PrivateKey) PrivateKeyInfo.getInstance(new ASN1InputStream(fis).readObject()).getPrivateKey(); } /** Reads the certificates from the files defined in the * argument and makes TrustAnchors from them. See * DirectoryList for file definition format. * @param files The file definition. * @throws Exception Thrown if the certificate reading fails. * @return Returns a Vector of TrustAnchors read from the * files. * @see org.glite.voms.DirectoryList */ public Vector readAnchors(String files) throws IOException, CertificateException { Vector anchors = readFiles(files, TYPE_ANCHOR); Iterator anchorIter = anchors.iterator(); logger.debug("read TrustAnchors: "); while (anchorIter.hasNext()) { TrustAnchor anchor = (TrustAnchor) anchorIter.next(); logger.debug("Read TrustAnchor: " + anchor.getTrustedCert().getSubjectDN().toString()); } return anchors; } /** Reads the certificate revocation lists (CRLs) from the * files defined in the argument. See DirectoryList for * file definition format. * @param files The file definition. * @throws Exception Thrown if the CRL reading failed. * @return Returns a vector of CRLs read from the files. * @see org.glite.voms.DirectoryList */ public Vector readCRLs(String files) throws IOException, CertificateException { Vector crls = readFiles(files, TYPE_CRL); Iterator crlIter = crls.iterator(); logger.debug("read CRLs: "); while (crlIter.hasNext()) { X509CRL crl = (X509CRL) crlIter.next(); logger.debug("Read CRL: " + crl.getIssuerDN().toString()); } return crls; } /** Reads the certificates or CRLs from the files defined by * the first argument, see DirectoryList for file definition * format. * @param files The file definition. * @param type The type of things to read from the files. * Currently supported are TYPE_ANCHOR, * TYPE_CRL and TYPE_CERT defined in this class. * @throws CertificateException Thrown if the reading of files fails. * @return Returns a Vector of objects of type given that * were read from the files given. * @see org.glite.voms.DirectoryList */ private Vector readFiles(String files, int type) throws CertificateException { Vector storeVector = new Vector(); try { // load CA certificates DirectoryList dir = new DirectoryList(files); // get the list of files matching CAFiles Iterator CAFileIter = dir.getListing().iterator(); // go through the files while (CAFileIter.hasNext()) { // go through the files reading the certificates File nextFile = (File) CAFileIter.next(); storeVector.addAll(readFile(nextFile, type)); } } catch (IOException e) { logger.fatal("Error while reading certificates or CRLs: " + e.getMessage()); throw new CertificateException("Error while reading certificates or CRLs: " + e.getMessage(), e); } return storeVector; } /** Reads the objects of given type from the File. * @param certFile The file to read. * @param type The type of objects to read form the file. * @throws IOException Thrown if the reading of objects of given type * fails. * @return Returns the Vector of objects read form the file. */ public Vector readFile(File certFile, int type) throws IOException { BufferedInputStream binStream = null; Vector objects = new Vector(); try { // get the buffered stream to facilitate marking binStream = new BufferedInputStream(new FileInputStream(certFile)); while (binStream.available() > 0) { Object obj = objectReader(binStream, type); if (obj != null) { objects.add(obj); } skipEmptyLines(binStream); } } catch (Exception e) { logger.fatal("Error while reading certificates or crls from file " + certFile.toString() + "error was: " + e.getMessage()); throw new IOException("Error while reading certificates or crls from file " + certFile.toString() + "error was: " + e.getMessage()); } finally { if (binStream != null) { binStream.close(); } } return objects; } /** Reads a certificate or a CRL from the stream, doing some * error correction. * @param binStream The stream to read the object from. * @param type The type of object to read from the stream. * @throws CertificateException Thrown if an error occurs while reading the object. * @throws IOException Thrown if an error occurs while reading the object. * @return Returns the object read. */ public Object objectReader(BufferedInputStream binStream, int type) throws CertificateException, IOException { Object object = null; int errors = 0; // no errors in the beginning binStream.mark(10000); do { // try twice, first with plain file (reads binary and plain Base64 certificates, // second with skipping possible garbage in the beginning. try { if (errors == 1) { // if the first try failed, try if it was because of garbage in the beginning // before the actual base64 encoded certificate errors = 2; // if this try fails, don't try anymore skipToCertBeginning(binStream); // skip the garbage } binStream.mark(100000); binStream.reset(); object = readObject(binStream, type); } catch (Exception e) { if (errors != 0) { // if the error persists after first pass, fail logger.error("Certificate or CRL reading failed: " + e.getMessage()); throw new CertificateException("Certificate or CRL reading failed: " + e.getMessage(), e); } errors = 1; // first try failed, try again with skipping binStream.reset(); // rewind the file to the beginning of this try } } while (errors == 1); // try again after first try return object; } /** Does the actual reading of the object. * @param binStream The stream to read the object from. * @param type The type of the object. * @throws CertificateException Thrown if there is a problem reading the object. * @return Returns the object read or null if no object was found. */ public Object readObject(BufferedInputStream binStream, int type) throws CertificateException { Object obj; if (type == TYPE_CRL) { // reading certificate revocation lists try { obj = certFactory.generateCRL(binStream); } catch (CRLException e) { logger.error("CRL loading failed: " + e.getMessage()); throw new CertificateException(e.getMessage(), e); } } else { // reading certs or trust anchors X509Certificate cert = (X509Certificate) certFactory.generateCertificate(binStream); // try to read the certificate if (cert == null) { return null; } if (type == TYPE_ANCHOR) { // add the certificate to trustanchors, no name contstraints (should add the nameconstraints!) obj = new TrustAnchor(cert, null); } else { if (type == TYPE_CERT) { obj = cert; } else { logger.fatal("Internal error: Invalid data type " + type + " when trying to read certificate"); throw new CertificateParsingException("Internal error: Invalid data type " + type + " when trying to read certificate"); } } } return obj; } /** Skips everything in front of "-----BEGIN" in the stream. * @param stream The stream to read and skip. * @throws IOException Thrown if there is a problem skipping. */ static public void skipToCertBeginning(BufferedInputStream stream) throws IOException { byte[] b = new byte[BUF_LEN]; // the byte buffer stream.mark(BUF_LEN + 2); // mark the beginning while (stream.available() > 0) { // check that there are still something to read int num = stream.read(b); // read bytes from the file to the byte buffer String buffer = new String(b, 0, num); // generate a string from the byte buffer int index = buffer.indexOf("----BEGIN"); // check if the certificate beginning is in the chars read this time if (index == -1) { // not found stream.reset(); // rewind the file to the beginning of the last read stream.skip(BUF_LEN - 100); // skip only part of the way as the "----BEGIN" can be in the transition of two 1000 char block stream.mark(BUF_LEN + 2); // mark the new position } else { // found while ((buffer.charAt(index - 1) == '-') && (index > 0)) { // search the beginnig of the ----BEGIN tag index--; if (index == 0) { // prevent charAt test when reaching the beginning of buffer break; } } stream.reset(); // rewind to the beginning of the last read stream.skip(index); // skip to the beginning of the tag stream.mark(10000); // mark the position return; } } } static public void skipToKeyBeginning(BufferedInputStream stream) throws IOException { byte[] b = new byte[BUF_LEN]; // the byte buffer stream.mark(BUF_LEN + 2); // mark the beginning while (stream.available() > 0) { // check that there are still something to read int num = stream.read(b); // read bytes from the file to the byte buffer String buffer = new String(b, 0, num); // generate a string from the byte buffer int index = buffer.indexOf("----BEGIN PRIVATE"); // check if the certificate beginning is in the chars read this time if (index == -1) index = buffer.indexOf("----BEGIN ENCRYPTED"); if (index == -1) { // not found stream.reset(); // rewind the file to the beginning of the last read stream.skip(BUF_LEN - 100); // skip only part of the way as the "----BEGIN" can be in the transition of two 1000 char block stream.mark(BUF_LEN + 2); // mark the new position } else { // found while ((buffer.charAt(index - 1) == '-') && (index > 0)) { // search the beginnig of the ----BEGIN tag index--; if (index == 0) { // prevent charAt test when reaching the beginning of buffer break; } } stream.reset(); // rewind to the beginning of the last read stream.skip(index); // skip to the beginning of the tag stream.mark(10000); // mark the position return; } } } /** Skips empty lines in the stream. * @param stream The stream possibly containing empty lines. * @throws IOException Thrown if a problem occurs. */ static public void skipEmptyLines(BufferedInputStream stream) throws IOException { byte[] b = new byte[BUF_LEN]; // the byte buffer stream.mark(BUF_LEN + 2); // mark the beginning while (stream.available() > 0) { // check that there are still something to read int num = stream.read(b); // read bytes from the file to the byte buffer int i = 0; while ((i < num) && ((b[i] == CARR) || (b[i] == NL))) { i++; } stream.reset(); stream.skip(i); if (i < num) { stream.mark(10000); return; } else { stream.mark(BUF_LEN); } } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/FileEndingIterator.java000066400000000000000000000111021207402625500263000ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ /* * Copyright (c) 2002 on behalf of the EU DataGrid Project: * The European Organization for Nuclear Research (CERN), * the Particle Physics and Astronomy Research Council (PPARC), * the Helsinki Institute of Physics and * the Swedish Research Council (SRC). All rights reserved. * see LICENSE file for details * * FileEndingIterator.java * * @author Joni Hahkala * Created on December 3, 2001, 9:16 AM */ package org.glite.voms; import org.apache.log4j.Logger; import java.io.File; /** Lists all the files in the given directory that end with * a certain ending. */ class FileEndingIterator { static Logger logger = Logger.getLogger(FileEndingIterator.class.getName()); /** The file ending. */ protected String ending; /** A flag to show that there are more files that match. */ protected boolean nextFound = false; /** The list of files in the directory. */ protected File[] fileList; /** The index of the next match in the fileList. */ protected int index = 0; /** Creates new FileIterator and searches the first match. * @param path The directory used for the file search. * @param ending The file ending to search for. */ public FileEndingIterator(String path, String ending) { this.ending = ending; try { // open the directory File directory = (path.length() != 0) ? new File(path) : new File(".").getAbsoluteFile(); // list the files and dirs inside fileList = directory.listFiles(); // find the first match for the ending nextFound = findNext(); } catch (Exception e) { logger.error("no files found from \"" + path + "\" error: " + e.getMessage()); // e.printStackTrace(); return; } } /** Used to get the next matching file. * @return Returns the next matching file. */ public File next() { if (nextFound == false) { return null; } File current = fileList[index++]; nextFound = findNext(); return current; } /** Used to check that there are more matching files to get * using next(). * @return Returns true if there are more matching files. */ public boolean hasNext() { return nextFound; } /** Finds the next matching file in the list of files. * @return Returns true if a matching file was found. */ protected boolean findNext() { try { // search the next file with proper ending while ((index < fileList.length) && (fileList[index].isDirectory() || !fileList[index].getName().endsWith(ending))) { // System.out.println("FileIterator::next: Skipping file " + fileList[index].getName()); index++; } } catch (Exception e) { logger.error("Error while reading directory " + e.getMessage()); // e.printStackTrace(System.out); return false; } // check if the loop ended because of a match or because running out of choices. if (index < fileList.length) { return true; } return false; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/LSCFile.java000066400000000000000000000061641207402625500240170ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.BufferedReader; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.util.Vector; /** * The job of this class is to represent a *.lsc file in the vomsdir * directory. * * @author Vincenzo Ciaschini. */ public class LSCFile { private String name = null; private Vector dnGroups = null; /** * Loads a *.lsc file from a File * * @param f the file to load from * * @throws IOException if there are problems loading the file. */ public LSCFile(File f) throws IOException { parse(f); } /** * Returns the basename of the file from which this was loaded. * * @return the filename, or null if nothing was loaded. */ public String getName() { return name; } private LSCFile parse(File theFile) throws IOException { BufferedReader theBuffer = null; try { dnGroups = new Vector(); name = PKIUtils.getBaseName(theFile); theBuffer = new BufferedReader(new FileReader(theFile)); String s = null; s = theBuffer.readLine(); Vector dnList = new Vector(); while (s != null) { s = s.trim(); if (!(s.length() == 0 || s.startsWith("#"))) { if (!s.startsWith("-")) { dnList.add(s); } else { dnGroups.add(dnList); dnList = new Vector(); } } s = theBuffer.readLine(); } dnGroups.add(dnList); } finally { if (theBuffer != null) theBuffer.close(); } return this; } /** * Returns the allowed subject/issuer DN sequences for this file. * * @return a vector whose elements are vectors of strings describing * the exact sequences. */ public Vector getDNLists() { return dnGroups; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/Namespace.java000066400000000000000000000136601207402625500244710ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /********************************************************************* * Parts of this code shamelessly stolen from Joni's code. *********************************************************************/ package org.glite.voms; import java.io.BufferedReader; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.util.Vector; import java.util.regex.Pattern; import java.security.cert.X509Certificate; import org.apache.log4j.Logger; public class Namespace { private static Logger logger = Logger.getLogger(Namespace.class.getName()); // private static final Pattern namespace_self_permit_pattern = Pattern.compile("to\\s+issuer\\s+self\\s+permit\\s+\"(.*)\"", Pattern.CASE_INSENSITIVE); // private static final Pattern namespace_self_deny_pattern = Pattern.compile("to\\s+issuer\\s+self\\s+deny\\s+\"(.*)\"", Pattern.CASE_INSENSITIVE); // private static final Pattern namespace_issuer_permit_pattern = Pattern.compile("to\\s+issuer\\s+\"(.*)\"\\s+permit\\s+subject\\s+\"(.*)\"", Pattern.CASE_INSENSITIVE); // private static final Pattern namespace_issuer_deny_pattern = Pattern.compile("to\\s+issuer\\s+\"(.*)\"\\s+deny\\s+subject\\s+\"(.*)\"", Pattern.CASE_INSENSITIVE); private static final Pattern splitPattern = Pattern.compile("to issuer|permit|deny|subject", Pattern.CASE_INSENSITIVE); private Vector issuer = new Vector(); private Vector subject = new Vector(); private Vector permit = new Vector(); private int current = -1; private String gname = ""; public Namespace(File f) throws IOException { parse(f); } public String getName() { return gname; } void parse(File f) throws IOException { BufferedReader theBuffer = new BufferedReader(new FileReader(f)); String s = null; gname = PKIUtils.getBaseName(f); StringBuilder theLine = new StringBuilder(); // Concatenate lines ending with '\' do { do { s = theBuffer.readLine(); if (s != null) { // ignore comments if (s.trim().startsWith("~")) continue; theLine.append(s); } } while (s != null && s.endsWith("\\")); String finalLine = theLine.toString().trim(); // Idea for the splitting shamelessly taken from Joni. // Thanks, Joni! String[] strings = splitPattern.split(finalLine, 0); if (strings.length == 4) { String permitCode = ""; if (finalLine.toLowerCase().contains(" deny ")) { permitCode = "DENY"; } else if (finalLine.toLowerCase().contains(" permit ")) { permitCode = "PERMIT"; } if (!permitCode.equals("")) { String tempIssuer = strings[1]; // First one should be the subject if (tempIssuer.toLowerCase().equals("self")) issuer.add("SELF"); else issuer.add(tempIssuer.substring(1, strings[1].length())); // third one should be subject subject.add(strings[3].substring(1, strings[3].length())); permit.add(permitCode); } } } while (s != null); } public int findIssuer(X509Certificate issuer) { return findIssuer(issuer, -1); } public int findIssuer(X509Certificate issuerCert, int previous) { if (previous < -1) return -1; String currentSubj = PKIUtils.getOpenSSLFormatPrincipal(issuerCert.getSubjectDN()); String currentSubjReversed = PKIUtils.getOpenSSLFormatPrincipal(issuerCert.getSubjectDN(), true); int index = issuer.indexOf(currentSubj, previous +1); if (index == -1) index = issuer.indexOf(currentSubjReversed, previous +1); if (index == -1) { String hash = PKIUtils.getHash(issuerCert); if ((hash+".namespace").equals(gname)) return issuer.indexOf("SELF", previous+1); } return index; } /** * Sets the indicate record as the current record. * * @param index the record number * * @throws IllegalArgumentException if the record number is too great * or < 0. */ public void setCurrent(int index) { if (index > issuer.size() || index < 0) throw new IllegalArgumentException("Index out of bounds for Namespace " + gname); current = index; } public String getIssuer() { if (current != -1) return (String)issuer.elementAt(current); else throw new IllegalArgumentException("Current record must be set in Namespace object " + gname); } public String getSubject() { if (current != -1) return (String)subject.elementAt(current); else throw new IllegalArgumentException("Current record must be set in Namespace object " + gname); } public boolean getPermit() { if (current != -1) return subject.elementAt(current).equals("PERMIT"); else throw new IllegalArgumentException("Current record must be set in Namespace object " + gname); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/PKIStore.java000066400000000000000000000615371207402625500242430ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.security.Security; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.HashSet; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.ListIterator; import java.util.Timer; import java.util.TimerTask; import java.util.Vector; import java.util.concurrent.TimeUnit; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.glite.voms.ac.VOMSTrustStore; /** * PKIStore is the class serving to store all the components of a common PKI * installation, i.e.: CA certificates, CRLs, Signing policy files... * * It is also capable of storing files specific to the handling of VOMS * proxies, i.e. the content of the vomsdir diectory. * * * @author Vincenzo Ciaschini */ public class PKIStore implements VOMSTrustStore { /** * The property used to set the period, in minutes, that is used to refresh this trust store. */ public static final String TRUST_STORE_REFRESH_PERIOD_PROPERTY = "voms.trust-store-refresh-period"; /** * The default period, in minutes, used to refresh this trust store. */ public static final int DEFAULT_TRUST_STORE_REFRESH_PERIOD = 10; private Hashtable certificates = null; private Hashtable crls = null; private Hashtable signings = null; private Hashtable lscfiles = null; private Hashtable vomscerts = null; private Hashtable namespaces = null; private int instances = 1; private static Logger logger = Logger.getLogger(PKIStore.class.getName()); /** * This PKIStore object will contain data from a vomsdir directory. */ public static final int TYPE_VOMSDIR = 1; /** * This PKIStore object will contain data from a CA directory. */ public static final int TYPE_CADIR = 2; private static final int CERT = 1; private static final int CRL = 2; private static final int SIGN = 3; private static final int LSC = 4; private static final int NAMESPACE = 5; private static final int HASHCAPACITY = 75; private boolean aggressive = false; private Timer theTimer = null; private String certDir = null; private int type = -1; public static final String DEFAULT_VOMSDIR= File.separator + "etc" + File.separator + "grid-security" + File.separator + "vomsdir"; public static final String DEFAULT_CADIR = File.separator + "etc" + File.separator + "grid-security" + File.separator + "certificates"; /** * @return hashtable containing CA certificates. The key is * the PKIUtils.getHash() of the subject of the CA. The value is * a Vector containing all the CA certificates with the given hash. * * @see PKIUtils#getHash(X509Certificate cert) * @see PKIUtils#getHash(X500Principal principal) * @see PKIUtils#getHash(X509Principal principal) * @see java.util.Vector */ public synchronized Hashtable getCAs() { return (Hashtable)certificates.clone(); } /** * @return hashtable containing CRL. The key is * the PKIUtils.getHash() of the issuer of the CRL. The value is * a Vector containing all the CRL with the given hash. * * @see PKIUtils#getHash(X509Certificate cert) * @see PKIUtils#getHash(X500Principal principal) * @see PKIUtils#getHash(X509Principal principal) * @see java.util.Vector */ public synchronized Hashtable getCRLs() { return crls; } /** * @return hashtable containing SigningPolicy objects. The key is * the PKIUtils.getHash() of the issuer of the SigningPolicy. The value is * a Vector containing all the CRL with the given hash. * * @see SigningPolicy * @see PKIUtils#getHash(X509Certificate cert) * @see PKIUtils#getHash(X500Principal principal) * @see PKIUtils#getHash(X509Principal principal) * @see java.util.Vector */ public synchronized Hashtable getSignings() { return signings; } public synchronized Hashtable getNamespaces() { return namespaces; } static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } private class Refreshener extends TimerTask { public void run() { refresh(); } } /** * Refreshes the content of the PKIStore object. * */ public synchronized void refresh() { PKIStore newReader = null; logger.info("Starting PKIStore refresh (type: "+type+")"); try { newReader = new PKIStore(certDir, type, aggressive, false); } catch (Exception e) { logger.error("Cannot refresh store: " + e.getMessage()); return; } finally { if (newReader != null) newReader.stopRefresh(); } try { certificates.clear(); certificates = newReader.certificates; newReader.certificates = null; crls.clear(); crls = newReader.crls; newReader.crls = null; signings.clear(); signings = newReader.signings; newReader.signings = null; lscfiles.clear(); lscfiles = newReader.lscfiles; newReader.lscfiles = null; vomscerts.clear(); vomscerts = newReader.vomscerts; newReader.vomscerts = null; namespaces.clear(); namespaces = newReader.namespaces; newReader.namespaces = null; } finally { newReader = null; } } PKIStore(String dir, int type, boolean aggressive, boolean timer) throws IOException, CertificateException, CRLException { this.aggressive = aggressive; certificates = new Hashtable(HASHCAPACITY); crls = new Hashtable(HASHCAPACITY); signings = new Hashtable(HASHCAPACITY); lscfiles = new Hashtable(HASHCAPACITY); vomscerts = new Hashtable(HASHCAPACITY); namespaces = new Hashtable(HASHCAPACITY); if (type != TYPE_VOMSDIR && type != TYPE_CADIR) throw new IllegalArgumentException("Unsupported value for type parameter in PKIReader constructor"); if ((dir == null) || dir.equals("")) { if (type == TYPE_VOMSDIR) { dir = System.getProperty("VOMSDIR"); if (dir == null) dir = DEFAULT_VOMSDIR; } else if (type == TYPE_CADIR) { dir = System.getProperty("CADIR"); if (dir == null) dir = DEFAULT_CADIR; } } logger.info("Initializing "+ ((type == TYPE_VOMSDIR) ? "VOMS": "CA") + " certificate store from directory: "+dir); // Some sanity checks on VOMSDIR and CA dir File theDir = new File(dir); if (!theDir.exists()){ if (type == TYPE_CADIR) { StringBuilder message = new StringBuilder(); message.append("Directory "); message.append(dir); message.append(" doesn't exist on this machine!"); message.append(" Please specify a value for the cadir directory or set the CADIR system property."); throw new FileNotFoundException(message.toString()); } else { logger.warn("Please specify a value for the vomsdir directory or set the VOMSDIR system property."); } } if (theDir.exists()) { if (!theDir.isDirectory()){ throw new IllegalArgumentException(((type == TYPE_VOMSDIR)? "Voms certificate" : "CA certificate")+ " directory passed as argument is not a directory! ["+theDir.getAbsolutePath()+"]"); } } if (theDir.exists()) { if (theDir.list().length == 0){ if (type == TYPE_CADIR) throw new IllegalArgumentException("CA certificate directory passed as argument is empty! [" + theDir.getAbsolutePath()+"]"); else { logger.warn("Voms certificate directory passed as argument is empty! [" + theDir.getAbsolutePath() + "]"); logger.warn("Validation of VOMS Attribute Certificate will likely fail."); } } } certDir = dir; this.type = type; if (theDir.exists()) load(); String vomsApiJavaRefreshPeriod = System.getProperty("voms.trust-store-refresh-period"); int refreshPeriod; if (vomsApiJavaRefreshPeriod == null) refreshPeriod = DEFAULT_TRUST_STORE_REFRESH_PERIOD; else { try{ refreshPeriod = Integer.parseInt(vomsApiJavaRefreshPeriod); }catch (NumberFormatException nfe){ logger.warn("Error parsing voms.trust-store-refresh-period! Using default value: "+DEFAULT_TRUST_STORE_REFRESH_PERIOD+" minutes"); refreshPeriod = DEFAULT_TRUST_STORE_REFRESH_PERIOD; } } if (timer) { theTimer = new Timer(true); theTimer.scheduleAtFixedRate(new Refreshener(), 30000, TimeUnit.MINUTES.toMillis(refreshPeriod)); } instances = 1; } /** * @param dir -- The directory from which to read the files. * If null or the empty string, this will default * to "/etc/grid-security/certificates" if type is * TYPE_CADIR, or "etc/grid-security/vomsdir" if * type is TYPE_VOMSDIR. * @param type -- either TYPE_CADIR for CA certificates, * or TYPE_VOMSDIR for VOMS certificate. * @param aggressive -- if true, loading of data will continue even if * a particular file could not be loaded, while if * false loading will stop as soon as an error occur. * * @throws IOException if type is neither TYPE_CADIR nor TYPE_VOMSDIR. * @throws CertificateException if there are parsing errors while loading * a certificate. * @throws CRLException if there are parsing errors while loading a CRL. */ public PKIStore(String dir, int type, boolean aggressive) throws IOException, CertificateException, CRLException { this(dir, type, aggressive, true); } /** * This is equivalent to PKIStore(dir, type, true) * * @see #PKIStore(String dir, int type, boolean aggressive) */ public PKIStore(String dir, int type) throws IOException, CertificateException, CRLException { this(dir, type, true, true); } public PKIStore(int type) throws IOException, CertificateException, CRLException { this(null, type, true, true); } public PKIStore() { aggressive = true; certificates = new Hashtable(HASHCAPACITY); crls = new Hashtable(HASHCAPACITY); signings = new Hashtable(HASHCAPACITY); lscfiles = new Hashtable(HASHCAPACITY); vomscerts = new Hashtable(HASHCAPACITY); namespaces = new Hashtable(HASHCAPACITY); instances = 1; } /** * Changes the interval between refreshes of the store. * * @param millisec New interval (in milliseconds) */ public synchronized void rescheduleRefresh(int millisec) { if (theTimer != null) theTimer.cancel(); theTimer = null; logger.info("Rescheduling refresh interval to "+millisec+" milliseconds"); theTimer = new Timer(true); theTimer.scheduleAtFixedRate(new Refreshener(), millisec, millisec); } /** * Stop all refreshes. * * NOTE: This method must ALWAYS be called prior to disposing of a PKIStore * object. The penalty for not doing it is a memor leak. */ public synchronized void stopRefresh() { if (instances != 0) instances --; if (instances == 0) { if (theTimer != null) theTimer.cancel(); theTimer = null; } } protected synchronized void addInstance() { instances++; } /** * Changes the aggressive mode of the store. * * @param b -- if true (default) load as much as possible, * otherwise stop loading at the first error. */ public synchronized void setAggressive(boolean b) { aggressive = b; } private static class Couple { Object first; Object second; Couple(Object first, Object second) { this.first = first; this.second = second; } } /** * Gets the LSC file corresponding to the given VO, for the given * server. * * @param voName -- The name of the VO. * @param hostName -- The hostName of the issuing server. * * @return The corresponding LSCFile object, or null if none is present. */ public synchronized LSCFile getLSC(String voName, String hostName) { Hashtable lscList = (Hashtable)lscfiles.get(voName); if (lscList != null) { return (LSCFile)lscList.get(hostName); } return null; } /** * Gets an array of candidate issuer certificates for an AC with the * given issuer and belonging to the given VO. * * @param issuer The issuer of the AC. * @param voName The name of the VO. * * @return the array of candidates, or null if none is found. */ public synchronized X509Certificate[] getAACandidate(X500Principal issuer, String voName) { Hashtable listCerts = (Hashtable)vomscerts.get(PKIUtils.getHash(issuer)); if (logger.isDebugEnabled()) logger.debug("listcerts content: " + listCerts); if (listCerts != null) { HashSet certSet = (HashSet)listCerts.get(voName); if (certSet == null) certSet = (HashSet)listCerts.get(""); if (certSet != null) return (X509Certificate[])certSet.toArray(new X509Certificate[] {}); } return null; } /** * Loads the files from the directory specified in the constructors * * @throws IOException if type is neither TYPE_CADIR nor TYPE_VOMSDIR. * @throws CertificateException if there are parsing errors while loading * a certificate. * @throws CRLException if there are parsing errors while loading a CRL. */ public synchronized void load() throws IOException, CertificateException, CRLException { switch (type) { case TYPE_VOMSDIR: getForVOMS(new File(certDir), null); break; case TYPE_CADIR: getForCA(new File(certDir)); break; default: break; } } private void load(X509Certificate cert, String voname) { if (cert == null) return; if (logger.isDebugEnabled()) logger.debug("CERT = " + cert + " , vo = " + voname); String hash = PKIUtils.getHash(cert); if (logger.isDebugEnabled()) { logger.debug("Registered HASH: " + hash + " for " + cert.getSubjectDN().getName() + " for vo: " + voname); logger.debug("Class of getSubjectDN: " + cert.getSubjectDN().getClass()); logger.debug("KNOWN HASH ? " + vomscerts.containsKey(hash)); logger.debug("VOMSCERTS = " + vomscerts); } if (vomscerts.containsKey(hash)) { logger.debug("Already exixtsing HASH"); Hashtable certList = (Hashtable)vomscerts.get(hash); HashSet voSet = (HashSet)certList.get(voname); if (voSet != null) voSet.add(cert); else { HashSet set = new HashSet(); set.add(cert); certList.put(voname, set); } } else { logger.debug("Originally EMPTY table"); Hashtable certList = new Hashtable(HASHCAPACITY); HashSet set = new HashSet(); set.add(cert); certList.put(voname, set); vomscerts.put(hash, certList); if (logger.isDebugEnabled()) { logger.debug("Inserted HASH: " + hash); logger.debug("NEW VOMSCERTS = " + vomscerts); } } } private void load(X509Certificate[] certs, String voname) { int len = certs.length; logger.debug("LEN = " +len); for (int i =0; i < len; i++) { if (logger.isDebugEnabled()) logger.debug("PARSING: " + i + " value: " + (Object)certs[i]); load(certs[i], voname); } } private void load(X509Certificate cert) { String hash = PKIUtils.getHash(cert); if (certificates.containsKey(hash)) { if(!((Vector)certificates.get(hash)).contains(cert)) ((Vector)certificates.get(hash)).add(cert); } else { Vector certs = new Vector(); certs.add(cert); certificates.put(hash, certs); } } private void load(X509Certificate[] certs) { int len = certs.length; for (int i = 0; i < len; i++) { load(certs[i]); } } private void load(X509CRL crl) { String hash = PKIUtils.getHash(crl); if (crls.containsKey(hash)) { ((Vector)crls.get(hash)).add(crl); } else { Vector c = new Vector(); c.add(crl); crls.put(hash, c); } } private void load(SigningPolicy sp) { String key = sp.getName(); signings.put(key, sp); } private void load(Namespace nsp) { String key = nsp.getName(); namespaces.put(key, nsp); } private void load(LSCFile lsc, String vo) { String key = lsc.getName(); Hashtable lscList = null; if (!lscfiles.containsKey(vo)) { lscList = new Hashtable(); lscfiles.put(vo, lscList); } if (lscList == null) lscList = (Hashtable)lscfiles.get(vo); lscList.put(key, lsc); } private void getForCA(File file) throws IOException, CertificateException, CRLException { File[] files = file.listFiles(); Iterator contents = Arrays.asList(files).iterator(); while (contents.hasNext()) { File f = (File)contents.next(); logger.debug("filename: " + f.getName()); try { Couple c = getObject(f); if (c != null) { int value = ((Integer)c.second).intValue(); logger.debug("TYPE: " + value); if (value == CRL) load((X509CRL)c.first); else if (value == CERT) { X509Certificate[] arr = new X509Certificate[0]; load((X509Certificate[])((List)(c.first)).toArray(arr)); } else if (value == SIGN) { load((SigningPolicy)c.first); } else if (value == NAMESPACE) { load((Namespace)c.first); } } } catch(IOException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } catch(CRLException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } catch(CertificateException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } } } private void getForVOMS(File file, String vo) throws IOException, CertificateException, CRLException { File[] files = file.listFiles(); Iterator contents = Arrays.asList(files).iterator(); if (vo == null) vo=""; logger.debug("For VO: " + vo); while (contents.hasNext()) { File f = (File)contents.next(); try { logger.debug("NAME: " + f.getName()); if (!f.isDirectory()) { Couple c = getObject(f); if (c != null) { int value = ((Integer)c.second).intValue(); logger.debug("TYPE: " + value); if (value == CERT) { X509Certificate[] arr = new X509Certificate[0]; load((X509Certificate[])((List)(c.first)).toArray(arr), vo); } else if (value == LSC) { load((LSCFile)c.first, vo); if (logger.isDebugEnabled()) { Vector v = ((LSCFile)c.first).getDNLists(); ListIterator li = v.listIterator(); int i = 0; while (li.hasNext()) { logger.debug("Sequence: " + i); Vector w = (Vector)li.next(); ListIterator li2 = w.listIterator(); while (li2.hasNext()) logger.debug("DN: " + (String)li2.next()); } } } } } else if (vo.equals("")) getForVOMS(f, f.getName()); f = null; } catch(CertificateException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } catch(CRLException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } catch(IOException e) { logger.error(e.getMessage(), e); f = null; if (!aggressive) throw e; } } } private Couple getObject(File f) throws IOException, CertificateException, CRLException { if (f.getName().matches(".*\\.lsc")) { return new Couple(new LSCFile(f), Integer.valueOf(LSC)); } if (f.getName().matches(".*\\.signing_policy")) { return new Couple(new SigningPolicy(f), Integer.valueOf(SIGN)); } if (f.getName().matches(".*\\.namespace")) { return new Couple(new Namespace(f), Integer.valueOf(NAMESPACE)); } Object o = null; try { o = PKIUtils.readObject(f); } catch(FileNotFoundException e) { logger.error("Problem reading file " + f.getName() + ": " + e.getMessage()); return null; } if (o instanceof X509CRL) return new Couple(o, Integer.valueOf(CRL)); if (o instanceof List) return new Couple(o, Integer.valueOf(CERT)); return null; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/PKIStoreCache.java000066400000000000000000000017611207402625500251600ustar00rootroot00000000000000package org.glite.voms; import java.util.HashMap; import java.util.Map; /** * A Singleton PKIStore cache to avoid PKIStore unbounded growt in memory when the API * is not used sensibly by the clients. * * Stores for trust anchors and voms information are keyed by directory. Only * one store per directory is cached. */ public enum PKIStoreCache { INSTANCE; private Map caStoreCache; private Map vomsStoreCache; private PKIStoreCache() { caStoreCache = new HashMap(1); vomsStoreCache = new HashMap(1); } public synchronized PKIStore getCAStore(String dir){ return caStoreCache.get(dir); } public synchronized PKIStore getVOMSStore(String dir){ return vomsStoreCache.get(dir); } public synchronized PKIStore addCAStore(String dir, PKIStore s){ return caStoreCache.put(dir, s); } public synchronized PKIStore addVOMSStore(String dir, PKIStore s){ return vomsStoreCache.put(dir, s); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/PKIStoreFactory.java000066400000000000000000000064011207402625500255600ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CertificateException; public class PKIStoreFactory { private static PKIStore getCAStore(String dir, boolean aggressive, boolean timer) throws CertificateException, CRLException, IOException{ String storeDir = dir == null ? PKIStore.DEFAULT_CADIR : dir; PKIStore s = PKIStoreCache.INSTANCE.getCAStore(storeDir); if (s == null) PKIStoreCache.INSTANCE.addCAStore(storeDir, new PKIStore(dir, PKIStore.TYPE_CADIR, aggressive, timer)); return PKIStoreCache.INSTANCE.getCAStore(storeDir); } private static PKIStore getVOMSStore(String dir, boolean aggressive, boolean timer) throws CertificateException, CRLException, IOException{ String storeDir = dir == null ? PKIStore.DEFAULT_VOMSDIR : dir; PKIStore s = PKIStoreCache.INSTANCE.getVOMSStore(storeDir); if (s == null) PKIStoreCache.INSTANCE.addVOMSStore(storeDir, new PKIStore(storeDir, PKIStore.TYPE_VOMSDIR, aggressive, timer)); return PKIStoreCache.INSTANCE.getVOMSStore(storeDir); } public synchronized static PKIStore getStore(String dir, int type, boolean aggressive, boolean timer) throws IOException, CertificateException, CRLException { if (type == PKIStore.TYPE_CADIR) return getCAStore(dir, aggressive, timer); else if (type == PKIStore.TYPE_VOMSDIR) return getVOMSStore(dir, aggressive, timer); else throw new IllegalArgumentException("Unsupported store type: "+type); } public synchronized static PKIStore getStore(String dir, int type, boolean aggressive) throws IOException, CertificateException, CRLException { return PKIStoreFactory.getStore(dir, type, aggressive, true); } public synchronized static PKIStore getStore(String dir, int type) throws IOException, CertificateException, CRLException { return PKIStoreFactory.getStore(dir, type, true, true); } public synchronized static PKIStore getStore(int type) throws IOException, CertificateException, CRLException { return PKIStoreFactory.getStore(null, type, true, true); } public synchronized static PKIStore getStore() { return new PKIStore(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/PKIUtils.java000066400000000000000000001057251207402625500242450ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.math.BigInteger; import java.nio.ByteBuffer; import java.security.KeyPair; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; import java.security.PrivateKey; import java.security.Security; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.ListIterator; import java.util.Vector; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.JCERSAPrivateKey; import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.openssl.PasswordFinder; public class PKIUtils { private static final Pattern emailPattern = Pattern.compile("/emailaddress", Pattern.CASE_INSENSITIVE); private static final Pattern uidPattern = Pattern.compile("/USERID"); private static final Pattern basename_pattern = Pattern.compile("(.*)\\.[^\\.]*"); private static final String SUBJECT_KEY_IDENTIFIER = "2.5.29.14"; private static final String AUTHORITY_KEY_IDENTIFIER = "2.5.29.35"; private static final String PROXYCERTINFO = "1.3.6.1.5.5.7.1.14"; private static final String PROXYCERTINFO_OLD = "1.3.6.1.4.1.3536.1.222"; private static final String BASIC_CONSTRAINTS_IDENTIFIER="2.5.29.19"; private static final CertificateFactory factory; private static final int CERT = 1; private static final int CRL = 2; private static final int keyCertSign = 5; private static final int digitalSignature = 0; private static final Logger logger = Logger.getLogger(PKIUtils.class); static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } try { factory = CertificateFactory.getInstance("X.509", "BC"); } catch (NoSuchProviderException e) { throw new ExceptionInInitializerError("Cannot find BouncyCastle provider: " + e.getMessage()); } catch (CertificateException e) { throw new ExceptionInInitializerError("X.509 Certificates unsupported. " + e.getMessage()); } } /** * Gets the MD5 hash value of the subject of the given certificate. * * @param x509 The certificate from which to get the subject. * * @return the hash value. * * @throws IllegalArgumentException if x509 is null. * @throws InvalidStateException if the MD5 algorithm is not supported. */ public static String getHash(X509Certificate x509) { if (x509 != null) { logger.debug("Getting hash of: " + x509.getSubjectDN().getName()); return getHash(x509.getSubjectX500Principal()); } throw new IllegalArgumentException("Null certificate passed to getHash()"); } /** * Gets the MD5 hash value of the issuer of the given CRL. * * @param crl The CRL from which to get the issuer. * * @return the hash value. * * @throws IllegalArgumentException if crl is null. * @throws InvalidStateException if the MD5 algorithm is not supported. */ public static String getHash(X509CRL crl) { if (crl != null) { return getHash(crl.getIssuerX500Principal()); } throw new IllegalArgumentException("Null CRL passed to getHash()"); } /** * Gets the MD5 hash value of the given principal. * * @param principal the principal. * * @return the hash value. * * @throws IllegalArgumentException if crl is null. * @throws InvalidStateException if the MD5 algorithm is not supported. */ public static String getHash(X509Principal principal) { if (principal != null) { final byte[] array = principal.getEncoded(); return getHash(array); } throw new IllegalArgumentException("Null name passed to getHash()"); } /** * Gets the MD5 hash value of the given principal. * * @param principal the principal. * * @return the hash value. * * @throws IllegalArgumentException if crl is null. * @throws InvalidStateException if the MD5 algorithm is not supported. */ public static String getHash(X500Principal principal) { if (principal != null) { logger.debug("Examining: " + principal.getName()); final byte[] array = principal.getEncoded(); logger.debug("Hash is: " + getHash(array)); return getHash(array); } throw new IllegalArgumentException("Null name passed to getHash()"); } /** * Gets the MD5 hash value of the given byte array. * * @param name the data from which to compute the hash. * * @return the hash value. * * @throws IllegalArgumentException if crl is null. * @throws InvalidStateException if the MD5 algorithm is not supported. */ public static String getHash(byte[] name) { if (name != null) { MessageDigest md = null; try { md = MessageDigest.getInstance("MD5"); } catch(NoSuchAlgorithmException e) { logger.fatal("NO MD5! " + e.getMessage(), e); throw new IllegalStateException("NO MD5! " + e.getMessage(), e); } md.update(name); byte[] digest = md.digest(); ByteBuffer bb = ByteBuffer.wrap(digest).order(java.nio.ByteOrder.LITTLE_ENDIAN); bb.rewind(); String initial = "00000000" + Integer.toHexString(bb.getInt()); return initial.substring(initial.length()-8); } throw new IllegalArgumentException("Null certificate passed to getHash()"); } public static String getOpenSSLFormatPrincipal(Principal principal) { return getOpenSSLFormatPrincipal(principal, false); } /** * Gets an OpenSSL-style representation of a principal. * * @param principal the principal * * @return a String representing the principal. */ public static String getOpenSSLFormatPrincipal(Principal principal, boolean reverse) { X509Name name = new X509Name(principal.getName()); Vector oids = name.getOIDs(); Vector values = name.getValues(); ListIterator oids_iter = oids.listIterator(); ListIterator values_iter = values.listIterator(); String result = ""; String addition = ""; while (oids_iter.hasNext()) { DERObjectIdentifier oid = (DERObjectIdentifier)oids_iter.next(); String value = (String)values_iter.next(); if (oid.equals(X509Name.C)) addition = "/C=" + value; else if (oid.equals(X509Name.CN)) addition = "/CN=" + value; else if (oid.equals(X509Name.DC)) addition = "/DC=" + value; else if (oid.equals(X509Name.E)) addition = "/Email=" + value; else if (oid.equals(X509Name.EmailAddress)) addition = "/Email=" + value; else if (oid.equals(X509Name.L)) addition = "/L=" + value; else if (oid.equals(X509Name.O)) addition = "/O=" + value; else if (oid.equals(X509Name.OU)) addition = "/OU=" + value; else if (oid.equals(X509Name.ST)) addition= "/ST=" + value; else if (oid.equals(X509Name.UID)) addition = "/UID=" + value; else addition = "/" + oid.toString() + "=" + value; if (reverse) result = addition + result; else result += addition; } logger.debug("SSLFormat: " + result); return result; } /** * Compares two DNs for equality, taking into account different * representations for the Email and UserID tags. * * @param dn1 the first dn to compare. * @param dn2 the second dn to compare * * @return true if dn1 and dn2 are equal, false otherwise. */ public static String Normalize(String dn) { String newdn = emailPattern.matcher(dn).replaceAll("/Email"); return uidPattern.matcher(newdn).replaceAll("/UID"); } public static boolean DNCompare(String dn1, String dn2) { if (Normalize(dn1).equals(Normalize(dn2))) return true; return false; } /** * Gets the basename of a file. * * @param f File object representing a file. * * @return a string representing the file name, minus the path. */ static public String getBaseName(File f) { Matcher m = basename_pattern.matcher(f.getName()); if (m.matches()) return m.group(1); else return f.getName(); } /** * Checks if the give certificate is self-issued. * * @param cert The certificate to check. * * @return true if the certificate is self-issued, false otherwise. */ static public boolean selfIssued(X509Certificate cert) { if (logger.isDebugEnabled()) logger.debug("Checking self issued for: " + cert.getSubjectDN().getName()); boolean ret = checkIssued(cert, cert); logger.debug("SelfIssued Result " + ret); return ret; } static private BigInteger getAuthorityCertificateSerialNumber(AuthorityKeyIdentifier akid) { DERObject obj = akid.getDERObject(); ASN1Sequence seq = ASN1Sequence.getInstance(obj); for (int i = 0; i < seq.size(); i++) { DERObject o = (DERObject) seq.getObjectAt(i); if ((o instanceof ASN1TaggedObject) && (((ASN1TaggedObject)o).getTagNo() == 2)) { DERObject realObject = ((ASN1TaggedObject)o).getObject(); if (realObject instanceof DERInteger) { return ((DERInteger)realObject).getValue(); } } } return null; } static private GeneralNames getAuthorityCertIssuer(AuthorityKeyIdentifier akid) { DERObject obj = akid.getDERObject(); ASN1Sequence seq = ASN1Sequence.getInstance(obj); for (int i = 0; i < seq.size(); i++) { DERObject o = (DERObject) seq.getObjectAt(i); if ((o instanceof ASN1TaggedObject) && (((ASN1TaggedObject)o).getTagNo() == 1)) { return GeneralNames.getInstance(((DERTaggedObject)o), false); } } return null; } static private GeneralName[] getNames(GeneralNames gns) { DERObject obj = gns.getDERObject(); ArrayList v = new ArrayList(); ASN1Sequence seq = (ASN1Sequence)obj; int size = seq.size(); for (int i = 0; i < size; i++) { v.add(GeneralName.getInstance(seq.getObjectAt(i))); } return (GeneralName[])v.toArray(new GeneralName[0]); } /** * Checks if a certificate issued another certificate, according to RFC 3280. * * @param issuer The candidate issuer certificate. * @param issued The candidate issued certificate. * * @return true if issuer issued issued, false othersie. */ static public boolean checkIssued(X509Certificate issuer, X509Certificate issued) { X500Principal issuerSubject = issuer.getSubjectX500Principal(); X500Principal issuedIssuer = issued.getIssuerX500Principal(); if (logger.isDebugEnabled()) { logger.debug("Is: " + issued.getSubjectDN().getName() + " issued by " + issuer.getSubjectDN().getName() + "?"); logger.debug("Is: " + issuedIssuer.getName() + " issued by " + issuerSubject.getName() + "?"); logger.debug("[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["); } if (issuerSubject.equals(issuedIssuer)) { logger.debug("================================"); logger.debug("issuersSubject = issuedIssuer"); boolean needtoskip = false; AuthorityKeyIdentifier akid = null; try { akid = PKIUtils.getAKID(issued); String s; /* The following may throw an exception if the KeyID field of the Authority Key Identifier is empty. */ if (akid != null) s = akid.toString(); needtoskip = false; } catch (Exception e) { logger.warn("CA: " + issuerSubject.getName() + " needs to skip akid checks due to incorrectly formatted Authority Key Identifier Extension"); needtoskip = true; } if (!needtoskip && (akid != null)) { if (logger.isDebugEnabled()) logger.debug("akid = " + akid); logger.debug("Authority Key Identifier extension found in issued certificate."); logger.debug("Entered."); SubjectKeyIdentifier skid = PKIUtils.getSKID(issuer); if (logger.isDebugEnabled()) logger.debug("sid = " + skid); if (skid != null) { logger.debug("subject Key Identifier extension found in issuer certificate."); logger.debug("comparing skid to akid"); byte[] skidValue = skid.getKeyIdentifier(); if (logger.isDebugEnabled()) { logger.debug("skid"); StringBuilder str = new StringBuilder(); for (int i = 0; i < skidValue.length; i++) { str.append(Integer.toHexString(skidValue[i])); str.append(' '); } logger.debug(str.toString()); } byte[] akidValue = akid.getKeyIdentifier(); if (logger.isDebugEnabled()) { logger.debug("akid"); StringBuilder str = new StringBuilder(); for (int i = 0; i < akidValue.length; i++) { str.append(Integer.toHexString(akidValue[i])); str.append(' '); } logger.debug(str.toString()); } logger.debug("skid/akid checking."); if (!Arrays.equals(skidValue, akidValue)) return false; logger.debug("skid/akid check passed."); } } logger.debug("]]]]]]]]]]]]]]]]]]]]]]]]"); boolean keyUsage[] = issuer.getKeyUsage(); if (!PKIUtils.isCA(issuer)) { if ((keyUsage != null && !keyUsage[digitalSignature]) || !PKIUtils.isProxy(issued)) return false; } logger.debug("CHECK ISSUED PASSED"); return true; } logger.debug("Check Issued failed."); return false; } /** * Checks if the passed certificate is a CA certificate. * * @param cert the candidate CA certificate. * * @return true if cert is a CA certificate. */ static public boolean isCA(X509Certificate cert) { if (cert == null) return false; if (logger.isDebugEnabled()) { logger.debug("Examining " + cert.getSubjectDN().getName()); logger.debug ("Hash: " + PKIUtils.getHash(cert)); } boolean[] keyUsage = cert.getKeyUsage(); byte[] keybytes = cert.getExtensionValue("2.5.29.15"); if (logger.isDebugEnabled()) { if (keybytes != null) { StringBuilder str = new StringBuilder(); str.append("Real value : "); for (int j =0; j < keybytes.length; j++) { str.append(Integer.toHexString(keybytes[j])); str.append(' '); } logger.debug(str.toString()); DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(keybytes)).readObject(); logger.debug("Class = " + dobj.getClass()); dobj = new ASN1InputStream(new ByteArrayInputStream(((DEROctetString)dobj).getOctets())).readObject(); logger.debug("Class = " + dobj.getClass()); DERBitString bitstr = (DERBitString)dobj; logger.debug("pad bits : " + bitstr.getPadBits()); } catch(Exception e) {} } if (keyUsage != null) for (int i = 0; i < keyUsage.length ; i++) logger.debug("Keyusage[" +i + "] = " + keyUsage[i]); } if (keyUsage != null && !keyUsage[keyCertSign]) { logger.debug("keyUsage extension present, but CertSign bit not active."); return false; } int isCA = cert.getBasicConstraints(); if (isCA == -1) { logger.debug("Is CA"); return false; } logger.debug("Is not CA"); return true; } /** * Checks if the passed certificate is a proxy certificate. Recognizes * GT2, GT3 and GT4 proxies. * * @param cert the candidate proxy certificate. * * @return true if cert is a proxy certificate. */ static public boolean isProxy(X509Certificate cert) { if (cert == null) return false; if (logger.isDebugEnabled()) logger.debug("Check for proxyness: " + cert.getSubjectDN().getName()); byte[] proxy = cert.getExtensionValue(PROXYCERTINFO); byte[] proxy_old = cert.getExtensionValue(PROXYCERTINFO_OLD); if (proxy != null || proxy_old != null) { logger.debug("Proxyness confirmed."); return true; } String subject = cert.getSubjectX500Principal().getName(); String issuer = cert.getIssuerX500Principal().getName(); logger.debug("ENDNAME CHECK?"); if (subject.endsWith(issuer)) { logger.debug("ENDNAME CHECK OK"); String s = subject.replace(issuer, ""); logger.debug("TO CHECK: " + s); if (s.equals("CN=proxy,") || s.equals("CN=limited proxy,")) { logger.debug("Proxyness confirmed."); return true; } } return false; } /** * Gets the AuthorityKeyIdentifier extension form the passed certificate. * * @param cert The certificate from which to get the extension. * * @return the extension if present, or null if not present. */ static public AuthorityKeyIdentifier getAKID(X509Certificate cert) { if (cert != null) { byte[] akid = cert.getExtensionValue(AUTHORITY_KEY_IDENTIFIER); int i = 0; if (akid != null) { ASN1OctetString string = new DEROctetString(akid); byte[] llist2 = string.getOctets(); DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(llist2)).readObject(); dobj = new ASN1InputStream(new ByteArrayInputStream(((DEROctetString)dobj).getOctets())).readObject(); } catch (ClassCastException e) { throw new IllegalArgumentException("Erroneous encoding in Authority Key Identifier " + e.getMessage(), e); } catch (Exception e) { throw new IllegalArgumentException("While extracting Authority Key Identifier " + e.getMessage(), e); } return new AuthorityKeyIdentifier(ASN1Sequence.getInstance(dobj)); } } return null; } /** * Gets the SubjectKeyIdentifier extension form the passed certificate. * * @param cert The certificate from which to get the extension. * * @return the extension if present, or null if not present. */ static public SubjectKeyIdentifier getSKID(X509Certificate cert) { if (cert != null) { byte[] akid = cert.getExtensionValue(SUBJECT_KEY_IDENTIFIER); if (akid != null) { DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(akid)).readObject(); dobj = new ASN1InputStream(new ByteArrayInputStream(((DEROctetString)dobj).getOctets())).readObject(); } catch (Exception e) { throw new IllegalArgumentException("While extracting Subject Key Identifier " + e.getMessage(), e); } return SubjectKeyIdentifier.getInstance(dobj); } } return null; } /** * Gets the BasicConstraints extension form the passed certificate. * * @param cert The certificate from which to get the extension. * * @return the extension if present, or null if not present. */ static public BasicConstraints getBasicConstraints(X509Certificate cert) { if (cert != null) { byte[] akid = cert.getExtensionValue(BASIC_CONSTRAINTS_IDENTIFIER); if (akid != null) { DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(akid)).readObject(); } catch (Exception e) { throw new IllegalArgumentException("While extracting Subject Key Identifier " + e.getMessage()); } return new BasicConstraints(ASN1Sequence.getInstance(dobj)); } } return null; } static public PrivateKey loadPrivateKey(String filename, PasswordFinder finder) { return loadPrivateKey(new File(filename), finder); } static public PrivateKey loadPrivateKey(File file, PasswordFinder finder) { PEMReader pem = null; try { pem = new PEMReader(new FileReader(file), finder); logger.debug("pem = " + pem); Object read = null; do { read = pem.readObject(); logger.debug("File is: " + file.getAbsolutePath()); logger.debug("Object read is: " + read); logger.debug("Object class is: " + read.getClass().getCanonicalName()); } while (!((read instanceof KeyPair) || (read instanceof JCERSAPrivateKey)) && read != null); if (read != null) { if (read instanceof KeyPair) { KeyPair pair = (KeyPair)read; logger.debug("key = " + pair ); return pair.getPrivate(); } else if (read instanceof JCERSAPrivateKey) { logger.debug("key = " + read); return (PrivateKey)read; } else if (read instanceof PrivateKey) { return (PrivateKey)read; } else return null; } else { // no private key was found! return null; } } catch (IOException e) { throw new IllegalArgumentException("Not a PEM format file " + file.getName(), e); } } /** * Loads a set of credentials from a file. * * @param filename the name of the file from which to load the certificates. * * @return an array containing the certificates that were present in the file. * * @throws CertificateException if there were problems parsing the certificates. * @throws IllegalArgumentException if the file cannot be found. */ static public X509Certificate[] loadCertificates(String filename) throws CertificateException { return loadCertificates(new File(filename)); } /** * Loads a set of credentials from a file. * * @param file the File object from which to load the certificates. * * @return an array containing the certificates that were present in the file. * * @throws CertificateException if there were problems parsing the certificates. * @throws IllegalArgumentException if the file cannot be found. * * @see java.io.File */ static public X509Certificate[] loadCertificates(File file) throws CertificateException { BufferedInputStream bis = null; try { bis = new BufferedInputStream(new FileInputStream(file)); } catch (FileNotFoundException e) { throw new IllegalArgumentException("Cannot find file " + file.getName()); } X509Certificate certificates[] = null; try { certificates = loadCertificates(bis); } catch (IOException e) { certificates = null; } finally { try { bis.close(); } catch(IOException e) { logger.error("While closing: " + file.getName() + " " + e.getMessage()); } } return certificates; } /** * Loads a set of credentials from a BufferedInputStream. * * @param bis the BufferedInputStream from which to load the certificates. * * @return an array containing the certificates that were present in the file. * * @throws CertificateException if there were problems parsing the certificates. * @throws IllegalArgumentException if the file cannot be found. */ static private X509Certificate[] loadCertificates(BufferedInputStream bis) throws CertificateException, IOException { ArrayList certificates = new ArrayList(); int type; while ((type = skipToCertBeginning(bis)) != -1) { if (type == CERT) { certificates.add(factory.generateCertificate(bis)); } } X509Certificate[] arr = new X509Certificate[0]; return (X509Certificate[])certificates.toArray(arr); } /** * Loads a CRL from a file. * * @param filename the name of the file from which to load the CRL. * * @return an array containing the certificates that were present in the file. * * @throws CRLException if there were problems parsing the CRL. * @throws IllegalArgumentException if the file cannot be found. */ static public X509CRL loadCRL(String filename) throws CRLException { return loadCRL(new File(filename)); } /** * Loads a CRL from a file. * * @param file the File object from which to load the CRL. * * @return an array containing the certificates that were present in the file. * * @throws CRLException if there were problems parsing the CRL. * @throws IllegalArgumentException if the file cannot be found. */ static public X509CRL loadCRL(File file) throws CRLException { BufferedInputStream bis = null; try { bis = new BufferedInputStream(new FileInputStream(file)); } catch (FileNotFoundException e) { throw new IllegalArgumentException("Cannot find file " + file.getName()); } X509CRL crl = null; try { crl = loadCRL(bis); } catch(IOException e) { throw new IllegalArgumentException("Cannot load CRL from file: " + file.getName() + " cause: " + e.getMessage()); } finally { try { if (bis != null) bis.close(); } catch(IOException e) { logger.error("While closing: " + file.getName() + " " + e.getMessage()); } } return crl; } /** * Loads a CRL from a BufferedInputStream. * * @param bis the BufferedInputStream from which to load the CRL. * * @return an array containing the certificates that were present in the file. * * @throws CRLException if there were problems parsing the CRL. * @throws IllegalArgumentException if the file cannot be found. */ static private X509CRL loadCRL(BufferedInputStream bis) throws CRLException, IOException { int type; X509CRL crl = null; if (skipToCertBeginning(bis) == CRL) { crl = (X509CRL)factory.generateCRL(bis); } return crl; } /** * Reads either a certificate or a CRL from a file. * * @param f the file from which to read; * * @return the Object loaded. * * @throws IOException if there have been problems reading the file. * @throws CertificateException if there have been problems parsing the certificate. * @throws CRLException if there have been problems parsing the CRL. */ static public Object readObject(File f) throws IOException, CertificateException, CRLException { BufferedInputStream bis = new BufferedInputStream(new FileInputStream(f)); int type = skipToCertBeginning(bis); try { switch (type) { case CRL: Object o = loadCRL(bis); bis.close(); bis = null; return o; case CERT: Vector result = new Vector(Arrays.asList(loadCertificates(bis))); bis.close(); bis = null; return result; default: break; } } finally { if (bis != null) bis.close(); } return null; } /** * Prepares a BufferedInputStream to read either a certificate or a CRL * from it. Skips everything in front of "-----BEGIN" in the stream. * * @param stream The stream to read and skip. * * @return CERT if a certificate is the next object to be read from the * stream, CRL if the next object is a CRL, -1 if the next object is of * type unknown. * * @throws IOException Thrown if there is a problem skipping. * * Note: this a modified version of code originally written by Joni Hakhala */ public static int skipToCertBeginning(BufferedInputStream stream) throws IOException { int BUF_LEN = 1000; byte[] b = new byte[BUF_LEN]; // the byte buffer stream.mark(BUF_LEN + 2); // mark the beginning while (stream.available() > 0) { // check that there are still something to read int num = stream.read(b); // read bytes from the file to the byte buffer String buffer = new String(b, 0, num); // generate a string from the byte buffer int index = buffer.indexOf("----BEGIN CERTIFICATE"); // check if the certificate beginning is in the chars read this time int index2 = buffer.indexOf("----BEGIN X509 CRL"); if (index == -1 && index2 == -1) { // not found stream.reset(); // rewind the file to the beginning of the last read stream.skip(BUF_LEN - 100); // skip only part of the way as the "----BEGIN" can be in the transition of two 1000 char block stream.mark(BUF_LEN + 2); // mark the new position } else { // found if (index != -1) { while ((buffer.charAt(index - 1) == '-') && (index > 0)) { // search the beginnig of the ----BEGIN tag index--; if (index == 0) { // prevent charAt test when reaching the beginning of buffer break; } } stream.reset(); // rewind to the beginning of the last read stream.skip(index); // skip to the beginning of the tag stream.mark(10000); // mark the position return CERT; } else { while ((buffer.charAt(index2 - 1) == '-') && (index2 > 0)) { // search the beginnig of the ----BEGIN tag index2--; if (index2 == 0) { // prevent charAt test when reaching the beginning of buffer break; } } stream.reset(); // rewind to the beginning of the last read stream.skip(index2); // skip to the beginning of the tag stream.mark(10000); // mark the position return CRL; } } } return -1; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/PKIVerifier.java000066400000000000000000001121431207402625500247100ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.PublicKey; import java.security.Security; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509CRL; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.Enumeration; import java.util.HashSet; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.NoSuchElementException; import java.util.Set; import java.util.Stack; import java.util.TreeSet; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.glite.voms.ac.ACCerts; import org.glite.voms.ac.ACTargets; import org.glite.voms.ac.AttributeCertificate; import org.glite.voms.ac.AttributeCertificateInfo; import org.glite.voms.ac.VOMSTrustStore; import org.glite.voms.contact.MyProxyCertInfo; class MyDERInputStream extends ASN1InputStream { public MyDERInputStream(InputStream is) { super(is); } public int readLength() throws IOException { return super.readLength(); } } public class PKIVerifier { private static Logger logger = Logger.getLogger( PKIVerifier.class .getName() ); public static final String SUBJECT_KEY_IDENTIFIER = "2.5.29.14"; public static final String AUTHORITY_KEY_IDENTIFIER = "2.5.29.35"; public static final String PROXYCERTINFO = "1.3.6.1.5.5.7.1.14"; public static final String PROXYCERTINFO_OLD = "1.3.6.1.4.1.3536.1.222"; public static final String BASIC_CONSTRAINTS_IDENTIFIER = "2.5.29.19"; public static final String KEY_USAGE_IDENTIFIER = "2.5.29.15"; public static final String TARGET = "2.5.29.55"; private static final String[] OIDs = { SUBJECT_KEY_IDENTIFIER, AUTHORITY_KEY_IDENTIFIER, PROXYCERTINFO, PROXYCERTINFO_OLD, BASIC_CONSTRAINTS_IDENTIFIER, KEY_USAGE_IDENTIFIER }; private static final String[] AC_OIDs = { TARGET }; private static final Set handledOIDs = new TreeSet( Arrays.asList( OIDs ) ); private static final Set handledACOIDs = new TreeSet( Arrays .asList( AC_OIDs ) ); private PKIStore caStore = null; private VOMSTrustStore vomsStore = null; static { if ( Security.getProvider( "BC" ) == null ) { Security.addProvider( new BouncyCastleProvider() ); } } /** * Initializes the verifier. * * @param vomsStore * the VOMSTrustStore object which represents the vomsdir store. * @param caStore * the PKIStore object which represents the CA store. */ public PKIVerifier( VOMSTrustStore vomsStore, PKIStore caStore ) { this.vomsStore = vomsStore; this.caStore = caStore; } /** * Initializes the verifier. The CA store is initialized at: * "/etc/grid-security/certificates." * * @param vomsStore * the VOMSTrustStore object which represents the vomsdir store. * * @throws IOException * if there have been IO errors. * @throws CertificateException * if there have been problems parsing a certificate * @throws CRLException * if there have been problems parsing a CRL. */ public PKIVerifier( VOMSTrustStore vomsStore ) throws IOException, CertificateException, CRLException { this.vomsStore = vomsStore; this.caStore = PKIStoreFactory.getStore(PKIStore.TYPE_CADIR); } /** * Initializes the verifier. * * If the VOMSDIR and CADIR system properties are set, those values * are used to initialize the voms and ca certificates trust stores. * Tipically, the VOMSDIR should point to a directory that contains * voms server certificates, while the CADIR should point to a * directory where CA certificates and crl are stored. * * If the system properties are not set, The CA store is initialized to: * "/etc/grid-security/certificates.", while the VOMS store is initialized * to "/etc/grid-security/vomsdir" (slash becomes backslash on windows). * * @throws IOException * if there have been IO errors. * @throws CertificateException * if there have been problems parsing a certificate * @throws CRLException * if there have been problems parsing a CRL. */ public PKIVerifier() throws IOException, CertificateException, CRLException { vomsStore = PKIStoreFactory.getStore(PKIStore.TYPE_VOMSDIR); caStore = PKIStoreFactory.getStore(PKIStore.TYPE_CADIR); } /** * Cleans up resources allocated by the verifier. * * This method MUST be called prior to disposal of this object, otherwise * memory leaks and runaway threads will occur. */ public void cleanup() { if ( vomsStore != null ) vomsStore.stopRefresh(); if ( caStore != null ) caStore.stopRefresh(); vomsStore = null; caStore = null; } /** * Sets a new CAStore. * * @param store * the new CA store. */ public void setCAStore( PKIStore store ) { if ( caStore != null ) { caStore.stopRefresh(); caStore = null; } caStore = store; } /** * Sets a new VOMSStore. * * @param store * the new VOMS store. */ public void setVOMSStore( VOMSTrustStore store ) { if ( vomsStore != null ) { vomsStore.stopRefresh(); vomsStore = null; } vomsStore = store; } private static String getHostName() { try { InetAddress addr = InetAddress.getLocalHost(); return addr.getCanonicalHostName(); } catch ( UnknownHostException e ) { logger.error( "Cannot discover hostName." ); return ""; } } /** * Verifies an Attribute Certificate according to RFC 3281. * * @param ac * the Attribute Certificate to verify. * * @return true if the attribute certificate is verified, false otherwise. */ public boolean verify( AttributeCertificate ac ) { if ( ac == null || vomsStore == null ) return false; AttributeCertificateInfo aci = ac.getAcinfo(); X509Certificate[] certificates = null; ACCerts certList = aci.getCertList(); LSCFile lsc = null; String voName = ac.getVO(); if ( certList != null ) lsc = vomsStore.getLSC( voName, ac.getHost() ); logger.debug("LSC is: " + lsc); if ( lsc != null ) { boolean success = false; Vector dns = lsc.getDNLists(); Iterator dnIter =dns.iterator(); // First verify if LSC file applies; while ( !success && dnIter.hasNext()) { boolean doBreak = false; while (dnIter.hasNext() && !doBreak ) { Iterator certIter = certList.getCerts().iterator(); Vector realDNs = (Vector) dnIter.next(); Iterator realDNsIter = realDNs.iterator(); while (realDNsIter.hasNext() && certIter.hasNext() && !doBreak ) { String dn = null; String is = null; try { dn = (String) realDNsIter.next(); is = (String) realDNsIter.next(); } catch ( NoSuchElementException e ) { doBreak = true; } X509Certificate cert = (X509Certificate) certIter.next(); String candidateDN = PKIUtils .getOpenSSLFormatPrincipal( cert.getSubjectDN() ); String candidateIs = PKIUtils .getOpenSSLFormatPrincipal( cert.getIssuerDN() ); logger.debug("canddn is : " + candidateDN); logger.debug("candis is : " + candidateIs); if (dn != null) { logger.debug("dn is : " + dn); logger.debug("dn == canddn is " + dn.equals(candidateDN)); } if (is != null) { logger.debug("is is : " + is); logger.debug("is == candis is " + is.equals(candidateIs)); } if ( dn != null && is != null) if (!dn.equals(candidateDN) || !is.equals(candidateIs)) doBreak = true; } if ( !doBreak && !realDNsIter.hasNext() && !certIter.hasNext() ) success = true; } } if ( success == true ) { // LSC found. Now verifying certificate logger.debug("LSC Verification step."); certificates = (X509Certificate[]) certList.getCerts().toArray( new X509Certificate[] {} ); if (!ac.verifyCert(certificates[0])) { certificates = null; logger.debug( "Signature Verification false (from LSC)." ); } else { logger.debug( "Signature Verification OK (from LSC)." ); } } } if ( certificates == null ) { // lsc check failed logger.debug("lsc check failed."); if ( logger.isDebugEnabled() ) { X500Principal issuer = ac.getIssuer(); logger.debug( "Looking for hash: " + PKIUtils.getHash(issuer) + " for certificate: " + issuer.getName() ); } X509Certificate[] candidates = vomsStore.getAACandidate( ac .getIssuer(), voName ); if (candidates == null) logger.debug("No candidates found!"); else if ( candidates.length != 0 ) { int i = 0; while ( i < candidates.length ) { X509Certificate currentCert = (X509Certificate) candidates[i]; PublicKey key = currentCert.getPublicKey(); if ( logger.isDebugEnabled() ) { logger.debug( "Candidate: " + currentCert.getSubjectDN().getName() ); logger.debug( "Key class: " + key.getClass() ); logger.debug( "Key: " + key ); byte[] data = key.getEncoded(); StringBuffer str = new StringBuffer(); str.append("Key: "); for ( int j = 0; j < data.length; j++ ) { str.append(Integer.toHexString( data[j] )); str.append(' '); } logger.debug(str.toString()); } if ( ac.verifyCert( currentCert ) ) { logger.debug( "Signature Verification OK" ); certificates = new X509Certificate[1]; certificates[0] = currentCert; break; } else { logger.debug( "Signature Verification false" ); } i++; } } } if ( certificates == null ) { logger.error( "Cannot find usable certificates to validate the AC. Check that the voms server host certificate is in your vomsdir directory." ); return false; } if ( logger.isDebugEnabled() ) { for ( int l = 0; l < certificates.length; l++ ) logger.debug( "Position: " + l + " value: " + certificates[l].getSubjectDN().getName() ); } if ( !verify( certificates ) ) { logger.error( "Cannot verify issuer certificate chain for AC" ); return false; } if ( !ac.isValid() ) { logger.error( "Attribute Certificate not valid at current time." ); return false; } // AC Targeting verification ACTargets targets = aci.getTargets(); if ( targets != null ) { String hostname = getHostName(); boolean success = false; Iterator i = targets.getTargets().iterator(); while ( i.hasNext() ) { String name = (String) i.next(); if ( name.equals( hostname ) ) { success = true; break; } } if ( !success ) { logger.error( "Targeting check failed!" ); return false; } } // unhandled extensions check X509Extensions exts = aci.getExtensions(); if ( exts != null ) { Enumeration oids = exts.oids(); while ( oids.hasMoreElements() ) { DERObjectIdentifier oid = (DERObjectIdentifier) oids .nextElement(); X509Extension ext = exts.getExtension( oid ); if ( ext.isCritical() && !handledACOIDs.contains( oid ) ) { logger.error( "Unknown critical extension discovered: " + oid.getId() ); return false; } } } return true; } private boolean checkProxyCertInfo(X509Certificate cert, int posInChain, int chainSize) { X509Extension ext = null; byte[] payload = cert.getExtensionValue(PROXYCERTINFO); if (payload == null) { payload = cert.getExtensionValue(PROXYCERTINFO_OLD); if (payload == null) { logger.debug("No ProxyCertInfo extension found."); return true; } else { ext = new X509Extension(false, new DEROctetString(payload)); } } else ext = new X509Extension(true, new DEROctetString(payload)); DERObject obj = null; try { obj = new ASN1InputStream(new ByteArrayInputStream(ext.getValue().getOctets())).readObject(); MyDERInputStream str = new MyDERInputStream(((DEROctetString)obj).getOctetStream()); int len = 0; int res = 0; str.read(); len = str.readLength(); res = str.read(payload, 0, len); } catch (IOException e) { throw new IllegalArgumentException("Cannot read DERObject from source data:"+ e.getMessage()); } MyProxyCertInfo pci = new MyProxyCertInfo(payload); if (pci.getPathLenConstraint() != -1 && (pci.getPathLenConstraint() < chainSize - posInChain)) { logger.error("ProxyCertInfo pathlen constraint violation."); if (logger.isDebugEnabled()){ String debugString = String.format("pathLenConstraint: %d, certificateChainSize: %d, positionInChain: %d", pci.getPathLenConstraint(), chainSize, posInChain); logger.debug(debugString); } return false; } return true; } /** * Verifies an certificate chain according to RFC 3280. * * @param certs * the chain to verify. * * @return true if the chain is verified, false otherwise. */ public boolean verify( X509Certificate[] certs ) { if ( caStore == null ) { logger.error( "No Trust Anchor are known." ); return false; } if ( certs.length <= 0 ) { logger .error( "Certificate verification: passed empty certificate array." ); return false; } Hashtable certificates = caStore.getCAs(); Stack certStack = new Stack(); int proxyCount = 0; // First, build the certification path certStack.push( certs[0] ); logger.debug( "Starting certificate verification for '" + certs[0].getSubjectDN().getName() + "'" ); X509Certificate currentCert = certs[0]; for ( int i = 1; i < certs.length; i++ ) { if ( logger.isDebugEnabled() ) logger.debug( "Checking: " + certs[i].getSubjectDN().getName() ); if ( PKIUtils.checkIssued( certs[i], certs[i - 1] ) ) { if (PKIUtils.isProxy(currentCert)) proxyCount ++; certStack.push( certs[i] ); currentCert = certs[i]; } } X509Certificate candidate = null; // replace self-signed certificate passed with one from store. if ( PKIUtils.selfIssued( currentCert ) ) { String hash = PKIUtils.getHash( currentCert ); Vector candidates = (Vector) certificates.get( hash ); int index = -1; if ( candidates != null && ( index = candidates.indexOf( currentCert ) ) != -1 ) { certStack.pop(); candidate = (X509Certificate) candidates.elementAt( index ); certStack.push( candidate ); } else { logger.error("Cannot find issuer candidate for: " +currentCert.getSubjectDN().getName()); return false; } } else { candidate = null; // now, complete the certification path. do { String hash = PKIUtils.getHash( currentCert .getIssuerX500Principal() ); logger.debug( "Issuer principal hash = " + hash ); Vector candidates = (Vector) certificates.get( hash ); if ( candidates != null ) { logger.debug( "Candidates trust anchors from store: " + candidates ); Iterator i = candidates.iterator(); while ( i.hasNext() ) { candidate = (X509Certificate) i.next(); if ( logger.isDebugEnabled() ) logger.debug( "Candidate trust anchor subject = " + candidate.getSubjectDN().getName() ); if ( PKIUtils.checkIssued( candidate, currentCert ) ) { certStack.push( candidate ); currentCert = candidate; break; } else candidate = null; } } } while ( candidate != null && !PKIUtils.selfIssued( currentCert ) ); } // no trust anchor found if ( candidate == null ) { logger.error( "Certificate verification: no trust anchor found." ); return false; } int currentLength = 0; PublicKey candidatePublicKey = null; X509Certificate issuerCert = null; if ( logger.isDebugEnabled() ) { logger.debug( "Constructed certificate chain:" ); Iterator j = certStack.iterator(); int chainIndex = 0; while ( j.hasNext() ) logger.debug( "["+chainIndex+"]: " + ( (X509Certificate) j.next() ).getSubjectDN() .getName() ); } int stackSize = certStack.size(); int stackPos = stackSize+1; Stack constructedStack = new Stack(); int certCount = 0; while ( !certStack.isEmpty() ) { currentCert = (X509Certificate) certStack.pop(); stackPos = stackPos -1; if (!PKIUtils.isProxy(currentCert)) certCount ++; if ( logger.isDebugEnabled() ) logger.debug( "Checking : " + currentCert.getSubjectDN().getName() ); if (!checkProxyCertInfo(currentCert, stackPos, stackSize)) { logger.error("ProxyCertInfo extension violated."); return false; } if ( PKIUtils.selfIssued( currentCert ) ) { if ( currentLength != 0 ) { logger .error( "Certificate verification: Self signed certificate not trust anchor: " + currentCert.getSubjectDN().getName() ); return false; } else { candidatePublicKey = currentCert.getPublicKey(); issuerCert = currentCert; } } if ( !currentCert.getIssuerX500Principal().equals( issuerCert.getSubjectX500Principal() ) ) { logger .error( "Certificate verification: issuing chain broken." ); return false; } try { currentCert.checkValidity(); } catch ( CertificateExpiredException e ) { logger.error( "Certificate verification: certificate in chain expired. " + e.getMessage(), e ); logger.error( "Faulty certificate: " + currentCert.getSubjectDN().getName() ); logger.error( "End validity : " + currentCert.getNotAfter().toString() ); return false; } catch ( CertificateNotYetValidException e ) { logger.error( "Certificate verification: certificate in chain not yet valid. " + e.getMessage(), e ); logger.error( "Faulty certificate: " + currentCert.getSubjectDN().getName() ); logger.error( "Start validity : " + currentCert.getNotBefore().toString() ); return false; } try { currentCert.verify( candidatePublicKey ); } catch ( Exception e ) { logger.error( "Certificate verification: cannot verify signature. " + e.getMessage(), e ); logger.error( "Faulty certificate: " + currentCert.getSubjectDN().getName() ); return false; } if ( isRevoked( currentCert, issuerCert ) ) { logger .error( "Certificate verification: certificate in chain has been revoked." ); logger.error( "Faulty certificate: " + currentCert.getSubjectDN().getName() ); return false; } boolean isCA = PKIUtils.isCA( issuerCert ); if ( isCA ) { if ( !allowsPath( currentCert, issuerCert, constructedStack ) ) { logger.error( "Certificate verification: subject '" + currentCert.getSubjectDN().getName() + "' not allowed by CA '" + issuerCert.getSubjectDN().getName() + "'" ); return false; } // check path length int maxPath = currentCert.getBasicConstraints(); if ( maxPath != -1 ) { if ( maxPath < certStack.size() - proxyCount - 1 ) { logger .error( "Certificate verification: Maximum certification path length exceeded." ); return false; } } } else { if ( !PKIUtils.isProxy( currentCert ) ) { logger .error( "Certificate verification: Non-proxy, non-CA certificate issued a certificate." ); return false; } } // check for unhandled critical extensions Set criticals = currentCert.getCriticalExtensionOIDs(); if ( criticals != null ) { if ( !handledOIDs.containsAll( criticals ) ) { logger .error( "Certificate verification: Certificate contain unhandled critical extensions." ); return false; } } issuerCert = currentCert; candidatePublicKey = currentCert.getPublicKey(); currentLength++; constructedStack.push(currentCert); } return true; } private boolean allowsNamespaces(X509Certificate cert, X509Certificate issuer, Stack certStack) { // self signed certificates always pass. if (PKIUtils.selfIssued(cert)) return true; Hashtable namespaces = caStore.getNamespaces(); Namespace namespaceCandidate = (Namespace) namespaces.get(PKIUtils.getHash(issuer)); if (namespaceCandidate == null) { // specification says to travel up the chain in this case int size = certStack.size(); int current = size-1; logger.debug("size = " + size + ", current = " + current + "\n"); if (size > 0) { do { namespaceCandidate = (Namespace)namespaces.get(PKIUtils.getHash( (X509Certificate)certStack.elementAt(current))); current -= 1; } while (namespaceCandidate == null && current != -1); } if (namespaceCandidate == null) { //no candidates were found. According to the rules, this is a permit return true; } } // at this point, namespaceCandidate != null int index = namespaceCandidate.findIssuer(issuer); while (index != -1) { logger.debug("looking inside namespace"); namespaceCandidate.setCurrent(index); String subject = namespaceCandidate.getSubject(); boolean permit = namespaceCandidate.getPermit(); String currentSubj = PKIUtils.getOpenSSLFormatPrincipal(issuer.getSubjectDN()); String currentSubjReversed = PKIUtils.getOpenSSLFormatPrincipal(issuer.getSubjectDN(), true); if (subject.equals(currentSubj) || subject.equals(currentSubjReversed)) { // this is the right policy return permit; } // no decision as of yet. Look for other rules index = namespaceCandidate.findIssuer(issuer, index); } // candidates found, but no rule applies. This is a deny return false; } private boolean allowsPath( X509Certificate cert, X509Certificate issuer, Stack certStack) { /* Self-signed certificates do not need to be checked against the signing policy. */ if (PKIUtils.selfIssued(cert)) return true; Hashtable signings = caStore.getSignings(); SigningPolicy signCandidate = (SigningPolicy) signings.get( PKIUtils .getHash( issuer ) ); logger.debug("signCandidate is: " + signCandidate); boolean matched = false; if (signCandidate == null) return allowsNamespaces(cert, issuer, certStack); if ( signCandidate != null ) { logger.debug("Class of issuer is : " + issuer.getClass()); logger.debug("Class of Subject is: " + issuer.getSubjectDN().getClass()); String issuerSubj = PKIUtils.getOpenSSLFormatPrincipal( issuer .getSubjectDN() ); logger.debug("Subject is : " + issuerSubj); Vector nameVector = getAllNames( cert ); if ( nameVector == null ) return false; logger.debug("Content of Vector is:" + nameVector); Iterator i = nameVector.iterator(); while ( i.hasNext() ) { String certSubj = (String) i.next(); logger.debug( "Examining: " + certSubj); logger.debug( "Looking for " + issuerSubj ); int index = signCandidate.findIssuer( issuerSubj ); if (index == -1) { /* Work around different sources of certificates not agreeing on order of X500Name components. */ issuerSubj = PKIUtils.getOpenSSLFormatPrincipal(issuer .getSubjectDN(), true); index = signCandidate.findIssuer(issuerSubj); } while ( index != -1 ) { logger.debug( "Inside index" ); signCandidate.setCurrent( index ); if ( signCandidate.getAccessIDCA().equals( issuerSubj ) ) { Vector subjects = signCandidate.getCondSubjects(); Iterator subjIter = subjects.iterator(); while ( subjIter.hasNext() ) { String subj = (String) subjIter.next(); logger.debug( "Comparing certSubj: '" + certSubj + "' to '" + subj + "'" ); subj = subj.replaceFirst( "\\*", "\\.\\*" ); if ( certSubj.toUpperCase().matches( subj.toUpperCase() ) ) { matched = true; logger.debug( "Subject: '" + certSubj + "' matches with subject: '" + subj + "' from signing policy." ); break; } logger.debug( "Subject: '" + certSubj + "' does not match subject: '" + subj + "' from signing policy." ); } } index = signCandidate.findIssuer( issuerSubj, index ); } if (matched) { logger.debug("MATCHED AT LEAST ONCE"); break; } } nameVector.clear(); } logger.debug("Value of Matched is: " + matched); return matched; } private Vector getAllNames( X509Certificate cert ) { if ( cert != null ) { Vector v = new Vector(); v.add( PKIUtils.getOpenSSLFormatPrincipal( cert.getSubjectDN() ) ); /* Sometime the format of the DN gets reversed. */ v.add( PKIUtils.getOpenSSLFormatPrincipal( cert.getSubjectDN() , true)); return v; } return null; } private boolean checkCRLIssuer(X509CRL crl, X509Certificate issuer){ return crl.getIssuerX500Principal().equals(issuer.getSubjectX500Principal()); } private boolean checkCRLCriticalExtensions(X509CRL crl){ // Check critical extensions Set criticalExts = crl.getCriticalExtensionOIDs(); Set permittedCriticals = new HashSet(); permittedCriticals.add("2.5.29.28"); if (criticalExts == null || criticalExts.isEmpty()) return true; if (!criticalExts.isEmpty() && !criticalExts.containsAll(permittedCriticals)){ logger.error("CRL critical extensions check failed for CRL "+crl.getIssuerX500Principal()+". Critical extensions "+permittedCriticals+" not found!"); return false; } return true; } private boolean checkCRLValidity(X509CRL crl){ Date now = new Date(); return crl.getNextUpdate().after(now) && crl.getThisUpdate().before(now); } /** * Looks for CRLs that match a given CA certificate. * * @param issuer * @return null if no CRLs were found in the trust-anchors directory, or a list of valid * CRLs. When the list is empty the caller can assume that the CRL was present in the trust-anchors but * was ill-formed. * */ private List lookupCRL(X509Certificate issuer) { Map> crlMap = caStore.getCRLs(); List crlList = crlMap.get(PKIUtils.getHash(issuer)); List correctCrls = new ArrayList(); if (crlList == null || crlList.isEmpty()) return null; for (X509CRL candidateCRL: crlList){ // Verify signature try{ candidateCRL.verify(issuer.getPublicKey()); }catch (Exception e){ logger.info("Signature verification check failed for CRL "+candidateCRL.getIssuerX500Principal()+"..."); continue; } boolean criticalExtensionsAreValid = checkCRLCriticalExtensions(candidateCRL); if (!criticalExtensionsAreValid){ logger.info("Critical extensions check failed for CRL "+ candidateCRL.getIssuerX500Principal()+"..."); continue; } if (!checkCRLIssuer(candidateCRL, issuer)){ logger.info(String.format("Issuer check failed for CRL %s against issuer %s.", candidateCRL.getIssuerX500Principal(), issuer.getSubjectX500Principal())); continue; } correctCrls.add(candidateCRL); } return correctCrls; } private boolean isRevoked( X509Certificate cert, X509Certificate issuer ) { logger.debug("Checking if '"+cert.getSubjectDN()+"' issued by '"+issuer.getSubjectDN()+"' has been revoked."); if (!PKIUtils.isCA(issuer)){ logger.debug("Issuer certificate '"+issuer.getSubjectDN()+"' is not a CA, so it cannot issue CRLs"); return false; } List crls = lookupCRL(issuer); if (crls == null){ logger.warn("No CRL for CA '"+issuer.getSubjectDN()+"' was found in local trust-anchor dir. Considering certificate '"+cert.getSubjectDN()+"' valid."); return false; } if (crls.isEmpty()){ logger.warn("CRLs for CA '"+issuer.getSubjectDN()+"' was found but was ill-formed. Considering the certificate '"+cert.getSubjectDN()+"' revoked."); return true; } X509CRL validCrl = null; for (X509CRL crl: crls){ logger.debug("Checking CRL: "+crl); boolean crlIsValid = checkCRLValidity(crl); logger.debug("CRL is valid? "+crlIsValid); // Break at first valid CRL found... if (crlIsValid){ validCrl = crl; break; } String msg = String.format("CRL for CA '%s' has expired on %s.", issuer.getSubjectDN(), crl.getNextUpdate()); logger.error(msg); } if (validCrl == null){ logger.warn(" No temporally valid CRL for CA '"+issuer.getSubjectDN()+"' was found. Considering the certificate '"+cert.getSubjectDN()+"' revoked."); return true; } X509CRLEntry entry = validCrl.getRevokedCertificate( cert.getSerialNumber() ); logger.debug("CRLEntry for certificate serial number "+cert.getSerialNumber()+": "+entry); if (entry == null) return false; logger.info(String.format("Certificate %s (%d) was revoked on date %s.", cert.getSubjectDN(), entry.getSerialNumber(), entry.getRevocationDate())); return true; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/SigningPolicy.java000066400000000000000000000241711207402625500253520ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import java.io.BufferedReader; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.util.Vector; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.log4j.Logger; /** * The purpose of this class is to represent a *.signing_policy file. * * @author Vincenzo Ciaschini */ public class SigningPolicy { private static final int ACCESS_ID_CA = 1; private static final int POS_RIGHTS = 2; private static final int COND_SUBJECTS = 3; private static final Pattern access_id_ca_pattern = Pattern.compile("access_id_CA\\s+x509\\s+(.*)", Pattern.CASE_INSENSITIVE); private static final Pattern pos_rights_pattern = Pattern.compile("pos_rights\\s+globus\\s+(.*)", Pattern.CASE_INSENSITIVE); private static final Pattern cond_subjects_pattern = Pattern.compile("cond_subjects\\s+globus\\s+(['\"])(.*?)\\1\\s*", Pattern.CASE_INSENSITIVE); private static final Pattern remove_single_quotes = Pattern.compile("'(.*)'"); private static final Pattern remove_double_quotes = Pattern.compile("\"(.*)\""); private static final Pattern get_subject_pattern = Pattern.compile("(['\"]?)(.*?)\\1\\s*?"); private String gname = null; private Vector access_id_ca_list = new Vector(); private Vector pos_rights_list = new Vector(); private Vector subjects_list = new Vector(); private int current = -1; private int mode = ACCESS_ID_CA; private static Logger logger = Logger.getLogger( SigningPolicy.class .getName() ); /** * Loads a *.signing_policy file. * * @param f the File from which to load the Signing Policy. * * @throws IOException if there have been problems loading the file. */ public SigningPolicy(File f) throws IOException { parse(f); } /** * Gets the basename of the file from which this was loaded. * * @return the basename or null if nothign was loaded. */ public String getName() { return gname; } /** * Finds the record in the signing policy which deals with the specified * issuer. * * @param issuer an OpenSSL-style representation of the issuer. * * @return the record number, or -1 if none is found. */ public int findIssuer(String issuer) { return findIssuer(issuer, -1); } /** * Finds the record in the signing policy which deals with the specified * issuer, starting from a specified record. * * @param issuer an OpenSSL-style representation of the issuer. * @param previous the previous match, or -1 if ther was no previous match. * * @return the record number, or -1 if none is found. */ public int findIssuer(String issuer, int previous) { if (previous < -1) return -1; return access_id_ca_list.indexOf(issuer, previous+1); } /** * Sets the indicate record as the current record. * * @param index the record number * * @throws IllegalArgumentException if the record number is too great * or < 0. */ public void setCurrent(int index) { if (index > access_id_ca_list.size() || index < 0) throw new IllegalArgumentException("Index out of bounds for SigningPolicy " + gname); current = index; } /** * Gets the AccessIDCA from the current record. * * @return the AccessIDCA. * @throws IllegalArgumentException if the record number has not been set. */ public String getAccessIDCA() { if (current != -1) return (String)access_id_ca_list.elementAt(current); else throw new IllegalArgumentException("Current record must be set in Signing Policy object " + gname); } /** * Gets the PosRights from the current record. * * @return the PosRight * @throws IllegalArgumentException if the record number has not been set. */ public String getPosRights() { if (current != -1) return (String)pos_rights_list.elementAt(current); else throw new IllegalArgumentException("Current record must be set in Signing Policy object " + gname); } /** * Gets the CondSubjects from the current record. * * @return a Vector of CondSubjects. Each element is a String. * @throws IllegalArgumentException if the record number has not been set. */ public Vector getCondSubjects() { if (current != -1) return (Vector)subjects_list.elementAt(current); else throw new IllegalArgumentException("Current record must be set in Signing Policy object " + gname); } private String parseAccessIDCA(String line) { String access_id_ca = null; Matcher m = access_id_ca_pattern.matcher(line); if (m.matches()) { String match = m.group(1); Matcher m2 = null; switch(match.charAt(0)) { case '\'': m2 = remove_single_quotes.matcher(match); if (m2.matches()) { access_id_ca = m2.group(1); } break; case '"': m2 = remove_double_quotes.matcher(match); if (m2.matches()) { access_id_ca = m2.group(1); } break; default: access_id_ca = match; } } logger.debug("Access_id_CA="+PKIUtils.Normalize(access_id_ca)); return PKIUtils.Normalize(access_id_ca); } private String parsePosRights(String line) { String pos_rights = null; Matcher m = pos_rights_pattern.matcher(line); if (m.matches()) pos_rights = m.group(1); return pos_rights; } private Vector parseCondSubjects(String line) { Matcher subjects = cond_subjects_pattern.matcher(line); Vector subjectList = new Vector(); while (subjects.find()){ String substring = subjects.group(2); Matcher subject_it = get_subject_pattern.matcher(substring); while(subject_it.find()){ String subject = subject_it.group(2); if (subject.length() != 0) { subjectList.add(subject); } } if (substring.length() != 0 && subjectList.size() == 0) subjectList.add(substring); } return subjectList; } private SigningPolicy parse(File theFile) throws IOException { BufferedReader theBuffer = new BufferedReader(new FileReader(theFile)); String s = null; boolean firstrun = true; gname = PKIUtils.getBaseName(theFile); String access_id_ca = null; String pos_rights = null; Vector subjects = null; boolean error = false; s = theBuffer.readLine(); while (s != null) { s = s.trim(); if (!(s.length() == 0 || s.charAt(0) == '#')) { switch(mode) { case ACCESS_ID_CA: { if (!firstrun) { if (access_id_ca != null && pos_rights != null && subjects != null) { access_id_ca_list.add(access_id_ca); pos_rights_list.add(pos_rights); subjects_list.add(subjects); } access_id_ca = null; pos_rights = null; subjects = null; } access_id_ca = parseAccessIDCA(s); if (access_id_ca == null) error = true; mode = POS_RIGHTS; } break; case POS_RIGHTS: { pos_rights = parsePosRights(s); if (pos_rights == null) error = true; mode = COND_SUBJECTS; } break; case COND_SUBJECTS: { subjects = parseCondSubjects(s); if (subjects.size() == 0) error = true; mode = ACCESS_ID_CA; firstrun = false; } break; } if (error) break; } s = theBuffer.readLine(); } if (access_id_ca != null && pos_rights != null && subjects != null && !error) { access_id_ca_list.add(access_id_ca); pos_rights_list.add(pos_rights); subjects_list.add(subjects); } theBuffer.close(); if (error) { throw new IOException("Error in reading format of file: " + theFile.getName()); } return this; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/VOMSAttribute.java000066400000000000000000000347511207402625500252510ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.Principal; import java.security.cert.X509Certificate; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Enumeration; import java.util.List; import java.util.SimpleTimeZone; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.glite.voms.ac.ACCerts; import org.glite.voms.ac.ACTargets; import org.glite.voms.ac.AttributeCertificate; import org.glite.voms.ac.FullAttributes; /** * Representation of the authorization information (VO, server address * and list of Fully Qualified Attribute Names, or FQANs) contained in * a VOMS attribute certificate. * * @author Olle Mulmo * @author Vincenzo Ciaschini */ public class VOMSAttribute { /** * The ASN.1 object identifier for VOMS attributes */ private static final String VOMS_ATTR_OID = "1.3.6.1.4.1.8005.100.100.4"; private AttributeCertificate myAC; /** * Returns the signature of the AC. * @return the byte representation of the AC signature. */ public byte[] getSignature() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getSignature(); } /** * Returns the serial number of the AC. * @return the serial number of the AC. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getSerial() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getSerialNumber().getValue().toString(); } private static Date convert(String t) throws ParseException { SimpleDateFormat dateF; // BouncyCastle change the output of getTime() and instead // introduced a new method getDate() method... better make // sure we stay compatible if (t.indexOf("GMT") > 0) { dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); } else { dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); dateF.setTimeZone(new SimpleTimeZone(0, "Z")); } return dateF.parse(t); } /** * Returns the end date of the AC validity. * @return the end Date. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public Date getNotAfter() throws ParseException { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); try { return myAC.getNotAfter(); } catch (ParseException e) { throw new IllegalArgumentException("Invalid validity encoding in Attribute Certificate: " + e.getMessage()); } } /** * Return the start date of the AC validity. * @return the start Date. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public Date getNotBefore() throws ParseException { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); try { return myAC.getNotBefore(); } catch (ParseException e) { throw new IllegalArgumentException("Invalid validity encoding in Attribute Certificate: " + e.getMessage()); } } /** * Checks if the AC was valid at the provided timestamp. * @param date if null, current time is used * @return true if the AC was valid at the time in question. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded or the dates have been encoded incorrectly. */ public boolean validAt(Date date) { if (date == null) { date = new Date(); } try { return (getNotAfter()).after(date) && (getNotBefore()).before(date); } catch (ParseException e) { throw new IllegalArgumentException("Invalid validity encoding in Attribute Certificate"); } } /** * Returns an OpenSSL-style representation of the AC issuer. * @return the AC issuer. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getIssuer() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); Principal principal = myAC.getIssuer(); return principal.getName(); } /** * Returns an OpenSSL-style representation of the AC issuer. * @return the AC issuer. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getIssuerX509() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); Principal principal = myAC.getIssuerX509(); if (principal != null) return PKIUtils.getOpenSSLFormatPrincipal(principal); return null; } /** * Returns an String representation of the AC holder. * @return the AC holder. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getHolder() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); GeneralNames names = myAC.getHolder().getIssuer(); Enumeration e = ((ASN1Sequence) names.getDERObject()).getObjects(); if (e.hasMoreElements()) { GeneralName gn = (GeneralName)e.nextElement(); if (gn.getTagNo() == 4) { try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(gn.getName()); X500Principal principal = new X500Principal(b.toByteArray()); return principal.getName(); } catch(IOException ex) { return null; } } } return null; } /** * Returns an OpenSSL-style representation of the AC holder. * @return the AC holder. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getHolderX509() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getHolderX509(); } /** * Checks if the Attribute is valid. Only checks start and end of * validity. * * @return true if is valid, false otherwise. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public boolean isValid() { return validAt(new Date()); } /** * Checks the given X509 certificate to see if it is the holder of the AC. * @param cert the X509 certificate to check. * @return true if the give certificate is the holder of the AC. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public boolean isHolder(X509Certificate cert) { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getHolder().isHolder(cert); } /** * Checks the given X509 certificate to see if it is the issuer of the AC. * @param cert the X509 certificate to check. * @return true if the give certificate is the issuer of the AC. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public boolean isIssuer(X509Certificate cert) { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getIssuer().equals(cert.getSubjectX500Principal()); } /** * Parses the contents of an attribute certificate.
* NOTE: Cryptographic signatures, time stamps etc. will not be checked. * * @param ac the attribute certificate to parse for VOMS attributes */ public VOMSAttribute(AttributeCertificate ac) { if (ac == null) { throw new IllegalArgumentException("VOMSAttribute: AttributeCertificate is NULL"); } myAC = ac; } /** * Direct access to the Attribute Certificate is going to * be removed. Use the getXXX methods in this same classe * instead. * * @return The AttributeCertificate containing the VOMS information */ public AttributeCertificate getAC() { return privateGetAC(); } AttributeCertificate privateGetAC() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC; } /** * @return List of String of the VOMS fully qualified * attributes names (FQANs):
* vo[/group[/group2...]][/Role=[role]][/Capability=capability] * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public List getFullyQualifiedAttributes() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getFullyQualifiedAttributes(); } /** * @return List of FQAN of the VOMS fully qualified * attributes names (FQANs) * @see FQAN * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public List getListOfFQAN() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getListOfFQAN(); } /** * Returns the address of the issuing VOMS server, on the form <host>:<port> * @return String * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getHostPort() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getHostPort(); } /** * Returns the hostName of the issuing VOMS server. * * @return hostName. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getHost() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getHost(); } /** * Returns the port on which the issuing VOMS server is listening * * @return the port, or -1 if the informations could not be found. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public int getPort() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getPort(); } /** * Returns the VO name * @return the VO name * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public String getVO() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getVO(); } /** * Gets a (brief) string representation of this attribute. * * @return the Representation. */ public String toString() { return "VO :" + getVO() + "\n" + "HostPort:" + getHostPort() + "\n" + "FQANs :" + getListOfFQAN(); } /** * Gets a copy of the Generic Attributes extension. * * @return the attributes, or null if they are not present. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public FullAttributes getFullAttributes() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getFullAttributes(); } /** * Gets the certificates that signed the AC, if the ACCerts extension * is present. * * @return the ACCerts extension, or null if it is not present. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public ACCerts getCertList() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getCertList(); } /** * Gets the targets of this AC. * * @return the ACTargets extension if present, or null otherwise. * * @throws IllegalArgumentException if no Attribute Certificate has been * loaded. */ public ACTargets getTargets() { if (myAC == null) throw new IllegalArgumentException("No Attribute Certificate loaded."); return myAC.getTargets(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/VOMSKeyManager.java000066400000000000000000000151731207402625500253260ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import javax.net.ssl.X509KeyManager; import javax.net.ssl.KeyManagerFactory; import java.security.cert.X509Certificate; import java.security.Security; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.CertificateException; import java.security.UnrecoverableKeyException; import java.security.PrivateKey; import java.security.Principal; import java.net.Socket; import java.io.FileInputStream; import java.io.IOException; import java.io.FileNotFoundException; import java.security.NoSuchAlgorithmException; import org.apache.log4j.Logger; import org.glite.voms.contact.VOMSException; import org.glite.voms.contact.UserCredentials; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class VOMSKeyManager implements X509KeyManager { private X509KeyManager manager = null; public static final int TYPE_PKCS12 = 1; public static final int TYPE_PEM = 2; private static final Logger logger = Logger.getLogger(VOMSKeyManager.class); static { if ( Security.getProvider( "BC" ) == null ) { Security.addProvider( new BouncyCastleProvider() ); } } public VOMSKeyManager(String certfile, String keyfile, String password) { this(certfile, keyfile, password, TYPE_PEM); } public VOMSKeyManager(UserCredentials creds) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException, CertificateException { if (creds.getUserKey() == null) { throw new UnrecoverableKeyException("Passed Credential does not hold a private key!"); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, "".toCharArray()); logger.debug("ABOUT to set key entry"); keyStore.setKeyEntry("alias", creds.getUserKey(), "".toCharArray(), creds.getUserChain()); logger.debug("STORETYPE: " + keyStore.getType()); keyManagerFactory.init(keyStore, "".toCharArray()); manager = (X509KeyManager)keyManagerFactory.getKeyManagers()[0]; } public VOMSKeyManager(String certfile, String keyfile, String password, int type) { FileInputStream stream = null; try { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); char[] passwd = password.toCharArray(); KeyStore keyStore = null; if (type == TYPE_PEM) { keyStore = KeyStore.getInstance("JKS"); keyStore = load(certfile, keyfile, passwd); } else if (type == TYPE_PKCS12) { keyStore = KeyStore.getInstance("PKCS12", "SunJSSE"); stream = new FileInputStream(certfile); keyStore.load(stream, passwd); } if (keyStore != null) { keyManagerFactory.init(keyStore, passwd); manager = (X509KeyManager)keyManagerFactory.getKeyManagers()[0]; } else { throw new VOMSException("Cannot initialize VOMSKeyManager: "); } } catch (Exception e) { throw new VOMSException("Cannot initialize VOMSKeyManager: ", e); } finally { try { if (stream != null) stream.close(); } catch(IOException e) { /* do nothing */ } } } private KeyStore createKeyStore(String cert, String key, char[] passwd) throws CertificateException, IOException { FileCertReader reader = new FileCertReader(); X509Certificate[] certs = (X509Certificate[])reader.readCerts(cert).toArray(new X509Certificate[] {}); PrivateKey pkey = null; KeyStore store = null; try { if (key != null) pkey = reader.readPrivateKey(key); else throw new VOMSException("Cannot load the private key."); } catch(IOException e) { throw new VOMSException("Cannot load the private key.", e); } try { store = KeyStore.getInstance("JKS"); store.setKeyEntry("alias", pkey, passwd, certs); } catch (KeyStoreException e) { throw new VOMSException("Cannot load the key pair.", e); } return store; } private KeyStore load(String certfile, String keyfile, char [] pwd) throws CertificateException, IOException { KeyStore store = null; if (!certfile.equals(keyfile)) { store = createKeyStore(certfile, keyfile, pwd); } else { store = createKeyStore(certfile, certfile, pwd); } return store; } public String chooseClientAlias(String[] keytype, Principal[] issuers, Socket socket) { return manager.chooseClientAlias(keytype, issuers, socket); } public String chooseServerAlias(String keytype, Principal[] issuers, Socket socket) { return manager.chooseServerAlias(keytype, issuers, socket); } public X509Certificate[] getCertificateChain(String alias) { return manager.getCertificateChain(alias); } public String[] getClientAliases(String keytype, Principal[] issuers) { return manager.getClientAliases(keytype, issuers); } public String[] getServerAliases(String keytype, Principal[] issuers) { return manager.getServerAliases(keytype, issuers); } public PrivateKey getPrivateKey(String alias) { return manager.getPrivateKey(alias); } }voms-api-java-2_0_10/src/main/java/org/glite/voms/VOMSTrustManager.java000066400000000000000000000077371207402625500257260ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms; import javax.net.ssl.X509TrustManager; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.cert.CRLException; import java.util.ArrayList; import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; import java.io.IOException; import org.apache.log4j.Logger; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class VOMSTrustManager implements X509TrustManager { private PKIStore store = null; private PKIVerifier verifier = null; boolean stopcalled = false; private static Logger logger = Logger.getLogger( VOMSTrustManager.class .getName() ); static { if ( Security.getProvider( "BC" ) == null ) { Security.addProvider( new BouncyCastleProvider() ); } } public VOMSTrustManager(String dir) throws IOException, CertificateException, CRLException { store = PKIStoreFactory.getStore(dir, PKIStore.TYPE_CADIR); verifier = new PKIVerifier(null, store); stopcalled = false; } public VOMSTrustManager(PKIStore castore) throws IOException, CertificateException, CRLException { verifier = new PKIVerifier(null, castore); store = castore; stopcalled = false; } public synchronized void stop() { if (!stopcalled) { verifier.cleanup(); stopcalled = true; } } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (chain == null || authType == null || chain.length == 0 || authType.length() == 0) { throw new IllegalArgumentException("One of the parameters is null or empty."); } if (logger.isDebugEnabled()) { logger.debug("Callying verify:"); logger.debug("chain is:"); for (int i =0; i < chain.length; i++) { logger.debug("HAVE TO VERIFY: " + chain[i].getSubjectDN()); } } if (verifier.verify(chain)) return; else { throw new CertificateException("Cannot verify certificate. See log for details."); } } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { checkClientTrusted(chain, authType); } public X509Certificate[] getAcceptedIssuers() { Hashtable> CAs= store.getCAs(); ArrayList certs= new ArrayList(CAs.size()); for (Enumeration> certVectors= CAs.elements(); certVectors.hasMoreElements();) { Vector certVector= certVectors.nextElement(); certs.addAll(certVector); } X509Certificate[] array= new X509Certificate[certs.size()]; return certs.toArray(array); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/VOMSValidator.java000066400000000000000000000620471207402625500252320ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.Security; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Enumeration; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.ListIterator; import java.util.StringTokenizer; import java.util.Vector; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.glite.voms.ac.ACTrustStore; import org.glite.voms.ac.ACValidator; import org.glite.voms.ac.AttributeCertificate; import org.glite.voms.ac.VOMSTrustStore; /** * Reads a DER-encode, Base64-encoded, or PEM-encoded certificate from disk * without using broken IAIK implementations... * * @author mulmo */ class CertUtil { /** log4j util for logging */ static Logger logger = Logger.getLogger(CertUtil.class.getName()); /** * Finds out the index of the client cert in a certificate chain. * @param X509Certificate[] the cert chain * @return the index of the client cert of -1 if no client cert was * found */ public static int findClientCert(X509Certificate[] chain) { int i; // get the index for the first cert that isn't a CA or proxy cert for (i = chain.length-1 ; i >= 0 ; i--) { // if constrainCheck = -1 the cert is NOT a CA cert if (chain[i].getBasicConstraints() == -1) { // double check, if issuerDN = subjectDN the cert is CA if (!chain[i].getIssuerDN().equals(chain[i].getSubjectDN())) { break; } } } // no valid client certs found, print an error message? if (i == chain.length) { logger.error("UpdatingKeymanager: invalid certificate chain, client cert missing."); return -1; } else { return i; } } } /** * The main (top) class to use for extracting VOMS information from * a certificate and/or certificate chain. The VOMS information can * simply be parsed or validated. No validation is performed on the * certificate chain -- that is assumed to already have happened. *
* The certificate chain is assumed to already be validated. It is * also assumed to be sorted in TLS order, that is certificate * issued by trust anchor first and client certificate last. *
* Example of use: this will validate any VOMS attributes in the * certificate chain and check if any of the attributes grants the * user the "admin" role in the group (VO) "MyVO". * 
 * boolean isAdmin = new VOMSValidator(certChain).validate().getRoles("MyVO").contains("admin");
 *
* * @author mulmo * @author Vincenzo Ciaschini */ public class VOMSValidator { static Logger log = Logger.getLogger(VOMSValidator.class); public static final String VOMS_EXT_OID = "1.3.6.1.4.1.8005.100.100.5"; protected static ACTrustStore theTrustStore; protected ACValidator myValidator; protected X509Certificate[] myValidatedChain; protected Vector myVomsAttributes = new Vector(); protected boolean isParsed = false; protected boolean isValidated = false; protected FQANTree myFQANTree = null; protected static VOMSTrustStore vomsStore = null; protected static volatile ACValidator DEFAULT_VALIDATOR = null; static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } /** * Convenience constructor in the case where you have a single * cert and not a chain. * @param validatedCert * @see #VOMSValidator(X509Certificate[]) */ public VOMSValidator(X509Certificate validatedCert) { this(new X509Certificate[] { validatedCert }); } /** * Convenience constructor
* Same as VOMSValidator(validatedChain, null) * @param validatedChain */ public VOMSValidator(X509Certificate[] validatedChain) { this(validatedChain, null); } private synchronized ACValidator initializeValidator(){ if (DEFAULT_VALIDATOR == null){ try { PKIVerifier verifier = new PKIVerifier(); DEFAULT_VALIDATOR = new ACValidator(verifier); } catch (Exception e) { log.error("Error initializing default ACValidator: "+e.getMessage(),e); throw new RuntimeException(e); } } return DEFAULT_VALIDATOR; } /** * If validatedChain is null, a call to * setValidatedChain() MUST be made before calling * parse() or validate(). * * @param validatedChain The (full), validated certificate chain * @param acValidator The AC validator implementation to use (null is default with a BasicVOMSTrustStore) * * @see org.glite.voms.ac.ACValidator * @see BasicVOMSTrustStore */ public VOMSValidator(X509Certificate[] validatedChain, ACValidator acValidator) { if (validatedChain == null) myValidatedChain = null; // allow null else myValidatedChain = (X509Certificate[])validatedChain.clone(); if (acValidator == null) myValidator = initializeValidator(); else myValidator = acValidator; } /** * Sets the ACTrustStore instance to use with the default * ACValidator. Default is BasicVOMSTrustStore * * @param trustStore * * @see #setTrustStore(VOMSTrustStore trustStore) * @see BasicVOMSTrustStore * @deprecated use setTrustStore(VOMSTrustStore trustStore) instead. */ public static void setTrustStore(ACTrustStore trustStore) { if (trustStore instanceof BasicVOMSTrustStore) { BasicVOMSTrustStore store = (BasicVOMSTrustStore)trustStore; String directory = store.getDirList(); try { setTrustStore(PKIStoreFactory.getStore(directory, PKIStore.TYPE_VOMSDIR, true)); store.stopRefresh(); } catch(Exception e) { log.error("Cannot set upgraded truststore!"); theTrustStore = trustStore; } } else { log.error("Cannot set upgraded truststore!"); theTrustStore = trustStore; } } /** * Sets the trustStore to use with the default ACValidator. * * @param trustStore the trustStore. * * @deprecated * @see org.glite.voms.ac.VOMSTrustStore */ public synchronized static void setTrustStore(VOMSTrustStore trustStore) { vomsStore = trustStore; } /** * Cleans up the object. * */ public synchronized void cleanup() { myValidatedChain = null; if (myVomsAttributes != null) { myVomsAttributes.clear(); myVomsAttributes = null; } myFQANTree = null; if (myValidator != null && myValidator != DEFAULT_VALIDATOR){ myValidator.cleanup(); myValidator = null; } } /** * Performs shutdown of the default validator object, if allocated. */ public static synchronized void shutdown(){ if (DEFAULT_VALIDATOR != null){ DEFAULT_VALIDATOR.cleanup(); DEFAULT_VALIDATOR = null; } } /** * Convenience method: enables you to reuse a VOMSValidator * instance for another client chain, thus avoiding overhead in * instantiating validators and trust stores and other potentially * expensive operations. *
* This method returns the object itself, to allow for chaining * of commands:
* vomsValidator.setValidatedChain(chain).validate().getVOMSAttributes(); * * @param validatedChain The new validated certificate chain to inspect * @return the object itself */ public VOMSValidator setClientChain(X509Certificate[] validatedChain) { if (validatedChain == null) myValidatedChain = null; else myValidatedChain = (X509Certificate[])validatedChain.clone(); myVomsAttributes = new Vector(); myFQANTree = null; isParsed = false; isValidated = false; return this; } /** * Parses the assumed-validated certificate chain (which may also * include proxy certs) for any occurances of VOMS extensions containing * attribute certificates issued to the end entity in the certificate * chain. *
* No validation of timestamps and/or signatures are * performed by this method. *
* @return the voms attributes * @see #validate() */ public static Vector parse(X509Certificate[] myValidatedChain) { if (log.isDebugEnabled()) { log.debug("VOMSValidator : parsing cert chain"); } int aclen = -1; int clientIdx = CertUtil.findClientCert(myValidatedChain); if (clientIdx < 0) { log.error("VOMSValidator : no client cert found in cert chain"); } if (log.isDebugEnabled()) { log.debug("Parsing VOMS attributes for subject " + myValidatedChain[clientIdx].getSubjectX500Principal().getName()); } Vector myVomsAttributes = new Vector(); for (int i = 0; i < myValidatedChain.length; i++) { byte[] payload = myValidatedChain[i].getExtensionValue(VOMS_EXT_OID); if (payload == null) { if (log.isDebugEnabled()) { log.debug("No VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName()); } continue; } try { // Strip the wrapping OCTET STRING payload = ((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(payload)).readObject()).getOctets(); // VOMS extension is SEQUENCE of SET of AttributeCertificate // now, SET is an ordered sequence, and an AC is a sequence as // well -- thus the three nested ASN.1 sequences below... ASN1Sequence seq1 = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(payload)).readObject(); for (Enumeration e1 = seq1.getObjects(); e1.hasMoreElements();) { ASN1Sequence seq2 = (ASN1Sequence) e1.nextElement(); for (Enumeration e2 = seq2.getObjects(); e2.hasMoreElements();) { AttributeCertificate ac = new AttributeCertificate((ASN1Sequence) e2.nextElement()); aclen++; for (int j = clientIdx; j < myValidatedChain.length; j++) { if (ac.getHolder().isHolder(myValidatedChain[j])) { VOMSAttribute va = new VOMSAttribute(ac); if (log.isDebugEnabled()) { log.debug("Found VOMS attribute from " + va.getHostPort() + " in certificate issued to " + myValidatedChain[j].getSubjectX500Principal().getName()); } myVomsAttributes.add(va); }else{ log.debug("VOMS attribute cert found, but holder checking failed!"); } } } } } catch (Exception e) { log.info("Error parsing VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName(), e); throw new IllegalArgumentException("Error parsing VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName() + "error was:" + e.getMessage()); } break; } return myVomsAttributes; } /** * Parses the assumed-validated certificate chain (which may also * include proxy certs) for any occurances of VOMS extensions containing * attribute certificates issued to the end entity in the certificate * chain. *
* No validation of timestamps and/or signatures are * performed by this method. *
* This method returns the object itself, to allow for chaining * of commands:
* new VOMSValidator(certChain).parse().getVOMSAttributes(); * @return the object itself * @see #validate() * @deprecated use the parse(X509Certificate[]) instead */ public VOMSValidator parse() { if (log.isDebugEnabled()) { log.debug("VOMSValidator : parsing cert chain"); } if (isParsed) { return this; } int clientIdx = CertUtil.findClientCert(myValidatedChain); if (clientIdx < 0) { log.error("VOMSValidator : no client cert found in cert chain"); } if (log.isDebugEnabled()) { log.debug("Parsing VOMS attributes for subject " + myValidatedChain[clientIdx].getSubjectX500Principal().getName()); } myVomsAttributes.clear(); for (int i = 0; i < myValidatedChain.length; i++) { byte[] payload = myValidatedChain[i].getExtensionValue(VOMS_EXT_OID); if (payload == null) { if (log.isDebugEnabled()) { log.debug("No VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName()); } continue; } try { // Strip the wrapping OCTET STRING payload = ((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(payload)).readObject()).getOctets(); // VOMS extension is SEQUENCE of SET of AttributeCertificate // now, SET is an ordered sequence, and an AC is a sequence as // well -- thus the three nested ASN.1 sequences below... ASN1Sequence seq1 = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(payload)).readObject(); for (Enumeration e1 = seq1.getObjects(); e1.hasMoreElements();) { ASN1Sequence seq2 = (ASN1Sequence) e1.nextElement(); for (Enumeration e2 = seq2.getObjects(); e2.hasMoreElements();) { AttributeCertificate ac = new AttributeCertificate((ASN1Sequence) e2.nextElement()); for (int j = clientIdx; j < myValidatedChain.length; j++) { if (ac.getHolder().isHolder(myValidatedChain[j])) { VOMSAttribute va = new VOMSAttribute(ac); if (log.isDebugEnabled()) { log.debug("Found VOMS attribute from " + va.getHostPort() + " in certificate issued to " + myValidatedChain[j].getSubjectX500Principal().getName()); } myVomsAttributes.add(va); }else{ log.debug("VOMS attribute cert found, but holder checking failed!"); } } } } } catch (Exception e) { log.info("Error parsing VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName(), e); throw new IllegalArgumentException("Error parsing VOMS extension in certificate issued to " + myValidatedChain[i].getSubjectX500Principal().getName() + "error was:" + e.getMessage()); } /* Found ACs in a certificate. Do not check underlying levels. */ break; } isParsed = true; return this; } /** * Parses the assumed-validated certificate chain (which may also * include proxy certs) for any occurances of VOMS extensions containing * attribute certificates issued to the end entity in the certificate * chain. * The attribute certificates are validated: any non-valid entries will * be ignored. *
* This method returns the object itself, to allow for chaining * of commands:
* new VOMSValidator(certChain).parse().getVOMSAttributes(); * @return the object itself * @see #parse() */ public VOMSValidator validate() { if (isValidated) { return this; } if (!isParsed) { parse(); isParsed = true; } for (ListIterator i = myVomsAttributes.listIterator(); i.hasNext();) { AttributeCertificate ac = ((VOMSAttribute) i.next()).privateGetAC(); if (!myValidator.validate(ac)) { i.remove(); } } isValidated = true; return this; } /** * Populates the hierarchial FQAN tree with the parsed and/or * validated ACs. */ private void populate() { if (!isParsed && !isValidated) { throw new IllegalStateException( "VOMSValidator: trying to populate FQAN tree before call to parse() or validate()"); } myFQANTree = new FQANTree(); for (ListIterator i = myVomsAttributes.listIterator(); i.hasNext();) { myFQANTree.add(((VOMSAttribute) i.next()).getListOfFQAN()); } } /** * Returns a collection of all the FQANs in all the ACs found in the * credential, in order. * @return Vector of FQANs */ public String[] getAllFullyQualifiedAttributes() { ArrayList clientAttributes = new ArrayList(); for (int i = 0; i < myVomsAttributes.size(); i++) { List vomsAttributes = ((VOMSAttribute)myVomsAttributes.get(i)).getFullyQualifiedAttributes(); clientAttributes.addAll(vomsAttributes); } return (String[])clientAttributes.toArray(new String[] {}); } /** * Returns a list of VOMS attributes, parsed and possibly validated. * @return List of VOMSAttribute * @see org.glite.voms.VOMSAttribute * @see #parse() * @see #validate() * @see #isValidated() */ public List getVOMSAttributes() { return myVomsAttributes; } /** * Returns a list of all roles attributed to a (sub)group, by * combining all VOMS attributes in a hiearchial fashion. *
* Note: One of the methods parse() or * validate() must have been called before calling * this method. Otherwise, an IllegalStateException * is thrown. * * @param subGroup * @see VOMSValidator.FQANTree * @return the List of roles. */ public List getRoles(String subGroup) { if (!isParsed && !isValidated) { throw new IllegalStateException("Must call parse() or validate() first"); } if (myFQANTree == null) { populate(); } return myFQANTree.getRoles(subGroup); } /** * Returns a list of all capabilities attributed to a (sub)group, * by combining all VOMS attributes in a hiearchial fashion. *
* Note: One of the methods parse() or * validate() must have been called before calling * this method. Otherwise, an IllegalStateException * is thrown. * * @param subGroup * @see VOMSValidator.FQANTree * @return A list containing all the capabilities * @deprecated Capabilities are deprecated. */ public List getCapabilities(String subGroup) { if (!isParsed && !isValidated) { throw new IllegalStateException("Must call parse() or validate() first"); } if (myFQANTree == null) { populate(); } return myFQANTree.getCapabilities(subGroup); } /** * @return whether the validation process has been ran on VOMS attributes * * @see #validate() */ public boolean isValidated() { return isValidated; } public boolean isValid(){ return true; } public String toString() { return "isParsed : " + isParsed + "\nhas been validated : " + isValidated + "\nVOMS attrs:" + myVomsAttributes; } /** * Helper container that fills up with roles and capabilties * as the FQANTree is traversed. */ class RoleCaps { // NOTE: these are not initialized by default, but only if this // structure is added non-null Vector content via add(). That // way, we can distuingish between the returning null and the empty // set (as the Vector may be empty, consider FQAN "/A/Role=") List roles; List caps; void add(List v, String s) { if (s == null) { return; } if (!v.contains(s)) { v.add(s); } } public void add(Vector fqans) { if (fqans == null) { return; } if (roles == null) { roles = new Vector(); caps = new Vector(); } for (Iterator i = fqans.iterator(); i.hasNext();) { FQAN f = (FQAN) i.next(); add(roles, f.getRole()); add(caps, f.getCapability()); } } public List getRoles() { return roles; } public List getCapabilities() { return caps; } } /** * Class to sort out the hierarchial properties of FQANs. For example, * given the FQANs /VO/Role=admin and * /VO/SubGroup/Role=user, this means that the * applicable roles for /VO/SubGroup is both * admin as well as user */ public class FQANTree { Hashtable myTree = new Hashtable(); Hashtable myResults = new Hashtable(); public void add(List fqans) { if (fqans == null) { return; } for (Iterator i = fqans.iterator(); i.hasNext();) { add((FQAN) i.next()); } } public void add(FQAN fqan) { String group = fqan.getGroup(); Vector v = (Vector) myTree.get(group); if (v == null) { myTree.put(group, v = new Vector()); } if (!v.contains(fqan)) { v.add(fqan); } } protected RoleCaps traverse(String voGroup) { RoleCaps rc = (RoleCaps) myResults.get(voGroup); if (rc != null) { return rc; } rc = new RoleCaps(); StringTokenizer tok = new StringTokenizer(voGroup, "/", true); StringBuilder sb = new StringBuilder(); while (tok.hasMoreTokens()) { sb.append(tok.nextToken()); rc.add((Vector) myTree.get(sb.toString())); } myResults.put(voGroup, rc); return rc; } public List getRoles(String voGroup) { return traverse(voGroup).getRoles(); } public List getCapabilities(String voGroup) { return traverse(voGroup).getCapabilities(); } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/000077500000000000000000000000001207402625500223075ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACCerts.java000066400000000000000000000116151207402625500244420ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import java.io.ByteArrayInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.NoSuchProviderException; import java.security.cert.CertificateException; import java.security.Security; import java.util.Enumeration; import java.util.List; import java.util.ListIterator; import java.util.Vector; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.X509CertificateStructure; import org.bouncycastle.jce.provider.X509CertificateObject; /** * This class represents the ACCerts extension which may be present in the AC. * * @author Vincenzo Ciaschini. */ public class ACCerts implements DEREncodable { List l; /** * Creates an empty ACCerts object. */ public ACCerts() { l = new Vector(); } static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } /** * Creates an ACCerts starting from a sequence. * * @param seq the Sequence. * * @throws IllegalArgumentException if Certificates are not supported * or if there is an encoding error. */ public ACCerts(ASN1Sequence seq) { l = new Vector(); seq = (ASN1Sequence) seq.getObjectAt(0); CertificateFactory cf = null; try { cf = CertificateFactory.getInstance("X.509", "BC"); } catch (NoSuchProviderException e) { throw new ExceptionInInitializerError("Cannot find BouncyCastle provider: " + e.getMessage()); } catch (CertificateException e) { throw new ExceptionInInitializerError("X.509 Certificates unsupported. " + e.getMessage()); } catch (Exception ex) { throw new IllegalArgumentException("Error in setting up ACCerts reader. " + ex.getMessage()); } for (Enumeration e = seq.getObjects(); e.hasMoreElements();){ Object o = e.nextElement(); if (o instanceof DERSequence) { ASN1Sequence s = ASN1Sequence.getInstance(o); byte[] data = null; try { data = new X509CertificateObject(X509CertificateStructure.getInstance(s)).getEncoded(); l.add((X509Certificate)cf.generateCertificate(new ByteArrayInputStream(data))); } catch(Exception ex) { throw new IllegalArgumentException("Error in encoding ACCerts. " + ex.getMessage()); } } else throw new IllegalArgumentException("Incorrect encoding for ACCerts"); } } /** * static variant of the constructor. * * @see #ACCerts(ASN1Sequence seq) */ public static ACCerts getInstance(ASN1Sequence seq) { return new ACCerts(seq); } /** * Manually adds a certificate to the list. * * @param cert The certificate to add. */ public void addCert(X509CertificateStructure cert) { l.add(cert); } /** * Gets the certificates. * * @return the list of certificates. */ public List getCerts() { return l; } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); ListIterator li = l.listIterator(); while (li.hasNext()) { X509CertificateStructure x509 = (X509CertificateStructure)li.next(); v.add(x509); } return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACGenerator.java000066400000000000000000000105051207402625500253050ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.math.BigInteger; import java.security.PrivateKey; import java.util.Date; import java.util.List; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; /** * * 
 *     AttributeCertificateInfo ::= SEQUENCE {
 *          version              AttCertVersion -- version is v2,
 *          holder               Holder,
 *          issuer               AttCertIssuer,
 *          signature            AlgorithmIdentifier,
 *          serialNumber         CertificateSerialNumber,
 *          attrCertValidityPeriod   AttCertValidityPeriod,
 *          attributes           SEQUENCE OF Attribute,
 *          issuerUniqueID       UniqueIdentifier OPTIONAL,
 *          extensions           Extensions OPTIONAL
 *     }
 *
 *     AttCertVersion ::= INTEGER { v2(1) }
 *
* @author mulmo */ public class ACGenerator { X500Principal issuer; X500Principal holderIssuer; BigInteger holderSerial; Date notAfter; Date notBefore; Vector attributes; Vector extensions; /** * @param oid * @param policyAuthority * @param value */ public void addAttribute(String oid, String policyAuthority, String value) { } /** * @param oid * @param policyAuthority * @param values */ public void addAttributes(String oid, String policyAuthority, List values) { } /** * @param vector */ public void setExtensions(Vector vector) { extensions = vector; } /** * @param principal */ public void setHolderIssuer(X500Principal principal) { holderIssuer = principal; } /** * @param integer */ public void setHolderSerial(BigInteger integer) { holderSerial = integer; } /** * @param principal */ public void setIssuer(X500Principal principal) { issuer = principal; } /** * @param date */ public void setNotAfter(Date date) { notAfter = (Date)date.clone(); } /** * @param date */ public void setNotBefore(Date date) { notBefore = (Date)date.clone(); } public AttributeCertificateInfo generateACInfo() { if ((issuer == null) || (holderIssuer == null) || (holderSerial == null) || (notAfter == null) || (notBefore == null)) { throw new IllegalArgumentException("All mandatory components are not present"); } ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERInteger(1)); v.add(new Holder(holderIssuer, holderSerial)); v.add(new AttCertIssuer(new V2Form(Util.x500nameToGeneralNames(issuer)))); v.add(new AlgorithmIdentifier("1.2.840.113549.1.1.5")); // sha1WithRSA v.add(new DERInteger(1)); return null; } public void sign(PrivateKey key) { } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACTarget.java000066400000000000000000000163101207402625500246050ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.IssuerSerial; class NameConverter { private String value; public NameConverter(GeneralName gn) { switch (gn.getTagNo()) { case 6: value = DERIA5String.getInstance(gn.getName()).getString(); break; default: throw new IllegalArgumentException("Erroneous encoding of Targets"); } } public static NameConverter getInstance(GeneralName gn) { return new NameConverter(gn); } public String getAsString() { return value; } } /** * The intent of this class is to represent a single target. * * @author Vincenzo Ciaschini */ public class ACTarget implements DEREncodable { private GeneralName name; private GeneralName group; private IssuerSerial cert; /** * empty contructor */ public ACTarget() { name = null; group = null; cert = null; } /** * Creates a string representation of the target. * * @return the string, or null if there were problems. */ public String toString() { if (name != null) return getName(); if (group != null) return getGroup(); if (cert != null) return getIssuerSerialString(); return ""; } /** * Gets the name element. * * @return the name. */ public String getName() { return NameConverter.getInstance(name).getAsString(); } /** * Gets the group element * * @return the group. */ public String getGroup() { return NameConverter.getInstance(group).getAsString(); } /** * Gets the IssuerSerial * * @return the IssuerSerial */ public IssuerSerial getIssuerSerial() { return cert; } /** * Gets the IssuerSerial element * * @return the IssuerSerial as String. */ public String getIssuerSerialString() { ASN1Sequence seq = ASN1Sequence.getInstance(cert.getIssuer().getDERObject()); GeneralName name = GeneralName.getInstance(seq.getObjectAt(0)); return NameConverter.getInstance(name).getAsString() + ":" + (cert.getSerial().toString()); } /** * Sets the name * * @param n the name */ public void setName(GeneralName n) { name = n; } /** * Sets the name * * @param s the name. */ public void setName(String s) { name = new GeneralName(new DERIA5String(s), 6); } /** * Sets the group. * * @param g the group */ public void setGroup(GeneralName g) { group = g; } /** * Sets the group * * @param s the group name. */ public void setGroup(String s) { group = new GeneralName(new DERIA5String(s), 6); } /** * Sets the IssuerSerial * * @param is the IssuerSerial */ public void setIssuerSerial(IssuerSerial is) { cert = is; } /** * Sets the IssuerSerial * * @param s a textual representation of the IssuerSerial, in the from * subject:serial */ public void setIssuerSerial(String s) { int ch = s.lastIndexOf(':'); if (ch != -1) { String iss = s.substring(0, ch); GeneralName nm = new GeneralName(new DERIA5String(iss), 6); ASN1Sequence seq = ASN1Sequence.getInstance(name.getDERObject()); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(nm); v.add(seq); cert = new IssuerSerial(new DERSequence(v)); } else throw new IllegalArgumentException("cannot identify issuer and serial"); } /** * Static variant of the constructor. * * @see #ACTarget(ASN1Sequence seq) */ public static ACTarget getInstance(ASN1Sequence seq) { return new ACTarget(seq); } /** * Creates an ACTarget from a sequence * * @param seq the Sequence * * @throws IllegalArgumentException if there are parsing problems. */ public ACTarget(ASN1Sequence seq) { int i = 0; name = group = null; cert = null; while (i <= seq.size()) { if (seq.getObjectAt(i) instanceof ASN1TaggedObject) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); switch (obj.getTagNo()) { case 0: group = null; cert = null; name = GeneralName.getInstance((ASN1TaggedObject)obj, true); break; case 1: cert = null; group = GeneralName.getInstance((ASN1TaggedObject)obj, true); name = null; break; case 2: group = null; name = null; cert = new IssuerSerial((ASN1Sequence)obj.getObject()); break; default: throw new IllegalArgumentException("Bad tag in encoding ACTarget"); } } else throw new IllegalArgumentException("Bad value type encoding ACTarget"); i++; } } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); if (name != null) v.add(new DERTaggedObject(0, name)); if (group != null) v.add(new DERTaggedObject(1, group)); if (cert != null) v.add(new DERTaggedObject(2, cert)); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACTargets.java000066400000000000000000000066441207402625500250010ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import java.util.Enumeration; import java.util.List; import java.util.ListIterator; import java.util.Vector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; /** * The intent of this class is to represent the ACTargets extension which * may be present in the AC. * * @author Vincenzo Ciaschini */ public class ACTargets implements DEREncodable { private List l; private List parsed; /** * Empty constructor. */ public ACTargets() { l = new Vector(); parsed = new Vector(); } /** * Creates an ACTargets from a sequence. * * @param seq the sequence. * * @throws IllegalArgumentException if there are parsing errors. */ public ACTargets(ASN1Sequence seq) { l = new Vector(); parsed = new Vector(); for (Enumeration e = seq.getObjects(); e.hasMoreElements(); ) { ACTarget targ = new ACTarget((ASN1Sequence)e.nextElement()); l.add(targ); parsed.add(targ.toString()); } } /** * Static variant of the constructor. * * @see #ACTargets(ASN1Sequence seq) */ public static ACTargets getInstance(ASN1Sequence seq) { return new ACTargets(seq); } /** * Manually add a target. * * @param s the target. */ public void addTarget(String s) { ACTarget trg = new ACTarget(); trg.setName(s); l.add(trg); } /** * Manually add a target. * * @param act the target. * * @see org.glite.voms.ac.ACTarget */ public void AddTarget(ACTarget act) { l.add(act); } /** * Gets the list of targets. * * @return a List containing the targets, expressed as String. */ public List getTargets() { return parsed; } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); ListIterator li = l.listIterator(); while (li.hasNext()) { ACTarget c = (ACTarget)li.next(); v.add(c); } return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACTrustStore.java000066400000000000000000000042621207402625500255200ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.security.cert.X509Certificate; import javax.security.auth.x500.X500Principal; /** * @deprecated This does not expose the necessary information. * * @author mulmo */ public interface ACTrustStore { /** * Returns an array of issuer candidates, by performing a name * comparison of the AC's issuer and the subject names of the * certificates in the trust store. *
* NOTE: No actual verification or validation of signature * takes place in this function. * * @param issuer the principal to find an issuer for. * If null, all known AAs will be returned. * @return an array of issuer candidates, or null in * case of an error. */ public X509Certificate[] getAACandidate(X500Principal issuer); } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ACValidator.java000066400000000000000000000132741207402625500253120ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import org.apache.log4j.Logger; import org.glite.voms.BasicVOMSTrustStore; import org.glite.voms.PKIVerifier; /** * Validator class capable of validating an Attribute Certificate * and verify its signature against a trust store of Attribute * Authority certificates. * * @author mulmo */ public class ACValidator { protected static final Logger log = Logger.getLogger(ACValidator.class); private static ACValidator theInstance = null; protected ACTrustStore myTrustStore; protected VOMSTrustStore myVOMSStore; protected PKIVerifier theVerifier; public ACValidator(ACTrustStore trustStore) { if (trustStore == null) { throw new IllegalArgumentException("ACValidator: constructor must have an ACTrustStore"); } myTrustStore = trustStore; } public ACValidator(VOMSTrustStore theStore) { if (theStore == null) throw new IllegalArgumentException("ACValidator: constructor must have a VOMSTrustStore"); myVOMSStore = theStore; try { theVerifier = new PKIVerifier(myVOMSStore); } catch(IOException e) { log.error("Problems while initializing the verifier: " + e.getMessage()); throw new IllegalArgumentException("Problems with the passed store: " + e.getMessage()); } catch (CertificateException e) { log.error("Problems while initializing the verifier: " + e.getMessage()); throw new IllegalArgumentException("Problems with the passed store: " + e.getMessage()); } catch (CRLException e) { log.error("Problems while initializing the verifier: " + e.getMessage()); throw new IllegalArgumentException("Problems with the passed store: " + e.getMessage()); } } public ACValidator(PKIVerifier verifier) { myTrustStore = null; myVOMSStore = null; theVerifier = verifier; } public static ACValidator getInstance() { return getInstance((VOMSTrustStore)null); } public static ACValidator getInstance(ACTrustStore trustStore) throws IllegalArgumentException { return (theInstance = (theInstance != null) ? theInstance : new ACValidator(trustStore)); } public static ACValidator getInstance(VOMSTrustStore trustStore) throws IllegalArgumentException { return (theInstance = (theInstance != null) ? theInstance : new ACValidator(trustStore)); } public void cleanup() { if (myTrustStore != null) if (myTrustStore instanceof BasicVOMSTrustStore) ((BasicVOMSTrustStore)myTrustStore).stopRefresh(); if (myVOMSStore != null) myVOMSStore.stopRefresh(); if (theVerifier != null) theVerifier.cleanup(); } public boolean validate(AttributeCertificate ac) { if (ac == null) { return false; } if (theVerifier != null) { return theVerifier.verify(ac); } X509Certificate[] candidates; if (!ac.isValid()) { if (log.isDebugEnabled()) { log.debug("AC expired or not yet valid. Issuer : " + ac.getIssuer().getName()); } return false; } candidates = myTrustStore.getAACandidate(ac.getIssuer()); if ((candidates == null) || (candidates.length == 0)) { if (log.isDebugEnabled()) { log.debug("AC not valid (no such trusted issuer) : " + ac.getIssuer().getName()); } return false; } for (int i = 0; i < candidates.length; i++) { if (ac.verify(candidates[i].getPublicKey())) { if (log.isDebugEnabled()) { log.debug("AC signature verified OK by issuer : " + candidates[i].getSubjectX500Principal().getName()); } // Is issuer valid? return true; } if (log.isDebugEnabled()) { log.debug("AC from signature did not verify OK by issuer : " + candidates[i].getSubjectX500Principal().getName()); } } return false; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/AttCertIssuer.java000066400000000000000000000070611207402625500257170ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Joni Hahkala * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.GeneralNames; /** * Shadow implementation of AttributeCertificateInfo from * BouncyCastle * * @author Joni Hahkala, Olle Mulmo */ public class AttCertIssuer implements DEREncodable { GeneralNames v1Form; V2Form v2Form; int version = -1; public AttCertIssuer(DEREncodable obj) { if (obj instanceof ASN1TaggedObject) { ASN1TaggedObject cObj = (ASN1TaggedObject) obj; if (cObj.isExplicit() && (cObj.getTagNo() == 0)) { v2Form = new V2Form(ASN1Sequence.getInstance(cObj, /*explicit=*/ false)); version = 2; } } else if (obj instanceof ASN1Sequence) { v1Form = new GeneralNames((ASN1Sequence) obj); version = 1; } if (version < 0) { throw new IllegalArgumentException("AttCertIssuer: input not a proper CHOICE"); } } public AttCertIssuer(V2Form v2FormIn) { v2Form = v2FormIn; version = 2; } public AttCertIssuer(GeneralNames v1FormIn) { v1Form = v1FormIn; version = 1; } public GeneralNames getIssuerName() { switch (version) { case 1: return v1Form; case 2: return v2Form.getIssuerName(); default: return null; } } /** * Produce an object suitable for an ASN1OutputStream. * * 
     *
     *   AttCertIssuer ::= CHOICE {
     *        v1Form   GeneralNames,  -- MUST NOT be used in this
     *                                -- profile
     *        v2Form   [0] V2Form     -- v2 only
     *   }
     *
     *
*/ public DERObject getDERObject() { switch (version) { case 1: return v1Form.getDERObject(); case 2: return new DERTaggedObject(true, 0, v2Form); default: return null; } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/AttributeCertificate.java000066400000000000000000000333421207402625500272650ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Joni Hahkala * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.security.PublicKey; import java.security.Signature; import java.security.cert.X509Certificate; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.List; import java.util.SimpleTimeZone; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AttCertValidityPeriod; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.X509Principal; import org.glite.voms.PKIUtils; /** * A shadow implementation of the non-working BouncyCastle implementation * of X.509 Attribute Certificates * * @author Joni Hahkala, Olle Mulmo */ public class AttributeCertificate implements DEREncodable { protected static final Logger logger = Logger.getLogger(AttributeCertificate.class); AttributeCertificateInfo acInfo; AlgorithmIdentifier signatureAlgorithm; DERBitString signatureValue; DERObject signedObj = null; public AttributeCertificate(ASN1Sequence seq) throws IOException { signedObj = ((ASN1Sequence)seq.getObjectAt(0)).getDERObject(); acInfo = new AttributeCertificateInfo((ASN1Sequence) seq.getObjectAt(0)); signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); signatureValue = (DERBitString) seq.getObjectAt(2); } /** * Create an Attribute Certificate from a input stream containing * DER-encoded data * * @param in * @return the Attribute Certificate * @throws IOException */ public static AttributeCertificate getInstance(InputStream in) throws IOException { logger.debug("called with in = " + in); ASN1InputStream dIn = new ASN1InputStream(in); logger.debug("created"); ASN1Sequence seq = (ASN1Sequence) dIn.readObject(); return new AttributeCertificate(seq); } public AttributeCertificateInfo getAcinfo() { return acInfo; } /** * * @see org.glite.voms.ac.AttributeCertificateInfo#getAttributes() */ public ASN1Sequence getAttributes() { if (acInfo == null) { return null; } return acInfo.getAttributes(); } public DERInteger getSerialNumber() { if (acInfo == null) return null; return acInfo.getSerialNumber(); } public String getVO() { if (acInfo == null) return null; return acInfo.getVO(); } public String getHostPort() { if (acInfo == null) return null; return acInfo.getHostPort(); } public String getHost() { if (acInfo == null) return null; return acInfo.getHost(); } public int getPort() { if (acInfo == null) return -1; return acInfo.getPort(); } public FullAttributes getFullAttributes() { if (acInfo == null) return null; return acInfo.getFullAttributes(); } public ACCerts getCertList() { if (acInfo == null) return null; return acInfo.getCertList(); } public ACTargets getTargets() { if (acInfo == null) return null; return acInfo.getTargets(); } /** * @return List of String of the VOMS fully qualified * attributes names (FQANs):
* vo[/group[/group2...]][/Role=[role]][/Capability=capability] */ public List getFullyQualifiedAttributes() { if (acInfo == null) return null; return acInfo.getFullyQualifiedAttributes(); } /** * @return List of FQAN of the VOMS fully qualified * attributes names (FQANs) * @see org.glite.voms.FQAN */ public List getListOfFQAN() { if (acInfo == null) return null; return acInfo.getListOfFQAN(); } /** * Returns a list of the attributes matching the provided OID. * @param oid Object Identifier, on the form "1.2.3.4" * @return List of ASN.1 objects representing the OID type in question */ public List getAttributes(String oid) { if (oid == null) { return Collections.EMPTY_LIST; } ASN1Sequence seq = getAttributes(); if ((seq == null) || (seq.size() == 0)) { return Collections.EMPTY_LIST; } Vector v = new Vector(); for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { ASN1Sequence attribute = (ASN1Sequence) e.nextElement(); if (oid.equals(((DERObjectIdentifier) attribute.getObjectAt(0)).getId())) { DERSet set = (DERSet) attribute.getObjectAt(1); for (Enumeration s = set.getObjects(); s.hasMoreElements();) { v.add(s.nextElement()); } } } return v; } public X509Extensions getExtensions() { return (acInfo == null) ? null : acInfo.getExtensions(); } public X509Principal getIssuerX509() { if (acInfo == null) { return null; } if (acInfo.getIssuer() == null) { return null; } ASN1Sequence seq = (ASN1Sequence) acInfo.getIssuer().getIssuerName().getDERObject(); for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { GeneralName gn = GeneralName.getInstance(e.nextElement()); if (gn.getTagNo() == 4) { return Util.generalNameToX509Name(gn); } } return null; } public X500Principal getIssuer() { if (acInfo == null) { return null; } if (acInfo.getIssuer() == null) { return null; } ASN1Sequence seq = (ASN1Sequence) acInfo.getIssuer().getIssuerName().getDERObject(); for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { Object o = e.nextElement(); GeneralName gn = GeneralName.getInstance( o); if (gn.getTagNo() == 4) { return Util.generalNameToX500Name(gn); } } return null; } public String getHolderX509() { if (acInfo == null) { return null; } if (acInfo.getHolder() == null) { return null; } GeneralNames gns = acInfo.getHolder().getIssuer(); for (Enumeration e = ((ASN1Sequence)gns.getDERObject()).getObjects(); e.hasMoreElements();) { GeneralName gn = (GeneralName)e.nextElement(); if (gn.getTagNo() == 4) { X509Principal principal = Util.generalNameToX509Name(gn); return PKIUtils.getOpenSSLFormatPrincipal(principal); } } return null; } public Holder getHolder() { return (acInfo == null) ? null : acInfo.getHolder(); } private static Date getDate(DERGeneralizedTime time) throws ParseException { SimpleDateFormat dateF; // BouncyCastle change the output of getTime() and instead // introduced a new method getDate() method... better make // sure we stay compatible String t = time.getTime(); if (t.indexOf("GMT") > 0) { dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); } else { dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); dateF.setTimeZone(new SimpleTimeZone(0, "Z")); } return dateF.parse(time.getTime()); } public Date getNotAfter() throws ParseException { return getDate(acInfo.getAttrCertValidityPeriod().getNotAfterTime()); } public Date getNotBefore() throws ParseException { return getDate(acInfo.getAttrCertValidityPeriod().getNotBeforeTime()); } public AlgorithmIdentifier getSignatureAlgorithm() { return signatureAlgorithm; } public DERBitString getSignatureValue() { return signatureValue; } public byte[] getSignature() { return signatureValue.getBytes(); } /** * Checks if the AC was valid at the provided timestamp. * @param date if null, current time is used * @return true if the AC was valid at the time in question. */ public boolean validAt(Date date) { AttCertValidityPeriod validity = acInfo.getAttrCertValidityPeriod(); if (date == null) { date = new Date(); } try{ Calendar notAfter = Calendar.getInstance(); Calendar notBefore = Calendar.getInstance(); notAfter.setTime( getDate( validity.getNotAfterTime() )); notBefore.setTime( getDate( validity.getNotBeforeTime() )); // 5 "academic" minutes tolerance notAfter.add( Calendar.MINUTE, 5); notBefore.add( Calendar.MINUTE, -5); return notAfter.getTime().after( date ) && notBefore.getTime().before( date ); } catch (ParseException e) { throw new IllegalArgumentException("Invalid validity encoding in Attribute Certificate"); } } /** * Synonym for validAt(null) * @return true if currently valid */ public boolean isValid() { return validAt(new Date()); } /** * Verifies the signature of the AC using the provided signature key * * @param key The (RSA) public key to verify the signature with * @return true if success, false otherwise */ public boolean verify(PublicKey key) { String error = null; try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(acInfo); byte[] data = null; //signedObj.getDEREncoded(); Signature sig = Signature.getInstance(signatureAlgorithm.getObjectId().getId()); sig.initVerify(key); sig.update(b.toByteArray()); return sig.verify(signatureValue.getBytes()); } catch (Exception e) { if (logger.isDebugEnabled()) { logger.debug("Error verifying signature of AC issued by " + getIssuer().getName() + " : " + e.getMessage()); } } return false; } public boolean verifyCert(X509Certificate cert) { String error = null; try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(acInfo); Signature sig = Signature.getInstance(signatureAlgorithm.getObjectId().getId()); sig.initVerify(cert); sig.update(b.toByteArray()); return sig.verify(signatureValue.getBytes()); } catch (Exception e) { if (logger.isDebugEnabled()) { logger.debug("Error verifying signature of AC issued by " + getIssuer().getName() + " : " + e.getMessage()); } } return false; } /** * Produce an object suitable for an ASN1OutputStream. * 
     *  AttributeCertificate ::= SEQUENCE {
     *       acinfo               AttributeCertificateInfo,
     *       signatureAlgorithm   AlgorithmIdentifier,
     *       signatureValue       BIT STRING
     *  }
     *
*/ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(acInfo); v.add(signatureAlgorithm); v.add(signatureValue); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/AttributeCertificateInfo.java000066400000000000000000000324621207402625500301030ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * Joni Hahkala * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.io.ByteArrayInputStream; import java.util.Enumeration; import java.util.Iterator; import java.util.List; import java.util.Vector; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERGeneralizedTime; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AttCertValidityPeriod; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.X509Extensions; import org.glite.voms.FQAN; /** * Shadow implementation of AttributeCertificateInfo from * BouncyCastle * * @author Joni Hahkala, Olle Mulmo */ public class AttributeCertificateInfo implements DEREncodable { DERInteger version; Holder holder; AttCertIssuer issuer; AlgorithmIdentifier signature; DERInteger serialNumber; AttCertValidityPeriod attrCertValidityPeriod; ASN1Sequence attributes; DERBitString issuerUniqueID; X509Extensions extensions; boolean badVomsEncoding = false; FullAttributes fullAttributes = null; ACTargets acTargets = null; ACCerts acCerts = null; private String myVo = null; private String myHostPort = null; private Vector myStringList = new Vector(); private Vector myFQANs = new Vector(); private String myHost = null; private int myPort = -1; public static final String AC_TARGET_OID = "2.5.29.55"; public static final String AC_CERTS_OID = "1.3.6.1.4.1.8005.100.100.10"; public static final String AC_FULL_ATTRIBUTES_OID = "1.3.6.1.4.1.8005.100.100.11"; public static final String VOMS_EXT_OID = "1.3.6.1.4.1.8005.100.100.5"; public static final String VOMS_ATTR_OID = "1.3.6.1.4.1.8005.100.100.4"; public AttributeCertificateInfo(ASN1Sequence seq) { DERObjectIdentifier AC_TARGET_OID_DER = new DERObjectIdentifier(AC_TARGET_OID); DERObjectIdentifier AC_CERTS_OID_DER = new DERObjectIdentifier(AC_CERTS_OID); DERObjectIdentifier AC_FULL_ATTRIBUTES_OID_DER = new DERObjectIdentifier(AC_FULL_ATTRIBUTES_OID); version = (DERInteger) seq.getObjectAt(0); holder = new Holder((ASN1Sequence) seq.getObjectAt(1)); issuer = new AttCertIssuer(seq.getObjectAt(2)); signature = new AlgorithmIdentifier((ASN1Sequence) seq.getObjectAt(3)); serialNumber = (DERInteger) seq.getObjectAt(4); // VOMS has encoding problems of attCertValidity (uses PrivateKeyUsagePeriod syntax instead) ASN1Sequence s2 = (ASN1Sequence) seq.getObjectAt(5); ASN1Sequence s3 = s2; if (s2.getObjectAt(0) instanceof ASN1TaggedObject) { badVomsEncoding = true; ASN1EncodableVector v = new ASN1EncodableVector(); for (int i = 0; i < 2; i++) { byte[] bb = ((DEROctetString) ((ASN1TaggedObject) s2.getObjectAt(i)).getObject()).getOctets(); v.add(new DERGeneralizedTime(new String(bb))); } s3 = (ASN1Sequence) new DERSequence(v); } attrCertValidityPeriod = new AttCertValidityPeriod(s3); attributes = (ASN1Sequence) seq.getObjectAt(6); // getting FQANs if (attributes != null && attributes.size() != 0) { for (Enumeration e = attributes.getObjects(); e.hasMoreElements();) { ASN1Sequence attribute = (ASN1Sequence) e.nextElement(); if (VOMS_ATTR_OID.equals(((DERObjectIdentifier) attribute.getObjectAt(0)).getId())) { DERSet set = (DERSet) attribute.getObjectAt(1); for (Enumeration s = set.getObjects(); s.hasMoreElements();) { IetfAttrSyntax attr = new IetfAttrSyntax((ASN1Sequence)s.nextElement()); String url = ((DERIA5String) GeneralName.getInstance(((ASN1Sequence) attr.getPolicyAuthority() .getDERObject()).getObjectAt(0)) .getName()).getString(); int idx = url.indexOf("://"); if ((idx < 0) || (idx == (url.length() - 1))) { throw new IllegalArgumentException("Bad encoding of VOMS policyAuthority : [" + url + "]"); } myVo = url.substring(0, idx); myHostPort = url.substring(idx + 3); idx = myHostPort.lastIndexOf(':'); if ((idx < 0) || (idx == (myHostPort.length() - 1))) { throw new IllegalArgumentException("Bad encoding of VOMS policyAuthority : [" + url + "]"); } myHost = myHostPort.substring(0, idx); myPort = Integer.parseInt(myHostPort.substring(idx+1)); if (attr.getValueType() != IetfAttrSyntax.VALUE_OCTETS) { throw new IllegalArgumentException( "VOMS attribute values are not encoded as octet strings, policyAuthority = " + url); } for (Iterator j = attr.getValues().iterator(); j.hasNext();) { String fqan = new String(((ASN1OctetString) j.next()).getOctets()); FQAN f = new FQAN(fqan); // maybe requiring that the attributes start with vo is too much? if (!myStringList.contains(fqan) && (fqan.startsWith("/" + myVo + "/") || fqan.equals("/" + myVo))) { myStringList.add(fqan); myFQANs.add(f); } } } } } } // check if the following two can be detected better!!! // for example, is it possible to have only the extensions? how to detect this? if (seq.size() > 8) { issuerUniqueID = new DERBitString(seq.getObjectAt(7)); extensions = new X509Extensions((ASN1Sequence) seq.getObjectAt(8)); } else if (seq.size() > 7) { extensions = new X509Extensions((ASN1Sequence) seq.getObjectAt(7)); } // start parsing of known extensions if (extensions.getExtension(AC_TARGET_OID_DER) != null) { byte[] data = (extensions.getExtension(AC_TARGET_OID_DER).getValue().getOctets()); DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(data)).readObject(); acTargets = new ACTargets(ASN1Sequence.getInstance(dobj)); } catch (Exception e) { throw new IllegalArgumentException("DERO: " + e.getMessage()); } } if (extensions.getExtension(AC_CERTS_OID_DER) != null) { byte[] data = (extensions.getExtension(AC_CERTS_OID_DER).getValue().getOctets()); DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(data)).readObject(); acCerts = new ACCerts(ASN1Sequence.getInstance(dobj)); } catch (Exception e) { throw new IllegalArgumentException("DERO: " + e.getMessage()); } } if (extensions.getExtension(AC_FULL_ATTRIBUTES_OID_DER) != null) { byte[] data = (extensions.getExtension(AC_FULL_ATTRIBUTES_OID_DER).getValue().getOctets()); DERObject dobj = null; try { dobj = new ASN1InputStream(new ByteArrayInputStream(data)).readObject(); fullAttributes = new FullAttributes(ASN1Sequence.getInstance(dobj)); } catch (Exception e) { throw new IllegalArgumentException("DERO: " + e.getMessage()); } } } public static AttributeCertificateInfo getInstance(ASN1Sequence seq) { return new AttributeCertificateInfo(seq); } public DERInteger getAttCertVersion() { return version; } public Holder getHolder() { return holder; } public AttCertIssuer getIssuer() { return issuer; } public AlgorithmIdentifier getSignature() { return signature; } public DERInteger getSerialNumber() { return serialNumber; } public AttCertValidityPeriod getAttrCertValidityPeriod() { return attrCertValidityPeriod; } public ASN1Sequence getAttributes() { return attributes; } public String getVO() { return myVo; } public String getHostPort() { return myHostPort; } public String getHost() { return myHost; } public int getPort() { return myPort; } public DERBitString getIssuerUniqueID() { return issuerUniqueID; } public X509Extensions getExtensions() { return extensions; } public FullAttributes getFullAttributes() { return fullAttributes; } public ACCerts getCertList() { return acCerts; } public ACTargets getTargets() { return acTargets; } /** * @return List of String of the VOMS fully qualified * attributes names (FQANs):
* vo[/group[/group2...]][/Role=[role]][/Capability=capability] */ public List getFullyQualifiedAttributes() { return myStringList; } /** * @return List of FQAN of the VOMS fully qualified * attributes names (FQANs) * @see org.glite.voms.FQAN */ public List getListOfFQAN() { return myFQANs; } /** * Produce an object suitable for an ASN1OutputStream. * * 
     *
     *
     *
     *     AttributeCertificateInfo ::= SEQUENCE {
     *          version              AttCertVersion -- version is v2,
     *          holder               Holder,
     *          issuer               AttCertIssuer,
     *          signature            AlgorithmIdentifier,
     *          serialNumber         CertificateSerialNumber,
     *          attrCertValidityPeriod   AttCertValidityPeriod,
     *          attributes           SEQUENCE OF Attribute,
     *          issuerUniqueID       UniqueIdentifier OPTIONAL,
     *          extensions           Extensions OPTIONAL
     *     }
     *
     *     AttCertVersion ::= INTEGER { v2(1) }
     *
     *
     *
     *
*/ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(version); v.add(holder); v.add(issuer); v.add(signature); v.add(serialNumber); if (!badVomsEncoding) { v.add(attrCertValidityPeriod); } else { ASN1EncodableVector v2 = new ASN1EncodableVector(); v2.add(new DERTaggedObject(false, 0, new DEROctetString((attrCertValidityPeriod.getNotBeforeTime().getTime().substring(0, 14) + "Z").getBytes()))); v2.add(new DERTaggedObject(false, 1, new DEROctetString((attrCertValidityPeriod.getNotAfterTime().getTime().substring(0, 14) + "Z").getBytes()))); v.add(new DERSequence(v2)); } v.add(attributes); if (issuerUniqueID != null) { v.add(issuerUniqueID); } if (extensions != null) { v.add(extensions); } return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/AttributeHolder.java000066400000000000000000000101631207402625500262540ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import java.util.Enumeration; import java.util.List; import java.util.ListIterator; import java.util.Vector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; /** * This calss represents an Attribute Holder object. * * @author Vincenzo Ciaschini */ public class AttributeHolder implements DEREncodable { private List l; private GeneralNames grantor; /** * Empty constructor. */ public AttributeHolder() { l = null; grantor = null; } /** * Creates an AttributeHolder object from a Sequence. * * @param seq the Sequence * * @throws IllegalArgumentException if there are parsing problems. */ public AttributeHolder(ASN1Sequence seq) { l = new Vector(); grantor = null; if (seq.size() != 2) throw new IllegalArgumentException("Encoding error in AttributeHolder"); if ((seq.getObjectAt(0) instanceof ASN1Sequence) && (seq.getObjectAt(1) instanceof ASN1Sequence)) { grantor = GeneralNames.getInstance(seq.getObjectAt(0)); seq = (ASN1Sequence) seq.getObjectAt(1); for (Enumeration e = seq.getObjects(); e.hasMoreElements(); ) { GenericAttribute att = new GenericAttribute((ASN1Sequence)e.nextElement()); l.add(att); } } else throw new IllegalArgumentException("Encoding error in AttributeHolder"); } /** * Static variant of the constructor. * * @see #AttributeHolder(ASN1Sequence seq) */ public static AttributeHolder getInstance(ASN1Sequence seq) { return new AttributeHolder(seq); } /** * Gets the Grantor of these attributes. * * @return the grantor. */ public String getGrantor() { ASN1Sequence seq = ASN1Sequence.getInstance(grantor.getDERObject()); GeneralName name = GeneralName.getInstance(seq.getObjectAt(0)); return DERIA5String.getInstance(name.getName()).getString(); } /** * * Gets a list of Generic Attributes. * * @return the list or null if none was loaded. */ public List getAttributes() { return l; } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(grantor); ASN1EncodableVector v2 = new ASN1EncodableVector(); for (ListIterator li = l.listIterator(); li.hasNext(); ) { GenericAttribute att = (GenericAttribute)li.next(); v2.add(att); } ASN1Sequence seq = (ASN1Sequence) new DERSequence(v2); v.add(seq); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/FullAttributes.java000066400000000000000000000064001207402625500261230ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import java.util.Enumeration; import java.util.List; import java.util.ListIterator; import java.util.Vector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; /** * This class represents the GenericAttributes extension which may be found * in the AC. * * @author Vincenzo Ciaschini */ public class FullAttributes implements DEREncodable { private List l; /** * Empty contructor */ public FullAttributes() { l = new Vector(); } /** * Creates a FullAttributes object from a sequence. * * @param seq the Sequence * * @throws IllegalArgumentException if there are parsing problems. */ public FullAttributes(ASN1Sequence seq) { l = new Vector(); if (seq.size() != 1) throw new IllegalArgumentException("Encoding error in FullAttributes"); seq = (ASN1Sequence) seq.getObjectAt(0); for (Enumeration e = seq.getObjects(); e.hasMoreElements(); ) { AttributeHolder holder = new AttributeHolder((ASN1Sequence)e.nextElement()); l.add(holder); } } /** * Static variant of the constructor. * * @see #FullAttributes(ASN1Sequence seq) */ public static FullAttributes getInstance(ASN1Sequence seq) { return new FullAttributes(seq); } /** * Returns a list of the AttributeHolders. * * @return the list or null if none was there. */ public List getAttributeHolders() { return l; } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v2 = new ASN1EncodableVector(); for (ListIterator li = l.listIterator(); li.hasNext(); ) { AttributeHolder holder = (AttributeHolder)li.next(); v2.add(holder); } ASN1Sequence seq = (ASN1Sequence) new DERSequence(v2); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(seq); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/GenericAttribute.java000066400000000000000000000073751207402625500264260ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; /** * This class represents the single Generic Attribute. * * @author Vincenzo Ciaschini */ public class GenericAttribute implements DEREncodable { private String name; private String value; private String qualifier; /** * Empty contructor */ public GenericAttribute() { name = value = qualifier = null; } /** * Creates a GenericAttributes object from a sequence. * * @param seq the Sequence * * @throws IllegalArgumentException if there are parsing problems. */ public GenericAttribute(ASN1Sequence seq) { if (seq.size() != 3) throw new IllegalArgumentException("Encoding error in GenericAttribute"); name = value = qualifier = null; if ((seq.getObjectAt(0) instanceof ASN1OctetString) && (seq.getObjectAt(1) instanceof ASN1OctetString) && (seq.getObjectAt(2) instanceof ASN1OctetString)) { value = new String(DEROctetString.getInstance(seq.getObjectAt(1)).getOctets()); name = new String(DEROctetString.getInstance(seq.getObjectAt(0)).getOctets()); qualifier = new String(DEROctetString.getInstance(seq.getObjectAt(2)).getOctets()); } else throw new IllegalArgumentException("Encoding error in GenericAttribute"); } /** * Static variant of the constructor. * * @see #GenericAttribute(ASN1Sequence seq) */ public static GenericAttribute getInstance(ASN1Sequence seq) { return new GenericAttribute(seq); } /** * Gets the name of the attribute * * @return the name */ public String getName() { return name; } /** * Gets the value of the attribute * * @return the value */ public String getValue() { return value; } /** * Gets the qualifier of the attribute * * @return the qualifier */ public String getQualifier() { return qualifier; } /** * Makes a DERObject representation. * * @return the DERObject */ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DEROctetString(name.getBytes())); v.add(new DEROctetString(value.getBytes())); v.add(new DEROctetString(qualifier.getBytes())); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/Holder.java000066400000000000000000000147571207402625500244050ustar00rootroot00000000000000/********************************************************************* * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Enumeration; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.IssuerSerial; /** * The Holder object. * 
 *  Holder ::= SEQUENCE {
 *        baseCertificateID   [0] IssuerSerial OPTIONAL,
 *                 -- the issuer and serial number of
 *                 -- the holder's Public Key Certificate
 *        entityName          [1] GeneralNames OPTIONAL,
 *                 -- the name of the claimant or role
 *        objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
 *                 -- used to directly authenticate the holder,
 *                 -- for example, an executable
 *  }
 *
*/ public class Holder implements DEREncodable { IssuerSerial baseCertificateID = null; GeneralNames entityName = null; ObjectDigestInfo objectDigestInfo = null; public Holder(X509Certificate cert) { this(cert.getIssuerX500Principal(), cert.getSerialNumber()); } public Holder(X500Principal issuer, BigInteger serial) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(Util.x500nameToGeneralNames(issuer)); v.add(new DERInteger(serial)); baseCertificateID = new IssuerSerial(new DERSequence(v)); } public Holder(ASN1Sequence seq) { for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { DERObject obj = (DERObject) e.nextElement(); if (!(obj instanceof ASN1TaggedObject)) { throw new IllegalArgumentException("Holder element not tagged"); } ASN1TaggedObject tObj = (ASN1TaggedObject) obj; switch (tObj.getTagNo()) { case 0: baseCertificateID = new IssuerSerial((ASN1Sequence) tObj.getObject()); break; case 1: entityName = GeneralNames.getInstance(tObj, false); break; case 2: objectDigestInfo = new ObjectDigestInfo((ASN1Sequence) tObj.getObject()); break; default: throw new IllegalArgumentException("Unknown tag number " + tObj.getTagNo()); } } } public GeneralNames getIssuer() { if (baseCertificateID != null) return baseCertificateID.getIssuer(); else if (entityName != null) return entityName; return null; } protected static boolean matchesDN(X500Principal subject, GeneralNames targets) { Enumeration e = ((ASN1Sequence) targets.getDERObject()).getObjects(); while (e.hasMoreElements()) { GeneralName gn = GeneralName.getInstance(e.nextElement()); if (gn.getTagNo() == 4) { try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(gn.getName()); X500Principal principal = new X500Principal(b.toByteArray()); if (principal.equals(subject)) { return true; } } catch (IOException i) { } } } return false; } /* * check if the holder DN matches the DN of the user cert issuer and the SN the user cert SN */ public boolean isHolder(X509Certificate cert) { if (baseCertificateID != null) { if (baseCertificateID.getSerial().getValue().equals(cert.getSerialNumber())){ if (matchesDN(cert.getIssuerX500Principal(), baseCertificateID.getIssuer())) { return true; } //TODO: remove this cludge that works around a bug in voms versions pre 1.6.7 if(matchesDN(cert.getSubjectX500Principal(), baseCertificateID.getIssuer())){ return true; } } } if (entityName != null) { if (matchesDN(cert.getSubjectX500Principal(), entityName)) { return true; } } /** * objectDigestInfo not supported */ return false; } public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); if (baseCertificateID != null) { v.add(new DERTaggedObject(false, 0, baseCertificateID)); } if (entityName != null) { v.add(new DERTaggedObject(false, 1, entityName)); } if (objectDigestInfo != null) { v.add(new DERTaggedObject(false, 2, objectDigestInfo)); } return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/IetfAttrSyntax.java000066400000000000000000000107061207402625500261070ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.util.Enumeration; import java.util.Iterator; import java.util.List; import java.util.Vector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUniversalString; import org.bouncycastle.asn1.x509.GeneralNames; /** * Implementation of IetfAttrSyntax as specified * by RFC3281. * * 
 * IetfAttrSyntax ::= SEQUENCE {
 *   policyAuthority [0] GeneralNames OPTIONAL,
 *   values SEQUENCE OF CHOICE {
 *     octets OCTET STRING,
 *     oid OBJECT IDENTIFIER,
 *     string UTF8String
 *   }
 * }
 *
* * @author mulmo */ public class IetfAttrSyntax implements DEREncodable { public static final int VALUE_OCTETS = 1; public static final int VALUE_OID = 2; public static final int VALUE_UTF8 = 3; GeneralNames policyAuthority = null; Vector values = new Vector(); int valueChoice = -1; /** * */ public IetfAttrSyntax(ASN1Sequence seq) { int i = 0; if (seq.getObjectAt(0) instanceof ASN1TaggedObject) { policyAuthority = GeneralNames.getInstance((ASN1TaggedObject) seq.getObjectAt(0), /*explicit=*/ false); i++; } if (!(seq.getObjectAt(i) instanceof ASN1Sequence)) { throw new IllegalArgumentException("Non-IetfAttrSyntax encoding"); } seq = (ASN1Sequence) seq.getObjectAt(i); for (Enumeration e = seq.getObjects(); e.hasMoreElements();) { DERObject obj = (DERObject) e.nextElement(); int type; if (obj instanceof DERObjectIdentifier) { type = VALUE_OID; } else if (obj instanceof DERUniversalString) { type = VALUE_UTF8; } else if (obj instanceof DEROctetString) { type = VALUE_OCTETS; } else { throw new IllegalArgumentException("Bad value type encoding IetfAttrSyntax"); } if (valueChoice < 0) { valueChoice = type; } if (type != valueChoice) { throw new IllegalArgumentException("Mix of value types in IetfAttrSyntax"); } values.add(obj); } } public GeneralNames getPolicyAuthority() { return policyAuthority; } public int getValueType() { return valueChoice; } public List getValues() { return values; } public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); if (policyAuthority != null) { v.add(new DERTaggedObject(0, policyAuthority)); } ASN1EncodableVector v2 = new ASN1EncodableVector(); for (Iterator i = values.iterator(); i.hasNext();) { v2.add((DEREncodable) i.next()); } v.add(new DERSequence(v2)); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/ObjectDigestInfo.java000066400000000000000000000072031207402625500263360ustar00rootroot00000000000000/********************************************************************* * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DEREnumerated; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class ObjectDigestInfo implements DEREncodable { DEREnumerated digestedObjectType; DERObjectIdentifier otherObjectTypeID; AlgorithmIdentifier digestAlgorithm; DERBitString objectDigest; public ObjectDigestInfo(ASN1Sequence seq) { digestedObjectType = DEREnumerated.getInstance((DERTaggedObject) seq.getObjectAt(0)); int offset = 0; if (seq.size() == 4) { otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); offset++; } digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset)); objectDigest = new DERBitString(seq.getObjectAt(2 + offset)); } public DEREnumerated getDigestedObjectType() { return digestedObjectType; } public DERObjectIdentifier getOtherObjectTypeID() { return otherObjectTypeID; } public AlgorithmIdentifier getDigestAlgorithm() { return digestAlgorithm; } public DERBitString getObjectDigest() { return objectDigest; } /** * Produce an object suitable for an ASN1OutputStream. * 
     *  ObjectDigestInfo ::= SEQUENCE {
     *       digestedObjectType  ENUMERATED {
     *               publicKey            (0),
     *               publicKeyCert        (1),
     *               otherObjectTypes     (2) },
     *                       -- otherObjectTypes MUST NOT
     *                       -- be used in this profile
     *       otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
     *       digestAlgorithm     AlgorithmIdentifier,
     *       objectDigest        BIT STRING
     *  }
     *
*/ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(digestedObjectType); if (otherObjectTypeID != null) { v.add(otherObjectTypeID); } v.add(digestAlgorithm); v.add(objectDigest); return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/Util.java000066400000000000000000000072711207402625500240760ustar00rootroot00000000000000/********************************************************************* * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import java.io.ByteArrayOutputStream; import java.io.IOException; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.jce.X509Principal; /** * @author mulmo * * To change the template for this generated type comment go to * Window>Preferences>Java>Code Generation>Code and Comments */ public class Util { public static GeneralNames generalNameToGeneralNames(GeneralName name) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(name); return GeneralNames.getInstance(new DERSequence(v)); } public static GeneralName x500nameToGeneralName(byte[] encodedName) { try { return new GeneralName(new X509Principal(encodedName)); } catch (IOException e) { throw new IllegalArgumentException("invalid X500 name encoding"); } } public static GeneralNames x500nameToGeneralNames(X500Principal name) { return generalNameToGeneralNames(x500nameToGeneralName(name.getEncoded())); } public static X500Principal generalNameToX500Name(GeneralName name) { int tag = -1; if ((name == null) || ((tag = name.getTagNo()) != 4)) { throw new IllegalArgumentException("GeneralName is not a DirectoryName (tag=" + tag + ")"); } try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(name.getName()); return new X500Principal(b.toByteArray()); } catch (IOException i) { throw new IllegalArgumentException("Bad DN encoding of Attribute Certificate issuer"); } } public static X509Principal generalNameToX509Name(GeneralName name) { int tag = -1; if ((name == null) || ((tag = name.getTagNo()) != 4)) { throw new IllegalArgumentException("GeneralName is not a DirectoryName (tag=" + tag + ")"); } try { ByteArrayOutputStream b = new ByteArrayOutputStream(); new DEROutputStream(b).writeObject(name.getName()); return new X509Principal(b.toByteArray()); } catch (IOException i) { throw new IllegalArgumentException("Bad DN encoding of Attribute Certificate issuer"); } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/V2Form.java000066400000000000000000000077671207402625500243060ustar00rootroot00000000000000/********************************************************************* * * Authors: Olle Mulmo * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://eu-egee.org/partners/ for details on the copyright holders. * For license conditions see the license file or http://eu-egee.org/license.html */ package org.glite.voms.ac; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.IssuerSerial; /** * @author mulmo */ public class V2Form implements DEREncodable { GeneralNames issuerName; IssuerSerial baseCertificateID; ObjectDigestInfo objectDigestInfo; public V2Form(GeneralNames issuerName) { this.issuerName = issuerName; } public V2Form(ASN1Sequence seq) { int n = 0; if (seq.getObjectAt(0) instanceof ASN1Sequence) { issuerName = new GeneralNames((ASN1Sequence) seq.getObjectAt(0)); n++; } for (; n < seq.size(); n++) { ASN1TaggedObject tObj = (ASN1TaggedObject) seq.getObjectAt(n); switch (tObj.getTagNo()) { case 0: baseCertificateID = new IssuerSerial((ASN1Sequence) tObj.getObject()); break; case 1: objectDigestInfo = new ObjectDigestInfo((ASN1Sequence) tObj.getObject()); break; default: throw new IllegalArgumentException("Bad tag " + tObj.getTagNo() + " in V2Form"); } } } public GeneralNames getIssuerName() { return issuerName; } public IssuerSerial getBaseCertificateID() { return baseCertificateID; } public ObjectDigestInfo getObjectDigestInfo() { return objectDigestInfo; } /** * Produce an object suitable for an ASN1OutputStream. * 
     *  V2Form ::= SEQUENCE {
     *       issuerName            GeneralNames  OPTIONAL,
     *       baseCertificateID     [0] IssuerSerial  OPTIONAL,
     *       objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
     *         -- issuerName MUST be present in this profile
     *         -- baseCertificateID and objectDigestInfo MUST NOT
     *         -- be present in this profile
     *  }
     *
*/ public DERObject getDERObject() { ASN1EncodableVector v = new ASN1EncodableVector(); if (issuerName != null) { // IMPLICIT encoding of GeneralNames ... gosh, how I hate ASN.1 sometimes. v.add(((ASN1Sequence) issuerName.getDERObject()).getObjectAt(0)); } if (baseCertificateID != null) { v.add(new DERTaggedObject(0, baseCertificateID)); } if (objectDigestInfo != null) { v.add(new DERTaggedObject(1, objectDigestInfo)); } return new DERSequence(v); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/ac/VOMSTrustStore.java000066400000000000000000000041561207402625500260230ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.ac; import java.security.cert.X509Certificate; import javax.security.auth.x500.X500Principal; import org.glite.voms.LSCFile; /** * @author Vincenzo Ciaschini */ public interface VOMSTrustStore { /** * Returns the LSCFile corresponding to the VO and Host specified. * * @param voName the name of the VO. * @param hostName the name of the issuing host. * * @return the LSCfile, or null if none is found. */ public LSCFile getLSC(String voName, String hostName); /** * Returns candidates to the role of signer of an AC with he given * issuer and of the give VO. * * @param issuer the DN of the signer. * @param voName the VO to which he signer belongs. * * @return an array of issuer candidates, or null if none is found. */ public X509Certificate[] getAACandidate(X500Principal issuer, String voName); /** * Stops refreshing the store. * * This method MUST be called prior to disposing of the store. */ public void stopRefresh(); } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/000077500000000000000000000000001207402625500233575ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/MyProxyCertInfo.java000066400000000000000000000103301207402625500273000ustar00rootroot00000000000000/********************************************************************* * * Authors: * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.ByteArrayInputStream; import java.io.IOException; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSequence; public class MyProxyCertInfo implements DEREncodable { private int pathLen; private ProxyPolicy policy; private int version; public MyProxyCertInfo(ProxyPolicy policy, int version) { this.policy = policy; this.pathLen = -1; this.version = version; } public MyProxyCertInfo(int pathLenConstraint, ProxyPolicy policy, int version) { this.policy = policy; this.pathLen = pathLenConstraint; this.version = version; } public int getPathLenConstraint() { return pathLen; } public ProxyPolicy getProxyPolicy() { return policy; } /* * ProxyCertInfo ::= SEQUENCE { pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, proxyPolicy ProxyPolicy } ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL } */ private void setFromSeq(ASN1Sequence seq) { if (seq.size() == 1){ this.version = VOMSProxyBuilder.GT3_PROXY; this.policy = new ProxyPolicy(seq); this.pathLen = -1; }else{ this.version = VOMSProxyBuilder.GT4_PROXY; // First element is pCPathLenConstraint this.pathLen = ((DERInteger)seq.getObjectAt(0)).getValue().intValue(); this.policy = new ProxyPolicy((ASN1Sequence)seq.getObjectAt(1)); } } public MyProxyCertInfo(ASN1Sequence seq) { setFromSeq(seq); } public MyProxyCertInfo(byte[] payload) { DERObject derObj = null; try { ByteArrayInputStream inStream = new ByteArrayInputStream(payload); ASN1InputStream derInputStream = new ASN1InputStream(inStream); derObj = derInputStream.readObject(); } catch (IOException e) { throw new IllegalArgumentException("Unable to convert byte array: " + e.getMessage()); } if (derObj instanceof ASN1Sequence) { setFromSeq((ASN1Sequence)derObj); } else throw new IllegalArgumentException("Unable to convert byte array"); } public DERObject getDERObject() { ASN1EncodableVector vec = new ASN1EncodableVector(); switch(version) { case VOMSProxyBuilder.GT3_PROXY: if (this.pathLen != -1) { vec.add(new DERInteger(this.pathLen)); } vec.add(this.policy.getDERObject()); break; case VOMSProxyBuilder.GT4_PROXY: vec.add(this.policy.getDERObject()); if (this.pathLen != -1) { vec.add(new DERInteger(this.pathLen)); } break; default: break; } return new DERSequence(vec); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/PathNamingScheme.java000066400000000000000000000201221207402625500273720ustar00rootroot00000000000000/********************************************************************* * * Authors: * Karoly Lorentey - lorentey@elte.hu * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.log4j.Logger; /** * This class provides utility methods that are used for parsing, matching voms * FQANs (Fully Qualified Attribute Names). * * @author Karoly Lorentey * @author Andrea Ceccanti * * */ public class PathNamingScheme { public static final Logger log = Logger.getLogger( PathNamingScheme.class ); public static final String containerSyntax = "^(/[\\w.-]+)+|((/[\\w.-]+)+/)?(Role=[\\w.-]+)|(Capability=[\\w\\s.-]+)$"; public static final String groupSyntax = "^(/[\\w.-]+)+$"; public static final String roleSyntax = "^Role=[\\w.-]+$"; public static final String qualifiedRoleSyntax = "^(/[\\w.-]+)+/Role=[\\w.-]+$"; public static final String capabilitySyntax = "^Capability=[\\w\\s.-]+$"; public static final Pattern containerPattern = Pattern .compile( containerSyntax ); public static final Pattern groupPattern = Pattern.compile( groupSyntax ); public static final Pattern rolePattern = Pattern.compile( roleSyntax ); public static final Pattern qualifiedRolePattern = Pattern .compile( qualifiedRoleSyntax ); public static final Pattern capabilityPattern = Pattern .compile( capabilitySyntax ); /** * This methods checks that the string passed as argument complies with the voms FQAN syntax. * * @param containerName the string that must be checked for compatibility with FQAN syntax. * @throws VOMSSyntaxException * If there's an error in the FQAN syntax. */ public static void checkSyntax( String containerName ) { if ( containerName.length() > 255 ) throw new VOMSSyntaxException( "containerName.length() > 255" ); if ( !containerPattern.matcher( containerName ).matches() ) throw new VOMSSyntaxException( "Syntax error in container name: " + containerName ); } /** * * This methods checks that the string passed as argument complies with the syntax used * by voms to identify groups. * * @param groupName the string that has to be checked. * @throws VOMSSyntaxException * If the string passed as argument doens not comply with the voms sytax. */ public static void checkGroup( String groupName ) { checkSyntax( groupName ); if ( !groupPattern.matcher( groupName ).matches() ) throw new VOMSSyntaxException( "Syntax error in group name: " + groupName ); } /** * This methods checks that the string passed as argument complies with the syntax used * by voms to identify roles. * * * @param roleName * @throws VOMSSyntaxException * If the string passed as argument doens not comply with the voms sytax. */ public static void checkRole( String roleName ) { if ( roleName.length() > 255 ) throw new VOMSSyntaxException( "roleName.length()>255" ); if ( !rolePattern.matcher( roleName ).matches() ) throw new VOMSSyntaxException( "Syntax error in role name: " + roleName ); } /** * This methods checks that the FQAN passed as argument identifies a voms group. * * @param groupName the string to check. * @return
  • true, if the string passed as argument identifies a voms group. *
  • false, otherwise. *
*/ public static boolean isGroup( String groupName ) { checkSyntax( groupName ); return groupPattern.matcher( groupName ).matches(); } /** * This methods checks that the FQAN passed as argument identifies a voms role. * * @param roleName the string to check. * @return
  • true, if the string passed as argument identifies a voms role. *
  • false, otherwise. *
*/ public static boolean isRole( String roleName ) { checkSyntax( roleName ); return rolePattern.matcher( roleName ).matches(); } /** * This methods checks that the FQAN passed as argument identifies a qualified voms role, i.e., * a role defined in the context of a voms group. * * @param roleName the string to check. * @return
  • true, if the string passed as argument identifies a qualified voms role. *
  • false, otherwise. *
*/ public static boolean isQualifiedRole( String roleName ) { checkSyntax( roleName ); return qualifiedRolePattern.matcher( roleName ).matches(); } /** * This method extracts the role name information from the FQAN passed as argument. * * @param containerName the FQAN * @return
  • A string containing the role name, if found
    • *
  • null, if no role information is contained in the FQAN passed as argument *
*/ public static String getRoleName( String containerName ) { if ( !isRole( containerName ) && !isQualifiedRole( containerName ) ) throw new VOMSSyntaxException( "No role specified in \"" + containerName + "\" voms syntax." ); Matcher m = containerPattern.matcher( containerName ); if ( m.matches() ) { String roleGroup = m.group( 4 ); return roleGroup.substring( roleGroup.indexOf( '=' ) + 1, roleGroup .length() ); } return null; } /** * This method extracts group name information from the FQAN passed as argument. * * @param containerName the FQAN * @return
  • A string containing the group name, if found
    • *
  • null, if no group information is contained in the FQAN passed as argument *
*/ public static String getGroupName( String containerName ) { checkSyntax( containerName ); // If it's a container and it's not a role or a qualified role, then // it's a group! if ( !isRole( containerName ) && !isQualifiedRole( containerName ) ) return containerName; Matcher m = containerPattern.matcher( containerName ); if ( m.matches() ) { String groupName = m.group( 2 ); if ( groupName.endsWith( "/" ) ) return groupName.substring( 0, groupName.length() - 1 ); else return groupName; } return null; } public static String toOldQualifiedRoleSyntax( String qualifiedRole ) { checkSyntax( qualifiedRole ); if ( !isQualifiedRole( qualifiedRole ) ) throw new VOMSSyntaxException( "String passed as argument is not a qualified role!" ); return getGroupName( qualifiedRole ) + ":" + getRoleName( qualifiedRole ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/ProxyPolicy.java000066400000000000000000000057761207402625500265420ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DEROctetString; public class ProxyPolicy implements DEREncodable { private DERObjectIdentifier oid; private DEROctetString policy; public static final DERObjectIdentifier IMPERSONATION = new DERObjectIdentifier("1.3.6.1.5.5.7.21.1"); public static final DERObjectIdentifier INDEPENDENT = new DERObjectIdentifier("1.3.6.1.5.5.7.21.2"); public static final DERObjectIdentifier LIMITED = new DERObjectIdentifier("1.3.6.1.4.1.3536.1.1.1.9"); public ProxyPolicy(DERObjectIdentifier oid) { this.oid = oid; this.policy = null; } public ProxyPolicy(DERObjectIdentifier oid, String policy) { this.oid = oid; this.policy = new DEROctetString(policy.getBytes()); } public ProxyPolicy(String oid, String policy) { this.oid = new DERObjectIdentifier(oid); this.policy= new DEROctetString(policy.getBytes()); } public ProxyPolicy(String oid) { this.oid = new DERObjectIdentifier(oid); this.policy= null; } public DERObject getDERObject() { ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(oid); if (policy != null) vec.add(policy); return new DERSequence(vec); } public ProxyPolicy(ASN1Sequence seq) { this.oid = (DERObjectIdentifier)seq.getObjectAt(0); if (seq.size() > 1) { DEREncodable obj = seq.getObjectAt(1); if (obj instanceof DERTaggedObject) { obj = ((DERTaggedObject)obj).getObject(); } this.policy = (DEROctetString)obj; } } }; voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/UserCredentials.java000066400000000000000000000352661207402625500273320ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.util.Enumeration; import org.apache.log4j.Logger; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.openssl.PEMWriter; import org.glite.voms.PKIUtils; /** * This class implements parsing and handling of X509 user credentials * in PEM or PKCS12 format. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class UserCredentials { static{ if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } private static final Logger log = Logger.getLogger( UserCredentials.class ); private X509Certificate userCert; private X509Certificate[] userChain; private PrivateKey userKey; private UserCredentials(PrivateKey key, X509Certificate[] certs) { userKey = key; userCert = certs[0]; userChain = certs; if (log.isDebugEnabled()) { log.debug("Cert is: " + certs[0].getSubjectDN()); for (int i=0; i < userChain.length; i++) { log.debug("Chain["+i+"] is: " + userChain[i].getSubjectDN()); } } } public void save(OutputStream os) throws IOException { OutputStreamWriter osw = new OutputStreamWriter(os); PEMWriter writer = new PEMWriter(osw); log.debug("Cert is: " + userCert.getSubjectDN()); writer.writeObject(userCert); if (userKey != null) writer.writeObject(userKey); for (int i=1; i < userChain.length; i++) { log.debug("Chain["+i+"] is: " + userChain[i].getSubjectDN()); writer.writeObject(userChain[i]); } writer.flush(); } /** * * This method returs the user certificate loaded in this {@link UserCredentials}. * * @return the X509 user certificate. */ public X509Certificate getUserCertificate() { return userCert; } /** * * This method returs the user certificate chain loaded in this {@link UserCredentials}. * * @return the X509 user certificate. */ public X509Certificate[] getUserChain() { return userChain; } /** * This method returs the user credential openssl private key. * * @return the user credentials private key. */ public PrivateKey getUserKey() { return userKey; } /** * * This method is used to load and parse an X509 certificate in PEM format. * * @param userCertFile the file object referring to the X509 certificate. */ private void loadCert(File userCertFile){ try { userChain = PKIUtils.loadCertificates(userCertFile); userCert = userChain[0]; } catch ( CertificateException e ) { log.debug( "Error parsing user certificate: " + e.getMessage() ); if ( log.isDebugEnabled() ) log.error( e.getMessage(), e ); throw new VOMSException( e ); } } private static class PFinder implements PasswordFinder { private String pwd; public PFinder(String password) { pwd = password; } public char [] getPassword() { if (pwd != null) return pwd.toCharArray(); else return "".toCharArray(); } } /** * This method is used to load and decrypt a user private key in PEM format. * * @param userKeyFile the file object that points to the PEM key. * @param password the password needed to decrypt the key. */ private void loadKey(File userKeyFile, String password) { log.debug("File is: " + userKeyFile.getName()); userKey = PKIUtils.loadPrivateKey(userKeyFile, new PFinder(password)); } private void loadCredentials(File userCertFile, File userKeyFile, String keyPassword){ loadCert( userCertFile ); loadKey( userKeyFile, keyPassword ); } private void loadPKCS12Credentials(File pkcs12File, String keyPassword){ FileInputStream stream = null; try { KeyStore ks = KeyStore.getInstance( "PKCS12", "BC" ); stream = new FileInputStream(pkcs12File); ks.load(stream, keyPassword.toCharArray()); Enumeration aliases = ks.aliases(); if (!aliases.hasMoreElements()) throw new VOMSException("No aliases found inside pkcs12 certificate!"); // Take the first alias and hope it is the right one... String alias = (String)aliases.nextElement(); userChain = (X509Certificate[]) ks.getCertificateChain(alias); userCert = (X509Certificate) ks.getCertificate(alias); userKey = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray()); } catch ( Exception e ) { log.error( "Error importing pkcs12 certificate: "+e.getMessage() ); if (log.isDebugEnabled()) log.error( "Error importing pkcs12 certificate: "+e.getMessage(),e ); throw new VOMSException(e); } finally { try { if (stream != null) stream.close(); } catch (IOException e) { /* do nothing */ } } } private UserCredentials(UserCredentials credentials) { userChain = credentials.getUserChain(); userKey = credentials.getUserKey(); userCert = credentials.getUserCertificate(); } private UserCredentials( String keyPassword ) { String x509UserCert = System.getProperty( "X509_USER_CERT", null ); String x509UserKey = System.getProperty( "X509_USER_KEY", null ); String x509UserKeyPassword = System.getProperty( "X509_USER_KEY_PASSWORD", null ); String pkcs12UserCert = System.getProperty( "PKCS12_USER_CERT", null ); String pkcs12UserKeyPassword = System.getProperty( "PKCS12_USER_KEY_PASSWORD", null ); if ( x509UserCert != null && x509UserKey != null ){ log.debug( "Looking for pem certificates in ("+x509UserCert+","+x509UserKey+")" ); try{ loadCredentials(new File( x509UserCert ), new File( x509UserKey ), (x509UserKeyPassword != null)? x509UserKeyPassword: keyPassword); log.debug( "Credentials loaded succesfully." ); return; }catch (VOMSException e) { log.debug ("Error parsing credentials:"+e.getMessage()); if (log.isDebugEnabled()) log.debug(e.getMessage(),e); } } log.debug( "Looking for pem certificates in "+System.getProperty( "user.home" )+File.separator+".globus" ); File globusCert = new File (System.getProperty( "user.home" )+File.separator+".globus"+File.separator+"usercert.pem"); File globusKey = new File (System.getProperty( "user.home" )+File.separator+".globus"+File.separator+"userkey.pem"); try{ loadCredentials( globusCert, globusKey, (x509UserKeyPassword != null)? x509UserKeyPassword: keyPassword); log.debug( "Credentials loaded succesfully." ); return; }catch (VOMSException e) { log.debug ("Error parsing credentials:"+e.getMessage()); if (log.isDebugEnabled()) log.debug(e.getMessage(),e); } // PKCS12 credentials support if (pkcs12UserCert!=null){ log.debug( "Looking for pkcs12 certificate in "+ pkcs12UserCert); File pkcs12File = null; try { pkcs12File = new File(System.getProperty( "user.home" )+File.separator+".globus" +File.separator+"usercert.p12"); loadPKCS12Credentials( pkcs12File, (pkcs12UserKeyPassword != null)? pkcs12UserKeyPassword: keyPassword); log.debug( "Credentials loaded succesfully." ); return; }catch(VOMSException e){ log.debug ("Error parsing credentials from "+pkcs12File+":"+e.getMessage()); if (log.isDebugEnabled()) log.debug(e.getMessage(),e); } } log.debug( "Looking for pkcs12 certificate in "+ System.getProperty( "user.home" )+File.separator+".globus"+File.separator+"usercert.p12"); File pkcs12File = null; try { pkcs12File = new File(System.getProperty( "user.home" )+File.separator+".globus" +File.separator+"usercert.p12"); loadPKCS12Credentials( pkcs12File, (pkcs12UserKeyPassword != null)? pkcs12UserKeyPassword: keyPassword); log.debug( "Credentials loaded succesfully." ); return; }catch(VOMSException e){ log.debug ("Error parsing credentials from "+pkcs12File+":"+e.getMessage()); if (log.isDebugEnabled()) log.debug(e.getMessage(),e); } throw new VOMSException("No user credentials found!"); } private UserCredentials(String userCertFile, String userKeyFile, String keyPassword){ loadCredentials( new File(userCertFile), new File(userKeyFile), keyPassword); } /** * Static instance constructor for a {@link UserCredentials}. * This method should be used with credentials whose private key is not encrypted. * * The current implementation looks for user credentials in the following places (in sequence): * *
    *
  • If the X509_USER_CERT and X509_USER_KEY system * properties are set, their values are used to load the user credentials *
    • * *
  • If the PKCS12_USER_CERT system property is set, its value is used to * load the user credentials. *
    • * *
  • The content of the .globus directory in the user's home is searched for a PEM certificate (in the * usercert.pem and userkey.pem files). *
    • * *
  • The content of the .globus directory in the user's home is searched for a PKC12 certificate (in the * usercert.p12 file). *
    • *
* * @return the loaded user credentials. * * @throws VOMSException * if there is an error loading the user credentials. */ public static UserCredentials instance(){ return new UserCredentials((String)null); } /** * Static instance constructor for a {@link UserCredentials}. * For more info on the user credentials load procedure, see {@link #instance()}. * * @param keyPassword the password that is to be used to decrypt the user private key. * @return the loaded user credentials. * * @throws VOMSException * if there is an error loading the user credentials. */ public static UserCredentials instance(String keyPassword){ return new UserCredentials(keyPassword); } /** * Static instance constructor for a {@link UserCredentials}. * * This methods allows a user to bypass the default credentials search procedure (highlighted {@link #instance() here}), * by specifying the path to a PEM X509 user cert and private key. * * @param userCertFile the path to the PEM X509 user certificate. * @param userKeyFile the path to the PEM X509 private key. * @param keyPassword the password that is to be used to decrypt the user private key. * @return the loaded user credentials. * * @throws VOMSException * if there is an error loading the user credentials. * */ public static UserCredentials instance(String userCertFile, String userKeyFile, String keyPassword){ return new UserCredentials(userCertFile, userKeyFile, keyPassword); } /** * Static instance constructor for a {@link UserCredentials}. * * This methods allows a user to bypass the default credentials search procedure (highlighted {@link #instance() here}), * by specifying the path to a PEM X509 user cert and private key. * * @param userCertFile the path to the PEM X509 user certificate. * @param userKeyFile the path to the PEM X509 private key. * @return the loaded user credentials. * * @throws VOMSException * if there is an error loading the user credentials. * */ public static UserCredentials instance(String userCertFile, String userKeyFile){ return UserCredentials.instance(userCertFile, userKeyFile, null); } /** * Static instance constructor for a {@link UserCredentials}. * * This methods allows a user to bypass the default credentials search procedure (highlighted {@link #instance() here}), * by specifying the path to a PEM X509 user cert and private key. * * @param credentials the GlobusCredentials object containing the user's own proxy * @return the loaded user credentials. * * @throws VOMSException * if there is an error loading the user credentials. * */ public static UserCredentials instance(UserCredentials credentials) { return new UserCredentials(credentials); } public static UserCredentials instance(PrivateKey key, X509Certificate[] certs) { return new UserCredentials(key, certs); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSDecoder.java000066400000000000000000000102561207402625500263000ustar00rootroot00000000000000/********************************************************************* * * Authors: * * Gidon Moont - g.moont@imperial.ac.uk * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; // Gidon Moont // Imperial College London // Copyright (C) April 2006 // Voms uses a non-standard Base-64 algorithm. Hmmm... import org.bouncycastle.util.encoders.Base64; /** * * This class implements a decoder for the non-standard Base-64 algorithm used * by voms. * * * @author Gidon Moont * @author Vincenzo Ciaschini * */ public class VOMSDecoder { // matrix out of src/common/xml.c private static int[] decodemapint = new int[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 0, 0, 0, 0, 0, 0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 62, 0, 63, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0 } ; private static byte[] decodemapbyte = new byte[128] ; static { for( int i = 0 ; i < 128 ; i++ ) { decodemapbyte[i] = (byte)decodemapint[i] ; } } public static byte[] decode( String s) { if (s.indexOf('\n') != -1) { return Base64.decode(s.trim().replaceAll("\n","")); } else return mydecode(s); } private static byte[] mydecode( String s ) { char[] in = s.toCharArray() ; int iLen = in.length ; // cuts off end - do I need this? // while (iLen > 0 && in[iLen-1] == '=') iLen--; int oLen = (iLen*3) / 4 ; byte[] out = new byte[oLen] ; int ip = 0; int op = 0; while( ip < iLen ) { int i0 = in[ip++]; int i1 = in[ip++]; int i2 = ip < iLen ? in[ip++] : 'A'; int i3 = ip < iLen ? in[ip++] : 'A'; if (i0 > 127 || i1 > 127 || i2 > 127 || i3 > 127) throw new IllegalArgumentException ("Illegal character in Base64 encoded data."); int b0 = decodemapbyte[i0]; int b1 = decodemapbyte[i1]; int b2 = decodemapbyte[i2]; int b3 = decodemapbyte[i3]; if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0) throw new IllegalArgumentException ("Illegal character in Base64 encoded data."); // ???????????? int o0 = ( b0 <<2) | (b1>>>4); int o1 = ((b1 & 0xf)<<4) | (b2>>>2); int o2 = ((b2 & 3)<<6) | b3; out[op++] = (byte)o0; if (op *
  • if the GLITE_LOCATION system property is set, the $GLITE_LOCATION/etc/vomses path is added * to the search path. *
    • *
  • if the VOMSES_LOCATION system propery is set, its value its interpreted as a colon (:) separated list of paths * that are added to the search path. *
    • *
  • if the ${user.home}/.globus/vomses file or directory is set, it is added to the search path.
    • *
  • if the ${user.home}/.glite/vomses file or directory is set, it is added to the search path.
    • * * * @author Andrea Ceccanti * */ public class VOMSESFileParser { private static final Logger log = Logger.getLogger( VOMSESFileParser.class ); private static final String splitSyntax = "\\x22[^\\x22]\\x22"; private static final List vomsesPaths; static { String gliteLoc = System.getProperty( "GLITE_LOCATION", null ); String vomsesLoc = System.getProperty( "VOMSES_LOCATION", null ); List list = new ArrayList(); File defaultLocFile = new File( File.separator + "etc" + File.separator + "vomses" ); if ( defaultLocFile.exists() ) list.add( defaultLocFile ); if ( gliteLoc != null ) { File gliteLocFile = new File( gliteLoc + File.separator + "etc" + File.separator + "vomses" ); if ( gliteLocFile.exists() ) list.add( gliteLocFile ); } if ( vomsesLoc != null ) { String[] userLocations = vomsesLoc.split( ":" ); for ( int i = 0; i < userLocations.length; i++ ) { File vomsesLocFile = new File( userLocations[i] + File.separator + "vomses" ); if ( vomsesLocFile.exists() ) list.add( vomsesLocFile ); } } File globusVomses = new File( System.getProperty( "user.home" ) + File.separator + ".globus" + File.separator + "vomses" ); if ( globusVomses.exists() ) list.add( globusVomses ); File gliteVomses = new File( System.getProperty( "user.home" ) + File.separator + ".glite" + File.separator + "vomses" ); if ( gliteVomses.exists() ) list.add( gliteVomses ); File vomsVomses = new File( System.getProperty( "user.home" ) + File.separator + ".voms" + File.separator + "vomses" ); if ( vomsVomses.exists() ) { list.add( vomsVomses ); } vomsesPaths = list; } private VOMSESFileParser() { } private String fixQuotes( String s ) { if ( s.startsWith( "\"" ) ) s = s.substring( 1 ); if ( s.endsWith( "\"" ) ) s = s.substring( 0, s.length() - 1 ); return s; } private String[] splitLine( String line ) { String tokens[] = line.split( splitSyntax ); for ( int i = 0; i < tokens.length; i++ ) tokens[i] = fixQuotes( tokens[i] ); return tokens; } private VOMSServerMap parseDir( File vomsesDir ) throws IOException { File[] allFiles = vomsesDir.listFiles(); VOMSServerMap result = new VOMSServerMap(); log.debug( "Parsing vomses dir:" + vomsesDir ); for ( int i = 0; i < allFiles.length; i++ ) result.merge( parse( allFiles[i] ) ); return result; } VOMSServerMap parse( String fileName ) throws IOException { return parse( new File( fileName ) ); } private VOMSServerMap parse( File vomsesFile ) throws IOException { BufferedReader reader = null; VOMSServerMap result = new VOMSServerMap(); if ( vomsesFile.isDirectory() ) return parseDir( vomsesFile ); try { reader = new BufferedReader( new InputStreamReader( new FileInputStream( vomsesFile ) ) ); } catch ( FileNotFoundException e ) { log.error( "Error opening vomses file '" + vomsesFile.getAbsolutePath() + "': " + e.getMessage() ); if ( log.isDebugEnabled() ) log.error( e.getMessage(), e ); throw e; } log.debug( "Parsing vomses file: " + vomsesFile.getAbsolutePath() ); String line; while ( ( line = reader.readLine() ) != null ) { // Ignore comments if ( line.startsWith( "#" ) ) continue; // skip empty lines if ( line.matches( "\\s*$" ) ) continue; String[] tokens = splitLine( line.trim() ); if ( tokens.length < 5 || tokens.length > 6 ) throw new VOMSException( "Syntax error on vomses file!" ); result.add( VOMSServerInfo.fromStringArray( tokens ) ); } return result; } /** * This method is used to build a {@link VOMSServerMap} object starting from * vomses configuration files or directories. * * * @return a {@link VOMSServerMap} object that reflects vomses configuration files. * @throws IOException * if a parsing error occurs, or no vomses file is found. * */ public VOMSServerMap buildServerMap() throws IOException { Iterator i = vomsesPaths.iterator(); if ( log.isDebugEnabled() ) { String locations = StringUtils.join( vomsesPaths.iterator(), "," ); log.debug( "Known vomses files: " + locations ); } VOMSServerMap result = new VOMSServerMap(); while ( i.hasNext() ) { result.merge( parse( (File) i.next() ) ); } return result; } /** * @return a new instance of {@link VOMSESFileParser}. */ public static VOMSESFileParser instance() { return new VOMSESFileParser(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSErrorMessage.java000066400000000000000000000031201207402625500273210ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSErrorMessage extends VOMSMessage { public VOMSErrorMessage(int code, String message){ super(code, message); } public String toString() { return "voms error "+code+": "+message; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSException.java000066400000000000000000000030301207402625500266610ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /** * * @author Andrea Ceccanti * */ public class VOMSException extends RuntimeException { /** * */ private static final long serialVersionUID = 1L; public VOMSException( String message ) { super( message ); } public VOMSException( String message, Throwable t ) { super( message, t ); } public VOMSException( Throwable t ) { super( t.getMessage(), t ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSMessage.java000066400000000000000000000036101207402625500263130ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea CEccanti * */ public class VOMSMessage { int code; String message; public int getCode() { return code; } public void setCode( int code ) { this.code = code; } public String getMessage() { return message; } public void setMessage( String message ) { this.message = message; } public VOMSMessage(int code, String message){ this.code = code; this.message = message; } public String toString() { return "voms message "+code+": "+message; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSParser.java000066400000000000000000000065231207402625500261710ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.IOException; import java.io.InputStream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.log4j.Logger; import org.xml.sax.SAXException; /** * * This class implements the XML parsing of responses produced by VOMS servers. * * @author Andrea Ceccanti * */ public class VOMSParser { private static Logger log = Logger.getLogger( VOMSParser.class ); protected DocumentBuilder docBuilder; private VOMSParser(){ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments( true ); factory.setNamespaceAware( false ); factory.setValidating( false ); try { docBuilder = factory.newDocumentBuilder(); } catch ( ParserConfigurationException e ) { log.fatal( "Error configuring DOM document builder." ); if (log.isDebugEnabled()){ log.debug( e.getMessage(), e ); } throw new VOMSException(e.getMessage(),e); } } /** * * Parses a voms response reading from a given input stream. * @param is the input stream. * @return a {@link VOMSResponse} object that represents the parsed response. */ public VOMSResponse parseResponse(InputStream is){ try { return new VOMSResponse(docBuilder.parse( is )); } catch ( SAXException e ) { log.error( "Error parsing voms server response:" +e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } catch ( IOException e ) { log.error( "I/O error reading voms server response:" +e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } } /** * @return a new VOMSParser instance. */ public static VOMSParser instance(){ return new VOMSParser(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSProtocol.java000066400000000000000000000130211207402625500265250ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.StringWriter; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.apache.log4j.Logger; import org.w3c.dom.Document; /** * This class manages the client-side communication protocol with the VOMS server. * * @author Andrea Ceccanti * */ public class VOMSProtocol { private static final Logger log = Logger.getLogger(VOMSProtocol.class); private VOMSRequestFactory requestFactory = VOMSRequestFactory.instance(); private TransformerFactory transformerFactory; private VOMSParser parser = VOMSParser.instance(); private VOMSProtocol(){ transformerFactory = TransformerFactory.newInstance(); } public static VOMSProtocol instance() { return new VOMSProtocol(); } protected String xmlDocAsString(Document doc){ Transformer transformer; try { transformer = transformerFactory.newTransformer(); } catch ( TransformerConfigurationException e ) { log.error("Error creating XML transformer:"+e.getMessage()); if (log.isDebugEnabled()) log.error( e.getMessage(),e ); throw new VOMSException("Error creating XML transformer:", e); } StringWriter writer = new StringWriter(); DOMSource source = new DOMSource( doc ); StreamResult res = new StreamResult(writer); try { transformer.transform( source, res ); } catch ( TransformerException e ) { log.error("Error caught serializing XML :"+e.getMessage()); if (log.isDebugEnabled()) log.error( e.getMessage(),e ); throw new VOMSException("Error caugh serializing XML :", e); } writer.flush(); return writer.toString(); } /** * * This method is used to send a request to a VOMS server. * * @param requestOptions the request options. See {@link VOMSRequestOptions}. * @param stream an output stream. */ public void sendRequest(VOMSRequestOptions requestOptions, OutputStream stream){ Document request = requestFactory.buildRequest( requestOptions ); if (log.isDebugEnabled()) log.debug( "Voms request:\n"+ xmlDocAsString( request )); Transformer transformer; try { transformer = transformerFactory.newTransformer(); } catch ( TransformerConfigurationException e ) { log.error("Error creating XML transformer:"+e.getMessage()); if (log.isDebugEnabled()) log.error( e.getMessage(),e ); throw new VOMSException("Error creating XML transformer:", e); } DOMSource source = new DOMSource( request ); StreamResult res = new StreamResult(stream ); try { transformer.transform( source, res); stream.flush(); } catch ( TransformerException e ) { log.error("XML request serialization error! "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("XML request serialization error! "+e.getMessage(),e); } catch ( IOException e ) { log.error( e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("XML request serialization error! "+e.getMessage(),e); } } /** * This method is used to parse a VOMS response from an input stream. * * @param stream the input stream from which the response will be parsed. * @return a {@link VOMSResponse} object. */ public VOMSResponse getResponse(InputStream stream){ return parser.parseResponse( stream ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSProxyBuilder.java000066400000000000000000000420351207402625500273630ustar00rootroot00000000000000/********************************************************************* * * Authors: * * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Uses some code originally developed by: * Gidon Moont - g.moont@imperial.ac.uk * Joni Hahkala - joni.hahkala@cern.ch * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* This file is licensed under the terms of the Globus Toolkit Public License, found at http://www.globus.org/toolkit/download/license.html. */ package org.glite.voms.contact; import java.io.ByteArrayInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStream; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SignatureException; import java.security.InvalidKeyException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.KeyPairGenerator; import java.security.KeyPair; import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.List; import java.util.HashMap; import java.util.Enumeration; import java.util.Random; import java.util.Calendar; import java.util.GregorianCalendar; import java.util.TimeZone; import java.math.BigInteger; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.x509.X509V3CertificateGenerator; import org.glite.voms.ac.AttributeCertificate; class ExtensionData { String oid; DERObject obj; boolean critical; public static ExtensionData creator(String oid, boolean critical, DERObject obj) { ExtensionData ed = new ExtensionData(); ed.obj = obj; ed.oid = oid; ed.critical = critical; return ed; } public static ExtensionData creator(String oid, DERObject obj) { ExtensionData ed = new ExtensionData(); ed.obj = obj; ed.oid = oid; ed.critical = false; return ed; } public String getOID() { return oid; } public DERObject getObj() { return obj; } public boolean getCritical() { return critical; } } /** * * This class implements VOMS X509 proxy certificates creation. * * @author Andrea Ceccanti * */ public class VOMSProxyBuilder { private static final Logger log = Logger.getLogger( VOMSProxyBuilder.class ); public static final int GT2_PROXY = 2; public static final int GT3_PROXY = 3; public static final int GT4_PROXY = 4; public static final int DEFAULT_PROXY_TYPE = GT2_PROXY; public static final int DEFAULT_DELEGATION_TYPE = VOMSProxyConstants.DELEGATION_FULL; public static final int DEFAULT_PROXY_LIFETIME = 86400; private static final String PROXY_CERT_INFO_V3_OID = "1.3.6.1.4.1.3536.1.222"; private static final String PROXY_CERT_INFO_V4_OID = "1.3.6.1.5.5.7.1.14"; /** * * This methods builds an {@link AttributeCertificate} (AC) object starting from an array of bytes. * * @param acBytes the byte array containing the attribute certificate. * @return the {@link AttributeCertificate} object * @throws VOMSException in case of parsing errors. */ public static AttributeCertificate buildAC(byte[] acBytes){ ByteArrayInputStream bai = new ByteArrayInputStream(acBytes); try { return AttributeCertificate.getInstance( bai ); } catch ( IOException e ) { log.error("Error parsing attribute certificate:"+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } } /** * * This method is used to create a VOMS proxy starting from the {@link UserCredentials} * passed as arguments and including a list of {@link AttributeCertificate} objects that * will be included in the proxy. * * @param cred the {@link UserCredentials} from which the proxy must be created. * @param ACs the list of {@link AttributeCertificate} objects. * @param lifetime the lifetime in seconds of the generated proxy. * @param gtVersion the version of globus to which the proxy conforms * @return a {@link UserCredentials} object that represents the proxy. * @throws VOMSException if something goes wrong. * * @author Vincenzo Ciaschini * @author Andrea Ceccanti * * */ public static UserCredentials buildProxy( UserCredentials cred, List ACs, int lifetime, int gtVersion, int delegType, String policyType) { return buildProxy(cred, ACs, lifetime, gtVersion, delegType, policyType, 1024); } public static UserCredentials buildProxy( UserCredentials cred, List ACs, int lifetime, int gtVersion, int delegType, String policyType, int bits) { if (ACs.isEmpty()) throw new VOMSException("Please specify a non-empty list of attribute certificate to build a voms-proxy."); Iterator i = ACs.iterator(); ASN1EncodableVector acVector = new ASN1EncodableVector(); while (i.hasNext()) acVector.add( (AttributeCertificate)i.next() ); HashMap extensions = new HashMap(); if (!ACs.isEmpty()) { DERSequence seqac = new DERSequence( acVector ); DERSequence seqacwrap = new DERSequence( seqac ); extensions.put("1.3.6.1.4.1.8005.100.100.5", ExtensionData.creator("1.3.6.1.4.1.8005.100.100.5", seqacwrap)); } KeyUsage keyUsage = new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment ); extensions.put("2.5.29.15", ExtensionData.creator("2.5.29.15", true, keyUsage.getDERObject())); return myCreateCredential( cred.getUserChain(), cred.getUserKey(), bits, lifetime, delegType, gtVersion, extensions, policyType ); } public static UserCredentials buildProxy(UserCredentials cred, int lifetime, int proxy_type) { return buildProxy(cred, lifetime, proxy_type, 1024); } public static UserCredentials buildProxy(UserCredentials cred, int lifetime, int proxy_type, int bits) { return myCreateCredential(cred.getUserChain(), cred.getUserKey(), bits, lifetime, proxy_type, GT2_PROXY, new HashMap(), ""); } private static UserCredentials myCreateCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, int gtVersion, HashMap extensions, String policyType) { KeyPairGenerator keys = null; try { keys = KeyPairGenerator.getInstance("RSA", "BC"); } catch (NoSuchAlgorithmException e) { log.error("Error activating bouncycastle: "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e.getMessage(),e.getCause()); } catch (NoSuchProviderException e) { log.error("Error activating bouncycastle: "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e.getMessage(),e.getCause()); } keys.initialize(bits); KeyPair pair = keys.genKeyPair(); X509Certificate proxy = myCreateProxyCertificate(certs[0], privateKey, pair.getPublic(), lifetime, delegationMode, gtVersion, extensions, policyType); X509Certificate[] newCerts = new X509Certificate[certs.length+1]; newCerts[0] = proxy; System.arraycopy(certs, 0, newCerts, 1, certs.length); if (log.isDebugEnabled()) { for (int i =0; i < newCerts.length; i++) log.debug("CERT["+i+"] IS: " +newCerts[i].getSubjectDN()); } return UserCredentials.instance(pair.getPrivate(), newCerts); } private static X509Certificate myCreateProxyCertificate(X509Certificate cert, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int delegationMode, int gtVersion, HashMap extensions, String policyType) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); String cnValue = null; ProxyPolicy policy = null; BigInteger serialNum = null; if (issuerKey == null) { log.error("Passed issuer key is null"); throw new VOMSException("Passed issuerKey is null!"); } switch (gtVersion) { case GT2_PROXY: serialNum = cert.getSerialNumber(); switch (delegationMode) { case VOMSProxyConstants.DELEGATION_LIMITED: cnValue="limited proxy"; break; case VOMSProxyConstants.DELEGATION_FULL: cnValue="proxy"; break; default: break; } break; case GT3_PROXY: case GT4_PROXY: Random rand = new Random(); int number = Math.abs(rand.nextInt(Integer.MAX_VALUE)); cnValue = String.valueOf(number); serialNum = new BigInteger(String.valueOf(number)); ExtensionData data = (ExtensionData)extensions.get(PROXY_CERT_INFO_V3_OID); if (data == null) { if (policyType == null ) { switch (delegationMode) { case VOMSProxyConstants.DELEGATION_LIMITED: case VOMSProxyConstants.GSI_2_LIMITED_PROXY: case VOMSProxyConstants.GSI_3_LIMITED_PROXY: policy = new ProxyPolicy(ProxyPolicy.LIMITED); break; case VOMSProxyConstants.DELEGATION_FULL: case VOMSProxyConstants.GSI_2_PROXY: case VOMSProxyConstants.GSI_3_IMPERSONATION_PROXY: policy = new ProxyPolicy(ProxyPolicy.IMPERSONATION); break; case VOMSProxyConstants.GSI_3_RESTRICTED_PROXY: throw new IllegalArgumentException("Restricted proxy requires ProxyCertInfo"); case VOMSProxyConstants.GSI_3_INDEPENDENT_PROXY: policy = new ProxyPolicy(ProxyPolicy.INDEPENDENT); break; default: throw new IllegalArgumentException("Invalid proxyType"); } } else { try { policy = new ProxyPolicy(new DERObjectIdentifier(policyType)); } catch (IllegalArgumentException e) { throw new VOMSException("OID required as policyType"); } } if (gtVersion == GT3_PROXY) extensions.put(PROXY_CERT_INFO_V3_OID, ExtensionData.creator(PROXY_CERT_INFO_V3_OID, new MyProxyCertInfo(policy, gtVersion).getDERObject())); else extensions.put(PROXY_CERT_INFO_V4_OID, ExtensionData.creator(PROXY_CERT_INFO_V4_OID, true, new MyProxyCertInfo(policy, gtVersion).getDERObject())); } } if (cnValue == null) throw new IllegalArgumentException("Type of delegation unspecified"); ExtensionData[] exts = (ExtensionData[])extensions.values().toArray(new ExtensionData[] {}); for (int i = 0; i < exts.length; i++) certGen.addExtension(exts[i].getOID(), exts[i].getCritical(), exts[i].getObj()); /* Workaround for bouncycastle inadequacies. */ /* Shamelessly taken from Joni's code. */ X509Name issuerDN = (X509Name)cert.getSubjectDN(); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(X509Name.CN); vec.add(new DERPrintableString(cnValue)); Enumeration DNComponents = ((ASN1Sequence)issuerDN.getDERObject()).getObjects(); ASN1EncodableVector subject = new ASN1EncodableVector(); while (DNComponents.hasMoreElements()) subject.add(((DERObject)DNComponents.nextElement())); subject.add(new DERSet(new DERSequence(vec))); X509Name subjectDN = new X509Name(new DERSequence(subject)); certGen.setSubjectDN(subjectDN); certGen.setIssuerDN(issuerDN); certGen.setSerialNumber(serialNum); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(cert.getSigAlgName()); GregorianCalendar date = new GregorianCalendar(TimeZone.getTimeZone("GMT")); /* Allow for a five minute clock skew here. */ date.add(Calendar.MINUTE, -5); certGen.setNotBefore(date.getTime()); /* If hours == 0, then cert lifetime is set to user cert */ if (lifetime <= 0) { certGen.setNotAfter(cert.getNotAfter()); } else { date.add(Calendar.MINUTE, 5); date.add(Calendar.SECOND, lifetime); certGen.setNotAfter(date.getTime()); } try { return certGen.generateX509Certificate(issuerKey); } catch (SignatureException e) { log.error("Error creating proxy: "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } catch (InvalidKeyException e) { log.error("Error creating proxy: "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } } /** * This method is write a globus proxy to an output stream. * * @param cred * @param os */ public static void saveProxy( UserCredentials cred, OutputStream os ) { try { cred.save( os ); } catch ( IOException e ) { log.error("Error saving generated proxy: "+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error saving generated proxy: "+ e.getMessage(), e); } } /** * This method saves a globus proxy to a file. * * @param cred * @param filename * @throws FileNotFoundException */ public static void saveProxy( UserCredentials cred, String filename ) throws FileNotFoundException { saveProxy( cred, new FileOutputStream( filename ) ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSProxyConstants.java000066400000000000000000000032421207402625500277460ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /* * See org.globus.gsi.GSIConstants dor the original values of these. */ public class VOMSProxyConstants { public static final int DELEGATION_FULL = 0; public static final int DELEGATION_LIMITED = 1; public static final int GSI_2_LIMITED_PROXY = 2; public static final int GSI_3_LIMITED_PROXY = 3; public static final int GSI_2_PROXY = 4; public static final int GSI_3_IMPERSONATION_PROXY = 5; public static final int GSI_3_RESTRICTED_PROXY = 6; public static final int GSI_3_INDEPENDENT_PROXY = 7; public static final int DELEGATION_NONE = 8; }; voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSProxyInit.java000066400000000000000000000526401207402625500267030ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.text.ParseException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Set; import java.security.Security; import java.security.SecureRandom; import java.security.Principal; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import org.apache.log4j.Logger; import org.glite.voms.PKIVerifier; import org.glite.voms.PKIUtils; import org.glite.voms.ac.AttributeCertificate; import java.net.HttpURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLPeerUnverifiedException; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.net.URL; import org.bouncycastle.jce.provider.BouncyCastleProvider; /** * * This class implements the voms-proxy-init functionality. * * @author Andrea Ceccanti * */ public class VOMSProxyInit { private static final Logger log = Logger.getLogger( VOMSProxyInit.class ); private static VOMSProxyInit instance; private VOMSServerMap serverMap; private UserCredentials userCredentials; private VOMSProtocol protocol = VOMSProtocol.instance(); private String proxyOutputFile = File.separator+"tmp"+File.separator+"x509up_u_"+System.getProperty( "user.name" ); private int proxyLifetime = VOMSProxyBuilder.DEFAULT_PROXY_LIFETIME; private int proxyType = VOMSProxyBuilder.DEFAULT_PROXY_TYPE; private int delegationType = VOMSProxyBuilder.DEFAULT_DELEGATION_TYPE; private String policyType = null; private int bits = 1024; private VOMSWarningMessage[] warnings = null; static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } public VOMSProxyInit(String privateKeyPassword){ try { serverMap = VOMSESFileParser.instance().buildServerMap(); userCredentials = UserCredentials.instance(privateKeyPassword); } catch ( IOException e ) { log.error( "Error parsing vomses files: "+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } } private VOMSProxyInit(UserCredentials credentials) { if (credentials == null) throw new VOMSException("Unable to find GlobusCredentials!"); userCredentials = credentials; try { serverMap = VOMSESFileParser.instance().buildServerMap(); } catch ( IOException e ) { log.error( "Error parsing vomses files: "+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException(e); } } public static VOMSProxyInit instance(String privateKeyPassword){ return new VOMSProxyInit(privateKeyPassword); } public static VOMSProxyInit instance(){ return new VOMSProxyInit((String)null); } public static VOMSProxyInit instance(UserCredentials credentials) { return new VOMSProxyInit(credentials); } public void addVomsServer(VOMSServerInfo info){ serverMap.add( info ); } public synchronized AttributeCertificate getVomsAC(VOMSRequestOptions requestOptions){ warnings = null; if (requestOptions.getVoName() == null) throw new VOMSException("Please specify a vo name to create a voms ac."); Set servers = serverMap.get( requestOptions.getVoName()); if (servers == null) throw new VOMSException("Unknown VO '"+requestOptions.getVoName()+"'. Check the VO name or your vomses configuration files."); Iterator serverIter = servers.iterator(); while(serverIter.hasNext()){ VOMSServerInfo serverInfo = (VOMSServerInfo) serverIter.next(); try{ VOMSResponse response = contactServer( serverInfo, requestOptions ); if (!response.hasErrors()){ log.debug("No errors"); if (response.hasWarnings()) logAndSetWarningMessages(response); AttributeCertificate ac = VOMSProxyBuilder.buildAC(response.getAC()); log.info( "Got AC from VOMS server "+serverInfo.compactString() ); if (log.isDebugEnabled()){ try { log.debug( "AC validity period:\nNotBefore:"+ac.getNotBefore()+"\nNotAfter:"+ac.getNotAfter() ); } catch ( ParseException e ) { log.error( e.getMessage(),e ); e.printStackTrace(); } } return ac; } log.error( "Got error response from VOMS server "+serverInfo.compactString() ); logErrorMessages( response ); }catch(VOMSException e){ log.error(e.getMessage()); if (log.isDebugEnabled()){ log.error(e.getMessage(),e); } if (serverIter.hasNext()) continue; throw(e); } } return null; } public synchronized String getVomsData(VOMSRequestOptions requestOptions){ warnings = null; if (requestOptions.getVoName() == null) throw new VOMSException("Please specify a vo name to create a voms ac."); Set servers = serverMap.get( requestOptions.getVoName()); if (servers == null) throw new VOMSException("Unknown VO '"+requestOptions.getVoName()+"'. Check the VO name or your vomses configuration files."); Iterator serverIter = servers.iterator(); while(serverIter.hasNext()){ VOMSServerInfo serverInfo = (VOMSServerInfo) serverIter.next(); try{ VOMSResponse response = contactServer( serverInfo, requestOptions ); if (!response.hasErrors()){ if (response.hasWarnings()) logAndSetWarningMessages(response); byte[] data = response.getData(); if (data != null) { log.info( "Got Data from VOMS server "+Arrays.toString(data) ); return new String(data); } else { if (requestOptions.isRequestList()) { // List requests used to put the output in the field. AttributeCertificate ac = VOMSProxyBuilder.buildAC(response.getAC()); if (ac != null) { List fqans = ac.getFullyQualifiedAttributes(); StringBuilder result = new StringBuilder(); if (fqans != null) { for (int i =0; i < fqans.size(); i++) { result.append((String)(fqans.get(i))); result.append("\n"); } } return result.toString(); } else return null; } else return null; } } log.error( "Got error response from VOMS server "+serverInfo.compactString() ); logErrorMessages( response ); }catch(VOMSException e){ log.error(e.getMessage()); if (log.isDebugEnabled()){ log.error(e.getMessage(),e); } if (serverIter.hasNext()) continue; throw(e); } } return null; } public void validateACs(List ACs){ if (ACs.isEmpty()) throw new VOMSException("Cannot validate an empty list of Attribute Certificates!"); log.debug("AC Validation started at: "+ new Date( )); PKIVerifier verifier; try { verifier = new PKIVerifier(); } catch ( Exception e ) { log.error("Error instantiating PKIVerifier: "+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error instantiating PKIVerifier: "+e.getMessage(),e); } Iterator i = ACs.iterator(); while(i.hasNext()){ AttributeCertificate ac = (AttributeCertificate)i.next(); if (!verifier.verify( ac )) i.remove(); } log.debug("AC Validation ended at: "+ new Date( )); } public synchronized UserCredentials getVomsProxy(){ return getVomsProxy( null ); } protected UserCredentials getGridProxy() { UserCredentials proxy = VOMSProxyBuilder.buildProxy( userCredentials, proxyLifetime, proxyType, bits); warnings = null; try{ saveProxy( proxy ); return proxy; }catch ( FileNotFoundException e ) { log.error("Error saving proxy to file "+proxyOutputFile+":"+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error saving proxy to file "+proxyOutputFile+":"+e.getMessage(),e); } } public synchronized UserCredentials getVomsProxy(Collection listOfReqOptions) { if (listOfReqOptions == null) return getGridProxy(); if (listOfReqOptions.isEmpty()) throw new VOMSException("No request options specified!"); Iterator i = listOfReqOptions.iterator(); List ACs = new ArrayList(); warnings = null; while (i.hasNext()){ VOMSRequestOptions options = (VOMSRequestOptions)i.next(); if (options.getVoName() == null) throw new VOMSException("Please specify a vo name to create a voms proxy."); AttributeCertificate ac = getVomsAC( options ); ACs.add(ac); } validateACs( ACs ); if (ACs.isEmpty()) throw new VOMSException("AC validation failed!"); log.info( "ACs validation succeded." ); UserCredentials proxy = VOMSProxyBuilder.buildProxy( userCredentials, ACs, proxyLifetime, proxyType, delegationType, policyType, this.bits); try { saveProxy( proxy ); return proxy; } catch ( FileNotFoundException e ) { log.error("Error saving proxy to file "+proxyOutputFile+":"+e.getMessage()); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error saving proxy to file "+proxyOutputFile+":"+e.getMessage(),e); } } private void saveProxy(UserCredentials credential) throws FileNotFoundException{ if (proxyOutputFile != null){ VOMSProxyBuilder.saveProxy( credential, proxyOutputFile ); log.info( "Proxy saved in :"+proxyOutputFile); } } private void logErrorMessages(VOMSResponse response){ VOMSErrorMessage[] msgs = response.errorMessages(); for ( int i = 0; i < msgs.length; i++ ) { log.error(msgs[i]); } } private void logAndSetWarningMessages(VOMSResponse response){ VOMSWarningMessage[] msgs = response.warningMessages(); setWarnings(msgs); for ( int i = 0; i < msgs.length; i++ ) { log.warn(msgs[i]); } } private void setWarnings(VOMSWarningMessage[] msgs) { warnings = msgs; } public boolean hasWarnings() { return warnings != null; } public VOMSWarningMessage[] getWarnings() { return warnings; } private VOMSResponse contactServerREST(VOMSServerInfo sInfo, VOMSRequestOptions reqOptions) { String url = "https://" + sInfo.getHostName() + ":" + sInfo.getPort() + VOMSRequestFactory.instance().buildRESTRequest(reqOptions); VOMSSocket socket; VOMSResponse resp = null; log.debug("Final URL is: " + url); int gridProxyType = sInfo.getGlobusVersionAsInt(); if (gridProxyType > 0) socket = VOMSSocket.instance( userCredentials, sInfo.getHostDn(), gridProxyType ); else socket = VOMSSocket.instance( userCredentials, sInfo.getHostDn()); HttpsURLConnection conn = null; try { SSLSocketFactory factory = socket.getFactory(); URL vomsUrl = new URL(url); conn = (HttpsURLConnection) vomsUrl.openConnection(); conn.setSSLSocketFactory(factory); HostnameVerifier v = conn.getDefaultHostnameVerifier(); conn.setHostnameVerifier(new GSIVerifier(v, sInfo.getHostDn())); conn.connect(); Object o = conn.getContent(); resp = VOMSParser.instance().parseResponse((InputStream)o); } catch ( Exception e ) { log.error( "Error connecting to "+sInfo.compactString()+":"+e.getMessage() ); try { log.error("Error code is: " + conn.getResponseCode()); // if (conn.getResponseCode() == HttpURLConnection.HTTP_INTERNAL_ERROR) { InputStream is = conn.getErrorStream(); resp = VOMSParser.instance().parseResponse(is); return resp; // } } catch (Exception ex) { if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error connecting to "+sInfo.compactString()+":"+ex.getMessage() ,ex); } // if (log.isDebugEnabled()) // log.error(e.getMessage(),e); // throw new VOMSException("Error connecting to "+sInfo.compactString()+":"+e.getMessage() ,e); } return resp; } protected VOMSResponse contactServer(VOMSServerInfo sInfo, VOMSRequestOptions reqOptions) { log.info("Contacting server "+sInfo.compactString() ); VOMSSocket socket; VOMSResponse resp = contactServerREST(sInfo, reqOptions); if (resp != null) { return resp; } int gridProxyType = sInfo.getGlobusVersionAsInt(); if (gridProxyType > 0) socket = VOMSSocket.instance( userCredentials, sInfo.getHostDn(), gridProxyType ); else socket = VOMSSocket.instance( userCredentials, sInfo.getHostDn()); try { socket.connect( sInfo.getHostName(), sInfo.getPort()); } catch ( Exception e ) { log.error( "Error connecting to "+sInfo.compactString()+":"+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error connecting to "+sInfo.compactString()+":"+e.getMessage() ,e); } VOMSResponse response; try { // re-set the reqOptions voName property to be the true voName recorded by the // sInfo object (the reqOptions voName could actually be an alias rather than // the true vo name). reqOptions.setVoName(sInfo.getVoName()); protocol.sendRequest( reqOptions, socket.getOutputStream()); response = protocol.getResponse( socket.getInputStream() ); socket.close(); } catch ( IOException e ) { log.error( "Error communicating with server "+sInfo.getHostName()+":"+sInfo.getPort()+":"+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw new VOMSException("Error communicating with server "+sInfo.getHostName()+":"+sInfo.getPort()+":"+e.getMessage(),e); } return response; } public String getProxyOutputFile() { return proxyOutputFile; } public void setProxyOutputFile( String proxyOutputFile ) { this.proxyOutputFile = proxyOutputFile; } public int getProxyLifetime() { return proxyLifetime; } public void setProxyLifetime( int proxyLifetime ) { this.proxyLifetime = proxyLifetime; } public int getProxyType() { return proxyType; } public void setProxyType( int proxyType ) { this.proxyType = proxyType; } public int getProxyKeySize() { return bits; } public void setProxyKeySize(int bits) { this.bits = bits; } public String getPolicyType() { return policyType; } public void setPolicyType( String policyType ) { this.policyType = policyType; } public int getDelegationType() { return delegationType; } public void setDelegationType( int delegationType ) { this.delegationType = delegationType; } } class GSIVerifier implements HostnameVerifier { private String name; private HostnameVerifier verifier; private static final Logger log = Logger.getLogger( GSIVerifier.class ); static { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } } public GSIVerifier(HostnameVerifier defaultVerifier, String DN) { name = DN; verifier = defaultVerifier; } public boolean verify(String hostname, SSLSession session) { boolean res = false; if (!verifier.verify(hostname, session)) { try { X509Certificate c = (X509Certificate) session.getPeerCertificates()[0]; String normal = PKIUtils.getOpenSSLFormatPrincipal(c.getSubjectDN(), false); String reversed = PKIUtils.getOpenSSLFormatPrincipal(c.getSubjectDN(), true); res = PKIUtils.DNCompare(name, normal) || PKIUtils.DNCompare(name, reversed); log.debug("result of DN verifier: " + res); } catch (SSLPeerUnverifiedException e) { log.debug("Unauthenticate peer. Verify failed."); res = false; } } else { res = true; log.debug("Verified by default verifier"); } return res; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSRequestFactory.java000066400000000000000000000250231207402625500277110ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.util.Iterator; import java.util.List; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.w3c.dom.Document; import org.w3c.dom.DocumentFragment; import org.w3c.dom.Element; /** * * This class builds VOMS XML requests starting from {@link VOMSRequestOptions} objects. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSRequestFactory { private static Logger log = Logger.getLogger( VOMSRequestFactory.class ); private static VOMSRequestFactory instance = null; private String orderString; private String targetString; private long lifetime = 0; protected DocumentBuilder docBuilder; public static VOMSRequestFactory instance(){ if (instance == null) instance = new VOMSRequestFactory(); return instance; } private VOMSRequestFactory(){ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments( true ); factory.setNamespaceAware( false ); factory.setValidating( false ); try { docBuilder = factory.newDocumentBuilder(); } catch ( ParserConfigurationException e ) { log.fatal( "Error configuring DOM document builder." ); if (log.isDebugEnabled()){ log.debug( e.getMessage(), e ); } throw new VOMSException(e); } } public long getLifetime() { return lifetime; } public void setLifetime( long lifetime ) { this.lifetime = lifetime; } public String getOrderString() { return orderString; } public void setOrderString( String orderString ) { this.orderString = orderString; } public String getTargetString() { return targetString; } public void setTargetString( String targetString ) { this.targetString = targetString; } private void setOptionsForRequest(VOMSRequestFragment fragment){ if (orderString != null && orderString != "") fragment.buildOrderElement( orderString ); if (targetString != null && targetString != "") fragment.buildTargetsElement( targetString ); fragment.buildLifetime( lifetime ); } private void loadOptions(VOMSRequestOptions options){ lifetime = options.getLifetime(); setOrderString( options.getOrdering() ); setTargetString( options.getTargetsAsString() ); } public String buildRESTRequest(VOMSRequestOptions options) { loadOptions(options); if (options.isRequestList()) { /* handle list requests */ return "/generate-ac?fqans=all"; } StringBuilder request = new StringBuilder(); request.append("/generate-ac?fqans="); if (options.getRequestedFQANs().isEmpty()){ if (options.getVoName() == null) throw new VOMSException("No vo name specified for AC retrieval."); String voName = options.getVoName(); if (!voName.startsWith( "/")) voName = "/"+voName; request.append(voName); } else { List FQANs = options.getRequestedFQANs(); Iterator i = FQANs.iterator(); boolean first = true; while ( i.hasNext()) { if (!first) request.append(","); request.append((String)i.next()); first = false; } } if (targetString != null && targetString.trim().length() != 0) { request.append("&targets="); request.append(targetString); } if (orderString != null && orderString.trim().length() != 0) { request.append("&order="); request.append(orderString); } request.append("&lifetime="); request.append(lifetime); log.debug("Generated request: " + request.toString()); return request.toString(); } public Document buildRequest(VOMSRequestOptions options){ loadOptions( options ); Document request = docBuilder.newDocument(); VOMSRequestFragment frag = new VOMSRequestFragment(request); if (options.isRequestList()) { frag.listCommand(); setOptionsForRequest(frag); request.appendChild(frag.getFragment()); return request; } if (options.getRequestedFQANs().isEmpty()){ if (options.getVoName() == null) throw new VOMSException("No vo name specified for AC retrieval."); String voName = options.getVoName(); if (!voName.startsWith( "/")) voName = "/"+voName; frag.groupCommand( voName ); setOptionsForRequest( frag ); request.appendChild( frag.getFragment() ); return request; } Iterator fqanIter = options.getRequestedFQANs().iterator(); frag.buildBase64(); frag.buildVersion(); while (fqanIter.hasNext()){ String FQAN = (String)fqanIter.next(); if (FQAN.equals("all")) { frag.allCommand(); } else if (PathNamingScheme.isGroup( FQAN )){ frag.groupCommand( FQAN ); }else if (PathNamingScheme.isRole( FQAN )){ frag.roleCommand( PathNamingScheme.getRoleName( FQAN )); }else if (PathNamingScheme.isQualifiedRole( FQAN )){ frag.mappingCommand( PathNamingScheme.getGroupName( FQAN ), PathNamingScheme.getRoleName( FQAN )); } } setOptionsForRequest( frag ); request.appendChild( frag.getFragment() ); return request; } } class VOMSRequestFragment{ private Document doc; DocumentFragment fragment; Element root; Element command; Element order; Element targets; Element lifetime; Element base64; Element version; public VOMSRequestFragment(Document doc){ this.doc = doc; fragment = doc.createDocumentFragment(); buildRootElement(); } protected void buildRootElement(){ root = doc.createElement( "voms" ); fragment.appendChild( root ); } private void appendTextChild(Element e, String text){ e.appendChild( doc.createTextNode( text ) ); } private String buildCompatibleOrderString(String s){ String[] FQANs = s.split(","); if (FQANs.length == 0) return ""; for (int i=0; i < FQANs.length; i++){ if (PathNamingScheme.isQualifiedRole( FQANs[i] )) FQANs[i] = PathNamingScheme.toOldQualifiedRoleSyntax( FQANs[i] ); } return StringUtils.join( FQANs, ","); } void buildCommandElement(String cmdString){ command = doc.createElement( "command"); appendTextChild( command, cmdString); root.appendChild( command ); } void buildOrderElement(String orderString){ order = doc.createElement( "order" ); // Temporary compatibility hack appendTextChild( order,buildCompatibleOrderString( orderString )); root.appendChild( order ); } void buildTargetsElement(String targetString){ targets = doc.createElement( "targets" ); appendTextChild( targets, targetString); root.appendChild( targets ); } void buildLifetime(long lifetime){ buildLifetime( Long.toString( lifetime ) ); } void buildLifetime(String lifetimeString){ lifetime = doc.createElement( "lifetime" ); appendTextChild( lifetime, lifetimeString); root.appendChild( lifetime ); } void buildBase64() { base64 = doc.createElement( "base64"); appendTextChild(base64, "1"); root.appendChild(base64); } void buildVersion() { version = doc.createElement("version"); appendTextChild(version, "4"); root.appendChild(version); } public DocumentFragment getFragment() { return fragment; } public void groupCommand(String groupName){ buildCommandElement( "G"+groupName ); } public void roleCommand(String roleName){ buildCommandElement( "R"+roleName ); } public void mappingCommand(String groupName, String roleName){ buildCommandElement( "B"+groupName+":"+roleName ); } public void allCommand(){ buildCommandElement( "A" ); } public void listCommand() { buildCommandElement( "N" ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSRequestOptions.java000066400000000000000000000133031207402625500277330ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.util.ArrayList; import java.util.Iterator; import java.util.List; /** * * This class represents options that constitute VOMS requests. * * @author Andrea Ceccanti * */ public class VOMSRequestOptions { /** * The default lifetime value for voms requests is 86400 seconds. * This default value is used if no lifetime is used with the {@link #setLifetime(int)} method. */ public static final int DEFAULT_LIFETIME=86400; // List of hostnames where the AC will be valid (comma-separated list in the request) /** * This is a list of AC "targets", i.e., a list of hostnames where the AC will be valid. * */ private List targets = new ArrayList(); // Lifetime in seconds of the AC private int lifetime = DEFAULT_LIFETIME; // List of FQANs (comma-separated list in the request) to request a specific ordering from the server private String ordering; // List of requested roles private List requestedFQANs = new ArrayList(); // OR mask of verification flags -- unused private int verificationType; private String voName; private boolean requestList = false; /** * @return the lifetime set for this {@link VOMSRequestOptions} object. */ public int getLifetime() { return lifetime; } /** * Sets the lifetime for this {@link VOMSRequestOptions} object. * @param lifetime */ public void setLifetime( int lifetime ) { this.lifetime = lifetime; } /** * @return the ordering string of this {@link VOMSRequestOptions} object. */ public String getOrdering() { return ordering; } /** * Sets the ordering string of this {@link VOMSRequestOptions} object. * The ordering string is used to request a spefic order for the ACs requested * from the VOMS server. * * @param ordering */ public void setOrdering( String ordering ) { this.ordering = ordering; } /** * @return the list of the requested FQANs specified in this {@link VOMSRequestOptions} object. */ public List getRequestedFQANs() { return requestedFQANs; } /** * * Sets the list of requested FQANs for this {@link VOMSRequestOptions} object. * * @param requestedFQANs */ public void setRequestedFQANs( List requestedFQANs ) { this.requestedFQANs = requestedFQANs; } /** * @return the list of targets (i.e., host where the requested ACs will be valid) for this * {@link VOMSRequestOptions} object. */ public List getTargets() { return targets; } /** * @return the list of targets (i.e., host where the requested ACs will be valid) for this * {@link VOMSRequestOptions} object as a string containing a a comma-separated list of host names. */ public String getTargetsAsString() { return asCommaSeparatedString( targets ); } /** * * Sets the list of targets (i.e., host where the requested ACs will be valid) for this * {@link VOMSRequestOptions} object. * @param targets */ public void setTargets( List targets ) { this.targets = targets; } public int getVerificationType() { return verificationType; } public void setVerificationType( int verificationType ) { this.verificationType = verificationType; } public String getVoName() { return voName; } public void setVoName( String voName ) { this.voName = voName; } /** * * Adds a FQAN to the list of requested FQANs. See {@link #getRequestedFQANs()}. * * @param FQAN */ public void addFQAN( String FQAN ) { getRequestedFQANs().add( FQAN ); } /** * * Adds a target to the list of targets for this {@link VOMSRequestOptions} object. See {@link #getTargets()}. * * @param target */ public void addTarget( String target ) { getTargets().add( target ); } public void doRequestList() { requestList = true; } public boolean isRequestList() { return requestList; } private String asCommaSeparatedString( List l ) { if ( l.isEmpty() ) return ""; Iterator i = l.iterator(); StringBuilder result = new StringBuilder(); while ( i.hasNext() ) { Object o = i.next(); result.append( o.toString() ); if ( i.hasNext() ) result.append( ',' ); } return result.toString(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSResponse.java000066400000000000000000000210611207402625500265250ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.apache.log4j.Logger; /** * * This class is used to parse and represent VOMS server responses. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSResponse { private static int ERROR_OFFSET = 1000; private static final Logger log = Logger.getLogger( VOMSResponse.class ); protected Document xmlResponse; public boolean hasErrors() { // handle REST case first if (xmlResponse.getElementsByTagName("error").getLength() != 0) return true; // errors imply that no AC were created return ((xmlResponse.getElementsByTagName( "item" ).getLength() != 0) && (xmlResponse.getElementsByTagName( "ac" ).getLength() == 0)); } public boolean hasWarnings() { // handle REST case first if (xmlResponse.getElementsByTagName("warning").getLength() != 0) return true; // warnings imply that ACs were created return ((xmlResponse.getElementsByTagName( "item" ).getLength() != 0) && (xmlResponse.getElementsByTagName( "ac" ).getLength() != 0)); } /** * * Extracts the AC from the VOMS response. * @return an array of bytes containing the AC. */ public byte[] getAC() { Element acElement = (Element) xmlResponse.getElementsByTagName( "ac" ) .item( 0 ); return VOMSDecoder.decode( acElement.getFirstChild().getNodeValue()); } /** * * Extracts the textual data from the VOMS response. * @return an array of bytes containing the data. */ public byte[] getData() { Element acElement = (Element) xmlResponse.getElementsByTagName( "bitstr" ) .item( 0 ); if (acElement != null) return VOMSDecoder.decode( acElement.getFirstChild().getNodeValue()); else return null; } /** * Extracts the version from the VOMS response. * * @return an integer containing the AC. */ public int getVersion() { Element versionElement = (Element)xmlResponse.getElementsByTagName("version").item(0); if (versionElement == null) { return 0; } return Integer.parseInt(versionElement.getFirstChild().getNodeValue()); } /** * Extracts the AC from the VOMS response. * * @return a string containing the AC. */ public String getACAsString(){ Element acElement = (Element) xmlResponse.getElementsByTagName( "ac" ) .item( 0 ); return acElement.getFirstChild().getNodeValue(); } /** * * Extracts the error messages from the VOMS response. * * @return an array of {@link VOMSErrorMessage} objects. */ public VOMSErrorMessage[] errorMessages() { VOMSErrorMessage[] result = errorMessagesREST(); if (result != null) return result; NodeList nodes = xmlResponse.getElementsByTagName( "item" ); if ( nodes.getLength() == 0 ) return null; result = new VOMSErrorMessage[nodes.getLength()]; for ( int i = 0; i < nodes.getLength(); i++ ) { Element itemElement = (Element) nodes.item( i ); Element numberElement = (Element) itemElement.getElementsByTagName( "number" ).item( 0 ); Element messageElement = (Element) itemElement .getElementsByTagName( "message" ).item( 0 ); int number = Integer.parseInt( numberElement .getFirstChild().getNodeValue() ); if (number >= ERROR_OFFSET) { result[i] = new VOMSErrorMessage( number, messageElement .getFirstChild().getNodeValue() ); } } return result; } private VOMSErrorMessage[] errorMessagesREST() { NodeList nodes = xmlResponse.getElementsByTagName( "error"); if (nodes.getLength() == 0) return null; VOMSErrorMessage[] result = new VOMSErrorMessage[nodes.getLength()]; for (int i = 0; i < nodes.getLength(); i++) { Element itemElement = (Element) nodes.item(i); Element codeElement = (Element)itemElement.getElementsByTagName("code").item(0); Element messageElement = (Element)itemElement.getElementsByTagName("message").item(0); String strcode = codeElement.getFirstChild().getNodeValue(); int code; if (strcode.equals("NoSuchUser")) code = 1001; else if (strcode.equals("BadRequest")) code = 1005; else if (strcode.equals("SuspendedUser")) code = 1004; else // InternalError code = 1006; result[i] = new VOMSErrorMessage(code, messageElement.getFirstChild().getNodeValue()); } return result; } public VOMSWarningMessage[] warningMessages() { VOMSWarningMessage[] result = warningMessagesREST(); if (result != null) return result; NodeList nodes = xmlResponse.getElementsByTagName( "item" ); if ( nodes.getLength() == 0 ) return null; result = new VOMSWarningMessage[nodes.getLength()]; for ( int i = 0; i < nodes.getLength(); i++ ) { Element itemElement = (Element) nodes.item( i ); Element numberElement = (Element) itemElement.getElementsByTagName( "number" ).item( 0 ); Element messageElement = (Element) itemElement .getElementsByTagName( "message" ).item( 0 ); int number = Integer.parseInt( numberElement .getFirstChild().getNodeValue() ); if (number < ERROR_OFFSET) { result[i] = new VOMSWarningMessage( number, messageElement .getFirstChild().getNodeValue() ); } } return result; } private VOMSWarningMessage[] warningMessagesREST() { NodeList nodes = xmlResponse.getElementsByTagName( "warning" ); if ( nodes.getLength() == 0 ) return null; VOMSWarningMessage[] result = new VOMSWarningMessage[nodes.getLength()]; for ( int i = 0; i < nodes.getLength(); i++ ) { Element itemElement = (Element) nodes.item( i ); Element messageElement = (Element) itemElement .getElementsByTagName( "message" ).item( 0 ); String message = itemElement.getFirstChild().getNodeValue(); int number; if (message.contains("validity")) number = 2; else if (message.contains("selected")) number = 1; else if (message.contains("contains attributes")) number = 3; else number = 4; log.debug("Message = " + message + " number = " + number); if (number < ERROR_OFFSET) { result[i] = new VOMSWarningMessage( number, message); } } return result; } /** * Builds a VOMSResponse starting from a DOM an XML document (see {@link Document}). * * @param res */ public VOMSResponse(Document res){ this.xmlResponse = res; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSServerInfo.java000066400000000000000000000100631207402625500270110ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import org.apache.commons.lang.builder.ToStringBuilder; /** * * This class represents information about a remote voms server as found * in vomses configuration files. See {@link VOMSESFileParser}. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSServerInfo { String hostName; int port; String hostDn; String voName; String globusVersion; String alias; public String getAlias() { return alias; } public void setAlias(String alias) { this.alias = alias; } public String getHostDn() { return hostDn; } public void setHostDn( String hostDn ) { this.hostDn = hostDn; } public String getHostName() { return hostName; } public void setHostName( String hostname ) { this.hostName = hostname; } public int getPort() { return port; } public void setPort( int port ) { this.port = port; } public String getVoName() { return voName; } public void setVoName( String voName ) { this.voName = voName; } public int getGlobusVersionAsInt(){ if (globusVersion == null) return -1; return (int)(Integer.parseInt( globusVersion ) / 10); } public String getGlobusVersion() { return globusVersion; } public void setGlobusVersion( String globusVersion ) { this.globusVersion = globusVersion; } public boolean equals( Object obj ) { if (this == obj) return true; if (!(obj instanceof VOMSServerInfo)) return false; VOMSServerInfo other = (VOMSServerInfo)obj; if (other.getHostName() != null) { if (this.hostName.equals(other.getHostName())){ return this.getPort() == other.getPort(); } } return false; } public int hashCode() { int result = 14; result = 29 * result + hostName.hashCode(); return 29 * result + port; } public static VOMSServerInfo fromStringArray(String[] tokens){ VOMSServerInfo info = new VOMSServerInfo(); info.setVoName( tokens[4] ); info.setHostName( tokens[1] ); info.setPort( Integer.parseInt( tokens[2] )) ; info.setHostDn( tokens[3] ); info.setAlias( tokens[0] ); // Check if the globus version is there if (tokens.length == 6) info.setGlobusVersion( tokens[5] ); return info; } public String compactString(){ return "[vo="+voName+",host="+hostName+",port="+port+",hostDN="+hostDn+ ",globusVersion="+globusVersion+"]"; } public String toString() { return ToStringBuilder.reflectionToString( this ); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSServerMap.java000066400000000000000000000067531207402625500266460ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; import java.util.TreeMap; import java.util.Map.Entry; import org.apache.commons.lang.StringUtils; /** * * A {@link VOMSServerMap} organizes voms servers found in vomses configuration files * in map keyed by vo. This way is easy to know which servers acts as replicas for the * same vos. For more info about vomses configuration files, see {@link VOMSESFileParser}. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSServerMap { protected Map map = new TreeMap(); public void add(VOMSServerInfo info){ String key = info.getAlias(); if (map.containsKey( key )){ Set servers = (Set) map.get( key ); servers.add( info ); return; } Set l = new HashSet(); l.add( info ); map.put( key, l); } public Set get(String nick){ return (Set) map.get( nick ); } public int serverCount(String nick){ if (map.containsKey( nick )) return ((Set)map.get( nick )).size(); return 0; } /** * Merge this map with another {@link VOMSServerMap} object. * @param other */ public void merge(VOMSServerMap other){ Iterator i = other.map.entrySet().iterator(); while (i.hasNext()){ Map.Entry e = (Entry) i.next(); if (map.containsKey( e.getKey() )) get((String)e.getKey()).addAll( (Set )e.getValue()); else map.put( e.getKey(), e.getValue()); } } public String toString() { if (map == null || map.isEmpty()) return "[]"; StringBuilder buf = new StringBuilder(); Iterator i = map.entrySet().iterator(); buf.append( "VOMSServerMap:[\n"); while (i.hasNext()){ Map.Entry e = (Entry) i.next(); buf.append(e.getKey()+":\n"); buf.append( "\tnum_servers: "+((Set)e.getValue()).size()+"\n" ); buf.append( "\tserver_details: \n\t\t"+ StringUtils.join(((Set)e.getValue()).iterator(),"\n\t\t") +"\n" ); } buf.append("]\n"); return buf.toString(); } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSSocket.java000066400000000000000000000145671207402625500261740ustar00rootroot00000000000000/********************************************************************* * * Authors: * * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Gidon Moont - g.moont@imperial.ac.uk * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.GeneralSecurityException; import java.security.Security; import java.security.SecureRandom; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLException; import org.apache.log4j.Logger; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.glite.voms.VOMSKeyManager; import org.glite.voms.VOMSTrustManager; /** * The {@link VOMSSocket} class is used to manage the creation of the gsi socket used for communication with * the VOMS server. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * * */ public class VOMSSocket { private static final Logger log = Logger.getLogger( VOMSSocket.class ); UserCredentials cred; String hostDN; public static VOMSSocket instance(UserCredentials cred, String hostDN, int proxyType){ return new VOMSSocket(cred, hostDN, proxyType); } public static VOMSSocket instance(UserCredentials cred, String hostDN){ return new VOMSSocket(cred, hostDN, VOMSProxyBuilder.DEFAULT_PROXY_TYPE); } private VOMSSocket(UserCredentials cred, String hostDN, int proxyType){ this.cred = cred; this.hostDN = hostDN; } /** * * Connects this socket to the voms server identified by the (host,port) passed * as arguments. * * @param host * @param port * @throws IOException * @throws GeneralSecurityException * * @author Andrea Ceccanti * @author Gidon Moont * @author Vincenzo Ciaschini */ private SSLContext context = null; private SSLSocket socket = null; protected SSLSocketFactory getFactory() throws IOException, GeneralSecurityException { SSLSocketFactory socketFactory = null; if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } log.debug("Creating socket Factory"); try { context = SSLContext.getInstance("SSLv3"); log.debug("CONTEXT CREATED: "+context.getProtocol()); log.debug("Context: " + context); context.init(new VOMSKeyManager[] {new VOMSKeyManager(cred)}, new VOMSTrustManager[] {new VOMSTrustManager("")}, SecureRandom.getInstance("SHA1PRNG")); return context.getSocketFactory(); } catch (SSLException e) { log.fatal( "Error opening SSL socket: "+e.getMessage() ); if (log.isDebugEnabled()) log.debug( e.getMessage(),e ); throw e; } catch ( IOException e ) { log.fatal( "Error opening SSL socket: "+e.getMessage() ); if (log.isDebugEnabled()) log.debug( e.getMessage(),e ); throw e; } } protected void connect(String host, int port) throws IOException, GeneralSecurityException{ SSLSocketFactory socketFactory = null; if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } log.debug("Initting CONNECCTION"); try { socketFactory = getFactory(); log.debug("Factory Created"); log.debug(socketFactory.toString()); log.debug("ABOUT to open CONNECTION"); socket = (SSLSocket)socketFactory.createSocket(host, port); log.debug("CONNECTION OPEN"); String[] protocols = { "SSLv3"}; socket.setEnabledProtocols(protocols); } catch (SSLException e) { log.fatal( "Error opening SSL socket: "+e.getMessage() ); if (log.isDebugEnabled()) log.debug( e.getMessage(),e ); throw e; } catch ( IOException e ) { log.fatal( "Error opening SSL socket: "+e.getMessage() ); if (log.isDebugEnabled()) log.debug( e.getMessage(),e ); throw e; } } public void close() throws IOException { socket.close(); } public SSLContext getContext() { return context; } public boolean isClosed() { return socket.isClosed(); } public boolean isConnected() { return socket.isConnected(); } public void shutdownInput() throws IOException { socket.shutdownInput(); } public void shutdownOutput() throws IOException { socket.shutdownOutput(); } public OutputStream getOutputStream() throws IOException{ try { return socket.getOutputStream(); } catch ( IOException e ) { log.error( "Error getting output stream from underlying socket:"+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw e; } } public InputStream getInputStream() throws IOException{ try { return socket.getInputStream(); } catch ( IOException e ) { log.error( "Error getting input stream from underlying socket:"+e.getMessage() ); if (log.isDebugEnabled()) log.error(e.getMessage(),e); throw e; } } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSSyntaxException.java000066400000000000000000000032511207402625500300750ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /** * @author Andrea Ceccanti * */ public class VOMSSyntaxException extends VOMSException { /** * */ private static final long serialVersionUID = 1L; public VOMSSyntaxException( String message ) { super( message ); // TODO Auto-generated constructor stub } public VOMSSyntaxException( String message, Throwable t ) { super( message, t ); // TODO Auto-generated constructor stub } public VOMSSyntaxException( Throwable t ) { super( t ); // TODO Auto-generated constructor stub } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/VOMSWarningMessage.java000066400000000000000000000030701207402625500276410ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea CEccanti * */ public class VOMSWarningMessage extends VOMSMessage { public VOMSWarningMessage(int code, String message){ super(code, message); } public String toString() { return "voms warning "+code+": "+message; } } voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/cli/000077500000000000000000000000001207402625500241265ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/java/org/glite/voms/contact/cli/VomsProxyInitClient.java000066400000000000000000000322111207402625500307410ustar00rootroot00000000000000/********************************************************************* * * Authors: * Andrea Ceccanti - andrea.ceccanti@cnaf.infn.it * Vincenzo Ciaschini - vincenzo.ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ package org.glite.voms.contact.cli; import java.util.HashMap; import java.util.Map; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.OptionBuilder; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; import org.apache.commons.cli.GnuParser; import org.apache.commons.lang.builder.ToStringBuilder; import org.apache.log4j.Logger; import org.glite.voms.contact.VOMSException; import org.glite.voms.contact.VOMSProxyBuilder; import org.glite.voms.contact.VOMSProxyInit; import org.glite.voms.contact.VOMSRequestOptions; import org.glite.voms.contact.VOMSProxyConstants; /** * * This class implements a command-line voms-proxy-init client. * * @author Andrea Ceccanti * */ public class VomsProxyInitClient { private static final Logger log = Logger .getLogger( VomsProxyInitClient.class ); protected VOMSProxyInit proxyInit; protected CommandLineParser parser = new GnuParser(); protected HelpFormatter helpFormatter = new HelpFormatter(); protected Options options; String[] fqans; String targets; String ordering; int lifetime; String proxyOutput; String keyPassword; String proxyType; String delegationType; String policyType; int bits = 1024; protected void setupUserCredentials(String userCert,String userKey){ System.setProperty( "X509_USER_CERT", userCert); System.setProperty( "X509_USER_KEY", userKey); } protected void setupVomsesPath(String vomsesPath){ System.setProperty( "VOMSES_LOCATION", vomsesPath); } protected void setupVomsdir(String vomsdir){ System.setProperty("VOMSDIR",vomsdir); } protected void setupCaDir(String caDir){ System.setProperty("CADIR",caDir); } protected void setupCLParser(){ options = new Options(); options.addOption( OptionBuilder.withLongOpt( "help" ) .withDescription( "Displays helps and exits." ) .create("h")); options.addOption(OptionBuilder.withLongOpt( "vomsdir" ) .withDescription( "Specifies non-standard vomsdir directory." ) .hasArg() .create("vomsdir")); options.addOption(OptionBuilder.withLongOpt( "cadir" ) .withDescription( "Specifies non-standard ca certificate directory." ) .hasArg(true) .create("cadir")); options.addOption( OptionBuilder.withLongOpt( "vomsesPath" ) .withDescription( "Specifies non-standard locations where the voms-proxy-init looks for vomses files. The path is a colon (:) separated list of paths." ) .hasArg() .create("vomsesPath") ); options.addOption(OptionBuilder.withLongOpt( "usercert" ) .withDescription( "Specifies non-standard user certificate." ) .hasArg() .create("usercert")); options.addOption(OptionBuilder.withLongOpt( "userkey" ) .withDescription( "Specifies non-standard user private key." ) .hasArg() .create("userkey")); options.addOption( OptionBuilder.withLongOpt( "password" ) .withDescription( "Specifies a password that is used to decrypt the user's private key." ) .hasArg() .create("password") ); options.addOption( OptionBuilder.withLongOpt( "lifetime" ) .withDescription( "Specifies the lifetime for the generated proxy." ) .hasArg() .create("lifetime") ); options.addOption( OptionBuilder.withLongOpt( "out" ) .withDescription( "Specifies a non-standard location for the generated proxy. The standard location is /tmp/X509_up_." ) .hasArg() .create("out") ); options.addOption( OptionBuilder.withLongOpt( "order" ) .withDescription( "Specifies the ordering of received attributes. The options is a comma (,) separated list of FQANs." ) .hasArg() .create("order") ); options.addOption( OptionBuilder.withLongOpt( "voms" ) .withDescription( "Specifies a request FQAN in the form: :." ) .hasArgs() .create("voms") ); options.addOption( OptionBuilder.withLongOpt( "targets" ) .withDescription( "Targets the AC against a specific comma separated list of hostnames." ) .hasArg() .create("targets") ); options.addOption( OptionBuilder.withLongOpt( "proxyType" ) .withDescription( "Specifies the type of proxy that will be generated. Possible values are: GT2_PROXY, GT3_PROXY, GT4_PROXY. The default value is GT2_PROXY." ) .hasArg() .create("proxyType") ); options.addOption( OptionBuilder.withLongOpt("policyType" ) .withDescription( "Specifies the policy type of the proxy. Only significant with proxyType >= GT3_PROXY.") .hasArg() .create("policyType")); options.addOption( OptionBuilder.withLongOpt( "delegationType" ) .withDescription( "Specifies the type of delegation requested for the generated proxy. Possible values are: NONE, LIMITED, FULL. The default value is FULL." ) .hasArg() .create("delegationType") ); options.addOption( OptionBuilder.withLongOpt( "bits" ) .withDescription("Specifies the key size of the created proxy. Possible values are 512, 1024, 2048. The default alue is 1024" ) .hasArg() .create("bits") ); } protected void printHelpMessageAndExit(int exitStatus){ helpFormatter.printHelp( "VomsProxyInit", options ); System.exit(exitStatus); } protected void getArguments(String[] args){ try { CommandLine line = parser.parse( options, args ); if (line.hasOption( "h" )) printHelpMessageAndExit( 0 ); if (line.hasOption( "vomsdir" )) setupVomsdir( line.getOptionValue( "vomsdir" ) ); if (line.hasOption( "cadir" )) setupCaDir( line.getOptionValue( "cadir" ) ); if (line.hasOption( "vomsesPath" )) setupVomsesPath( line.getOptionValue( "vomsesPath" ) ); if (line.hasOption( "usercert") && line.hasOption( "userkey" )) setupUserCredentials( line.getOptionValue( "usercert" ), line.getOptionValue( "userkey")); if (line.hasOption( "out" )) proxyOutput = line.getOptionValue( "out" ); if (line.hasOption( "order" )) ordering = line.getOptionValue( "order" ); if (line.hasOption( "targets" )) targets = line.getOptionValue( "targets" ); if (line.hasOption( "lifetime" )) lifetime = Integer.parseInt( line.getOptionValue( "lifetime" ) ); if (line.hasOption( "voms" )) fqans = line.getOptionValues( "voms"); if (line.hasOption( "password" )) keyPassword = line.getOptionValue( "password" ); if (line.hasOption( "proxyType" )) proxyType = line.getOptionValue( "proxyType" ); if (line.hasOption( "policyType" )) policyType = line.getOptionValue( "policyType" ); if (line.hasOption( "delegationType" )) delegationType = line.getOptionValue( "delegationType" ); if (line.hasOption( "bits" )) bits = Integer.parseInt(line.getOptionValue("bits")); } catch ( ParseException e ) { System.err.println(e.getMessage()); helpFormatter.printHelp( "VomsProxyInit", options ); System.exit(-1); } } protected void buildProxy(){ if (keyPassword != null) proxyInit = VOMSProxyInit.instance(keyPassword); else{ log.warn( "No password given to decrypt the openssl private key..." ); proxyInit = VOMSProxyInit.instance(); } if (proxyOutput != null) proxyInit.setProxyOutputFile( proxyOutput ); if (proxyType != null){ int type = VOMSProxyBuilder.GT2_PROXY; if (proxyType.equals( "GT2_PROXY" )) type = VOMSProxyBuilder.GT2_PROXY; else if (proxyType.equals( "GT3_PROXY" )) type = VOMSProxyBuilder.GT3_PROXY; else if (proxyType.equals( "GT4_PROXY" )) type = VOMSProxyBuilder.GT4_PROXY; else log.warn( "Unsupported proxy type specified! The default value will be used." ); proxyInit.setProxyType( type ); } if (bits != 512 && bits != 1024 && bits != 2048) { log.warn( "Unsupported bit size specified! The default value will be used." ); bits = 1024; } proxyInit.setProxyKeySize(bits); if (policyType != null) proxyInit.setPolicyType( policyType ); if (delegationType != null){ int type = VOMSProxyBuilder.DEFAULT_DELEGATION_TYPE; if (delegationType.equals( "NONE" )) type = VOMSProxyConstants.DELEGATION_NONE; else if (delegationType.equals( "LIMITED" )) type = VOMSProxyConstants.DELEGATION_LIMITED; else if (delegationType.equals( "FULL" )) type = VOMSProxyConstants.DELEGATION_FULL; else log.warn( "Unsupported delegation type specified! The default value will be used." ); proxyInit.setDelegationType( type ); } log.debug("fqans:"+ToStringBuilder.reflectionToString( fqans )); if (fqans == null) proxyInit.getVomsProxy(); else{ Map options = new HashMap(); for ( int i = 0; i < fqans.length; i++ ) { String[] opts = fqans[i].split( ":" ); if (opts.length != 2) throw new VOMSException("Voms FQANs must be specified according to the : syntax (e.g., cms:/cms/Role=lcgadmin)."); String voName = opts[0]; VOMSRequestOptions o; if (options.containsKey( voName )) o = (VOMSRequestOptions) options.get( voName ); else{ o = new VOMSRequestOptions(); o.setVoName( voName ); options.put(voName,o); } o.addFQAN( opts[1] ); if (ordering != null) o.setOrdering( ordering ); } proxyInit.getVomsProxy( options.values()); } } public VomsProxyInitClient(String[] args) { setupCLParser(); getArguments( args ); buildProxy(); } public static void main( String[] args ) { new VomsProxyInitClient(args); } } voms-api-java-2_0_10/src/main/spec/000077500000000000000000000000001207402625500170565ustar00rootroot00000000000000voms-api-java-2_0_10/src/main/spec/voms-java-api.spec000066400000000000000000000022311207402625500224020ustar00rootroot00000000000000Name: vomsjapi Version: 2.0.7 Release: 1%{?dist} Summary: Virtual Organization Membership Service Java API Group: Development/Libraries License: ASL 2.0 URL: https://twiki.cnaf.infn.it/twiki/bin/view/VOMS Source: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch %description The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package offers a java client API for VOMS. %prep %setup -q %build %install rm -rf $RPM_BUILD_ROOT %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) {_javadir}/voms-java-api.jar {_javadir}/voms-java-api-%{version}.jar {_javadir}/vomsjapi.jar %doc AUTHORS LICENSE %changelog * Fri Nov 4 2011 Andrea Ceccanti - 2.0.7-1 - First maven-based repackaging voms-api-java-2_0_10/src/test/000077500000000000000000000000001207402625500161575ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/java/000077500000000000000000000000001207402625500171005ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/java/org/000077500000000000000000000000001207402625500176675ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/java/org/glite/000077500000000000000000000000001207402625500207735ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/java/org/glite/voms/000077500000000000000000000000001207402625500217575ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/java/org/glite/voms/LoadTest.java000066400000000000000000000102571207402625500243460ustar00rootroot00000000000000package org.glite.voms; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; import junit.framework.TestCase; import org.glite.voms.ac.ACValidator; import org.glite.voms.contact.UserCredentials; import org.glite.voms.contact.VOMSProxyInit; import org.glite.voms.contact.VOMSRequestOptions; public class LoadTest extends TestCase { private List chains = new ArrayList(); private int NUM_ITERATIONS = 100000; private String VO_NAME = "test.vo"; protected X509Certificate[] createVOMSProxyChain(String cert, String key, String passphrase) { UserCredentials credentials = UserCredentials.instance(cert, key, passphrase); VOMSProxyInit proxyInit = VOMSProxyInit.instance(credentials); Map vomsOptions = new HashMap(); VOMSRequestOptions requestOptions = new VOMSRequestOptions(); requestOptions.setVoName(VO_NAME); vomsOptions.put(VO_NAME, requestOptions); return proxyInit.getVomsProxy(vomsOptions.values()).getUserChain(); } @Override protected void setUp() throws Exception { super.setUp(); X509Certificate[] aChain = createVOMSProxyChain(TestFixture.validCert, TestFixture.validCertKey, TestFixture.passphrase); chains.add(aChain); X509Certificate[] anotherChain = createVOMSProxyChain(TestFixture.anotherValidCert, TestFixture.anotherValidCertKey, TestFixture.passphrase); chains.add(anotherChain); } /** * Load tests a pattern of use for voms validation. In this pattern * a new validator is created for each validation. * * * @throws CertificateException */ public void testNewValidatorForEachValidation() throws CertificateException { for (int i = 0; i < NUM_ITERATIONS; i++) { VOMSValidator validator = new VOMSValidator(chains.get(i%2)); String[] fullyQualifiedAttributes = validator.validate().getAllFullyQualifiedAttributes(); assertTrue(fullyQualifiedAttributes.length > 0); } } /** * * Load tests a pattern of use for voms validation. In this pattern * a shared validator is created once and used for each validation. * * @throws CertificateException * @throws CRLException * @throws IOException */ public void testSharedValidator() throws CertificateException, CRLException, IOException { PKIStore caStore = new PKIStore(PKIStore.TYPE_CADIR); PKIStore vomsTrustStore = new PKIStore(PKIStore.TYPE_VOMSDIR); caStore.rescheduleRefresh((int) TimeUnit.SECONDS.toMillis(5)); PKIVerifier verifier = new PKIVerifier(vomsTrustStore, caStore); ACValidator acValidator = new ACValidator(verifier); VOMSValidator validator = new VOMSValidator(chains.get(0), acValidator); for (int i = 0; i < NUM_ITERATIONS; i++) { assertTrue(verifier.verify(chains.get(i%2))); assertTrue(validator.validate().getAllFullyQualifiedAttributes().length > 0); } } /** * * Load tests a pattern of use for voms validation. In this pattern * a shared validator is created once and used for each validation, setting * the voms truststore using the deprecated * {@link VOMSValidator#setTrustStore(org.glite.voms.ac.VOMSTrustStore)}. * Used in CREAM. * * * @throws CertificateException * @throws CRLException * @throws IOException */ public void testYetAnotherPattern() throws CertificateException, CRLException, IOException { PKIStore caStore = new PKIStore(PKIStore.TYPE_CADIR); caStore.rescheduleRefresh((int) TimeUnit.SECONDS.toMillis(5)); PKIStore vomsTrustStore = new PKIStore(PKIStore.TYPE_VOMSDIR); PKIVerifier verifier = new PKIVerifier(vomsTrustStore, caStore); ACValidator acValidator = ACValidator.getInstance(vomsTrustStore); VOMSValidator.setTrustStore(vomsTrustStore); VOMSValidator validator = new VOMSValidator(chains.get(0), acValidator); for (int i = 0; i < NUM_ITERATIONS; i++) { assertTrue(verifier.verify(chains.get(i%2))); assertTrue(validator.validate().getAllFullyQualifiedAttributes().length > 0); } } } voms-api-java-2_0_10/src/test/java/org/glite/voms/TestCRL.java000066400000000000000000000075521207402625500241130ustar00rootroot00000000000000package org.glite.voms; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.concurrent.TimeUnit; import junit.framework.TestCase; import org.apache.log4j.Logger; public class TestCRL extends TestCase implements TestFixture{ public static final Logger log = Logger.getLogger(TestCRL.class); @Override protected void setUp() throws Exception { Utils.setCRL(defaultCRL); } public void testCRLAreFunctional() throws CertificateException, CRLException, IOException, InterruptedException{ log.info("TestCRL.testCRLAreFunctional"); PKIStore caStore = new PKIStore(trustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); PKIVerifier verifier = new PKIVerifier(vomsTrustStore,caStore); X509Certificate[] theCert = PKIUtils.loadCertificates(testCert); boolean valid = verifier.verify(theCert); assertTrue("Certificate found invalid when it was supposed to be valid", valid); verifier.cleanup(); } public void testCRLRevocationEffective() throws Exception{ log.info("TestCRL.testCRLRevocationEffective"); PKIStore caStore = new PKIStore(trustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); PKIVerifier verifier = new PKIVerifier(vomsTrustStore,caStore); X509Certificate[] theCert = PKIUtils.loadCertificates(revokedCert); boolean valid = verifier.verify(theCert); assertFalse("Certificate found valid when it was supposed to be revoked", valid); verifier.cleanup(); } public void testExpiredCRLCertificateRejection() throws IOException, InterruptedException, CertificateException, CRLException{ log.info("TestCRL.testExpiredCRLCertificateRejection"); Utils.setCRL(expiredCRL); PKIStore caStore = new PKIStore(trustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); PKIVerifier verifier = new PKIVerifier(vomsTrustStore,caStore); X509Certificate[] revokedCert = PKIUtils.loadCertificates(testCert); X509Certificate[] validCertChain = PKIUtils.loadCertificates(validCert); boolean valid = verifier.verify(revokedCert); assertFalse("Certificate found valid even if CRL has expired!", valid); valid = verifier.verify(validCertChain); assertFalse("Certificate found valid even if CRL has expired!", valid); verifier.cleanup(); } public void testCRLUpdate() throws Exception{ log.info("TestCRL.testCRLUpdate"); PKIStore caStore = new PKIStore(trustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); caStore.rescheduleRefresh((int)TimeUnit.SECONDS.toMillis(5)); PKIVerifier verifier = new PKIVerifier(vomsTrustStore,caStore); X509Certificate[] theCert = PKIUtils.loadCertificates(testCert); boolean valid = verifier.verify(theCert); assertTrue("Certificate found invalid when it was supposed to be valid", valid); Utils.setCRL(testCertRevokedCRL); Thread.sleep(TimeUnit.SECONDS.toMillis(10)); valid = verifier.verify(theCert); assertFalse("Certificate found valid when it was supposed to be revoked", valid); verifier.cleanup(); } public void testNoCRLFoundVerificationSuccess() throws Exception{ log.info("TestCRL.testNoCRLFoundVerificationSuccess"); PKIStore caStore = new PKIStore(noCRLsTrustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); PKIVerifier verifier = new PKIVerifier(vomsTrustStore,caStore); X509Certificate[] theCert = PKIUtils.loadCertificates(testCert); boolean valid = verifier.verify(theCert); assertTrue("Certificate found invalid when it was supposed to be valid", valid); } } voms-api-java-2_0_10/src/test/java/org/glite/voms/TestCerts.java000066400000000000000000000034431207402625500245460ustar00rootroot00000000000000package org.glite.voms; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.Map; import junit.framework.TestCase; import org.apache.log4j.Logger; import org.glite.voms.contact.UserCredentials; import org.glite.voms.contact.VOMSProxyInit; import org.glite.voms.contact.VOMSRequestOptions; public class TestCerts extends TestCase implements TestFixture { public static final Logger log = Logger.getLogger(TestCerts.class); private final String password = "pass"; public void testProxyWithParenthesesInDN() throws CertificateException, CRLException, IOException, InterruptedException { final String voName = "test.vo"; log.info("TestCerts.testProxyWithParenthesesInDN"); UserCredentials credentials = UserCredentials.instance( dnWithParenthesisCert, dnWithParenthesisKey, password); VOMSProxyInit proxyInit = VOMSProxyInit.instance(credentials); Map vomsOptions = new HashMap(); VOMSRequestOptions requestOptions = new VOMSRequestOptions(); requestOptions.setVoName(voName); vomsOptions.put(voName, requestOptions); UserCredentials proxy = proxyInit.getVomsProxy(vomsOptions.values()); PKIStore caStore = new PKIStore(trustDir, PKIStore.TYPE_CADIR, true); PKIStore vomsTrustStore = new PKIStore(vomsDir, PKIStore.TYPE_VOMSDIR, true); PKIVerifier verifier = new PKIVerifier(vomsTrustStore, caStore); X509Certificate[] proxyCertificateChain = proxy.getUserChain(); boolean validChain = verifier.verify(proxyCertificateChain); log.info("Cert chain is valid? " + validChain); assertTrue("Certificate validation failed", validChain); verifier.cleanup(); } } voms-api-java-2_0_10/src/test/java/org/glite/voms/TestFixture.java000066400000000000000000000026301207402625500251110ustar00rootroot00000000000000package org.glite.voms; public interface TestFixture { public static final String trustDir = "src/test/resources/trust-anchors"; public static final String noCRLsTrustDir = "src/test/resources/no-crls-trust-anchors"; public static final String vomsDir = "src/test/resources/vomsdir"; public static final String testCert = "src/test/resources/certs/quasi_revoked.cert.pem"; public static final String revokedCert = "src/test/resources/certs/revoked.cert.pem"; public static final String passphrase = "pass"; public static final String validCert = "src/test/resources/certs/test0.cert.pem"; public static final String validCertKey = "src/test/resources/certs/test0.key.pem"; public static final String anotherValidCert = "src/test/resources/certs/test1.cert.pem"; public static final String anotherValidCertKey = "src/test/resources/certs/test1.key.pem"; public static final String dnWithParenthesisCert = "src/test/resources/certs/dn_with_parenthesis.cert.pem"; public static final String dnWithParenthesisKey = "src/test/resources/certs/dn_with_parenthesis.key.pem"; public static final String defaultCRL = "src/test/resources/crls/default-crl.pem"; public static final String testCertRevokedCRL = "src/test/resources/crls/cert-17-revoked-crl.pem"; public static final String expiredCRL = "src/test/resources/crls/expired-crl.pem"; public static final String[] caHashes = { "d82942ab", "10b10516" }; } voms-api-java-2_0_10/src/test/java/org/glite/voms/Utils.java000066400000000000000000000020621207402625500237220ustar00rootroot00000000000000package org.glite.voms; import java.io.File; import java.io.IOException; import java.security.cert.CRLException; import java.security.cert.X509CRL; import org.apache.commons.io.FileUtils; import org.apache.log4j.Logger; public class Utils implements TestFixture{ public static final Logger logger = Logger.getLogger(Utils.class); public synchronized static void setCRL(String crlFileName) throws IOException, CRLException{ logger.info("Setting CRL to "+crlFileName); File crlStartFile = new File(crlFileName); long crlOrigChecksum = FileUtils.checksumCRC32(crlStartFile); for (String caHash: caHashes){ File hashFile = new File(trustDir+"/"+caHash+".r0"); FileUtils.deleteQuietly(hashFile); FileUtils.copyFile(crlStartFile, hashFile ); long destChecksum = FileUtils.checksumCRC32(hashFile); if (destChecksum != crlOrigChecksum) throw new IllegalStateException("Checksum verification failed!"); X509CRL crl = PKIUtils.loadCRL(hashFile); logger.debug("Loaded "+hashFile.getAbsolutePath()+":"+crl); } } } voms-api-java-2_0_10/src/test/resources/000077500000000000000000000000001207402625500201715ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/certs/000077500000000000000000000000001207402625500213115ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/certs/dn_with_parenthesis.cert.pem000066400000000000000000000111411207402625500270070ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 20 (0x14) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 12 09:54:04 2012 GMT Not After : Dec 10 09:54:04 2022 GMT Subject: C=IT, O=IGI, CN=(Parenthesis) Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:9a:fe:9f:81:a0:ff:4c:43:9e:c7:7b:db:09:20: cf:84:39:ca:51:2c:5a:1b:92:a5:f2:96:1c:dd:cb: 01:fb:8c:e7:81:5f:ab:8c:6a:8e:38:db:f8:ab:5e: c8:b2:f4:cf:db:d3:9a:ff:8d:c2:fc:0a:d8:1d:58: 7b:f5:72:8d:fe:68:b0:c3:88:f4:5a:cc:f0:8d:84: 1e:16:e6:6b:d4:34:f6:0f:c5:c2:eb:7b:39:d2:ce: 32:d2:67:cc:29:e2:87:ea:f7:f0:f5:e0:99:50:18: 97:db:49:e0:1e:b9:d7:17:6b:15:0f:98:98:60:cd: 7b:f3:dc:62:c6:69:47:0f:bd:b5:fa:cf:a3:75:c1: 1f:6f:b9:27:e3:6d:81:ba:7f:c0:eb:d4:64:21:47: e6:73:dc:49:3d:9c:01:98:e0:ba:c2:65:85:e0:69: f6:f8:ef:cf:a9:15:69:56:22:c2:b6:b9:bb:f9:05: 5a:8d:e3:cd:09:c3:52:3c:00:21:b4:6c:cb:41:9e: 7a:18:d7:dd:56:1a:58:08:77:02:05:9a:9b:b7:ac: 90:5a:c0:e6:b3:9c:35:02:a0:50:73:9f:b9:44:1d: 08:b8:d4:4e:72:24:78:a7:8f:c5:ad:79:68:34:bf: db:bf:01:c4:c0:93:22:86:63:15:fa:f3:0d:9a:79: 31:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: CC:45:DA:5B:00:B6:EF:DC:B7:B2:CF:2E:09:71:37:37:18:C8:EE:D3 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption c3:a9:c9:12:0a:ed:8e:d8:7a:01:0a:37:ad:09:cb:0a:ed:85: c8:68:f3:e4:b0:a6:2e:e4:dc:35:f2:6f:b0:d8:8f:fc:e8:e1: 7c:cb:b7:bd:57:e7:1b:1b:e6:04:25:2a:db:37:bf:34:d9:6e: 04:7e:7d:42:8b:1b:e5:68:71:a4:d3:b4:5e:3c:16:98:dc:84: 65:1b:02:eb:8d:1c:33:58:75:04:e2:eb:1a:ba:ae:97:a2:a6: 95:f2:0d:58:54:ba:de:a7:8c:d2:e7:e3:da:cf:d5:a8:d3:2a: 80:6b:89:7b:06:aa:10:1c:be:20:2b:60:db:58:29:21:64:ee: 85:2a:b1:57:a9:2e:99:8e:11:19:42:7c:ad:39:e7:d1:89:94: a4:f4:f8:78:91:18:4b:47:0a:c5:32:2b:dc:35:14:f7:76:db: 15:1b:4d:18:3f:7f:35:24:28:cd:16:e0:a8:47:ee:6e:2e:9b: 29:d6:83:a6:65:e5:e7:0e:55:4c:15:cc:78:fd:12:96:cf:e0: 30:3f:e5:c3:02:69:1b:15:a2:e3:6f:b5:2f:50:fc:77:8b:14: 85:11:84:10:c5:4a:b0:b5:eb:dc:d2:d0:7f:ee:f3:a4:f0:8d: 3a:12:75:16:1d:30:3d:1a:92:f9:04:69:d9:b4:e8:af:59:57: 6c:14:28:53 -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIBFDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTIxMjA5NTQwNFoX DTIyMTIxMDA5NTQwNFowMzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEWMBQG A1UEAxMNKFBhcmVudGhlc2lzKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJr+n4Gg/0xDnsd72wkgz4Q5ylEsWhuSpfKWHN3LAfuM54Ffq4xqjjjb+Kte yLL0z9vTmv+NwvwK2B1Ye/Vyjf5osMOI9FrM8I2EHhbma9Q09g/Fwut7OdLOMtJn zCnih+r38PXgmVAYl9tJ4B651xdrFQ+YmGDNe/PcYsZpRw+9tfrPo3XBH2+5J+Nt gbp/wOvUZCFH5nPcST2cAZjgusJlheBp9vjvz6kVaVYiwra5u/kFWo3jzQnDUjwA IbRsy0GeehjX3VYaWAh3AgWam7eskFrA5rOcNQKgUHOfuUQdCLjUTnIkeKePxa15 aDS/278BxMCTIoZjFfrzDZp5MX0CAwEAAaOByjCBxzAMBgNVHRMBAf8EAjAAMB0G A1UdDgQWBBTMRdpbALbv3Leyzy4JcTc3GMju0zAOBgNVHQ8BAf8EBAMCBeAwPgYD VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMCcG A1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQwDQYJKoZIhvcN AQEFBQADggEBAMOpyRIK7Y7YegEKN60Jywrthcho8+Swpi7k3DXyb7DYj/zo4XzL t71X5xsb5gQlKts3vzTZbgR+fUKLG+VocaTTtF48FpjchGUbAuuNHDNYdQTi6xq6 rpeippXyDVhUut6njNLn49rP1ajTKoBriXsGqhAcviArYNtYKSFk7oUqsVepLpmO ERlCfK0559GJlKT0+HiRGEtHCsUyK9w1FPd22xUbTRg/fzUkKM0W4KhH7m4umynW g6Zl5ecOVUwVzHj9EpbP4DA/5cMCaRsVouNvtS9Q/HeLFIURhBDFSrC169zS0H/u 86TwjToSdRYdMD0akvkEadm06K9ZV2wUKFM= -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/dn_with_parenthesis.key.pem000066400000000000000000000032131207402625500266430ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAmv6fgaD/TEOex3vbCSDPhDnKUSxaG5Kl8pYc3csB+4zngV+r jGqOONv4q17IsvTP29Oa/43C/ArYHVh79XKN/miww4j0WszwjYQeFuZr1DT2D8XC 63s50s4y0mfMKeKH6vfw9eCZUBiX20ngHrnXF2sVD5iYYM1789xixmlHD721+s+j dcEfb7kn422Bun/A69RkIUfmc9xJPZwBmOC6wmWF4Gn2+O/PqRVpViLCtrm7+QVa jePNCcNSPAAhtGzLQZ56GNfdVhpYCHcCBZqbt6yQWsDms5w1AqBQc5+5RB0IuNRO ciR4p4/FrXloNL/bvwHEwJMihmMV+vMNmnkxfQIDAQABAoIBAGgWjzAS2uBwmPUG rHZY3oPB+6i/zFOwDFn5jbE1YEN6wQ4VHbPS62gr8bfEk6v61IygcvskTMnOzowG nFidcdZkoDDwjIleED45d6uRWuDMIGM/QEO8IXz8lQzQQD/wra6Si/PTvaIYogLW ffikfVpww1gR9mMsHA4M9xigIuTiSwP4re43Uc7M+2QWSXYsMeidLMLXh+sfzlxB 1aLr6L0ZHO+jaKpNaJLG+xzF3czQW6zPMMKYxgyNuB0w6ejjIH0oiB2OoV3BpEMo P7Ie3WQmOvRUCowW//IOahSFimVrHLaQePF0uKAzByJrzV+cr9M9JaYlBFW//WqH pKeHV4ECgYEAx4gtNef0gA9PMLhQyamTTsrJ6eGI6Yj/ay6O8u0+kt2bnWkPxAWC FDH+F1LTBPaYiKKf1ZLQovZgKg/A75oiLxOa64ACtmsUydaz/DrowBuwNy/taMDA tH0WVxNBUIs9+jwHuuAkc/HqIUF46/UR4yAEnUEAxU7GpIsrt5OAUhUCgYEAxtvG 6/1mn2M2gsKu0qgrMdzUSDnnjGi2VGQohh2bP2kAMzGHJd1/6O03lHCce2cHuJPH pd54t+ZeRGDGwDn/W8zND0ti2b3AR5l6+Sro3MdDbqx+2v17LdOnW9iQq7ZNoRo8 X9CNvr4AbntjHNwoQzaoIj6G1TWJ2632qiPYg8kCgYANmBCEeK4mv2REzHnsk1oO 5zAEeDIsvwGv2rcwg8tclC6S9eJ2F236VEGccy8fSnGv9WxwT5VZVPHOS854RIcJ sAtA+jK1HOyIp9ERYS4UUI6b4+8H0QIQCemouw4bH7F0R/y61aSGJbgu1dgYM1Up pTfLQu97gdd0xGqREkKO1QKBgH3VCFTALjXhU9b+Vh2aqGqO8A0cBvcEM4vHLRVg mqJPUP8T8g710ECWCrt1Xq9/jJUxff3pfr3vmeruyhVNHdb7Cy8IZu6dcZRc/EG6 80rxFCxuHn94Mn/XFGm76h+d5hVxQo7mqyrtk9xVW2whq6CMb2vr4On9TNSjihgz QohxAoGANjeYPmijGkVESlW48JZ3Qp8hp9X+5IfVdA8v6J9qes5uyRsdoD7q6MQ5 cyLHeE4izFoqPxHVx2R35DoOSrAFq+F7iUgkkOhirIIAk3AjwkREjP+gcZ1ztEPd MYyoyR0DnUIdcqYqaMEnbdUNi3vUkES72ePrl7rRUiTbbr5lFQ8= -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/dn_with_parenthesis.p12000066400000000000000000000047551207402625500257110ustar00rootroot000000000000000 0  *H   0 0O *H @0<05 *H 0 *H  0>Gg$ļ[\Zm9Jw OE_WF9l:D7μLV 듿F/8,־7:}/b{ ٮT=+"v̳_O4Hή`43E(c"g f>`LFyY+ O96LWa_ Y@'yPH./uuBssK*k"l{/K¾i3"S~AR|,s+(&RuBH#B :]ZnN2.:D۾kˈ!tF^R3sPD6CVW[GK0,7**&'xop!Pab/ѪW)Sm}Ϡ Wn=C=ݟdJAv(V")}:鍿8xE55=g,d솏 -t~i7s^|CԔV}v7:XP\GMLmZ 閡 `y>n;+ɭeJ? jPݲ'*9ȾR+Pg͓!>R;\8`ψoO{uwuQsϖ0.U@Vq,l] &`ö&#-+jWnu+ILn]ÑnzB RFޯrS3l+~s~u[2g xf8W;i7bgg㸘s9 ԓ7|W8;ZWћNuӅXwY ŰUC,ğZ52s(>͡CSeUF R%hi⭓,f7 tc7]Q0A *H 2.0*0& *H  00 *H  0jxr;Om<̀UA):[#A @/t^@c |VA^*+QEE(6}B}C}]LqY0 Os"5Fd4| h n:,O]{5hԎ<ĺ# iOFOKJy. xӄ_GGd΍^M8#x1[2>[GB|ܸ1 @&,[ұꍬwsv召E o y]7[M BմkDh**ݮF6gW>BF+7Q[e%mkc Wwldp$ ٥7lXt}R tfHG{3W֝& υXV}RRjGH'M {ث0*@YHO=~%_G7Pۤ,3I*w85fDOާl919'׸^'>h!A9P{λZ 掷,%-qȔ6k1BYNQq! ZR]h-$5xșVQEM]gk)їtWKf# |P5fdĿw4;Z:,k(F\ FԛWJ3#mF9tXKq(Sw1O(|78 f)^*TnѵMfMa6R|{ w\|nkSWN}Wv|Ymc{(ok#tD=Ezy,O ([ ҭ'@Fhɑh(r91ZkD}) :HYPTgpw9jD8 -jL8yU(]F"$M!t: >)ZŦ/Axq"\R4vy>)(XUJd?" 9{$*?Z74HE` >/9GӊLloPxR{'d Ǔ^cJMOxjon7z qfkkF%N(-\I^S['^%[M~/&@1|1%0# *H  1ӜAprn[jy 010!0 +tRE$@ Xvoms-api-java-2_0_10/src/test/resources/certs/expired.cert.pem000066400000000000000000000111151207402625500244070ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 1 00:00:00 2011 GMT Not After : Dec 2 00:00:00 2011 GMT Subject: C=IT, O=IGI, CN=expired Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:c0:62:a2:af:9d:01:41:cf:b2:78:cf:a7:ef: a4:56:b5:80:c6:ba:19:d1:a2:73:9e:85:d4:ac:31: da:7b:cd:00:85:ae:8e:db:63:05:96:a1:24:e1:ad: 69:69:9b:4d:b5:4a:c7:17:69:32:e4:0e:95:6d:f9: 39:49:6d:a2:10:bb:a3:66:71:06:b5:b1:a4:69:e2: 61:e9:71:15:5e:a7:b3:2c:8d:f8:2d:a8:d8:b5:2f: c8:19:f7:59:ab:41:5c:bc:4e:01:5f:fe:f1:98:7d: 94:d5:ea:4d:ee:83:82:2f:bb:72:25:e0:0e:ec:d2: 77:b8:71:76:81:6e:f0:98:1c:e5:0e:e9:17:01:7c: 2c:64:b5:93:cf:ab:fe:20:e8:49:fe:29:72:b0:7d: 87:af:59:06:21:56:10:c4:ed:09:ca:26:eb:79:bd: 72:ad:07:48:79:09:b9:8c:fc:3d:c4:0f:e6:28:3e: d2:8c:5e:88:73:40:40:30:67:47:6f:63:e3:20:96: 06:da:54:a8:d7:eb:9c:ad:51:b0:b4:96:e8:da:ad: 08:cd:01:91:14:92:fa:31:10:8d:b0:31:d7:4d:1c: c4:45:cd:d3:d9:cd:ce:73:76:bf:d8:79:e1:e1:6c: 0a:d3:55:c4:d7:f6:59:78:c5:f3:94:43:2d:b4:ef: 18:bd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 15:1B:A1:18:28:FA:09:25:E9:F0:CE:49:1E:74:C8:94:DA:84:CB:45 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption c8:1d:2d:88:0a:d6:d4:ab:b9:85:5c:2c:12:f2:b7:d7:06:ce: 73:87:a0:27:ae:7a:b0:de:f2:a2:a4:49:07:fb:ec:01:64:de: 06:8d:28:d5:de:85:89:9a:c2:9b:33:ce:e8:06:4e:7e:1a:f3: bd:89:2f:91:41:96:d2:0b:7f:70:23:f0:04:6c:43:c2:bd:5a: 3b:14:d3:65:ea:0e:48:3d:14:59:ec:7c:01:53:5b:d6:28:ca: de:b7:6c:45:22:b2:cd:48:c2:a2:ae:e8:78:65:50:d4:8e:cf: 1e:82:dd:da:76:3f:c1:68:df:0c:73:c5:d1:c1:89:08:71:9c: e2:4a:cb:d7:4f:77:3d:d7:82:7b:4d:1f:64:44:27:b2:09:5d: 0b:63:34:de:b8:a9:32:a5:63:b9:53:23:a5:7b:83:af:f4:9a: 8f:05:af:4e:2f:e4:2a:00:c2:7d:a9:82:2c:30:de:ea:69:cf: b8:97:5b:c8:2d:51:52:e5:58:3c:98:49:b3:b2:1b:03:97:f3: 83:df:69:9f:8a:a1:cb:27:06:84:fa:17:df:73:67:5a:69:f7: 24:ab:a6:31:84:43:c4:2c:4c:cc:88:70:c8:79:a4:17:b8:84: dc:01:fe:a2:91:84:9e:c3:d1:06:45:6b:bb:97:fb:7d:9b:ad: 41:cd:0f:6c -----BEGIN CERTIFICATE----- MIIDnDCCAoSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMBoXCzExMTIwMTAwMDBaFwsx MTEyMDIwMDAwWjAtMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMRAwDgYDVQQD EwdleHBpcmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsBioq+d AUHPsnjPp++kVrWAxroZ0aJznoXUrDHae80Aha6O22MFlqEk4a1paZtNtUrHF2ky 5A6Vbfk5SW2iELujZnEGtbGkaeJh6XEVXqezLI34LajYtS/IGfdZq0FcvE4BX/7x mH2U1epN7oOCL7tyJeAO7NJ3uHF2gW7wmBzlDukXAXwsZLWTz6v+IOhJ/ilysH2H r1kGIVYQxO0Jyibreb1yrQdIeQm5jPw9xA/mKD7SjF6Ic0BAMGdHb2PjIJYG2lSo 1+ucrVGwtJbo2q0IzQGRFJL6MRCNsDHXTRzERc3T2c3Oc3a/2Hnh4WwK01XE1/ZZ eMXzlEMttO8YvQIDAQABo4HKMIHHMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBUb oRgo+gkl6fDOSR50yJTahMtFMA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1Bggr BgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUH AwQwHwYDVR0jBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwJwYDVR0RBCAwHoEc YW5kcmVhLmNlY2NhbnRpQGNuYWYuaW5mbi5pdDANBgkqhkiG9w0BAQUFAAOCAQEA yB0tiArW1Ku5hVwsEvK31wbOc4egJ656sN7yoqRJB/vsAWTeBo0o1d6FiZrCmzPO 6AZOfhrzvYkvkUGW0gt/cCPwBGxDwr1aOxTTZeoOSD0UWex8AVNb1ijK3rdsRSKy zUjCoq7oeGVQ1I7PHoLd2nY/wWjfDHPF0cGJCHGc4krL1093PdeCe00fZEQnsgld C2M03ripMqVjuVMjpXuDr/SajwWvTi/kKgDCfamCLDDe6mnPuJdbyC1RUuVYPJhJ s7IbA5fzg99pn4qhyycGhPoX33NnWmn3JKumMYRDxCxMzIhwyHmkF7iE3AH+opGE nsPRBkVru5f7fZutQc0PbA== -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/expired.key.pem000066400000000000000000000032171207402625500242460ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAvsBioq+dAUHPsnjPp++kVrWAxroZ0aJznoXUrDHae80Aha6O 22MFlqEk4a1paZtNtUrHF2ky5A6Vbfk5SW2iELujZnEGtbGkaeJh6XEVXqezLI34 LajYtS/IGfdZq0FcvE4BX/7xmH2U1epN7oOCL7tyJeAO7NJ3uHF2gW7wmBzlDukX AXwsZLWTz6v+IOhJ/ilysH2Hr1kGIVYQxO0Jyibreb1yrQdIeQm5jPw9xA/mKD7S jF6Ic0BAMGdHb2PjIJYG2lSo1+ucrVGwtJbo2q0IzQGRFJL6MRCNsDHXTRzERc3T 2c3Oc3a/2Hnh4WwK01XE1/ZZeMXzlEMttO8YvQIDAQABAoIBAE8sh0RDZAWbjVvk rTxlSW78EyFpKUJMDXVk0ytN3gO4yVizZXRGG5Gz/Rz232QIJC71hMGA1rC2JOvq oA6MRNJxL5dbno9X1ohkgINmfpo1PTdnDfXVuW0rEgFFG6DrllRKhGOV7C2BIn/P qt0vFKA/S1fRMiC2Ex8paSi8JXzc+aihdMsxqgHtdaFtJMLzqVOK5WdsHyG+to8M kL5uOkiURof5lxi4HD14GluygH4SqcczZU+954klP5PqRls5EYHVqBqUP11ujb+q ddJju9yXWhpEOWAIWOeFbOr4F11TNcVHJWGYXi1vBbLN1WRQ14SIqabJzq56FdhL D6LRUcECgYEA6pU/wNWjpItmM9peGDOwy/50sqwgXiIjaq49tfkBWhazwcqx/uQX KjT7mutYFvPTU05aqljtHbzmGqnSZImWtCzJWtTqKVIX93zmnFTVDiosfqtSF7T2 MwgchgpgNZYAIDO9oRfVn1opr/2rJKXRTe7XvRboRpblC+MuuF4duPkCgYEA0Cqx LAqLjjvBQML3cj6sztjy/GoQfpdf9EYGOxwJkbWvNr51fHWBwUUDCPgQfXcVhOLq MbIHgu0xRuLspsQAmUBWlRfz2AcKoel5xAOqJ6GfBmFR7nHfXKWNgGNZL4bdhRqB e4k0SQTPrU24nw89CvQwMu/yLzAr47KnBu34MuUCgYEAtcPxw1yG0S/GgHU6pawf 2OEQ0YU4C1iOctISNRd9aa3fmVCS/TsFjAnDz3V+K0LAw3MaI5aGHJ3K+mwN/yLx aCiv2LbTvjLDKVxZYFcHQ1OAaKIdGQt6HW6yk1Yk2ECjVlBhJhrOxwvY82ouG1Z0 yNtBxV2jm1a+oahmAivDAhkCgYEAkZCI/AcTt45JgQPVDOqO5MYIhEGW7y7jRmmB Cex9NIsbzug4N6Pj7EZZ7PeqcFHJlncm1UFsxz0d7DfazHLbCE9ZPEDXnwSthrNB FrSJU9VM4qVDKb4vNxX9cP4H65gfZ2g1izFSgoz+vG1Q4MlDIlnHKpdnf1/sEPlo mwvlN5ECgYEAhQ1aloFlLKGBaIh+VdnVOoLqT++0L+9dXYVUArJOEHEt3CSGo2Ta PgOz9I9Mur7IylPMoCmNQcLV5QEZb7PTPTP+5OMJiHLxcrgs+jk/hdK5v1izVaFJ SVx+S6E3kW8PhlHGW7P5Ct5WBbzolSXscA87dXp+s5Z3MJ9VGfnP2wE= -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/expired.p12000066400000000000000000000047451207402625500233070ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0+Tkv`Por1huɬ(F[FTK~6C1'za210/dIu3DQo`erá)*ni_{hł˒(`CnzIb ś<෋|_u&uq\ꬴ_jv;F+Щ..=X֕!Ib `.]@JqNp&蕮*ahq`-L=^Զ=_5*9yv_atD7Th%kpݴـ7x34ңs#]_n .l ь7[G ;Hk0r01fS~ RbV_z^Ghg|Za' _-w eLO`XUPE#Btiw9 lYͪ|<0jIc@.5?=<.,0M%2 0mf "X5@f7t jXFev~!?rڭ$`ӔI(H\՚ e)|7uW'o_fHzW!(BV:I]/).GO2~4eCĘ@Rm rRuZ0ɌTEM*\-'VZ5M zqb[qI(mӡ/)*z"rs3Q0\6@QZUijfی^S:&a/ '&,-ckuX/A׳G&w" ;%dBAj5H[B'(\UK|oVI{2 N*1F -73Ib4KK= e2%A ̓o}d;}21,hy#,B+xsGĽoKgSBb.{f.Qv-3gg,.S>8%K> V<uRE搻+%ʐ$ ;qO 4wfם,y&u5Gkf>01ߊTzP;ّחJk2TrL笖! ƅ~봬1SEO'}7K,>owIn!tI90E.Ao#Q`ۍEE&Ta?Qg7*;?ڗ6&Uk 8©TU ;p|10Yl692h=R\>,xЯE6ce+E uK9]|`͌=ru`oFz{/݊t"agcQFHu9fÍr]zu癩紷$VXFhu>-a"^/KaR\lIjqÖx(oa\"_/+\2Lj_gÔ[AF{ӹ)1%0# *H  1$>Q{ |010!0 +eLS B6?r"h]voms-api-java-2_0_10/src/test/resources/certs/quasi_revoked.cert.pem000066400000000000000000000111411207402625500256070ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 17 (0x11) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Oct 24 14:28:33 2012 GMT Not After : Oct 22 14:28:33 2022 GMT Subject: C=IT, O=IGI, CN=quasi-revoked Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:53:81:8f:01:47:1f:cb:bd:b2:bf:b3:c4:2d: 7f:96:9b:53:b1:04:44:fb:da:62:6f:9d:f4:e9:78: 15:ed:18:52:68:c5:ac:ce:1d:52:98:ac:97:e1:f7: 1a:aa:58:ee:65:91:fa:7c:a0:4c:a7:67:c4:67:20: 05:90:a7:e6:6c:3f:fc:df:3c:f2:cb:f2:ff:98:1d: 19:56:f2:2f:5b:78:43:38:e5:90:15:d4:a5:39:d0: df:94:91:12:92:99:60:51:86:ab:d2:32:f7:91:04: 76:04:00:b5:b2:b1:03:15:f7:57:49:ff:fa:55:7f: 56:70:4a:29:1b:ca:32:c3:63:55:c5:eb:28:7b:b2: e8:76:74:72:0a:79:2a:20:4a:4b:26:bb:ac:53:e1: 7e:8b:2a:54:95:e5:f8:6c:ef:d5:29:90:ec:45:e8: 1f:64:7b:c3:ea:ca:cf:1b:4a:4e:65:df:32:bf:4d: b6:59:ee:56:cb:b6:30:39:c5:0b:75:4b:94:d0:97: 48:6a:f6:bb:02:c7:b1:32:54:e1:cc:8f:89:49:e2: 56:4e:b6:bf:da:9d:d2:86:c6:20:cb:88:b6:83:1e: a4:08:b8:86:e7:5f:89:c1:a1:5c:0a:30:35:3a:53: 0a:ed:a6:e7:2d:47:b9:23:91:a3:d5:b6:75:ab:a4: fc:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 41:9F:B2:3B:B5:21:1C:8A:8A:70:60:08:19:BF:AE:40:46:C6:73:68 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption b8:b5:86:d2:20:08:85:de:5b:66:a5:50:26:22:54:67:b9:60: 4d:ee:05:7c:58:6a:63:1e:1d:26:af:ee:61:0a:a4:12:e9:24: a1:54:c4:b0:71:37:dd:e9:84:df:28:bf:00:d3:e9:b5:2d:79: 85:02:6f:7d:16:3f:ea:02:1f:78:c3:c8:3b:fb:6f:f1:1c:2c: 87:70:f6:6d:9d:be:b2:92:7e:93:52:66:8d:11:97:69:08:d6: 64:41:54:73:1b:63:5a:59:15:47:93:8b:39:08:1c:6c:56:03: f8:3d:a0:f6:cd:7c:7c:4d:c4:92:38:dc:0f:ab:69:5c:b3:dd: 71:3f:ef:e9:22:c2:0f:9a:d7:22:96:77:36:d0:a9:ae:0e:6b: 4b:55:5e:bb:8e:3a:b1:19:ba:5b:0c:fb:72:e1:66:22:42:d4: 61:2b:65:b8:a3:c1:6d:6c:6c:49:fa:5f:e2:fa:e6:3b:7b:60: f6:0b:65:b6:bb:aa:1b:a2:ac:15:cb:af:e5:4d:ac:0e:b9:2f: 98:e3:74:4a:89:2a:3d:84:b3:00:9e:ab:04:6a:52:07:c7:a7: 71:31:7f:c3:4b:5b:4d:d6:a3:30:21:6b:72:ae:4e:e6:96:df: 7d:03:0e:fa:19:a5:99:2d:ad:ce:d3:77:1c:3e:df:84:7e:c8: 88:a6:21:0a -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIBETANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTAyNDE0MjgzM1oX DTIyMTAyMjE0MjgzM1owMzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEWMBQG A1UEAxMNcXVhc2ktcmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAM5TgY8BRx/LvbK/s8Qtf5abU7EERPvaYm+d9Ol4Fe0YUmjFrM4dUpisl+H3 GqpY7mWR+nygTKdnxGcgBZCn5mw//N888svy/5gdGVbyL1t4QzjlkBXUpTnQ35SR EpKZYFGGq9Iy95EEdgQAtbKxAxX3V0n/+lV/VnBKKRvKMsNjVcXrKHuy6HZ0cgp5 KiBKSya7rFPhfosqVJXl+Gzv1SmQ7EXoH2R7w+rKzxtKTmXfMr9NtlnuVsu2MDnF C3VLlNCXSGr2uwLHsTJU4cyPiUniVk62v9qd0obGIMuItoMepAi4hudficGhXAow NTpTCu2m5y1HuSORo9W2dauk/FcCAwEAAaOByjCBxzAMBgNVHRMBAf8EAjAAMB0G A1UdDgQWBBRBn7I7tSEciopwYAgZv65ARsZzaDAOBgNVHQ8BAf8EBAMCBeAwPgYD VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMCcG A1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQwDQYJKoZIhvcN AQEFBQADggEBALi1htIgCIXeW2alUCYiVGe5YE3uBXxYamMeHSav7mEKpBLpJKFU xLBxN93phN8ovwDT6bUteYUCb30WP+oCH3jDyDv7b/EcLIdw9m2dvrKSfpNSZo0R l2kI1mRBVHMbY1pZFUeTizkIHGxWA/g9oPbNfHxNxJI43A+raVyz3XE/7+kiwg+a 1yKWdzbQqa4Oa0tVXruOOrEZulsM+3LhZiJC1GErZbijwW1sbEn6X+L65jt7YPYL Zba7qhuirBXLr+VNrA65L5jjdEqJKj2EswCeqwRqUgfHp3Exf8NLW03WozAha3Ku TuaW330DDvoZpZktrc7Tdxw+34R+yIimIQo= -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/quasi_revoked.key.pem000066400000000000000000000032131207402625500254430ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAzlOBjwFHH8u9sr+zxC1/lptTsQRE+9pib5306XgV7RhSaMWs zh1SmKyX4fcaqljuZZH6fKBMp2fEZyAFkKfmbD/83zzyy/L/mB0ZVvIvW3hDOOWQ FdSlOdDflJESkplgUYar0jL3kQR2BAC1srEDFfdXSf/6VX9WcEopG8oyw2NVxeso e7LodnRyCnkqIEpLJrusU+F+iypUleX4bO/VKZDsRegfZHvD6srPG0pOZd8yv022 We5Wy7YwOcULdUuU0JdIava7AsexMlThzI+JSeJWTra/2p3ShsYgy4i2gx6kCLiG 51+JwaFcCjA1OlMK7abnLUe5I5Gj1bZ1q6T8VwIDAQABAoIBAHufNxpa9qWLap7G E8ywQikX6f4/A6IvSBl+d/bHF8QWdZIHFrHsicemad5fMx/r5vL+kynG1gbbuqbb Xdo9b2des4GCQCuI7jHTBZK9yzgwB374tOsPnOvWRY/7mDg0I6zVVu+7z++Yz6k4 T6XAP4wSxb8122UMxdrD5HudG+tK7pFJEYM0Qsvh7uxvHjp0ilw/PwqvbVqN8Jwm Y7IPjXhp5nkUu8d7z/VOHfIKCq2ornywLeY+/BTQjGnxCPhk0NrKmw2Cyge4tDR6 qNV6nfrk+xkxicaxqMwfVx+N/xaNIzOYSZShuX/2LJ7IWTaO7RThuSYhTQZKu+rL Z/T42jkCgYEA8rfSO8/cu/dH2+d8kneZJG5p7Hhzy/M1nWQCjd8DnhigFbAPrDTj /USPh4TsqibolusVQ5lzgJXftjSqN3cSdUwGN+vEs5OdqldYqzvQYSM6oaFhSF2C aDESVB+9PN5XvFSZx9VlZhUZb1bXHrwqmJvYVHlCL2QxYRZjVAqTKMsCgYEA2Z3h TueieXOfmQJlRW6B2oxDaUdu+aY+o4gVDnUZ+nLIVWBHu08zsVYgWJh8FTRINkJ/ 3ylOoEhWAKMj7F+CD7KY/j3YZVZb/GdMUNncD6kYzjnKqt37yvESzLKlYLJUWLoT YbzvZqMw0G60Z/Xwda9Szqg+mhuJbF08ub7YZSUCgYAiMshKaSU+zr6vO1SQBo3r VitSiD44lFIPlRHPD4cg9XNI2v+6UdF10/0tKQt3hffrm7/pQGvHyFY3BACfxAUz xbxykKOscbYbVCdIKStZJG+UanqciaBgMdnVRIuTUfimrnzkbSrWUU6+I0w4JmcS DZNTg6pRpxpWBaOFKeBGNQKBgG036+iqIMVL3oHwzdr3B30kgIDKNUxev3lbxxWm eA9WpG0VEWtU6ODMFRfiEASkZMm2vm7GUIvpQiC3wEPV+3TdciPH7l+N5ETdo1PA w82oVKbMIod3OfQ04faSgqXxWpvdZ/TZ2l1s8gbqSOkUakbmY20My76Uq3gTo3Kl 8f1xAoGBAIfOxKw2GU7FUtcnrceQYNqe1C4+dcIPy6cOPRyMH24m1VN+phpr429E tq15ywfoigJINj85q+WXQhpkXTa2Dz8cua/RxzOymRPSiXy+SrwNA/0pDeqm6A8y Y3nNiSaQNAc1uWolLVrUlapVSoEV+MNIO2ELytGs8kQS9/ybwDny -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/quasi_revoked.p12000066400000000000000000000047551207402625500245110ustar00rootroot000000000000000 0  *H   0 0O *H @0<05 *H 0 *H  0ʐca7#*xq:k? ^1xO-ȣo7| #wBxZ@ýtaD놉 M(@ b-_mVW ,} u?4v9w NfoNQo0اuW\sytN`ef>͊Aw햑ML%"$7d`n yBѬu]:oMC*5WsM0|/X'D@ _<J #%銵x5w@`NE 8P5^a^:Su V8Ã/q##'|Ob{VV=Z,O5-|`EckEs+ub̈́ruUlOעǬZ[:_O+P?^hՁ::ECPUfţ~zCX;B.+aE@9t-O֖1[FI1|ӺeA1ߗ{l %9_Ra~{N05/P1Ah{%dl&v5a^iV2$?39c[3ֿh) ٿVd'rZ3sG|]\sdJ$^Q(1ޕn]eLD2&\ﬨ'lۈCTŽ%S9dתe hk'ĕucْ"2CԤL6Y 4a$L@>,>'7&w+(uY]d;Z"牏L,I,פrW6.9#w|0 ȀY@% [:aSJ} ^hG!> ƱEg > {:a}& 0WxA8*Zra۲jJoRXKU-̚oo>ܘK3G =w2J֐M2 st2b߃Nq#*8zam~QS'HD &u9ʲ$!:0 #"O,¡4݁*CԒ "C m%PvrKMӴMU`%6on*]5)yb%h׾g%'% '%Hr$/]4ч· ~)F+rYxjfگq1*8 S&]g!ɜMGYt}8>`]dܝ@ >2 ~9`mSwLo ͈` yS+t` ⓢX秅ީzҷgDtsrA OarU1%0# *H  1KmqX #010!0 +U}Oy6w \ 5#voms-api-java-2_0_10/src/test/resources/certs/revoked.cert.pem000066400000000000000000000111211207402625500244030ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:20:43 2012 GMT Not After : Sep 24 15:20:43 2022 GMT Subject: C=IT, O=IGI, CN=revoked Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:54:52:82:ea:f0:fc:93:0c:af:f4:6b:51:31: a6:66:98:9e:6d:7f:dd:87:45:69:3d:bb:64:03:59: 58:d9:59:16:f0:f7:7f:a2:c1:6b:27:1c:f4:69:a0: 1c:dd:97:47:73:8c:fe:2e:c1:fa:0b:35:fb:f0:49: 01:6a:a8:12:e5:39:a5:3c:00:ec:de:8e:99:12:2c: e2:8c:4b:7a:5f:f1:41:7e:6c:ee:eb:44:fd:e3:b3: a7:f9:72:9f:75:8a:fb:98:c0:77:b5:7c:90:58:ff: 0c:04:9f:c9:11:3c:71:39:de:86:df:d8:22:f2:e3: 7a:32:ca:cd:91:dd:7a:3e:75:7e:20:72:6e:4e:e6: a3:ab:92:39:ba:7b:b7:73:35:5c:30:46:f9:d4:27: 60:79:ba:dd:ef:19:ee:30:15:9f:a1:76:04:a9:40: 94:83:03:74:4b:da:4e:b6:e9:9d:97:92:6c:39:9f: 64:51:fd:32:b2:b9:c8:41:e1:35:e7:86:37:86:26: fe:91:26:cd:7a:f5:84:42:77:34:54:04:f4:1f:7a: 65:85:13:db:3a:93:40:df:b7:5f:6c:3c:1a:3a:ad: af:e4:7b:94:1d:81:10:f3:29:bc:c9:2f:af:28:83: f2:af:c1:74:f9:c7:88:7c:50:24:e5:e3:80:12:6d: 82:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 96:99:F9:67:14:C1:69:AD:2C:92:37:FA:9C:83:54:95:F3:39:2F:B3 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 5d:3e:5d:1a:94:0a:eb:ea:30:e0:95:b3:53:9f:64:a3:b1:2f: aa:69:40:ca:b4:c6:c4:93:ee:96:da:66:f9:8c:59:9d:30:07: b6:ef:95:0b:34:f7:7b:0f:6b:5c:25:d1:16:59:e4:db:51:6a: 5e:83:8d:41:48:d3:48:29:58:82:e7:c7:8a:23:e6:d9:97:78: ba:b4:af:71:b5:2a:e6:65:e3:18:2e:48:05:cc:0a:76:49:e9: 61:e0:75:e7:40:8b:fb:1a:8c:a4:63:6e:09:07:26:40:20:33: ae:c7:74:01:8d:d0:d6:8e:9d:20:c5:c6:bc:71:e9:e8:db:cd: 97:b6:f8:76:fe:92:71:8f:6a:46:5e:88:93:94:74:7c:c4:a9: 35:d2:7d:ad:58:7c:d7:f0:a3:ec:32:84:2a:9c:88:9a:b5:b4: 1a:88:f8:5d:e8:f6:da:15:d9:d4:a8:b3:5e:c6:24:b7:c1:ba: d6:06:74:c4:16:75:a6:86:de:43:5c:d4:09:e7:b3:71:41:8a: 68:1d:e0:18:a4:e0:ed:2c:fc:6e:e9:80:08:8a:2b:a5:b8:af: 0a:1f:f1:43:78:41:99:ca:ee:18:45:10:44:e5:3d:56:69:87: 1e:9c:f5:50:64:fc:41:9c:11:03:a9:95:4a:ad:b7:eb:81:a0: 2a:56:69:a8 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBBDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MjA0M1oX DTIyMDkyNDE1MjA0M1owLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEQMA4G A1UEAxMHcmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBU UoLq8PyTDK/0a1ExpmaYnm1/3YdFaT27ZANZWNlZFvD3f6LBaycc9GmgHN2XR3OM /i7B+gs1+/BJAWqoEuU5pTwA7N6OmRIs4oxLel/xQX5s7utE/eOzp/lyn3WK+5jA d7V8kFj/DASfyRE8cTneht/YIvLjejLKzZHdej51fiBybk7mo6uSObp7t3M1XDBG +dQnYHm63e8Z7jAVn6F2BKlAlIMDdEvaTrbpnZeSbDmfZFH9MrK5yEHhNeeGN4Ym /pEmzXr1hEJ3NFQE9B96ZYUT2zqTQN+3X2w8Gjqtr+R7lB2BEPMpvMkvryiD8q/B dPnHiHxQJOXjgBJtgvMCAwEAAaOByjCBxzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBSWmflnFMFprSySN/qcg1SV8zkvszAOBgNVHQ8BAf8EBAMCBeAwPgYDVR0lBDcw NQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEGCCsG AQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMCcGA1UdEQQg MB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQwDQYJKoZIhvcNAQEFBQAD ggEBAF0+XRqUCuvqMOCVs1OfZKOxL6ppQMq0xsST7pbaZvmMWZ0wB7bvlQs093sP a1wl0RZZ5NtRal6DjUFI00gpWILnx4oj5tmXeLq0r3G1KuZl4xguSAXMCnZJ6WHg dedAi/sajKRjbgkHJkAgM67HdAGN0NaOnSDFxrxx6ejbzZe2+Hb+knGPakZeiJOU dHzEqTXSfa1YfNfwo+wyhCqciJq1tBqI+F3o9toV2dSos17GJLfButYGdMQWdaaG 3kNc1Anns3FBimgd4Bik4O0s/G7pgAiKK6W4rwof8UN4QZnK7hhFEETlPVZphx6c 9VBk/EGcEQOplUqtt+uBoCpWaag= -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/revoked.key.pem000066400000000000000000000032171207402625500242450ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAoFRSgurw/JMMr/RrUTGmZpiebX/dh0VpPbtkA1lY2VkW8Pd/ osFrJxz0aaAc3ZdHc4z+LsH6CzX78EkBaqgS5TmlPADs3o6ZEizijEt6X/FBfmzu 60T947On+XKfdYr7mMB3tXyQWP8MBJ/JETxxOd6G39gi8uN6MsrNkd16PnV+IHJu Tuajq5I5unu3czVcMEb51Cdgebrd7xnuMBWfoXYEqUCUgwN0S9pOtumdl5JsOZ9k Uf0ysrnIQeE154Y3hib+kSbNevWEQnc0VAT0H3plhRPbOpNA37dfbDwaOq2v5HuU HYEQ8ym8yS+vKIPyr8F0+ceIfFAk5eOAEm2C8wIDAQABAoIBACVoZzQKkx2rRauM MLnqBrQradOMoOhd5pczsLsjTpqvsa2ZYZtc255toA1BAVsmX9JzFB9evPN+rgC7 V+xFuNro30enw5yN0uMtu9IWDkBybuCLlBcqqr5E/a0y9EednORgC845eQh6wZgW m/g8jQJ+jCOQL19SegF91gbxkQMfUjLGlqn+Xe/3xDXKcQvd49LKpl7OFYZsj4Lk i0Y474CUqMioTZdNJ/ryF9OIQJ2z8Uk7Dp0bd5xOgGaiMtzNpnRLftsaTghnIXNP IURh1f4bhTOiwjcGyGF0QvSeELw2lVv8jyPv2g2o0xKZRcDdCETdEp3lpksnCam4 tJTjKPkCgYEA0ARvYGtxtVHk70WRSjDci6PZQZKDDQt0iuA8suxOC7vZ3/38QE/B M/VEduCMvVB3fcjGoxKgVnN+mBo2Fe/5HG4E4qE4lyAdsbAvbKqnnAkgdxKMTJPK fl4q0d5AFX4OEFxhcNlvXvtfJ7Trp8tnJ9j5eLRPYohm5iFtBLxkSr8CgYEAxU/h v08j1aaCpXTJodcZfD3mujDb4vvb+ywgyDw5unpxRybneWyNwKEnBAaC2BvEk7a0 bXfqWcO9w0wJ29xrt924v/9hbXlYEViYTHdfJVxBu/fP71KbKjOFaf81msog/qqK n9EvvzxVqVz8ldW1MP/pBp5MGOF0vdegR/qUWM0CgYEAxfvypaqdxx3y72kfJ6Xp w15nYWm5IalNewCBxSnz/mcEr5RlijBeir1eNGb0jRsRH78AkCUiRiYWz13jLG4C g3STYcBgxDXlDUHLYXnrnS9ynuIgdqITkMK/rpACHnKjoB7M/0N0JMrLfldME6Ac xmhUyPWUuQtqJI6b3G4SZrECgYEAjpVmPfgzng3gtS4LEx+8c/LLi9sI2yND2WMP IYOb9+zJdTBg73cJjJ0n85m87exLBq9t/Pk96bYwqDOHoFDNqqXX/y7OOe0JPie2 jvNoVzgu7GVs5rXcGQf4LhvVodDVPRMCb/Ebvucbw/LFOIWhlRIpU7YKqaQq15E9 ayZiEzUCgYEAgm3qJfv3d0ebJHG12Us2KjyUvPYIzriyEX+GbaIF1jm+6G3qwQBp T/V+9GZb7aOwwRfcJQWBMj8eYOkzmM2bcGQHADrSBbhJZnCXazkqqxhtj4duXMTV 6gVDEldAhv66N6jrSauvUzXix7J4yb1yFZbjmLT1prM3+hkW9twFx4A= -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/revoked.p12000066400000000000000000000047451207402625500233060ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0TIGIL/ө^e( ,M_:H=0w1:ia()6 %bfP[v֗I7kqI+rt m[ġ*xnD)ۃك)-,DcO!>WW`6=AsKA7 Eta.p,~!!=fYޝh=|gj;%P#G_KÙ?fM;xm-?Ikjz'ZGGҔD,uC<14YYB?"Z=˩|_ FH:qS4jUJl-c:ffrk9Q {cE^WF(ZG?w]חcA=@|>fEL氱&{eڷr`Vr -H%V w?1sP2^e:{ k ݠFZxК쵈qEZbsYEqxj~%tRsfQ|T+e>xJs<Ƭh G)uFK2`$Җ| 9À͍Cס#Z X;H7ru֌zzcF('mF>J%q1! !E[4m/ѓ[1<uSph0A *H 2.0*0& *H  00 *H  0B ,lR enw vN,ƝDϿHlNq9m!.z iSfBI+MUr9bPHɺW*ww9l GrϋCBl'MЋ/P (G+r3YVь6ǰ8ӎq/|6&6.ErC6D;hGhe1~y-x &~2pFqY[X`*Un4K݉'Fy9%e!H[UK~i MD.fkoSϫB("W|0kQ12{~  M]6'> Xӂ:IWA x~ߦc"Ԋo=Yq!~S(Lz8M0e EfbW`ΪŢTt F& z4. k){ف ު;[Se)8+/\h ZG]C*/%;~YRGԣ;r!|fxl1iТ,2"͂t&$_-t@prJ$8qHmȭ`Ũnrhz)}ְZn S0^^5 Pΐd=ͩ2 9]|ujbS&ts]0o%<{$Nؓfv~;D1 /܆F͆*2n.M 2[Pni70 .'SV֯M-'ko Yg=@*;,M{޶\H]B+<w4F!ODl%NMMgM`їއ@ v\rR?{7䯺Wt/嘹x~Ki(;;??|/،qE}j<Von[f@*e`JM&/=nU7Ym%we'U򽁘融fQIP*jhktsf% լcm%u*a:~ ~ܗS;#s2v- |j֘okJFn Qt=۽ 6Ej`w*=k3şq1)8hz`;VNӒnRBÚC84 ȬHs% @CA:Pn>ɴ'Lݝ[zcʴVޫO,$Ă~q&E}1x #ImGbiA[mgC8 Hm1290Bk6]Lx&% >e&"/db?Nt1!#LtBdlNƖUرQkKڤ͵ȗ$vV ?.T _ۋ'9fSqT[e8lO 6C063 iMeDZkG ?x跿e<\;1F0Wʟ9\v9y ѐD8l!]i]O4U`0A *H 2.0*0& *H  00 *H  0<_RIȳ|f~XÌh$%+~ph#Zo[YJ%y6Og$~~<}wR.4!8Joځv6O#XabR hL88գ헎h&f6 #]NjOHj_*ήb:D%Wzk%,v:j#4o{^,R_[i KֈU'..Dq&}dƹv{F?1Ӿ]@m.劇n"O?X,Q}ӻ-VĀT޸˚a_\skksE_rh[zb"ad6CC'OմЪY `Ae.nkhw Diy_fKZ@Nxk~Ic4Ea UՁz\rV֯&?qX9pGUdd?ۑԲ |jIR DKwJVS.g #1Z4;oSt.X̴Eꋗ`kWzT5.Ϡ(=0dt[v(g7X>"F-nZz .KnX<[`nU&Hy"üJT`"@w>gϺ46)#6DLÍi`?=l)䩊3c7mVAc&%M?arB ܐYCΦtۯAXdeU }dLj>r Ϟ8|*7#CV濍miF[C*;-i-g/~˚_Ɓ&H̎'Y}@ݏO} o w0 ȑQUj`nb-KS'00@):9~j$'GWApbqے Z[&Np{f(^W90XP/B3PoCHxo E]adF2 9.jtM.6,~]d&+nnĘԑD; ?韲Zսp616lӐGqvu+,&~!,^:Abnx}G2w$=lE7/&$R+Rr̓ 9C!*{8Q԰-2..9a}eUYEpuj}>V;EΪ}z]/~tn{e"{C1%0# *H  15Z2& 010!0 +V oH=$voms-api-java-2_0_10/src/test/resources/certs/test1.cert.pem000066400000000000000000000111141207402625500240060ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:36 2012 GMT Not After : Sep 24 15:39:36 2022 GMT Subject: C=IT, O=IGI, CN=test1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:d8:5f:03:36:b4:1d:28:58:22:0a:ce:1d:37: 79:17:d9:3c:8d:1e:35:34:76:04:f4:7f:9a:86:0c: 2e:06:26:02:9f:93:9b:7b:36:0d:8d:57:24:55:f3: c2:be:d0:9d:26:0e:91:54:86:48:fa:db:e7:35:ab: 53:63:ad:32:1e:78:13:69:a0:64:d2:19:9c:6a:9b: 1a:d6:e8:7a:b5:33:5e:01:e0:0e:1e:0d:9e:98:68: 0c:1e:6d:42:34:7e:45:6d:05:e0:70:05:88:a9:0f: 51:87:76:37:34:93:c8:58:1d:e0:b3:19:7d:1b:1c: d0:43:66:83:b7:64:92:98:ed:e2:ec:e7:75:eb:7e: 81:4c:51:99:3d:fc:5b:5a:8d:8b:fd:3b:ad:82:7d: 24:65:83:40:05:6b:01:37:f3:53:2e:80:8b:6a:f4: eb:41:9c:4a:a2:2f:03:e7:d1:74:c0:11:19:d6:04: 54:04:08:60:21:e3:a9:30:91:11:a3:e6:53:f4:7e: f6:9f:a7:14:bd:70:f3:c8:96:8d:0d:dc:a6:28:86: f7:f0:8a:34:02:7f:3c:15:dd:bc:79:f0:58:e2:fb: 33:fb:0a:a0:88:59:32:bc:c8:0e:94:a3:d5:de:3a: 80:00:61:be:31:9d:19:e5:ee:f6:08:3a:8c:f0:44: f0:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: DD:25:F1:5B:38:2B:67:15:1A:F3:B6:58:E7:3F:CC:C8:6A:14:4A:9E X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 6a:2b:55:3e:a9:29:94:d4:94:e4:e1:dc:1e:2f:a1:0c:14:90: fd:1c:39:86:43:6e:40:45:db:f5:66:90:dc:21:74:8f:9f:28: d2:46:c6:09:e9:28:f0:c1:cd:a1:81:e6:81:e9:be:f0:ae:38: 46:06:f9:50:70:12:7a:23:34:95:55:c7:3f:63:75:40:00:2b: fb:d5:2e:0c:5e:b6:95:70:11:61:70:63:14:8c:e5:be:9b:0d: 7b:3d:68:a2:90:61:01:bb:e8:be:a2:a6:93:60:a8:91:15:61: 93:0e:87:be:69:ca:af:4d:0f:3d:ed:0a:1e:d2:be:f5:54:8d: 12:91:38:33:f7:8c:75:9f:91:36:65:72:a6:28:8a:ac:cf:55: d9:29:40:62:a8:2d:48:d9:b6:dc:d3:09:e0:8e:00:06:ec:7b: c5:63:57:5e:d5:b2:85:cc:5e:5b:6f:f0:54:15:d6:e1:92:6b: 6d:75:72:45:f7:9b:d1:21:4f:79:81:91:54:85:e2:4c:fb:68: 27:e1:e1:a2:43:f7:8f:df:3e:8c:49:72:01:64:81:cb:2f:a4: 77:f6:ca:a7:cc:54:62:36:39:8a:04:c4:b9:6a:21:3a:6c:cb: d7:d3:33:ce:49:6e:3c:b4:83:bf:b3:bd:0f:6c:82:a1:7a:d7: c0:59:d7:61 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNloX DTIyMDkyNDE1MzkzNlowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO2F8D NrQdKFgiCs4dN3kX2TyNHjU0dgT0f5qGDC4GJgKfk5t7Ng2NVyRV88K+0J0mDpFU hkj62+c1q1NjrTIeeBNpoGTSGZxqmxrW6Hq1M14B4A4eDZ6YaAwebUI0fkVtBeBw BYipD1GHdjc0k8hYHeCzGX0bHNBDZoO3ZJKY7eLs53XrfoFMUZk9/FtajYv9O62C fSRlg0AFawE381MugItq9OtBnEqiLwPn0XTAERnWBFQECGAh46kwkRGj5lP0fvaf pxS9cPPIlo0N3KYohvfwijQCfzwV3bx58Fji+zP7CqCIWTK8yA6Uo9XeOoAAYb4x nRnl7vYIOozwRPDnAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU 3SXxWzgrZxUa87ZY5z/MyGoUSp4wDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQBqK1U+qSmU1JTk4dweL6EMFJD9HDmGQ25ARdv1ZpDcIXSPnyjSRsYJ6Sjwwc2h geaB6b7wrjhGBvlQcBJ6IzSVVcc/Y3VAACv71S4MXraVcBFhcGMUjOW+mw17PWii kGEBu+i+oqaTYKiRFWGTDoe+acqvTQ897Qoe0r71VI0SkTgz94x1n5E2ZXKmKIqs z1XZKUBiqC1I2bbc0wngjgAG7HvFY1de1bKFzF5bb/BUFdbhkmttdXJF95vRIU95 gZFUheJM+2gn4eGiQ/eP3z6MSXIBZIHLL6R39sqnzFRiNjmKBMS5aiE6bMvX0zPO SW48tIO/s70PbIKhetfAWddh -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/test1.key.pem000066400000000000000000000032171207402625500236460ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAzthfAza0HShYIgrOHTd5F9k8jR41NHYE9H+ahgwuBiYCn5Ob ezYNjVckVfPCvtCdJg6RVIZI+tvnNatTY60yHngTaaBk0hmcapsa1uh6tTNeAeAO Hg2emGgMHm1CNH5FbQXgcAWIqQ9Rh3Y3NJPIWB3gsxl9GxzQQ2aDt2SSmO3i7Od1 636BTFGZPfxbWo2L/Tutgn0kZYNABWsBN/NTLoCLavTrQZxKoi8D59F0wBEZ1gRU BAhgIeOpMJERo+ZT9H72n6cUvXDzyJaNDdymKIb38Io0An88Fd28efBY4vsz+wqg iFkyvMgOlKPV3jqAAGG+MZ0Z5e72CDqM8ETw5wIDAQABAoIBAQCBhCIaFQq6pyRo THO6/50nPbMYea2+55c6sRvEi6PV3b8OxJI6mCHsOoBaAYQTjvSXe8+sKVlRGpiv llNkunIDehRNs0zt8XNrnSs1HeSXyU43xl+Qmd6Qd7X+51LpI5e9KEzcV9q2YQ0f 0PnIRjDQXATyoCch7uzJB0u6bZMNhea+gqHP6e7eWH+Cy8+ZbYXtk6rCrIOv0E9l egMEG3ErqHBUbSlb2+OGexJduUaCAKFQKyntHdgQkcbKBWEEuMsxd7xYZGjgE7I4 wxyjmHG1RoPAznnnB/eUkdBHYUszavX6ZCF09fmVy+qfbGT1AlaYbY8LxeBNjYio DEuK12LBAoGBAOfNFpXdnZvsjzSmhbUnY6HJlw2irGWlgohxPZM3Oh+L5HBJtHmZ pOd95pmS9Ze0mpFpaGJUtelIsuZbXMKQJ+3YyiPzK/jAH25QUM+moibVOjmzZWyD kZDjU6p1nNyW8/Z8x9iJUJUfTuVcXWIRvmjW+bbQ4/Ggzm/3eLRUx9AfAoGBAORw VTpFWidTL8dDUuaMN2s3zOXODYrk6MqbeuhplqhmL9T6ye1+tcmvyGXI8hiDkg+k s7yhrIPIyM7WOfRVFg/N4eco8fsY9qzxlsfd7S7DnW/dDtpgWTPwukzzORfnYGQc 9Ac/PjmtTzx2lzmfeP+pvgXFwUqvSyfhXTxAvSY5AoGBAKF+XhzdQIAwaHkbBw51 udEu3IFQc2GB1RZwJqEZGfJ+iRG+F/GcHKp3KaCXJWmjFwj18haHxBEaaCFbR535 xwfLQNGZCmqMl5lIdXSmOFRru9wVYzUd2N2js1eQB1AcDy4MM0NmL3ElVdcv6ZN4 nzr1gxZeJGDkUs7pD/w7ENarAoGBAJ2WCJVMJmceccVKYjP84nYqZkTZomoAg77R BzaxMGc3JyQLZaVaVdmuU9Yzix7yFJ6KBhvIhBPdPPnCuvQchj2cz4wBqPyJOhIQ Du4N4IL0GvWCT67B7IdyN3LCDs64pLwrZQRi0nBDaHfTb3sm0fe8hwPAahk1V+lJ BGJ+Xn2xAoGAO+s0pkpMaktUQz5E0xRRsqDKZgv9/TKqNUddx2/rrwUJDhZ+J2hy sl/h11WMTQAUPRz3tMKzGw1D+Js5UeO3Jo7fTr1wwGH8kfnoD8K9oVPDbn6pF0Us rXT5O6JznMUOcSjP+KRHzkj2Wet8se/0FEtnBV0fMJmu/2lH3MyL2v0= -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/test1.p12000066400000000000000000000047451207402625500227070ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0 A" :'}=smQfZ4<%j1]+7R?}Wv5G AJq\4BWv}ssoPo?"}̵l5q13Uc5-w)"\439fzĈVB@t2ltK&FjZ_f FF%V_-VFn&]A?NO7Ԯt; Lb-}2DN;2u7V5R!LT= aݵ8]1 )NP1`&^;K+|3Su/0o,wbܥ[Nͅ'l>O#jZ 2JOMMLL4WDxv!>=Cl-z9ڀj}QJKUQlܟVvn;dR1Y)$ [2A(( kIYOg1{^cbX3v(% *ˁ~pm{{X6$L m,l CHZI~}<hO^V[.hVvqՃ-c mDUdC*`_:i pte. $hN,3}`^Z!)~3;5ڑ4ZM4Yǎ^ ^ f $?۳3!9)LȩGOկmxX$sb̳w$G'a s0a;֙[W~Y"kinF KrZ0EMt[nf&šЀUͶ0I ?~܆K[KpDtmSAjvhngʏO3A-i03M>2mWhtcBPRl~^ſEZ6PrzޜET Y.ge?Dˉ0r-}u0A *H 2.0*0& *H  00 *H  0%VȡVҕdĪ}L䴘U O+Y1 |{v\&"M EW8 "&uB)}\ܚeL"mZv2  1X /NXEzT'\7j>w+]:?d؁ 3/"IxyQ޽xѳ>D"~{EɨvoED57ܰCᝯRPH7"RI ԋt'$^}eOzbV-\<5ØG(^m"Ȕhyyӊ_Ɂ^ nB5X l QT3F3hM*kQe#gbg,!L2iv#}\J֣ؑ=q$w=~'S`~74L`W3*}(9/35j\$楴 L'HclMū1rm,{I=潩QNZ0-@f$XK 3z9_XmnND^)n;hGdz:'D~tzI{ީ~˞OhhFSfʪ`IPk7EV 0hNʅ?%n?eIj0B6/(v< nlM`T* hd@8:[cU¾nE.gL*cÙ b2ʶI$Trfɗ|H};VXxE,ɗx&:YTh%Jm֘n7h[Ef$ s\w[e@I>\""5bD(~S~9s0NZtS]d*e92nsK,+$&,R6$=xt#pJF6-J^,L9%"7 20O׀/9[W逄d% H6`R]Y!P FM]+T`Y^|&Y>`d]hA<WbbՔH] df^wg "Oua lfB(@A^Pnˤxa9FޱD(NAAorI4/NӒ+v@7d̰" w:@筲ݍqr_qd*Яiqᙛ.ꙠnVX ?[]ͭH%|v:Ec(0}Ϻtcy7,D쩪s1t>WCgtq *\-/m0A *H 2.0*0& *H  00 *H  0iHHkrW.a0oBL9G8 M?.K{*:3^Bn pAk4/ixSWgZEWpb|W̭djAo{m/S> r͠,p4:eO3]0N>.{|ֻsFiCC?ã4Z#aoYNG&$$kWDr"ДYK.{%Nþ +Gns|3CV*3v_S_4%P6믙>P V}894ix ;qt5rHǝ9g'y[EZb% $T%M6[ƙsZ<.;s1C+ty )aRa^D>@4V D_۶ptBs6S9J>  :knQӼ',îT뺲{*FjEiRD\nS .ڱwz|OTU>0_4n&׋ZwbD2pn#`\\CZW=8Eeqp޳F x.ur%ưe#]qt٧Zȫ_/SZձ0*"{4?߭8* " HQ+ph<ˢt].&FNף #+k# +f`:3p&.\lhlD%*C+,+ 34r~ V3E܎GT]$"V"l\G|[sM *6N2̯ID B3D=00u 3 oLE+x T[$? J 7~HG}پpյ}% =Z^.9)]3s?؈"c+h<7A&'KkX' iJIO' 3Z0-- oʹJsma"~ƧP,?Td&iqͭL驈-cmA<$H֢[8gkꙖ+|;IuWHNkέGa+?Ce:t:YFb/ Fx1!m#Ȫ~m!21%0# *H  1䃠)h =y010!0 +QudC}XԷR)bsOvoms-api-java-2_0_10/src/test/resources/certs/test3.cert.pem000066400000000000000000000111141207402625500240100ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 12 (0xc) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:41 2012 GMT Not After : Sep 24 15:39:41 2022 GMT Subject: C=IT, O=IGI, CN=test3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:36:36:a2:d7:85:b7:cb:46:7d:47:10:32:c1: 2f:04:fe:77:41:f0:f7:ce:95:db:b3:cc:ef:3c:f3: b3:f0:8b:42:df:79:24:38:42:59:8c:47:14:0a:27: a1:59:80:25:26:ab:2b:ca:f6:d0:02:bb:dc:ee:d2: a8:8c:ca:2d:97:04:73:d0:12:88:90:7d:6a:3c:7e: 1d:d2:74:54:4d:d5:f7:8d:0e:0b:6d:31:af:dd:91: af:5f:ab:ba:2a:b2:1f:f4:52:68:ad:fe:ca:d4:c9: de:60:81:a4:4f:23:ba:22:39:61:8a:d0:f0:80:29: cd:5f:8e:2f:84:5e:1d:6a:43:c8:44:54:fb:f0:b7: 4f:ed:98:57:07:63:fa:c4:e0:ad:4e:38:5b:c6:d8: b2:62:28:4b:aa:e2:98:62:20:c5:be:13:f0:ea:57: 62:05:d6:55:18:47:a1:5e:fa:05:96:cf:e2:50:75: a3:4f:41:28:d4:5c:18:4e:1e:c1:0c:d5:03:11:9b: 7d:fe:9e:53:6e:e4:a7:c7:4d:24:9c:37:c8:a1:76: 78:5f:62:bc:8b:65:a5:7a:4d:27:eb:e1:70:47:e5: c9:6f:c7:fe:50:1f:96:0e:e0:e2:eb:65:9f:0c:42: b9:29:46:4c:f9:20:19:9a:e7:3a:b4:ba:3e:10:24: 51:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 51:21:A4:CB:2C:73:88:CA:84:F0:54:3C:B7:23:3A:C7:8A:47:7E:29 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption a4:f8:b3:20:aa:3d:81:09:7c:69:d3:d6:af:e1:84:38:47:96: 49:1b:fa:51:db:9a:e1:1e:36:02:79:2c:73:d1:51:db:d0:6a: f3:fd:e7:72:8e:cf:eb:81:fc:31:0c:37:98:0e:8d:6a:f9:13: 68:72:fb:92:34:a1:a9:de:46:c2:ef:b9:a7:d0:cf:55:f2:b7: 96:7a:74:a3:da:79:fc:16:64:46:30:c2:a9:c3:93:94:61:1d: 07:48:fe:61:9b:e8:03:86:0f:70:ba:be:c3:e3:0d:3e:7c:88: e7:c7:03:a7:ce:ee:ce:8c:21:53:e4:4b:dd:0a:20:b5:1a:d0: 81:17:28:38:ed:c0:04:c6:07:06:e2:32:21:f7:3e:e6:4a:f8: 3a:97:49:93:cb:81:c2:53:ef:82:d5:07:f4:28:bc:0d:2c:57: 8e:37:c1:94:7c:55:2e:7e:a6:98:15:9f:b7:1b:a0:99:54:a5: f2:a0:52:64:b9:aa:4a:29:d1:6d:fb:55:00:85:e9:11:78:bb: fa:28:46:ac:99:37:ae:bf:8f:3c:59:01:59:3c:aa:26:7a:1c: 0e:23:e6:09:67:c5:fc:80:30:7c:b5:af:a5:a2:a0:0a:a2:e7: fe:51:24:84:fe:d9:cf:c0:01:a3:23:fa:8b:b2:c5:c5:ba:cc: 64:c0:ba:66 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBDDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1Mzk0MVoX DTIyMDkyNDE1Mzk0MVowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkNjai 14W3y0Z9RxAywS8E/ndB8PfOlduzzO8887Pwi0LfeSQ4QlmMRxQKJ6FZgCUmqyvK 9tACu9zu0qiMyi2XBHPQEoiQfWo8fh3SdFRN1feNDgttMa/dka9fq7oqsh/0Umit /srUyd5ggaRPI7oiOWGK0PCAKc1fji+EXh1qQ8hEVPvwt0/tmFcHY/rE4K1OOFvG 2LJiKEuq4phiIMW+E/DqV2IF1lUYR6Fe+gWWz+JQdaNPQSjUXBhOHsEM1QMRm33+ nlNu5KfHTSScN8ihdnhfYryLZaV6TSfr4XBH5clvx/5QH5YO4OLrZZ8MQrkpRkz5 IBma5zq0uj4QJFF9AgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU USGkyyxziMqE8FQ8tyM6x4pHfikwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQCk+LMgqj2BCXxp09av4YQ4R5ZJG/pR25rhHjYCeSxz0VHb0Grz/edyjs/rgfwx DDeYDo1q+RNocvuSNKGp3kbC77mn0M9V8reWenSj2nn8FmRGMMKpw5OUYR0HSP5h m+gDhg9wur7D4w0+fIjnxwOnzu7OjCFT5EvdCiC1GtCBFyg47cAExgcG4jIh9z7m Svg6l0mTy4HCU++C1Qf0KLwNLFeON8GUfFUufqaYFZ+3G6CZVKXyoFJkuapKKdFt +1UAhekReLv6KEasmTeuv488WQFZPKomehwOI+YJZ8X8gDB8ta+loqAKouf+USSE /tnPwAGjI/qLssXFusxkwLpm -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/test3.key.pem000066400000000000000000000032171207402625500236500ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA5DY2oteFt8tGfUcQMsEvBP53QfD3zpXbs8zvPPOz8ItC33kk OEJZjEcUCiehWYAlJqsryvbQArvc7tKojMotlwRz0BKIkH1qPH4d0nRUTdX3jQ4L bTGv3ZGvX6u6KrIf9FJorf7K1MneYIGkTyO6IjlhitDwgCnNX44vhF4dakPIRFT7 8LdP7ZhXB2P6xOCtTjhbxtiyYihLquKYYiDFvhPw6ldiBdZVGEehXvoFls/iUHWj T0Eo1FwYTh7BDNUDEZt9/p5TbuSnx00knDfIoXZ4X2K8i2Wlek0n6+FwR+XJb8f+ UB+WDuDi62WfDEK5KUZM+SAZmuc6tLo+ECRRfQIDAQABAoIBAQDclC4RDcIYmSkj 07krZaA98ntwyCmtixmVW4Lt5hxJZ0GW4O+KVU9akCUlf5KsAHloO9CTWCZMTirI x+LUWmLgchRCzHclOaOinr/SeFA3/5VLyIRw4bK7taHOFh1WQV8zdyfo7bo9HHWN 0CDxwXWauN24ICYlqsHwF22EQrepydBuLjG+h/BI4QDqBZ7EwmsyXnCKf8ZAjZ9A pcDjcLSlKf2TSg+3pBM82ATn4wzwrK607pe/pdT5nAi3rBroedz0yoMewXxeRs5t TssMvwdRxZh0cj+mU+RcqP49n6u2IeyZCeG2fistANwPFAdRXZQp+fN6QBuzrqhk Xjb6lp89AoGBAP8NFjou+RUCsd+wRfyLB8HknvABI/kdHejnY8hULYyHObJ/ukgf GxJDy/PxEy3NTWVz2m9cYUh87uIc6y7PsmnU33Hk9FNdfAPbIZykejMZLTHJLb7q TM7iGyrWQG2vrjWj71jYhq3Wu++9DxDMxfA1Rl9up08npLanH9jXMK8DAoGBAOUP kIWgYxDdKZoi5YYjsiWd9eyO/yy2wLqOnTe+LvA0HSt4LIVdx1hf9SAacZqOvu3F Vbu0hJyfaEFy1XhIaE1ew9TPLvHCLVrRYg06u9/VZlglcz9dHXeE7sXp0zLM/Zvw lI76wphXU8wQnyMLlrVKJynjxXviC1CIpNhPINV/AoGBAMguj1mPcLSK7u0wv12e CbKnLBAX9RIbRlR8+JZNa4q2wBRXp+/fajIFwFhwyKrUToDoU3PAQCLS2/Pg2r5d Ch2ClPYhy5p671FfdpwphDgC9LP0wNDtuOdQFB6lFuCAWO2FA+Dp4ZsjxVI/Q0ne TyVfyyIwCWVZKjCqL5bUH0PdAoGAWDwXorG2l39qEBrTKUnEzOK9IaOvveyj7vkS rK9Q62xXtC/1jmYibPOBvB0Tl8LW30Z9kPGnh6GMCnIOsufJbcxMSUSJw8zVpb80 Mv5l8oIEi33ZmBXpTOnjBE/e8Bmws4oH38/Od9pjyB66/kfvhOQMlAFOSDs5uor4 XO6WKkcCgYB2Ig5DAurEI4PIbWV4rj7lfPGsta8F5riI17sQFWfi5lUoq/fXpHPp rQMuaxwtAdx3qpCCpFmb58fO9NZ50ReTUeTf0yNonzNiGQmgHk6SlfBorSB3pJvd SHyIp1XGWHAjFAQ+sfiNEVRx6Ygx4wKmhfwslWmJ5rllDUi8Yuv0kw== -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/test3.p12000066400000000000000000000047451207402625500227110ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0<|X:ԑ%~+ ;$P=@"!9v˄K ]s LKsuƒ.6npҦ#>A,,k{Ԙ.6 ʹ[TMi0O4zQP)KkonF[Srw!I<'^+SEQ'M ^%1BJj}f"E{b)ۦ*L>4ŋ"3Tv5ӥ;=*oo9h5.Hs+uB-D 0,28qKVx P!@{i{5L1Elա+9Ө #`bOaX"3C<{4x]8<錯j1#Y nũSMbj3E`$ t U<}'ZI)z‘ S3 /0R?ZU^lkqh^۠yিYee wϹ:r,Z4hA8mrσ8*]Ǣ\ 9FNB3d ӇGДT JޞqOLI'5Jty LNi[9>d1ЏK!wuDV5ݩf~3 yB(!l@gC([z˯!W+s3sʓKLC3bsIQ#vdv/>_~̢¼zlI!t-E8F/bU=5cO-*_ C|B`6bT-3R}qL<s 8L=En9rZ\Z:]\d& 'xHpwT$_쌒h߃$&:UU^\qHS.xh|^)Uo .%]p \T1%0# *H  1az&L/Pχ010!0 +gso~G 19voms-api-java-2_0_10/src/test/resources/certs/test4.cert.pem000066400000000000000000000111141207402625500240110ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:44 2012 GMT Not After : Sep 24 15:39:44 2022 GMT Subject: C=IT, O=IGI, CN=test4 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a5:3e:06:e7:b1:ae:21:17:f8:03:4a:59:e7:f4: 00:f7:78:9d:e4:67:10:a6:60:7c:e9:c8:28:71:85: 60:45:c5:a6:fd:2b:c5:ba:a1:48:0f:9f:1c:06:5b: 4b:15:af:71:9c:eb:b2:a4:6b:48:1d:f1:06:00:db: 39:f9:dc:a0:8c:ab:76:ea:18:c9:7a:10:f5:18:b5: 83:60:37:17:76:1f:d8:62:1e:33:6d:49:6a:cf:d2: e3:c2:e7:a4:ff:39:27:39:66:44:b4:98:03:a6:b4: 01:5a:27:bb:06:2c:23:e6:14:14:0d:ff:32:9e:70: da:2a:73:3f:64:3a:46:71:99:e6:79:44:5c:70:7b: 28:09:e9:af:20:57:21:7b:33:15:96:62:dd:d4:a7: 10:62:42:ef:a9:ee:d4:21:0e:17:33:98:84:ac:95: c3:b6:f3:41:ab:42:51:e6:1a:6a:91:ad:16:34:ec: 0a:44:99:d0:61:6d:da:94:dc:a5:69:34:3f:20:f7: 1e:5a:8f:8f:60:74:00:f2:96:85:68:57:80:b8:18: 37:22:c2:e7:a5:57:c9:3a:a3:7b:ea:32:d2:c2:53: b9:e3:b6:28:c4:66:4c:91:ae:94:cc:db:91:e3:f9: f1:e6:f2:86:08:8e:59:c7:98:99:f8:10:17:ad:71: be:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 5E:7A:D7:CC:5A:B6:BE:8C:1A:F1:54:08:EF:1B:AC:65:F7:EC:72:96 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 14:81:3e:81:e9:8d:b6:6d:94:1f:f2:a1:46:1e:72:1c:4f:e8: 60:e5:2e:39:01:b2:a8:dd:2f:53:35:16:56:2e:58:2c:a3:34: c3:af:d5:c2:0a:10:2b:aa:20:fc:f7:1c:82:f3:60:90:65:30: 82:02:2f:36:fc:bf:04:f3:48:a0:ad:11:5c:ea:d6:b0:69:96: 04:e4:f1:0b:ec:0f:bd:1b:45:36:52:6b:01:47:ab:42:36:75: 3f:6f:cb:fe:6f:63:2d:9c:bf:72:f3:18:75:d4:88:1b:3d:40: 9d:ec:b5:90:e8:d1:88:98:3a:3f:32:95:03:92:11:ef:e2:81: 15:4d:35:a5:1b:d8:82:2d:b5:e4:8b:7b:a9:b9:65:8a:bf:24: a3:02:b5:5c:54:a6:ed:7b:49:40:6a:e3:bc:a1:f0:99:01:e5: eb:8d:d9:2b:e1:d9:87:59:a5:86:ce:b2:b5:55:74:2b:47:97: a1:60:0a:0a:ad:66:82:8a:db:98:b5:18:37:97:82:46:bb:4e: 57:69:d2:95:05:40:1c:13:b3:da:fc:bd:07:a6:ad:5a:b6:c6: 21:a8:4f:59:2b:0f:2b:8f:07:f3:0e:28:8c:01:60:37:38:ff: f6:ed:33:20:fa:ad:77:80:d1:44:79:98:e2:2d:b2:30:fc:8b: e5:20:be:2f -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBDTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1Mzk0NFoX DTIyMDkyNDE1Mzk0NFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPgbn sa4hF/gDSlnn9AD3eJ3kZxCmYHzpyChxhWBFxab9K8W6oUgPnxwGW0sVr3Gc67Kk a0gd8QYA2zn53KCMq3bqGMl6EPUYtYNgNxd2H9hiHjNtSWrP0uPC56T/OSc5ZkS0 mAOmtAFaJ7sGLCPmFBQN/zKecNoqcz9kOkZxmeZ5RFxweygJ6a8gVyF7MxWWYt3U pxBiQu+p7tQhDhczmISslcO280GrQlHmGmqRrRY07ApEmdBhbdqU3KVpND8g9x5a j49gdADyloVoV4C4GDciwuelV8k6o3vqMtLCU7njtijEZkyRrpTM25Hj+fHm8oYI jlnHmJn4EBetcb7fAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU XnrXzFq2vowa8VQI7xusZffscpYwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQAUgT6B6Y22bZQf8qFGHnIcT+hg5S45AbKo3S9TNRZWLlgsozTDr9XCChArqiD8 9xyC82CQZTCCAi82/L8E80igrRFc6tawaZYE5PEL7A+9G0U2UmsBR6tCNnU/b8v+ b2MtnL9y8xh11IgbPUCd7LWQ6NGImDo/MpUDkhHv4oEVTTWlG9iCLbXki3upuWWK vySjArVcVKbte0lAauO8ofCZAeXrjdkr4dmHWaWGzrK1VXQrR5ehYAoKrWaCituY tRg3l4JGu05XadKVBUAcE7Pa/L0Hpq1atsYhqE9ZKw8rjwfzDiiMAWA3OP/27TMg +q13gNFEeZjiLbIw/IvlIL4v -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/test4.key.pem000066400000000000000000000032131207402625500236450ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEApT4G57GuIRf4A0pZ5/QA93id5GcQpmB86cgocYVgRcWm/SvF uqFID58cBltLFa9xnOuypGtIHfEGANs5+dygjKt26hjJehD1GLWDYDcXdh/YYh4z bUlqz9Ljwuek/zknOWZEtJgDprQBWie7Biwj5hQUDf8ynnDaKnM/ZDpGcZnmeURc cHsoCemvIFchezMVlmLd1KcQYkLvqe7UIQ4XM5iErJXDtvNBq0JR5hpqka0WNOwK RJnQYW3alNylaTQ/IPceWo+PYHQA8paFaFeAuBg3IsLnpVfJOqN76jLSwlO547Yo xGZMka6UzNuR4/nx5vKGCI5Zx5iZ+BAXrXG+3wIDAQABAoIBABJT5+Yo8fxfsTWE OKaejMDmEvUzbUhW6WPwvHOi7IOwoY3xHfROUTTSXARkedaE6CAUkHLmJ1CS3Cya JDsPeos/tWfPqgEtAlJkR5cTZTnH3HM9kEyt2PgGFxcWJFnel/go3LP/LGCAFKpQ P9E2ciDh1zuaM54ZPEl7EOvn/so4rv9O4luxpzPHCP/6GF07yaLgstQemw9HeNxQ WP4FXXfdELORl+RgRGUfuD5uSqYCCpNu2tXe3tFcnr2oNI+54gRGXD2Yy5duvjaP L4ZYBdHZPX2OpnWWBi4BXEevJWuUu4pdqaRRsGUF62Ra2JIXsqWmhmYqJCgYRtxX lssbMskCgYEA2mzj+9KbnZ9eWl2MsRC15i+ej9mLbVb+NMk1AsCYizbSRy//fGxQ RYg/aORnT6Rak+vWF7Qqn6s7dk5RsQ3mUubjuSfWkwhJYktB4Vdw6ohwGbNsXdSo EC2VTBwthsIqVzQh19TU3fEg4jLdzE/0xDWNqx0y6ct5TMtaX3xIUOMCgYEAwasJ t7DI7zHwxFTNLJMOCqVEXicCcx3GQc5Dponl8hOTrrC8DRzG81qL0zOMrfOsJ0zx zelw0j+sNRLYNxjnGFl6G7MXVAeBX9BhfhUSiHSlkT0uvcnoU5Y18Bf/sYs7e7jw sV0Moox32QzLM4f3WNKiPQw7V60T5HMYSkCEZtUCgYBhudp/LwmlCkriz3xFNJ7N 8HxXDBRPxV5TK7rmElmt38dRRm5esu9vTLhiK971SSmliRzu2hNAARLHqd7vArMM YHV+wA5HFqwOqHE/ayoAJS9SsG5JxP20z1A/D1RnOLRM8+w4bucWre3yhqOp6BQx PWy3JIdFB16sN0el9Ss91QKBgQC0nAtd8VISL+K3VdZZ4XJQ3ztZCswwCu5fZDqW zzdQgI1TdqKJH/Mx85k+h26EsyAzLoC6ZR/AE31HqaFWELVDcf58YpI43R77+dtR t9kmxJG7VvGGMQunGAiJNfhQ3OXGRfzBi2NDG/iQxGukTQKRJS4D/KpC47gPbn6S kIRpWQKBgEQBpVnvOCsdisAlU/5+9l0yq15iEwoI6aK1YYByJ8LxgqrwUbqJHPQf irgwkWwbADvLq+mUfUeJYOtdMobiA6vdPo+qQG43JAUhUlCnNt/y3+vOWr7tcP+W pIru4yGgINcb+/bo4U63JT6xBueWjwmkSoguuU6Voiq2pi2MLTDd -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/test4.p12000066400000000000000000000047451207402625500227120ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0J]̘G!`H O5bP!n(ku4 \uw#a)pNh Cqu0Sڈ悚  h0j{Bd`Vt."NߦH<^IĺwyסLD=p~3Ĉ"}d?I7"w)_QWZ[p3\۝"mW "U氱70łJ7ꖬ`f:Dk:*5? Br8R8cͮ}ə)=dYhTX=}svL՜,(Ct+Y1bxToT\WI̧3WZ ̡4oKlz2S(Hv.L<#oqH*UV2rǰ0/4p=dH>׀K8젪56 Os󩦊tLP=فeas8ɮRRd ^j%i.n$} ( ֙^ޫ y3Uwߒ}!!2/**R_y٢Sz'ø}voYtY$DPKaϫn( $-#{%!`l>?n_=VMIFFc/*1z-/,ߎLPsEXTD"1-9 )_x_ Na '~v2&#h珍6YuqG _6Bl|KhDТiB#Ωǭ }$hbI9:(DFJ2w.c&^#O`cփ<Et9sMRJlIHA˩{O0A *H 2.0*0& *H  00 *H  0t-"kU?-:/S^<)dh{M2$K(O2#(Ty(sT|H͎*(@1[H^\0ݩA%\h`tԖϟKds2%aɲڗ@:V;[+:Wu5͔fMA6u4./  ;eY+[|ӆLW{21lJx /IJ(9Rk\8?pBJZT?R8&*[E;_v-V`=ғH =^XUpGPKIMM&\'N6[ygeZ.8~"ښ| }e܂/;cG"Xr(f.4>:TyRL Y"O߻[Cm5VruѧП6o| X(]C]n7H;fhb"pL1IO'9KGHީRm{X/to cķr>L~w-..;fRQJ#[[=Y=s J;NEY$w,ZF[ˬ=NagZAJVy`[T 5~Z|.r\ŵ91Q~AY@N&4pzpItWO&0 qqH/G1%0# *H  1\DlٙOf‡#/0010!0 +n@a@`řPj&Օa%h`*\?iWGnfgt9>Zar ZB)NꫲRxbȿ؈ky: cFkJתu6>jMc~6M8|G2FaGi[`)M~NMOLJ Zb9th0dAۮF6e~ey:jWt)+825}=W.2Ohx~GG3i k۱:H1<s@s^K{p;1iv棒쉔hK#(LAՆ"4AF+e:{wE=ҠUuWnA4bn?&E+"+ UPKxqNb6`Gd{lNzU*T˻,b6Dd`6ý [FR0g_5EsgefDP HǟZQ'z8!̈́K}|tl|/m,,I $oYh1$gO"hv>2hվLm|R[G a@VE}Xp .A8 k'<⾹[8әvI%AZ%xC O*}Vém#BxL%\|Q%HɌڻH &Sa7gUG݌,)Rbzelt~)ʹr+BbD ef8>@ MLp<#r|/YCً"m L9׬kH"KHLd'mdB&nˬR}0A *H 2.0*0& *H  00 *H  0UdN{0Ș5a|>)ިl^'Uj~?:7/z}iNRr~vFו\00(s/:.`,i"wHSG= xA|QnU\Pmd(%yǮjF,ǚ+R/NAPai~4@A:ÇU7.R֟aKDi .زf, ZiщA1~TcVFֳ>$7WSn3#NN2dD~c1""* Rb B;+Ӗ$mNh+[sف:~v 'v [ƩYv^=m nΕ9n(GzK}]L[DQj, O78-&rߟ&~+?_TДh-ZYmf*,Ÿ\᳔Ge*g;HQlVNAZz_p߸JI{s)xZ]W/_[DʻH~(ksi:e;VTSfE3Nu?2 3SZ:}Rq$E/cSq ՁX@&K,Y$ U dȳ`Qn @Hzܠ9ABGݎ߈k#XLԗ۳O~"ڕ=D/aT'N~B(7X[G{W,]wXoW\U3 V%Ioū3]\5R&ΖJ $#XSxگ0Y0s ڸIH!nqϲTtP-g4Kbk.aHEu-:ٿT$W|{ Ӫ׋k8BϜ`}R[>xVV'Y)oj8@iMIw˜_I)SL \fGX&eZ[IeFFߠ "$nuNar#2+`}lD; =iGmѬ"2 E9I.A|@Aެk۬ĆR NxFB"CG&A%]dyV [Dk9!kmE} Ih{w+:y,j]V>̔ɾ AC2vL-`3ֶc9y*h]=t?+q/vD+.Q%sUDǧx!`gTIL59F`A# -sJ?R1%0# *H  1`Go-H"6ˆLg010!0 +`59K s(@ʱvoms-api-java-2_0_10/src/test/resources/certs/test_host_cnaf_infn_it.cert.pem000066400000000000000000000111661207402625500274660ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 16 (0x10) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Oct 10 16:03:07 2012 GMT Not After : Oct 8 16:03:07 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:0e:8d:89:5a:f5:3c:1a:d4:8d:8e:8d:66:f2: a4:74:6a:aa:94:42:3d:c4:57:c6:c6:db:3e:6b:ec: d4:16:08:d1:ad:5e:5e:44:a2:62:71:99:11:69:82: 5a:15:7e:49:26:65:4d:6b:41:63:c4:72:88:b7:97: 12:3d:43:12:ee:6b:d0:a2:90:57:2c:32:92:b6:91: 5a:61:b7:34:72:57:7a:48:10:9b:8c:77:5c:01:ca: be:56:30:d4:cf:f2:6a:08:f7:96:af:77:28:a0:ba: 97:26:ac:3b:34:a0:cb:c8:88:56:19:c8:18:9b:4e: fe:6a:56:91:58:a7:ee:3f:34:7a:82:b9:05:ea:26: 81:ff:1b:3a:5e:fb:d9:e3:52:23:56:8b:9e:07:0a: 15:ae:4e:7e:38:dc:51:5f:f0:6f:bb:fa:f3:a6:3a: d8:bc:49:31:24:e7:27:51:51:90:60:de:e5:82:e0: 3e:ed:de:51:6b:24:a9:8d:1e:09:09:1a:10:44:04: 51:f4:48:c7:f6:45:3e:e6:5a:ea:72:62:95:ec:ef: 08:98:62:b3:c9:af:79:30:be:58:a0:f1:39:67:48: a1:b6:f2:d0:dc:fa:15:fc:31:70:c7:e9:d7:e4:b1: f9:7e:3c:19:94:03:e1:07:57:3d:87:77:21:63:78: 1f:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:F4:A2:78:FF:3C:E8:62:86:73:1E:F1:AE:B4:15:35:D3:1D:03:81 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 96:28:72:52:23:32:b8:5f:43:ac:24:f4:7d:93:15:bd:33:58: 1b:bd:ef:c0:4a:cf:e2:c6:64:9e:f9:40:eb:a0:c4:b3:73:c1: 26:18:2c:18:91:eb:09:3c:e1:f9:84:c4:de:07:4c:6c:17:f7: dc:f6:12:de:bf:43:3a:22:ad:46:60:e0:15:4f:d5:56:8b:b6: 67:23:8a:16:df:83:fe:2f:22:6a:6c:eb:22:4d:f1:40:c3:99: 63:62:18:b8:12:bb:f0:ec:91:6b:bf:81:b5:90:83:63:10:b5: 01:96:98:6a:cb:68:9a:3b:ca:bd:95:bb:09:20:94:cc:e3:97: 43:00:49:c0:29:3b:55:59:cd:b1:c6:f4:f2:06:f1:1e:74:b0: 45:14:3f:02:3a:49:6f:ec:57:0a:87:e1:ef:c1:7c:01:93:2a: 23:84:9b:08:7f:18:02:09:b9:28:86:c3:62:73:42:f4:c5:59: 65:ce:ec:81:a3:23:73:59:28:1e:54:30:3d:38:28:29:c3:2a: d5:71:3f:9c:75:34:d7:5a:1e:28:ad:af:68:52:bd:05:f9:6e: 9f:9d:9e:e2:90:51:63:71:e1:7b:b3:0d:23:ae:ee:3d:92:e7: 0d:5c:3c:67:46:53:e9:27:6f:bd:cb:57:37:e8:64:29:5d:97: b1:8b:61:05 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBEDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTAxMDE2MDMwN1oX DTIyMTAwODE2MDMwN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALEOjYla9Twa1I2OjWbypHRqqpRCPcRXxsbbPmvs1BYI0a1e XkSiYnGZEWmCWhV+SSZlTWtBY8RyiLeXEj1DEu5r0KKQVywykraRWmG3NHJXekgQ m4x3XAHKvlYw1M/yagj3lq93KKC6lyasOzSgy8iIVhnIGJtO/mpWkVin7j80eoK5 Beomgf8bOl772eNSI1aLngcKFa5OfjjcUV/wb7v686Y62LxJMSTnJ1FRkGDe5YLg Pu3eUWskqY0eCQkaEEQEUfRIx/ZFPuZa6nJilezvCJhis8mveTC+WKDxOWdIobby 0Nz6FfwxcMfp1+Sx+X48GZQD4QdXPYd3IWN4H80CAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBT69KJ4/zzoYoZzHvGutBU10x0DgTAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAJYoclIjMrhfQ6wk9H2TFb0zWBu978BKz+LGZJ75 QOugxLNzwSYYLBiR6wk84fmExN4HTGwX99z2Et6/QzoirUZg4BVP1VaLtmcjihbf g/4vImps6yJN8UDDmWNiGLgSu/DskWu/gbWQg2MQtQGWmGrLaJo7yr2VuwkglMzj l0MAScApO1VZzbHG9PIG8R50sEUUPwI6SW/sVwqH4e/BfAGTKiOEmwh/GAIJuSiG w2JzQvTFWWXO7IGjI3NZKB5UMD04KCnDKtVxP5x1NNdaHiitr2hSvQX5bp+dnuKQ UWNx4XuzDSOu7j2S5w1cPGdGU+knb73LVzfoZCldl7GLYQU= -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/test_host_cnaf_infn_it.key.pem000066400000000000000000000032131207402625500273130ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAsQ6NiVr1PBrUjY6NZvKkdGqqlEI9xFfGxts+a+zUFgjRrV5e RKJicZkRaYJaFX5JJmVNa0FjxHKIt5cSPUMS7mvQopBXLDKStpFaYbc0cld6SBCb jHdcAcq+VjDUz/JqCPeWr3cooLqXJqw7NKDLyIhWGcgYm07+alaRWKfuPzR6grkF 6iaB/xs6XvvZ41IjVoueBwoVrk5+ONxRX/Bvu/rzpjrYvEkxJOcnUVGQYN7lguA+ 7d5RaySpjR4JCRoQRARR9EjH9kU+5lrqcmKV7O8ImGKzya95ML5YoPE5Z0ihtvLQ 3PoV/DFwx+nX5LH5fjwZlAPhB1c9h3chY3gfzQIDAQABAoIBABPaAdyIqj5W88X7 WbdVNUMoQn/k/W/qN4tMQa9wGkduLbQ2hHNFkawS8XTW/Kq0Qhdf/FIuPrVj8hhD g/QCdTjuNbJEZMG72d9GZM/X7rVzQW6bDhWtvE8nIDghuXqnP2RJ/kcmIRQEV7Yq UWkRLkgJoT26xaeEL9pUYm+CRKApXkbKzo+H9drsmGCsP45nPZ4mdln/tvZG2yJL +PPmrvwgseyQpNvUK2mQT4uwubPnbFkl6p2+Q/K8jINFbDuP8X2ek5IYex8Tq50n +PpmiYTAEZG3igVcT+QTyur2RlVzqxftWMQXMeQSZp5Giarv50SXQ0qy5IfgwvBy udK2l4ECgYEA5HkupVneV/9SFEywtriISzasBzXOdfg4g5K8NvYpEYOXMyyNvrAj ulppKZFogof3p0Y+GdhfUWLyclxXita71C9IT2uAAEG+FUIA7WzQIBX6hPLoiWY1 TI2D7XJrVfNZTzYUvOEWNgw7eZtgTy8Xj9DhsVUaQceYca1TahR2GbUCgYEAxmOH H/WlfEJQNen/UZ7Go2YbWyf7EVuUU8wzgAJjWRr/EGw1WAuNlzNwJ/mYUUZCg3pK N+i7SHaM0v+nbvjyVc7GR+k3zkU5KwG8TO4tShsvYbhkJ/z31NQnXJeyTGYRldPF G+CT0H6DdYw8VPTRGoE6W+n3uVoJ84bijpDo3LkCgYA/yVltjqaV2NGYm0Sm7uQW Y6AprysCIpfcnAXyLk2O9zcqcWDtgQ2ohH9hvJf6AW3yBJln69HIziA0L3W9bHAq MD029yNYbwJbuv65SqzcmGZF4e9sFN4CjmvrygsPhw5DIC0wAoOJ+WZNcES2NsaU P1QTh1f6T3hPHH3yWt4SFQKBgGt+RhsFCNOZQsjTrynUdCDZFH2B3kH7cxUskcMM iDQhso59czHvoJqKnnyqeuOexC9lNY2xpriOs6MoLtqsPPJNhZY1Qa2cSGuLFzI/ 435B2JyEQpCAOvCwu1sqPsuyili6VBTUzIKt6iDpCU+nDx3jY3GmBjoCFV5EecFx txrRAoGAZpAcSKzNP8l5I1vTPAui7fNN3U8EN8jtEGmz7XFHDbx3F2mlL/EVC+eb ecSEu+3+lXRaqZnZpBFF830CWqR5GVddDo71ay1c3/KZawz8uKWXAjFU8r2bfYnZ VWqe5bdB8rql1KJCsxuCYAGZRCfsmIJHho3sC7hbtchnh+2vnjw= -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/certs/wilco_cnaf_infn_it.cert.pem000066400000000000000000000111541207402625500265640ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:08:56 2012 GMT Not After : Sep 24 15:08:56 2022 GMT Subject: C=IT, O=IGI, CN=wilco.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:fa:14:c2:26:6e:07:03:5a:25:ca:b4:00:81:92: e8:21:ff:62:26:2e:fb:00:69:21:39:8e:f2:37:dc: 82:ef:1c:35:88:35:19:a4:67:39:4f:fd:ea:a4:9f: 07:45:e3:46:df:a0:16:ec:08:04:2b:be:09:6c:c4: 0b:ff:a5:47:77:2c:be:c3:4f:f8:34:7c:8c:99:8d: df:f0:1c:d4:35:99:2a:ac:55:f8:ac:98:6b:eb:ec: ce:c8:c9:8c:4a:fc:70:42:88:df:2b:9b:4a:26:a0: 41:5d:9c:7c:56:40:4c:f5:79:36:cb:0e:8c:df:f6: 73:d8:bc:f6:d7:e7:74:76:63:24:e9:2e:c1:81:01: 69:59:69:54:83:bb:ab:01:75:2a:12:a6:4b:4c:d1: 49:64:a2:58:d1:f2:87:6d:e9:f8:4a:3d:9c:74:ce: d4:5b:0b:fa:6f:37:d6:af:20:37:f7:e5:d7:8b:de: 40:f6:43:41:61:e6:97:f0:6d:b4:7d:be:b2:40:05: b9:fe:48:bf:77:94:55:f0:11:2c:3a:8b:21:f6:36: 3e:21:fc:8a:8d:e8:8b:fa:fd:a5:ea:f2:f9:61:06: ef:04:d4:2f:a4:5b:a4:63:f8:33:af:38:76:71:48: ed:b5:67:0e:15:f4:55:55:29:ec:b9:ce:03:3d:8e: 25:1f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 21:9A:C8:2A:83:F8:E9:64:90:D2:5A:23:CA:FD:9D:48:50:A1:F4:91 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 45:0f:5b:3f:01:53:c4:ee:28:15:2d:e8:b3:03:ea:e6:8e:9f: 43:77:cd:ed:ca:bc:fa:0d:fe:df:a6:b9:3f:e5:10:7a:fb:4c: a5:56:7c:b1:6e:b9:8e:0d:50:8e:12:d9:b3:58:2e:f4:07:1a: 41:85:24:d3:c0:12:0b:9f:53:4f:8a:b7:1f:bb:f2:a2:ad:c1: cd:85:37:71:ad:d4:28:0b:88:17:94:f0:57:a5:a5:49:c2:5d: 98:8a:bd:ea:58:a4:ff:6e:7c:0c:43:76:87:48:03:11:12:aa: b8:bc:17:2f:42:18:9f:d5:76:8e:d1:9a:83:03:92:7b:81:c8: 32:d2:10:07:fa:4b:ad:56:d2:6e:ee:e9:72:dc:73:44:45:e6: 03:46:09:4a:3c:bb:66:f1:d1:9b:27:b6:70:ea:dc:28:ea:30: 28:97:b9:bd:01:3a:1f:7a:2b:ad:47:0e:62:95:7e:ab:56:84: a0:04:9f:c2:3d:02:f3:76:7a:b8:d4:3d:8e:25:af:2c:93:06: 59:dd:b4:a4:1d:cf:4c:e2:14:75:5f:22:34:fd:ef:6f:d1:e4: dd:bf:f0:63:42:dd:be:ad:65:63:7a:e8:47:26:88:8d:3e:be: 3f:8d:f0:8d:5b:16:24:1d:fe:65:36:23:57:aa:4b:3e:f8:d6: 8b:bb:38:7a -----BEGIN CERTIFICATE----- MIIDqzCCApOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MDg1NloX DTIyMDkyNDE1MDg1NlowODELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEbMBkG A1UEAxMSd2lsY28uY25hZi5pbmZuLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA+hTCJm4HA1olyrQAgZLoIf9iJi77AGkhOY7yN9yC7xw1iDUZpGc5 T/3qpJ8HReNG36AW7AgEK74JbMQL/6VHdyy+w0/4NHyMmY3f8BzUNZkqrFX4rJhr 6+zOyMmMSvxwQojfK5tKJqBBXZx8VkBM9Xk2yw6M3/Zz2Lz21+d0dmMk6S7BgQFp WWlUg7urAXUqEqZLTNFJZKJY0fKHben4Sj2cdM7UWwv6bzfWryA39+XXi95A9kNB YeaX8G20fb6yQAW5/ki/d5RV8BEsOosh9jY+IfyKjeiL+v2l6vL5YQbvBNQvpFuk Y/gzrzh2cUjttWcOFfRVVSnsuc4DPY4lHwIDAQABo4HKMIHHMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFCGayCqD+OlkkNJaI8r9nUhQofSRMA4GA1UdDwEB/wQEAwIF 4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCG SAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2ey60afMn6rf2CItKI6IR ScYwJwYDVR0RBCAwHoEcYW5kcmVhLmNlY2NhbnRpQGNuYWYuaW5mbi5pdDANBgkq hkiG9w0BAQUFAAOCAQEARQ9bPwFTxO4oFS3oswPq5o6fQ3fN7cq8+g3+36a5P+UQ evtMpVZ8sW65jg1QjhLZs1gu9AcaQYUk08ASC59TT4q3H7vyoq3BzYU3ca3UKAuI F5TwV6WlScJdmIq96lik/258DEN2h0gDERKquLwXL0IYn9V2jtGagwOSe4HIMtIQ B/pLrVbSbu7pctxzREXmA0YJSjy7ZvHRmye2cOrcKOowKJe5vQE6H3orrUcOYpV+ q1aEoASfwj0C83Z6uNQ9jiWvLJMGWd20pB3PTOIUdV8iNP3vb9Hk3b/wY0Ldvq1l Y3roRyaIjT6+P43wjVsWJB3+ZTYjV6pLPvjWi7s4eg== -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/certs/wilco_cnaf_infn_it.key.pem000066400000000000000000000032171207402625500264200ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA+hTCJm4HA1olyrQAgZLoIf9iJi77AGkhOY7yN9yC7xw1iDUZ pGc5T/3qpJ8HReNG36AW7AgEK74JbMQL/6VHdyy+w0/4NHyMmY3f8BzUNZkqrFX4 rJhr6+zOyMmMSvxwQojfK5tKJqBBXZx8VkBM9Xk2yw6M3/Zz2Lz21+d0dmMk6S7B gQFpWWlUg7urAXUqEqZLTNFJZKJY0fKHben4Sj2cdM7UWwv6bzfWryA39+XXi95A 9kNBYeaX8G20fb6yQAW5/ki/d5RV8BEsOosh9jY+IfyKjeiL+v2l6vL5YQbvBNQv pFukY/gzrzh2cUjttWcOFfRVVSnsuc4DPY4lHwIDAQABAoIBAQCvIDZNvyM+H7Tz XFY2ZvAUTskmwCOZyAUyT34jzFIMrA540eahEIA8Gi5lFdB8CoqpM2yZ4Ys6Lpxf BHL6lX2UYUs9bxT7fHThW08E0MtytU4C3TmFdD+vOWgdh7atFFZw4XSXDupAXl0n 9tvDcsfx5u6OCCRy+h1qG/ooe7c85xKjX+8X4THcZruVqXop9JYRn8N2EWVLdbOi 6qGwc8w+702J003OrR0JRYz6XUCgCUEidDQ4uZIPw3jraeVtaEdhjunByX6K+hPx 8fuW84u6mfQZU2kv6jdn9RufThnI/1yrrJeT0uyFp1TiTVZ900efU8kKevKHWqnf xpK2k9PhAoGBAP0IRu7HAPOrGipkOo4OHPx3psuc6A57kjnLRGhLRDHCevU7XmWn Yo999ziMGT2I6UYbMWjnIi8t9vNLVvfU6RCuKaSZtmX01eIJGIodLHhZhC6Rn7sH WxuJU+MUV60lIwdu8sK6zm9AhG6Bf8JJRIMvkhS8mjNZdiesf78QnEn5AoGBAP0D nsrczq6zwuMlPmwyIIUfzTv7QT6WT/NVzybOAj6wZL/UGm6I2byR2lvvzuEw79I/ b4are9Jqb7vx8zjl8DY57ON3GFVEzTUJiIn3tiJSG3uA7NhA4r4t1LbusbzkybCG LUThunR3+665LArsHCutRa62hGAcLqiwy+dwdW3XAoGAUsQrV512nT3BkE46rQ7G wnps77tCWMJo4Uiw9qBwDQq9Z4vk48FtxtwAStngw7UOAOWSMusvzljtp0VkjCpz lgYyDupMtGryrz4kbcD/M9qsFwOBSQ8t6QLxkpyr1TIJlDvhYnryXYewCemIHcgT hgnAcdIDanp/4JhXLOtFBBkCgYA+wichKqQZsX0l2pchP03Rt5GwzyHf5Gjwcthv R6pG4nobGwFzaX6Yx5TiORmXwgu6mwGO5fpQtxYACIPMGTz8NmIMCf5/KBG+lh7I GimTWcp3WANnoLCde8DHn2127UkaAC46Z8NYIGrNbCEAlJBoRRKDw8ISFOt97Fyn i72VAQKBgQD8qwKWeSRdDukSFVf3D76X/1yW0TS8PIU1wQglLmLOYJCQJdQSrk2h vy+zi8mAkwWhUxEGJZHDIZ9hvPeuytXr1Jru+R2ZzmU9PfvHU3nat9WK37fwvw85 3mSiRImlUndl8InP0x4hAKMl62PGRgp2k4qVj2Y6FjsY5O/rUpYbgQ== -----END RSA PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/crls/000077500000000000000000000000001207402625500211345ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/crls/cert-17-revoked-crl.pem000066400000000000000000000011461207402625500252360ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMjEwMjQxNDM2MzZaFw0xMzEwMjQxNDM2 MzZaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQCznP4lZWbevY1E/onc2kYuOEpNHjGLXHLByx324pOn W/HNY3iN4fzOVKmm+7yvAtxyRF8Nl2Cw5GNjZnaLQA6eLeqx88xvN815cIPb9ARy hJGcoOl1E07RgrJScURpQtmRZk2Qa37Fgj3eBez9IrahGJZoL9xvgmKKmr2UvhPU yhIY9H9gJYiZ04HiA0riurReVeuaOV9EFfL9dVqiV3LcUmMpFCo/oI02raUjI9EK dCT/ktjdm4i1hTvT/pfTMZoYnejl7R+htca1BRpOjghiiUZ3VQ+qDfhhcq1zcdAD nBQd8v20EfMRvOTesHkFwWEKFUgweW1kjYsKwyuDvE2r -----END X509 CRL----- voms-api-java-2_0_10/src/test/resources/crls/default-crl.pem000066400000000000000000000011101207402625500240320ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBiDByMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJ R0kxEDAOBgNVBAMMB1Rlc3QgQ0EXDTEyMDkyNjE1MjkyNloXDTEzMDkyNjE1Mjky NlowFDASAgEEFw0xMjA5MjYxNTI1MjRaMA0GCSqGSIb3DQEBBQUAA4IBAQA+dDfd JSR7lheVvwOjX6fYoWdAxE51wqjnqwoPtdsuUrANdKjb2+IHK6sUBscWofZr9eek RWI0XA+Dw6mTpp2EqFQAxHkwaodv3qjS9jIEPvOySCie9eT1zpdYd6JyLBGGvD7w lmxHkL0G0p7YGxrAiNMjvt3zzgySqRryw9sudidB1D8JxDS94UP8MlJP7JKB6uhe VPtVJrGLOyKOTmipyVcjBXqBMihuaR9LJQsfWiLS4yYEqaemL3kKU30SsXtEznZt yXeMc8OcMtL7BMLnGF3NDVAqqIt+SMC1khKurv4J3ggIG3UqNvJWqvxVt4PQQuBN XAvnE84nCDDPZ4Td -----END X509 CRL-----voms-api-java-2_0_10/src/test/resources/crls/expired-crl.pem000066400000000000000000000011461207402625500240570ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMjEwMjQxNjQzMTVaFw0xMjEwMjQxNzQz MTVaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQBpnlVMCjrrP6HVANfIZgMPy/6eZoQqWoAg6op3PRNl ceHrh2ouhtUVygt1uxW+BhQy5zHHssSDhix6nonR+pLZgML7hh5f1t0lO/VVe3WV MX9EoFS+Dk7O76fCtVhJlDbq621+/Bf1I4iLtfDsWHcw0EKqlVFXLHI2lBmkMbmx vDsaIlwC+JHcz42YQJ3IceyeCzOt+NY5mJSMsrp2GJVTa5pFyEwg/jJDTK1sj12S 5NNU9hLCFhJpBRPRXC44ZBrp5Zi4ryRKO0sH+mfBYNn7jfr1ndm1ojvP5CUr1rVA UvyTb4Pt2ltNjFUmsAAp1ituMIgREV2zQD0VAS+3L/fY -----END X509 CRL----- voms-api-java-2_0_10/src/test/resources/empty-vomses/000077500000000000000000000000001207402625500226415ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/empty-vomses/.this-should-be-ignored000066400000000000000000000000001207402625500271040ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/000077500000000000000000000000001207402625500213045ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/pem-creds/000077500000000000000000000000001207402625500231635ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/pem-creds/.globus/000077500000000000000000000000001207402625500245345ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/pem-creds/.globus/test0.cert.pem000066400000000000000000000111131207402625500272270ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:34 2012 GMT Not After : Sep 24 15:39:34 2022 GMT Subject: C=IT, O=IGI, CN=test0 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ca:c6:da:f0:86:86:76:ed:2c:71:21:28:e5:46: a5:a6:05:60:7a:53:e3:7f:c5:6d:a4:4b:5b:94:7e: b4:11:6a:fe:9a:b9:5b:66:b4:45:b8:e4:9e:38:55: 38:b7:59:6e:98:d7:5d:d1:07:09:92:ea:85:be:de: 5c:f2:04:16:55:3e:a9:e1:57:df:d5:91:3c:4b:a7: cd:e0:19:55:6f:1c:04:e0:1a:09:23:79:3c:48:b0: e1:3e:4e:43:ca:02:86:49:fd:01:5c:09:f3:e1:dd: 67:59:dc:03:48:d7:85:98:90:03:3d:55:7b:12:6e: 1d:a8:90:2b:16:19:ae:28:ea:9c:ed:dc:fb:75:cc: a9:32:3b:83:d6:d1:c0:64:95:eb:43:22:62:4a:da: fb:9f:b8:35:4d:9b:b2:33:ff:2d:ff:f2:96:3c:a7: 73:28:8b:06:c5:fc:f7:52:6d:ae:d7:40:0c:41:59: 42:4c:a1:a9:5e:87:cc:72:f0:74:91:3a:7e:ed:17: 66:a5:c6:80:cb:1f:84:16:86:9e:94:0e:7d:ab:bc: e5:ac:78:1a:94:30:f5:c5:8e:c5:22:d7:fa:e4:c3: 5a:07:02:33:2b:a1:39:39:94:bd:79:18:8d:0b:19: de:5d:4d:5a:29:90:a5:c5:6d:34:d8:c5:29:0f:cf: 53:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:B7:41:E7:E8:CE:F4:BC:96:37:6F:D5:08:D6:20:31:AD:23:BC:71 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 0d:62:d5:97:7a:d8:5e:49:e5:69:09:f9:c8:77:d4:e4:2b:22: 93:02:9f:11:6a:13:59:97:85:c5:ad:65:a7:d9:2f:56:7b:b0: 02:2b:f1:bb:bb:50:de:6c:96:31:77:c3:ce:a3:c0:a5:b1:ca: 17:c9:33:b6:07:31:c7:64:bc:5a:b8:42:88:cd:4b:fb:83:61: 9e:84:8f:92:72:47:d9:76:31:72:45:78:c3:d3:ec:0c:1b:0c: d7:ec:c0:ee:48:bd:c2:1b:66:96:b1:8a:64:06:78:fa:04:c9: 6b:d0:fd:e4:64:43:2a:57:9b:76:fb:64:e3:d3:e6:97:a6:90: 4f:57:0c:c9:c1:18:67:ad:22:62:3b:95:88:64:06:5f:e3:d6: 21:32:7e:b5:b1:02:2b:7a:9b:e1:ac:a1:14:47:85:d5:a2:b1: f6:06:3f:1e:93:5f:e2:2e:58:1c:98:53:01:39:db:3e:3e:b7: a1:49:14:7c:1a:7d:08:8e:51:20:0b:af:04:63:a2:8f:13:e1: 4a:c9:2b:92:ed:4a:fb:95:30:23:35:d7:5d:7d:d0:20:29:5e: a1:27:24:93:eb:f7:71:f3:29:88:91:bf:27:c4:23:e7:c4:27: 13:d8:8d:8d:bc:3c:5c:3c:c7:3f:c2:69:cc:6b:eb:26:35:a9: 74:b0:9e:a6 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK 2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf 49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N vDxcPMc/wmnMa+smNal0sJ6m -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/homes/pem-creds/.globus/test0.key.pem000066400000000000000000000034521207402625500270710ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/homes/pem-creds/.globus/usercert.pem000066400000000000000000000111131207402625500270700ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:34 2012 GMT Not After : Sep 24 15:39:34 2022 GMT Subject: C=IT, O=IGI, CN=test0 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ca:c6:da:f0:86:86:76:ed:2c:71:21:28:e5:46: a5:a6:05:60:7a:53:e3:7f:c5:6d:a4:4b:5b:94:7e: b4:11:6a:fe:9a:b9:5b:66:b4:45:b8:e4:9e:38:55: 38:b7:59:6e:98:d7:5d:d1:07:09:92:ea:85:be:de: 5c:f2:04:16:55:3e:a9:e1:57:df:d5:91:3c:4b:a7: cd:e0:19:55:6f:1c:04:e0:1a:09:23:79:3c:48:b0: e1:3e:4e:43:ca:02:86:49:fd:01:5c:09:f3:e1:dd: 67:59:dc:03:48:d7:85:98:90:03:3d:55:7b:12:6e: 1d:a8:90:2b:16:19:ae:28:ea:9c:ed:dc:fb:75:cc: a9:32:3b:83:d6:d1:c0:64:95:eb:43:22:62:4a:da: fb:9f:b8:35:4d:9b:b2:33:ff:2d:ff:f2:96:3c:a7: 73:28:8b:06:c5:fc:f7:52:6d:ae:d7:40:0c:41:59: 42:4c:a1:a9:5e:87:cc:72:f0:74:91:3a:7e:ed:17: 66:a5:c6:80:cb:1f:84:16:86:9e:94:0e:7d:ab:bc: e5:ac:78:1a:94:30:f5:c5:8e:c5:22:d7:fa:e4:c3: 5a:07:02:33:2b:a1:39:39:94:bd:79:18:8d:0b:19: de:5d:4d:5a:29:90:a5:c5:6d:34:d8:c5:29:0f:cf: 53:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:B7:41:E7:E8:CE:F4:BC:96:37:6F:D5:08:D6:20:31:AD:23:BC:71 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 0d:62:d5:97:7a:d8:5e:49:e5:69:09:f9:c8:77:d4:e4:2b:22: 93:02:9f:11:6a:13:59:97:85:c5:ad:65:a7:d9:2f:56:7b:b0: 02:2b:f1:bb:bb:50:de:6c:96:31:77:c3:ce:a3:c0:a5:b1:ca: 17:c9:33:b6:07:31:c7:64:bc:5a:b8:42:88:cd:4b:fb:83:61: 9e:84:8f:92:72:47:d9:76:31:72:45:78:c3:d3:ec:0c:1b:0c: d7:ec:c0:ee:48:bd:c2:1b:66:96:b1:8a:64:06:78:fa:04:c9: 6b:d0:fd:e4:64:43:2a:57:9b:76:fb:64:e3:d3:e6:97:a6:90: 4f:57:0c:c9:c1:18:67:ad:22:62:3b:95:88:64:06:5f:e3:d6: 21:32:7e:b5:b1:02:2b:7a:9b:e1:ac:a1:14:47:85:d5:a2:b1: f6:06:3f:1e:93:5f:e2:2e:58:1c:98:53:01:39:db:3e:3e:b7: a1:49:14:7c:1a:7d:08:8e:51:20:0b:af:04:63:a2:8f:13:e1: 4a:c9:2b:92:ed:4a:fb:95:30:23:35:d7:5d:7d:d0:20:29:5e: a1:27:24:93:eb:f7:71:f3:29:88:91:bf:27:c4:23:e7:c4:27: 13:d8:8d:8d:bc:3c:5c:3c:c7:3f:c2:69:cc:6b:eb:26:35:a9: 74:b0:9e:a6 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK 2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf 49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N vDxcPMc/wmnMa+smNal0sJ6m -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/homes/pem-creds/.globus/userkey.pem000066400000000000000000000034521207402625500267320ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-2_0_10/src/test/resources/homes/pkcs12-creds/000077500000000000000000000000001207402625500235055ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/pkcs12-creds/.globus/000077500000000000000000000000001207402625500250565ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/homes/pkcs12-creds/.globus/test0.p12000066400000000000000000000047451207402625500264530ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0֪ @ogr-U":5IWe^L=Go)W:{ɘk%D<0DD_d(4՞U!M@͕'ROy6'~e wAoykNnF׬EA0Vr[RKYe'gԷ(Jx$Vh*'Qd9찗jnyBS=bPtd&*)<~,g4A/{G%0#@t:ܣGF qt0<c- 2RLbCT! b)[? ϋWU޼6"వ"*\.^7T 7=+QJ0z6VS/^iJaVu8/v=}Nݡe%Kq~ρ>:Pn>ɴ'Lݝ[zcʴVޫO,$Ă~q&E}1x #ImGbiA[mgC8 Hm1290Bk6]Lx&% >e&"/db?Nt1!#LtBdlNƖUرQkKڤ͵ȗ$vV ?.T _ۋ'9fSqT[e8lO 6C063 iMeDZkG ?x跿e<\;1F0Wʟ9\v9y ѐD8l!]i]O4U`0A *H 2.0*0& *H  00 *H  0<_RIȳ|f~XÌh$%+~ph#Zo[YJ%y6Og$~~<}wR.4!8Joځv6O#XabR hL88գ헎h&f6 #]NjOHj_*ήb:D%Wzk%,v:j#4o{^,R_[i KֈU'..Dq&}dƹv{F?1Ӿ]@m.劇n"O?X,Q}ӻ-VĀT޸˚a_\skksE_rh[zb"ad6CC'OմЪY `Ae.nkhw Diy_fKZ@Nxk~Ic4Ea UՁz\rV֯&?qX9pGUdd?ۑԲ |jIR DKwJVS.g #1Z4;oSt.X̴Eꋗ`kWzT5.Ϡ(=0dt[v(g7X>"F-nZz .KnX<[`nU&Hy"üJT`"@w>gϺ46)#6DLÍi`?=l)䩊3c7mVAc&%M?arB ܐYCΦtۯAXdeU }dLj>r Ϟ8|*7#CV濍miF[C*;-i-g/~˚_Ɓ&H̎'Y}@ݏO} o w0 ȑQUj`nb-KS'00@):9~j$'GWApbqے Z[&Np{f(^W90XP/B3PoCHxo E]adF2 9.jtM.6,~]d&+nnĘԑD; ?韲Zսp616lӐGqvu+,&~!,^:Abnx}G2w$=lE7/&$R+Rr̓ 9C!*{8Q԰-2..9a}eUYEpuj}>V;EΪ}z]/~tn{e"{C1%0# *H  15Z2& 010!0 +V oH=$voms-api-java-2_0_10/src/test/resources/homes/pkcs12-creds/.globus/usercred.p12000066400000000000000000000047451207402625500272300ustar00rootroot000000000000000 0  *H   0 0G *H 8040- *H 0 *H  0֪ @ogr-U":5IWe^L=Go)W:{ɘk%D<0DD_d(4՞U!M@͕'ROy6'~e wAoykNnF׬EA0Vr[RKYe'gԷ(Jx$Vh*'Qd9찗jnyBS=bPtd&*)<~,g4A/{G%0#@t:ܣGF qt0<c- 2RLbCT! b)[? ϋWU޼6"వ"*\.^7T 7=+QJ0z6VS/^iJaVu8/v=}Nݡe%Kq~ρ>:Pn>ɴ'Lݝ[zcʴVޫO,$Ă~q&E}1x #ImGbiA[mgC8 Hm1290Bk6]Lx&% >e&"/db?Nt1!#LtBdlNƖUرQkKڤ͵ȗ$vV ?.T _ۋ'9fSqT[e8lO 6C063 iMeDZkG ?x跿e<\;1F0Wʟ9\v9y ѐD8l!]i]O4U`0A *H 2.0*0& *H  00 *H  0<_RIȳ|f~XÌh$%+~ph#Zo[YJ%y6Og$~~<}wR.4!8Joځv6O#XabR hL88գ헎h&f6 #]NjOHj_*ήb:D%Wzk%,v:j#4o{^,R_[i KֈU'..Dq&}dƹv{F?1Ӿ]@m.劇n"O?X,Q}ӻ-VĀT޸˚a_\skksE_rh[zb"ad6CC'OմЪY `Ae.nkhw Diy_fKZ@Nxk~Ic4Ea UՁz\rV֯&?qX9pGUdd?ۑԲ |jIR DKwJVS.g #1Z4;oSt.X̴Eꋗ`kWzT5.Ϡ(=0dt[v(g7X>"F-nZz .KnX<[`nU&Hy"üJT`"@w>gϺ46)#6DLÍi`?=l)䩊3c7mVAc&%M?arB ܐYCΦtۯAXdeU }dLj>r Ϟ8|*7#CV濍miF[C*;-i-g/~˚_Ɓ&H̎'Y}@ݏO} o w0 ȑQUj`nb-KS'00@):9~j$'GWApbqے Z[&Np{f(^W90XP/B3PoCHxo E]adF2 9.jtM.6,~]d&+nnĘԑD; ?韲Zսp616lӐGqvu+,&~!,^:Abnx}G2w$=lE7/&$R+Rr̓ 9C!*{8Q԰-2..9a}eUYEpuj}>V;EΪ}z]/~tn{e"{C1%0# *H  15Z2& 010!0 +V oH=$voms-api-java-2_0_10/src/test/resources/log4j.properties000066400000000000000000000005531207402625500233310ustar00rootroot00000000000000# Console appender log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=%-5p %d [%t] %c{2} - %m - %x%n # log4j.appender.CONSOLE.layout.ConversionPattern=%m %x%n # Loggers log4j.rootLogger=ERROR, CONSOLE # log4j.logger.org.glite.voms.PKIVerifier=DEBUGvoms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/000077500000000000000000000000001207402625500243605ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/10b10516.0000066400000000000000000000023711207402625500254230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/10b10516.namespaces000066400000000000000000000002231207402625500273750ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/10b10516.signing_policy000066400000000000000000000002171207402625500302760ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/d82942ab.0000066400000000000000000000023711207402625500256030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/d82942ab.namespaces000066400000000000000000000002231207402625500275550ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-2_0_10/src/test/resources/no-crls-trust-anchors/d82942ab.signing_policy000066400000000000000000000002171207402625500304560ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-2_0_10/src/test/resources/trust-anchors/000077500000000000000000000000001207402625500230055ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/trust-anchors/10b10516.0000066400000000000000000000023711207402625500240500ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/trust-anchors/10b10516.namespaces000066400000000000000000000002231207402625500260220ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-2_0_10/src/test/resources/trust-anchors/10b10516.r0000066400000000000000000000011101207402625500242200ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBiDByMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJ R0kxEDAOBgNVBAMMB1Rlc3QgQ0EXDTEyMDkyNjE1MjkyNloXDTEzMDkyNjE1Mjky NlowFDASAgEEFw0xMjA5MjYxNTI1MjRaMA0GCSqGSIb3DQEBBQUAA4IBAQA+dDfd JSR7lheVvwOjX6fYoWdAxE51wqjnqwoPtdsuUrANdKjb2+IHK6sUBscWofZr9eek RWI0XA+Dw6mTpp2EqFQAxHkwaodv3qjS9jIEPvOySCie9eT1zpdYd6JyLBGGvD7w lmxHkL0G0p7YGxrAiNMjvt3zzgySqRryw9sudidB1D8JxDS94UP8MlJP7JKB6uhe VPtVJrGLOyKOTmipyVcjBXqBMihuaR9LJQsfWiLS4yYEqaemL3kKU30SsXtEznZt yXeMc8OcMtL7BMLnGF3NDVAqqIt+SMC1khKurv4J3ggIG3UqNvJWqvxVt4PQQuBN XAvnE84nCDDPZ4Td -----END X509 CRL-----voms-api-java-2_0_10/src/test/resources/trust-anchors/10b10516.signing_policy000066400000000000000000000002171207402625500267230ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-2_0_10/src/test/resources/trust-anchors/d82942ab.0000066400000000000000000000023711207402625500242300ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/trust-anchors/d82942ab.namespaces000066400000000000000000000002231207402625500262020ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-2_0_10/src/test/resources/trust-anchors/d82942ab.r0000066400000000000000000000011101207402625500244000ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBiDByMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJ R0kxEDAOBgNVBAMMB1Rlc3QgQ0EXDTEyMDkyNjE1MjkyNloXDTEzMDkyNjE1Mjky NlowFDASAgEEFw0xMjA5MjYxNTI1MjRaMA0GCSqGSIb3DQEBBQUAA4IBAQA+dDfd JSR7lheVvwOjX6fYoWdAxE51wqjnqwoPtdsuUrANdKjb2+IHK6sUBscWofZr9eek RWI0XA+Dw6mTpp2EqFQAxHkwaodv3qjS9jIEPvOySCie9eT1zpdYd6JyLBGGvD7w lmxHkL0G0p7YGxrAiNMjvt3zzgySqRryw9sudidB1D8JxDS94UP8MlJP7JKB6uhe VPtVJrGLOyKOTmipyVcjBXqBMihuaR9LJQsfWiLS4yYEqaemL3kKU30SsXtEznZt yXeMc8OcMtL7BMLnGF3NDVAqqIt+SMC1khKurv4J3ggIG3UqNvJWqvxVt4PQQuBN XAvnE84nCDDPZ4Td -----END X509 CRL-----voms-api-java-2_0_10/src/test/resources/trust-anchors/d82942ab.signing_policy000066400000000000000000000002171207402625500271030ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-2_0_10/src/test/resources/vomsdir/000077500000000000000000000000001207402625500216545ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/atlas/000077500000000000000000000000001207402625500227605ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/atlas/lcg-voms.cern.ch.lsc000066400000000000000000000001471207402625500265330ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-2_0_10/src/test/resources/vomsdir/atlas/vo.racf.bnl.gov.lsc000066400000000000000000000001631207402625500263650ustar00rootroot00000000000000/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 voms-api-java-2_0_10/src/test/resources/vomsdir/atlas/voms.cern.ch.lsc000066400000000000000000000001431207402625500257640ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-2_0_10/src/test/resources/vomsdir/cms/000077500000000000000000000000001207402625500224365ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/cms/lcg-voms.cern.ch.lsc000066400000000000000000000001471207402625500262110ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-2_0_10/src/test/resources/vomsdir/cms/voms.cern.ch.lsc000066400000000000000000000001431207402625500254420ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-2_0_10/src/test/resources/vomsdir/igi.italiangrid.it/000077500000000000000000000000001207402625500253255ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/igi.italiangrid.it/vomsmania.cnaf.infn.it.lsc000066400000000000000000000001161207402625500322720ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=CNAF/CN=vomsmania.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-2_0_10/src/test/resources/vomsdir/superbvo.org/000077500000000000000000000000001207402625500243075ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/superbvo.org/voms-02.pd.infn.it.lsc000066400000000000000000000001141207402625500301570ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-2_0_10/src/test/resources/vomsdir/superbvo.org/voms2.cnaf.infn.it.lsc000066400000000000000000000001121207402625500303240ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-2_0_10/src/test/resources/vomsdir/test-host.cnaf.infn.it.pem000066400000000000000000000111661207402625500265700ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 16 (0x10) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Oct 10 16:03:07 2012 GMT Not After : Oct 8 16:03:07 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:0e:8d:89:5a:f5:3c:1a:d4:8d:8e:8d:66:f2: a4:74:6a:aa:94:42:3d:c4:57:c6:c6:db:3e:6b:ec: d4:16:08:d1:ad:5e:5e:44:a2:62:71:99:11:69:82: 5a:15:7e:49:26:65:4d:6b:41:63:c4:72:88:b7:97: 12:3d:43:12:ee:6b:d0:a2:90:57:2c:32:92:b6:91: 5a:61:b7:34:72:57:7a:48:10:9b:8c:77:5c:01:ca: be:56:30:d4:cf:f2:6a:08:f7:96:af:77:28:a0:ba: 97:26:ac:3b:34:a0:cb:c8:88:56:19:c8:18:9b:4e: fe:6a:56:91:58:a7:ee:3f:34:7a:82:b9:05:ea:26: 81:ff:1b:3a:5e:fb:d9:e3:52:23:56:8b:9e:07:0a: 15:ae:4e:7e:38:dc:51:5f:f0:6f:bb:fa:f3:a6:3a: d8:bc:49:31:24:e7:27:51:51:90:60:de:e5:82:e0: 3e:ed:de:51:6b:24:a9:8d:1e:09:09:1a:10:44:04: 51:f4:48:c7:f6:45:3e:e6:5a:ea:72:62:95:ec:ef: 08:98:62:b3:c9:af:79:30:be:58:a0:f1:39:67:48: a1:b6:f2:d0:dc:fa:15:fc:31:70:c7:e9:d7:e4:b1: f9:7e:3c:19:94:03:e1:07:57:3d:87:77:21:63:78: 1f:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:F4:A2:78:FF:3C:E8:62:86:73:1E:F1:AE:B4:15:35:D3:1D:03:81 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 96:28:72:52:23:32:b8:5f:43:ac:24:f4:7d:93:15:bd:33:58: 1b:bd:ef:c0:4a:cf:e2:c6:64:9e:f9:40:eb:a0:c4:b3:73:c1: 26:18:2c:18:91:eb:09:3c:e1:f9:84:c4:de:07:4c:6c:17:f7: dc:f6:12:de:bf:43:3a:22:ad:46:60:e0:15:4f:d5:56:8b:b6: 67:23:8a:16:df:83:fe:2f:22:6a:6c:eb:22:4d:f1:40:c3:99: 63:62:18:b8:12:bb:f0:ec:91:6b:bf:81:b5:90:83:63:10:b5: 01:96:98:6a:cb:68:9a:3b:ca:bd:95:bb:09:20:94:cc:e3:97: 43:00:49:c0:29:3b:55:59:cd:b1:c6:f4:f2:06:f1:1e:74:b0: 45:14:3f:02:3a:49:6f:ec:57:0a:87:e1:ef:c1:7c:01:93:2a: 23:84:9b:08:7f:18:02:09:b9:28:86:c3:62:73:42:f4:c5:59: 65:ce:ec:81:a3:23:73:59:28:1e:54:30:3d:38:28:29:c3:2a: d5:71:3f:9c:75:34:d7:5a:1e:28:ad:af:68:52:bd:05:f9:6e: 9f:9d:9e:e2:90:51:63:71:e1:7b:b3:0d:23:ae:ee:3d:92:e7: 0d:5c:3c:67:46:53:e9:27:6f:bd:cb:57:37:e8:64:29:5d:97: b1:8b:61:05 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBEDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTAxMDE2MDMwN1oX DTIyMTAwODE2MDMwN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALEOjYla9Twa1I2OjWbypHRqqpRCPcRXxsbbPmvs1BYI0a1e XkSiYnGZEWmCWhV+SSZlTWtBY8RyiLeXEj1DEu5r0KKQVywykraRWmG3NHJXekgQ m4x3XAHKvlYw1M/yagj3lq93KKC6lyasOzSgy8iIVhnIGJtO/mpWkVin7j80eoK5 Beomgf8bOl772eNSI1aLngcKFa5OfjjcUV/wb7v686Y62LxJMSTnJ1FRkGDe5YLg Pu3eUWskqY0eCQkaEEQEUfRIx/ZFPuZa6nJilezvCJhis8mveTC+WKDxOWdIobby 0Nz6FfwxcMfp1+Sx+X48GZQD4QdXPYd3IWN4H80CAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBT69KJ4/zzoYoZzHvGutBU10x0DgTAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAJYoclIjMrhfQ6wk9H2TFb0zWBu978BKz+LGZJ75 QOugxLNzwSYYLBiR6wk84fmExN4HTGwX99z2Et6/QzoirUZg4BVP1VaLtmcjihbf g/4vImps6yJN8UDDmWNiGLgSu/DskWu/gbWQg2MQtQGWmGrLaJo7yr2VuwkglMzj l0MAScApO1VZzbHG9PIG8R50sEUUPwI6SW/sVwqH4e/BfAGTKiOEmwh/GAIJuSiG w2JzQvTFWWXO7IGjI3NZKB5UMD04KCnDKtVxP5x1NNdaHiitr2hSvQX5bp+dnuKQ UWNx4XuzDSOu7j2S5w1cPGdGU+knb73LVzfoZCldl7GLYQU= -----END CERTIFICATE----- voms-api-java-2_0_10/src/test/resources/vomsdir/test.vo.1/000077500000000000000000000000001207402625500234155ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/test.vo.1/wilco.cnaf.infn.it.lsc000066400000000000000000000000761207402625500275120ustar00rootroot00000000000000/C=IT/O=IGI/CN=wilco-error.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-2_0_10/src/test/resources/vomsdir/test.vo.2/000077500000000000000000000000001207402625500234165ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/test.vo.2/wilco.cnaf.infn.it.lsc000066400000000000000000000000701207402625500275050ustar00rootroot00000000000000/C=IT/O=IGI/CN=wilco.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-2_0_10/src/test/resources/vomsdir/test.vo/000077500000000000000000000000001207402625500232565ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomsdir/test.vo/test-expired.cnaf.infn.it.lsc000066400000000000000000000000551207402625500306500ustar00rootroot00000000000000/C=IT/O=IGI/CN=expired /C=IT/O=IGI/CN=Test CAvoms-api-java-2_0_10/src/test/resources/vomsdir/test.vo/test-host.cnaf.infn.it.lsc000066400000000000000000000000741207402625500301660ustar00rootroot00000000000000/C=IT/O=IGI/CN=test-host.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-2_0_10/src/test/resources/vomsdir/test.vo/test-revoked.cnaf.infn.it.lsc000066400000000000000000000000551207402625500306470ustar00rootroot00000000000000/C=IT/O=IGI/CN=revoked /C=IT/O=IGI/CN=Test CAvoms-api-java-2_0_10/src/test/resources/vomsdir/vgrid02.cnaf.infn.it.lsc000066400000000000000000000001141207402625500261020ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=CNAF/CN=vgrid02.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-2_0_10/src/test/resources/vomses/000077500000000000000000000000001207402625500215055ustar00rootroot00000000000000voms-api-java-2_0_10/src/test/resources/vomses/atlas000066400000000000000000000004371207402625500225400ustar00rootroot00000000000000"atlas" "lcg-voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "atlas" "24" "atlas" "voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "atlas" "24" "atlas" "vo.racf.bnl.gov" "15003" "/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov" "atlas" "24"voms-api-java-2_0_10/src/test/resources/vomses/eumed000066400000000000000000000003031207402625500225230ustar00rootroot00000000000000"eumed" "voms-02.pd.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it" "eumed" "eumed" "voms2.cnaf.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "eumed"