pax_global_header00006660000000000000000000000064126571265530014526gustar00rootroot0000000000000052 comment=52982a9536bd21b369e11a2a18140ec92cba146f voms-api-java-3.1.0/000077500000000000000000000000001265712655300142015ustar00rootroot00000000000000voms-api-java-3.1.0/.gitignore000066400000000000000000000001641265712655300161720ustar00rootroot00000000000000/.settings /bin /dist /target /.classpath /.project /spec/voms-api-java.spec /rpmbuild /debbuild /RPMS /tgz /target voms-api-java-3.1.0/.travis.yml000066400000000000000000000004421265712655300163120ustar00rootroot00000000000000language: java jdk: - openjdk6 - openjdk7 - oraclejdk7 - oraclejdk8 os: - linux notifications: slack: secure: NEqqRKfphFroJt3420x+ojawfPQqQFk4mw17z4/RwpGxlR3kftW17s198TCFVyiBn0OF55BA6w7s/JL4PqG5BCH10B8/+ulbKrQh3LNSr3cQxvPs4AhI+BIq4pvK01sLS/wNxCzj0LI1mOg7L8BnJlioOJyHHBCeadqxdyPf5Uk= voms-api-java-3.1.0/AUTHORS000066400000000000000000000002201265712655300152430ustar00rootroot00000000000000Andrea Ceccanti Valerio Venturi Daniele Andreotti voms-api-java-3.1.0/LICENSE000066400000000000000000000261361265712655300152160ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-api-java-3.1.0/README.md000066400000000000000000000172551265712655300154720ustar00rootroot00000000000000# VOMS Java API [![Build Status](https://travis-ci.org/italiangrid/voms-api-java.svg)](https://travis-ci.org/italiangrid/voms-api-java) Java client APIs for the Virtual Organization Membership Service (VOMS). The VOMS API can be used for - validating attribute certifcates (ACs) inside a proxy and reading the attributes (VOSM FQANs or VOMS generic attributes) - contacting a VOMS service in order to get an AC and for creating proxy certificates that contains an AC ## Installing If using Maven, add the dependencies to your pom file ```bash org.italiangrid voms-api-java ${voms-api-java-version} ``` ### Configure logging VOMS Java API does not rely on logging anymore to provide information to the API user. The API now provides listeners that receive interesting events related to VOMS attribute certificate parsing and validation and interactions with remote VOMS servers. ## Getting started ### Validation With version 3.0 of the API, the validation interface changes significantly. In order to validate VOMS attributes one has to do the following: ```java /* certificate chain may come either from loading (and validating) using BouncyCastle or from an authenticated HTTPS session */ X509Certificate[] theChain = ...; VOMSACValidator validator = VOMSValidators.newValidator(); List vomsAttrs = validator.validate(theChain); ``` The VOMSAttribute interface provides access to all VOMS attributes (i.e., FQANs and Generic attributes): ```java if (vomsAttrs.size() > 0) { VOMSAttribute va = vomsAttrs.get(0); List fqans = va.getFQANs(); for (String f: fqans) System.out.println(f); List gas = va.getGenericAttributes(); for (VOMSGenericAttribute g: gas) System.out.println(g); } ``` #### Getting more information about the validation outcome The API just described returns a possibly empty list of validated VOMS attributes. In order to get more information on the validation outcome (e.g. error messages etc. ) you now have two possibilities: - register a `ValidationResultListener` on the validator and separate your error handling logic from the main flow of your code - use the `validateWithResult` method #### Setting a ValidationResultListener The interface of a ValidationResultListener is defined as follows: ```java void notifyValidationResult(VOMSValidationResult result) ``` The VOMSValidationResult class provides info on the outcome of VOMS validation: ```java VOMSValidationResult{ boolean isValid(); List getValidationErrors(); VOMSAttribute getAttributes(); } ``` You can register a ValidationResultListener at VOMSACValidator creation time: ```java VOMSACValidator validator = VOMSValidators.newValidator(new ValidationResultListener() { public void notifyValidationResult(VOMSValidationResult result) { // Your code here ... }}); ``` or later with the `setValidationResultListener(ValidationResultListener l)` method. ### Using the `validateWithResult` method ```java List results = validator.validateWithResult(theChain); for(VOMSValidationResult r: results){ if ( r.isValid() ){ VOMSAttribute attrs = r.getAttributes(); ... }else{ // error handling code } } ``` ### Requesting a VOMS AC from a server and creating a proxy out of it In order to request a VOMS AC from a VOMS server you start by providing your own credentials. To parse your credentials (certificate + private key) you will use the ```java UserCredentials.loadCredentials(char[] keyPassword); ``` method. This methods looks for PEM or PKCS12 credentials in standard localtions and returns a CANL X509Credential. ```java /* Load user's credentials */ X509Credential cred = UserCredentials.loadCredentials("passphrase".toCharArray()); ``` To request an AC from a VOMS service, one has to create a VOMSACRequest in order to set options for the requested AC, like its lifetime, the VO name or the requested VOMS fqans. The VOMSACService requires that you pass in a CANL `X509CerChainValidatorExt` object that will be used to setup the SSL connection and perform certificate validation. You can easily build one with the `CertificateValidatorBuilder` VOMS helper class: ```java X509CertChainValidatorExt validator = CertificateValidatorBuilder.buildCertificateValidator(); VOMSACService service = new DefaultVOMSACService.Builder(validator).build(); DefaultVOMSACRequest request = new DefaultVOMSACRequest.Builder("atlas").lifetime(10).build(); AttributeCertificate attributeCertificate = service.getVOMSAttributeCertificate(cred, request); ``` Creating a proxy containing the VOMS AC just obtained is trivial with the help of CANL proxy generation utilities: ```java ProxyCertificateOptions proxyOptions = new ProxyCertificateOptions(cred.getCertificateChain()); proxyOptions.setAttributeCertificates(new AttributeCertificate[] {attributeCertificate}); ProxyCertificate proxyCert = ProxyGenerator.generate(proxyOptions, cred.getKey()); ``` The proxy can then be saved to an output stream in PEM format using the ```java CredentialsUtils.saveCredentials(OutputStream os, X509Credential uc) ``` method, as shown in the following example: ```java OutputStream os = new FileOutputStream("/tmp/savedProxy"); CredentialsUtils.saveCredentials(os, proxyCert.getCredential()); ``` ### Migrating from VOMS API Java v. 2.x In order to use the new API update your pom.xml with the right dependencies (in case you use maven). ```bash org.italiangrid voms-api-java 3.0.0 ``` or install the VOMS API 3.0 packages (rpms or debs). With the API v. 2.0.9 the following approach would be used to validate a VOMS AC: ```java /* 2.0.x API packages */ import org.glite.voms.VOMSAttribute; import org.glite.voms.VOMSValidator; ... // Validated certificate chain */ X509Certificate[] certchain = ...; VOMSValidator validator = new VOMSValidator(certchain); validator.validate(); List attrs = validator.getVOMSAttributes(); for (VOMSAttribute a : attrs) // Do something with the attribute ... ``` With version 3.0 the name of the packages to import has changed: ```java /* 3.0.x API packages */ import org.italiangrid.voms.test.VOMSAttribute; import org.italiangrid.voms.test.VOMSValidators; import org.italiangrid.voms.test.ac.VOMSACValidator; // The VOMSACValidator interface provides access to VOMS AC validation logic. // In order to obtain a validator use the VOMSValidators factory VOMSACValidator validator = VOMSValidators.newValidator(); // An X.509 certcain obtained somehow X509Certificate[] certChain = ...; // Use the validate method to obtain a list of VOMSAttribute objects List attrs = validator.validate(certChain); for (VOMSAttribute a : attrs){ // Do something with the attribute ... } // Shutdown the validator. This should be called only when you're sure that // you will not need the validator anymore. validator.shutdown(); ``` ## Documentation More details on the new APIs can be found in the [Javadoc](http://italiangrid.github.com/voms-api-java/javadocs/3.x/index.html). ## License Licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-api-java-3.1.0/pom.xml000066400000000000000000000257431265712655300155310ustar00rootroot00000000000000 4.0.0 org.italiangrid voms-api-java 3.1.0 jar voms-api-java Java APIs to validate and request VOMS attribute certificates https://github.com/italiangrid/voms-api-java The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo https://github.com/italiangrid/voms-api-java scm:git:git://github.com/italiangrid/voms-api-java.git scm:git:ssh://git@github.com:italiangrid/voms-api-java.git 3.1 1.9.0 2.2.2 2.2.1 2.4.1 2.8.2 2.5 2.9.1 2.5.2 1.5 1.6.3 4.11 1.3 2.1.2 1.9.5 1.0 UTF-8 UTF-8 /usr/share/java /usr/share/doc/${project.name} /usr/share/javadoc/${project.name} andreac Andrea Ceccanti andrea.ceccanti@cnaf.infn.it INFN CNAF Developer vventuri Valerio Venturi valerio.venturi@cnaf.infn.it INFN CNAF Developer dandreotti Daniele Andreotti daniele.andreotti@cnaf.infn.it INFN CNAF Developer org.apache.maven.plugins maven-compiler-plugin ${plugin.compiler.version} 1.6 1.6 true true org.codehaus.mojo cobertura-maven-plugin ${plugin.cobertura.version} html xml org/italiangrid/voms/test/**/*.class org/italiangrid/voms/examples/**/*.class org.apache.maven.plugins maven-assembly-plugin ${plugin.assembly.version} ${project.name} false ${basedir}/src/main/assembly/voms-api-java.xml org.apache.maven.plugins maven-javadoc-plugin ${plugin.javadoc.version} ${project.build.directory}/javadoc ${project.reporting.outputDirectory}/javadoc attach-javadocs jar org.apache.maven.plugins maven-source-plugin ${plugin.source.version} attach-sources jar-no-fork com.mycila.maven-license-plugin maven-license-plugin ${plugin.license.version}
src/license/license.txt
.travis.yml *.md Makefile AUTHORS LICENSE .gitignore spec/** src/test/resources/** src/config/** src/main/java/org/glite/voms/FQAN.java true true check-headers verify check org.apache.maven.plugins maven-release-plugin ${plugin.release.version} forked-path org.apache.maven.plugins maven-deploy-plugin ${plugin.deploy.version} org.apache.maven.plugins maven-jar-plugin ${plugin.jar.version} true junit junit ${junit.version} test org.hamcrest hamcrest-library ${hamcrest.version} test eu.eu-emi.security canl ${canl.version} net.jcip jcip-annotations ${jcip.version} provided org.mockito mockito-core ${mockito.version} test release-sign-artifacts performRelease true org.apache.maven.plugins maven-gpg-plugin ${plugin.gpg.version} ${env.GPG_PASSPHRASE} sign-artifacts verify sign local-staging true cnaf-releases CNAF releases http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-releases/ cnaf-snapshots CNAF snapshots http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-snapshots/ central-staging ossrh Maven central snapshots https://oss.sonatype.org/content/repositories/snapshots ossrh Maven central releases https://oss.sonatype.org/service/local/staging/deploy/maven2/ org.sonatype.plugins nexus-staging-maven-plugin ${plugin.nexus-staging.version} true ossrh https://oss.sonatype.org/ true voms-api-java-3.1.0/src/000077500000000000000000000000001265712655300147705ustar00rootroot00000000000000voms-api-java-3.1.0/src/license/000077500000000000000000000000001265712655300164125ustar00rootroot00000000000000voms-api-java-3.1.0/src/license/license.txt000066400000000000000000000011151265712655300205730ustar00rootroot00000000000000Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-api-java-3.1.0/src/main/000077500000000000000000000000001265712655300157145ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/assembly/000077500000000000000000000000001265712655300175335ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/assembly/voms-api-java.xml000066400000000000000000000030421265712655300227260ustar00rootroot00000000000000 main tar.gz false target/site/javadoc/apidocs ${assembly.javadoc.dir} 0644 target/${project.build.finalName}.jar ${project.build.finalName}.jar ${assembly.java.dir} 0644 voms-api-java-3.1.0/src/main/java/000077500000000000000000000000001265712655300166355ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/000077500000000000000000000000001265712655300174245ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/000077500000000000000000000000001265712655300217135ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/000077500000000000000000000000001265712655300226775ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/VOMSAttribute.java000066400000000000000000000115421265712655300262150ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms; import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; import org.bouncycastle.cert.X509AttributeCertificateHolder; /** * The VOMS attributes information. This interface provides access to all the * information available in a VOMS attribute certificate. * * @author Andrea Ceccanti * */ public interface VOMSAttribute { /** * This method returns the name of the VO this VOMS attributes are about * * @return The name of the VO this VOMS attributes are about */ public String getVO(); /** * This method returns the host where the VOMS Attribute Authority (AA) that * signed these attribute lives * * @return The name of the host where the VOMS AA that signed these attributes * lives */ public String getHost(); /** * This method returns the port on which the VOMS Attribute Authority (AA) * that signed these attributes listens for requests. * * @return The port on which the VOMS AA that signed these attributes listens * for requests */ public int getPort(); /** * This method returns the subject (as an {@link X500Principal}) of the holder * of these VOMS attributes * * @return The subject of the holder of these VOMS attributes */ public X500Principal getHolder(); /** * This method returns the holder certificate serial number * * @return The serial number of the holder certificate */ public BigInteger getHolderSerialNumber(); /** * This method returns the subject of the VOMS Attribute Authority that signed * these attributes. * * @return The subject of the VOMS AA that signed these attributes */ public X500Principal getIssuer(); /** * This method returns the attributes' validity start time * * @return The attributes' validity start time */ public Date getNotBefore(); /** * This method returns the attributes' validity end time * * @return The attributes' validity end time */ public Date getNotAfter(); /** * This method returns the list of signed Fully Qualified Attribute Names * (FQANs) in this {@link VOMSAttribute}. * * @return The {@link List} of VOMS fully qualified attribute names */ public List getFQANs(); /** * This method returns the primary FQAN (the first in the list returned by * {@link #getFQANs()}) in this {@link VOMSAttribute}. * * @return The primary VOMS fully qualified attribute name */ public String getPrimaryFQAN(); /** * This method returns the signature on the VOMS attribute certificate as a * byte array. * * @return The signature of this VOMS attributes */ public byte[] getSignature(); /** * This method returns the list of VOMS Generic attributes in this * {@link VOMSAttribute}. * * @return The VOMS generic attributes */ public List getGenericAttributes(); /** * This method returns the list of targets defined for this * {@link VOMSAttribute}. * * @return The targets for this VOMS attributes */ public List getTargets(); /** * This method returns the certificate chain of the VOMS Attribute Authority * (AA) that signed this {@link VOMSAttribute}. * * @return The VOMS AA certificate chain */ public X509Certificate[] getAACertificates(); /** * This method checks whether the attributes are valid in the current instant * of time. No validation is performed on the attributes. * * @return true if valid, false otherwise */ public boolean isValid(); /** * This method checks whether the attributes are valid in a given time passed * as argument. No validation is performed on the attributes. * * @param time * the time used for the validity check * @return true if valid, false otherwise */ public boolean validAt(Date time); /** * This method returns the underlying VOMS Attribute certificate object. * * @return the underlying bouncycastle object for the VOMS attribute * certificate. */ public X509AttributeCertificateHolder getVOMSAC(); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/VOMSError.java000066400000000000000000000017621265712655300253460ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms; /** * The base VOMS exception class. * * @author Andrea Ceccanti * */ public class VOMSError extends RuntimeException { /** * */ private static final long serialVersionUID = 1L; public VOMSError(String message) { super(message); } public VOMSError(String message, Throwable cause) { super(message, cause); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/VOMSGenericAttribute.java000066400000000000000000000024441265712655300275130ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms; /** * A VOMS generic attribute is a name=value pair attribute augmented with a * context. * * * @author Andrea Ceccanti * */ public interface VOMSGenericAttribute { /** * This method returns the name of this generic attribute * * @return the name of this generic attribute */ public String getName(); /** * This method returns the value of this generic attribute * * @return the value of this generic attribute */ public String getValue(); /** * This method returns the context for this generic attribute * * @return the context of this generic attribute */ public String getContext(); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/VOMSValidators.java000066400000000000000000000047561265712655300263730ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms; import org.italiangrid.voms.ac.VOMSACLookupStrategy; import org.italiangrid.voms.ac.VOMSACParser; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.ac.impl.DefaultVOMSACParser; import org.italiangrid.voms.ac.impl.DefaultVOMSValidator; import org.italiangrid.voms.store.VOMSTrustStore; import eu.emi.security.authn.x509.X509CertChainValidatorExt; /** * A factory for VOMS attributes validators and parsers. * * @author Andrea Ceccanti * */ public class VOMSValidators { private VOMSValidators() { } public static VOMSACValidator newValidator(ValidationResultListener listener) { return new DefaultVOMSValidator.Builder().validationListener(listener) .build(); } public static VOMSACValidator newValidator(VOMSTrustStore trustStore, X509CertChainValidatorExt validator, ValidationResultListener vrListener) { return new DefaultVOMSValidator.Builder().trustStore(trustStore) .certChainValidator(validator).validationListener(vrListener).build(); } public static VOMSACValidator newValidator(VOMSTrustStore store, X509CertChainValidatorExt validator, ValidationResultListener vrListener, VOMSACLookupStrategy strategy) { return new DefaultVOMSValidator.Builder().trustStore(store) .certChainValidator(validator).validationListener(vrListener) .acLookupStrategy(strategy).build(); } public static VOMSACValidator newValidator(VOMSTrustStore trustStore, X509CertChainValidatorExt validator) { return new DefaultVOMSValidator.Builder().trustStore(trustStore) .certChainValidator(validator).build(); } public static VOMSACValidator newValidator() { return new DefaultVOMSValidator.Builder().build(); } public static VOMSACParser newParser() { return new DefaultVOMSACParser(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/000077500000000000000000000000001265712655300232625ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/ACLookupListener.java000066400000000000000000000031511265712655300273100ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; /** * This interface is used to notify of events related to the lookup and * succesfull parsing of VOMS attribute certificates from a certificate chain. * * @author andreaceccanti * */ public interface ACLookupListener { /** * Informs that an AC is being looked for in the cert chain passed as * argument. * * @param chain * the chain where the AC is looked for * @param chainLevel * the level in the chain where the AC is being looked for */ public void notifyACLookupEvent(X509Certificate[] chain, int chainLevel); /** * Informs that an AC has been succesfully parsed from the cert chain passed * as argument * * @param chain * the chain from which the AC has been parsed * @param chainLevel * the level in the chain where the AC has been parsed */ public void notifyACParseEvent(X509Certificate[] chain, int chainLevel); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/ACParsingContext.java000066400000000000000000000051021265712655300272770ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; /** * This class describes the context in which a VOMS {@link AttributeCertificate} * has been parsed in a certificate chain. * * @author Andrea Ceccanti * */ public class ACParsingContext { /** The parsed VOMS attribute certificates **/ private List ACs; /** The position in the cert chain where the VOMS attributes have been parsed **/ private int certChainPostion; /** The certificate chain form which the VOMS attributes have been parsed. **/ private X509Certificate[] certChain; /** * @return the aCs */ public List getACs() { return ACs; } /** * @param aCs * the aCs to set */ public void setACs(List aCs) { ACs = aCs; } /** * @return the certChainPostion */ public int getCertChainPostion() { return certChainPostion; } /** * @param certChainPostion * the certChainPostion to set */ public void setCertChainPostion(int certChainPostion) { this.certChainPostion = certChainPostion; } /** * @return the certChain */ public X509Certificate[] getCertChain() { return certChain; } /** * @param certChain * the certChain to set */ public void setCertChain(X509Certificate[] certChain) { this.certChain = certChain; } /** * @param aCs * a set of parsed VOMS Attribute Certificates * @param certChainPostion * the position in the chain where the ACs have been parsed * @param certChain * the chain from where the ACs have been parsed */ public ACParsingContext(List aCs, int certChainPostion, X509Certificate[] certChain) { ACs = aCs; this.certChainPostion = certChainPostion; this.certChain = certChain; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSACLookupStrategy.java000066400000000000000000000025411265712655300300340ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; import java.util.List; /** * * A strategy for looking up a set of VOMS Attribute Certificates from a * certificate chain. * * @author Andrea Ceccanti * */ public interface VOMSACLookupStrategy { /** * This method defines how a set of VOMS Attribute Certificates is looked for * in a certificate chain. * * @param certChain * the certificate chain that will be searched for VOMS attribute * certificates * * @return a {@link List} of {@link ACParsingContext} that describes the * lookup outcome */ public List lookupVOMSAttributeCertificates( X509Certificate[] certChain); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSACParser.java000066400000000000000000000025271265712655300263000ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; import java.util.List; import org.italiangrid.voms.VOMSAttribute; /** * This interface defines the behavior of a VOMS Attribute Certificate parser. * * * @author Andrea Ceccanti * */ public interface VOMSACParser { /** * Looks for and parses VOMS attributes in the certificate chain passed as * argument (which is assumed to be already validated). * * @param validatedChain * a validated X.509 certificate chain * @return a possibly empty list of {@link VOMSAttribute} objects providing * access to the parsed VOMS attributes */ public List parse(X509Certificate[] validatedChain); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSACValidationStrategy.java000066400000000000000000000032751265712655300306620ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; import org.italiangrid.voms.VOMSAttribute; /** * The strategy implemented to perform the validation of a VOMS attribute * certificate. * * @author Andrea Ceccanti * */ public interface VOMSACValidationStrategy { /** * Validates a VOMS Attribute Certificate * * @param attributes * the parsed VOMS attributes * @param theChain * the certificate chain from which the attributes were parsed * @return a {@link VOMSValidationResult} object describing the outcome of the * validation */ public VOMSValidationResult validateAC(VOMSAttribute attributes, X509Certificate[] theChain); /** * Validates VOMS attributes not extracted from a certificate chain (e.g., as * returned from the VOMS server) * * @param attributes * the VOMS attributes * @return a {@link VOMSValidationResult} object describing the outcome of the * validation */ public VOMSValidationResult validateAC(VOMSAttribute attributes); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSACValidator.java000066400000000000000000000071101265712655300267620ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.security.cert.X509Certificate; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSAttribute; /** * This interface extends the {@link VOMSACParser} interface and provides * methods to perform validation on the VOMS Attribute Certificates parsed from * a given certificate chain. * * @author Andrea Ceccanti * */ public interface VOMSACValidator extends VOMSACParser { /** * Parses and validates the VOMS attributes found in the certificate chain * passed as argument (which is assumed to be validated already). * * This method returns the possibly empty list of the validated attributes. * * This method should be used in conjunction with the registration of a * {@link ValidationResultListener} to get details about validation error and * warning messages. * * Use the {@link #validateWithResult(X509Certificate[])} method in case you * don't want to rely on a {@link ValidationResultListener}. * * @param validatedChain * a validated X.509 certificate chain * @return a possibly empty list of {@link VOMSAttribute} object providing * access to the validated VOMS attributes */ public List validate(X509Certificate[] validatedChain); /** * Parses and validates the VOMS attributes found in the certificate chain * passed as argument (which is assumed to be validated already). * * This method returns a possibly empty list of {@link VOMSValidationResult} * objects which describe the outcome of the validation for each VOMS AC found * in the certificate chain. * * This method is useful when you want to use a single call to get all details * about validation without relying on the registration of a * {@link ValidationResultListener}. * * @param validatedChain * a chain of X.509 certificates * @return a possibly empty list of {@link VOMSValidationResult} object * providing access to validation results and related attributes */ public List validateWithResult( X509Certificate[] validatedChain); /** * Validates the VOMS attributes found in the attribute certificate list * passed as argument. * * @param acs * a list of {@link AttributeCertificate} * @return the validated and possibly empty list of * {@link AttributeCertificate} object */ public List validateACs(List acs); /** * Sets a listener that will received validation-related events for this * {@link VOMSACValidator}. * * @param listener * the listener that will receive validation-related events. */ public void setValidationResultListener(ValidationResultListener listener); /** * Shutdown the VOMS validator. This method should be called to perform final * cleanup operations. */ public void shutdown(); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSAttributesNormalizationStrategy.java000066400000000000000000000027171265712655300332610ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.util.List; import org.italiangrid.voms.VOMSAttribute; /** * A strategy to select the set of relevant and appliable VOMS attributes from a * set of parsed VOMS attribute certificates. * * This strategy is responsible of creating the {@link VOMSAttribute} objects * which represents the authorizative VOMS authorization information. * * @author Andrea Ceccanti * */ public interface VOMSAttributesNormalizationStrategy { /** * Returns the normalized view of VOMS Authorization information starting from * a list of VOMS Attribute certificates. * * @param acs * a list of {@link ACParsingContext} objects * * @return a possibly empty list {@link VOMSAttribute} object */ public List normalizeAttributes(List acs); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/VOMSValidationResult.java000066400000000000000000000062731265712655300301330ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import java.util.ArrayList; import java.util.Collections; import java.util.List; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.error.VOMSValidationErrorMessage; /** * This class represents the outcome of a VOMS validation. * * @author Andrea Ceccanti * */ public class VOMSValidationResult { /** The flag that tells whether the validation was successfull or not **/ private final boolean valid; /** A list of {@link VOMSValidationErrorMessage} **/ private final List validationErrors; /** The attributes this validation result refer to **/ private final VOMSAttribute attributes; /** * Default constructor. * * @param attributes * the attributes this validation result refer to * @param valid * true in case of validation success, * false otherwise */ public VOMSValidationResult(VOMSAttribute attributes, boolean valid) { this(attributes, valid, new ArrayList()); } /** * This constructor is used to pass in a list of validation errors as well. * * @param attributes * the {@link VOMSAttribute} that will be validated * @param valid * true in case of validation success, * false otherwise * @param validationErrors * a list of validation errors */ public VOMSValidationResult(VOMSAttribute attributes, boolean valid, List validationErrors) { this.attributes = attributes; this.valid = valid; this.validationErrors = validationErrors; } /** * Tells if validation was successful or not. * * @return valid true in case of validation success, * false otherwise */ public boolean isValid() { return valid; } /** * The attributes are to be considered valid only if the {@link #isValid()} * method for this {@link VOMSValidationResult} is true. * * @return the attributes this validation result refer to */ public VOMSAttribute getAttributes() { return attributes; } /** * @return the possibly empty list of validation errors */ public List getValidationErrors() { return Collections.unmodifiableList(validationErrors); } @Override public String toString() { return "VOMSValidationResult [valid=" + valid + ", validationErrors=" + validationErrors + ", attributes=" + attributes + "]"; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/ValidationResultListener.java000066400000000000000000000021571265712655300311310ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac; import org.italiangrid.voms.VOMSAttribute; /** * This interface is used to notify interested listeners of VOMS attribute * certificate validation outcome. * * @author andreaceccanti * */ public interface ValidationResultListener { /** * Informs of the result of the validation of a set of {@link VOMSAttribute}. * * @param result * the validation result * */ public void notifyValidationResult(VOMSValidationResult result); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/000077500000000000000000000000001265712655300242235ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/DefaultLocalHostnameResolver.java000066400000000000000000000022321265712655300326450ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.net.InetAddress; import java.net.UnknownHostException; /** * The default implementation for localhost name resolver. The localhost name is * resolved using the following code: * * 
 * {@code
 * 		InetAddress.getLocalHost().getCanonicalHostName();
 * }
 *
*/ public class DefaultLocalHostnameResolver implements LocalHostnameResolver { public String resolveLocalHostname() throws UnknownHostException { return InetAddress.getLocalHost().getCanonicalHostName(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSACParser.java000066400000000000000000000036571265712655300305530ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.security.cert.X509Certificate; import java.util.List; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.ac.ACParsingContext; import org.italiangrid.voms.ac.VOMSACLookupStrategy; import org.italiangrid.voms.ac.VOMSACParser; import org.italiangrid.voms.ac.VOMSAttributesNormalizationStrategy; import org.italiangrid.voms.util.NullListener; /** * Default implementation of the VOMS attribute certificate parsing logic. * * @author Andrea Ceccanti * */ public class DefaultVOMSACParser implements VOMSACParser { private final VOMSACLookupStrategy acLookupStrategy; private final VOMSAttributesNormalizationStrategy acNormalizationStrategy = new LeafVOMSExtensionNormalizationStrategy(); public DefaultVOMSACParser() { this(new LeafACLookupStrategy(NullListener.INSTANCE)); } public DefaultVOMSACParser(VOMSACLookupStrategy strategy) { this.acLookupStrategy = strategy; } public List parse(X509Certificate[] validatedChain) { if (validatedChain == null) throw new NullPointerException("Cannot parse a null certchain!"); List parsedACs = acLookupStrategy .lookupVOMSAttributeCertificates(validatedChain); return acNormalizationStrategy.normalizeAttributes(parsedACs); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSValidationStrategy.java000066400000000000000000000315161265712655300327230ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import static org.italiangrid.voms.error.VOMSValidationErrorCode.aaCertFailsSignatureVerification; import static org.italiangrid.voms.error.VOMSValidationErrorCode.aaCertNotFound; import static org.italiangrid.voms.error.VOMSValidationErrorCode.acCertFailsSignatureVerification; import static org.italiangrid.voms.error.VOMSValidationErrorCode.acHolderDoesntMatchCertChain; import static org.italiangrid.voms.error.VOMSValidationErrorCode.acNotValidAtCurrentTime; import static org.italiangrid.voms.error.VOMSValidationErrorCode.canlError; import static org.italiangrid.voms.error.VOMSValidationErrorCode.emptyAcCertsExtension; import static org.italiangrid.voms.error.VOMSValidationErrorCode.invalidAaCert; import static org.italiangrid.voms.error.VOMSValidationErrorCode.invalidAcCert; import static org.italiangrid.voms.error.VOMSValidationErrorCode.localhostDoesntMatchAcTarget; import static org.italiangrid.voms.error.VOMSValidationErrorCode.lscDescriptionDoesntMatchAcCert; import static org.italiangrid.voms.error.VOMSValidationErrorCode.lscFileNotFound; import static org.italiangrid.voms.error.VOMSValidationErrorCode.other; import static org.italiangrid.voms.error.VOMSValidationErrorMessage.newErrorMessage; import java.net.UnknownHostException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.operator.ContentVerifierProvider; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.ac.VOMSACValidationStrategy; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.asn1.VOMSConstants; import org.italiangrid.voms.error.VOMSValidationErrorMessage; import org.italiangrid.voms.store.LSCInfo; import org.italiangrid.voms.store.VOMSTrustStore; import eu.emi.security.authn.x509.ValidationError; import eu.emi.security.authn.x509.ValidationResult; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.X500NameUtils; import eu.emi.security.authn.x509.proxy.ProxyUtils; /** * The Default VOMS validation strategy. * * @author andreaceccanti * */ public class DefaultVOMSValidationStrategy implements VOMSACValidationStrategy { private final VOMSTrustStore store; private final X509CertChainValidatorExt certChainValidator; private final LocalHostnameResolver hostnameResolver; public DefaultVOMSValidationStrategy(VOMSTrustStore store, X509CertChainValidatorExt validator, LocalHostnameResolver resolver) { this.store = store; this.certChainValidator = validator; this.hostnameResolver = resolver; } public DefaultVOMSValidationStrategy(VOMSTrustStore store, X509CertChainValidatorExt validator) { this(store, validator, new DefaultLocalHostnameResolver()); } private boolean checkACHolder(VOMSAttribute attributes, X509Certificate[] chain, List validationErrors) { X500Principal chainHolder = ProxyUtils.getOriginalUserDN(chain); boolean holderDoesMatch = chainHolder.equals(attributes.getHolder()); if (!holderDoesMatch) { String acHolderSubject = X500NameUtils.getReadableForm(attributes .getHolder()); String certChainSubject = X500NameUtils.getReadableForm(chainHolder); validationErrors.add(VOMSValidationErrorMessage.newErrorMessage( acHolderDoesntMatchCertChain, acHolderSubject, certChainSubject)); } return holderDoesMatch; } private boolean checkACValidity(VOMSAttribute attributes, List validationErrors) { Date now = new Date(); boolean valid = attributes.validAt(now); if (!valid) { VOMSValidationErrorMessage m = VOMSValidationErrorMessage .newErrorMessage(acNotValidAtCurrentTime, attributes.getNotBefore(), attributes.getNotAfter(), now); validationErrors.add(m); } return valid; } private boolean checkLocalAACertSignature(VOMSAttribute attributes, List validationErrors) { X509Certificate localAACert = store.getAACertificateBySubject(attributes .getIssuer()); if (localAACert == null) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(aaCertNotFound)); return false; } if (!validateCertificate(localAACert, validationErrors)) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(invalidAaCert)); return false; } boolean signatureValid = verifyACSignature(attributes, localAACert); if (!signatureValid) { String readableSubject = X500NameUtils.getReadableForm(localAACert .getSubjectX500Principal()); validationErrors.add(VOMSValidationErrorMessage.newErrorMessage( aaCertFailsSignatureVerification, readableSubject)); } return signatureValid; } private boolean checkLSCSignature(VOMSAttribute attributes, List validationErrors) { LSCInfo lsc = store.getLSC(attributes.getVO(), attributes.getHost()); X509Certificate[] aaCerts = attributes.getAACertificates(); if (lsc == null) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(lscFileNotFound)); return false; } if (aaCerts == null || aaCerts.length == 0) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(emptyAcCertsExtension)); return false; } if (!lsc.matches(aaCerts)) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(lscDescriptionDoesntMatchAcCert)); return false; } // LSC matches aa certs, verify certificates extracted from the AC if (!validateCertificateChain(aaCerts, validationErrors)) { validationErrors.add(VOMSValidationErrorMessage .newErrorMessage(invalidAcCert)); return false; } boolean signatureValid = verifyACSignature(attributes, aaCerts[0]); if (!signatureValid) { String readableSubject = X500NameUtils.getReadableForm(aaCerts[0] .getSubjectX500Principal()); validationErrors.add(VOMSValidationErrorMessage.newErrorMessage( acCertFailsSignatureVerification, readableSubject)); } return signatureValid; } private boolean checkSignature(VOMSAttribute attributes, List validationErrors) { boolean valid = checkLSCSignature(attributes, validationErrors); if (!valid) valid = checkLocalAACertSignature(attributes, validationErrors); return valid; } private boolean checkTargets(VOMSAttribute attributes, List validationErrors) { if (attributes.getTargets() == null || attributes.getTargets().size() == 0) return true; String localhostName; try { localhostName = hostnameResolver.resolveLocalHostname(); } catch (UnknownHostException e) { validationErrors.add(newErrorMessage(other, "Error resolving localhost name: " + e.getMessage())); return false; } if (!attributes.getTargets().contains(localhostName)) { validationErrors.add(newErrorMessage(localhostDoesntMatchAcTarget, localhostName, attributes.getTargets().toString())); return false; } return true; } private boolean checkNoRevAvailExtension(VOMSAttribute attributes, List validationErrors) { Extension noRevAvail = attributes.getVOMSAC().getExtension( Extension.noRevAvail); if (noRevAvail != null && noRevAvail.isCritical()) { validationErrors.add(newErrorMessage(other, "NoRevAvail AC extension cannot be critical!")); return false; } return true; } private boolean checkAuthorityKeyIdentifierExtension( VOMSAttribute attributes, List validationErrors) { Extension authKeyId = attributes.getVOMSAC().getExtension( Extension.authorityKeyIdentifier); if (authKeyId != null && authKeyId.isCritical()) { validationErrors.add(newErrorMessage(other, "AuthorityKeyIdentifier AC extension cannot be critical!")); return false; } return true; } private boolean checkUnhandledCriticalExtensions(VOMSAttribute attributes, List validationErrors) { @SuppressWarnings("unchecked") List acExtensions = attributes.getVOMSAC() .getExtensionOIDs(); for (ASN1ObjectIdentifier extId : acExtensions) { if (!VOMSConstants.VOMS_HANDLED_EXTENSIONS.contains(extId) && attributes.getVOMSAC().getExtension(extId).isCritical()) { validationErrors.add(newErrorMessage(other, "unknown critical extension found in VOMS AC: " + extId.getId())); return false; } } return true; } public VOMSValidationResult validateAC(VOMSAttribute attributes) { boolean valid = true; List validationErrors = new ArrayList(); // Check temporal validity valid = checkACValidity(attributes, validationErrors); if (valid) // Verify signature on AC checking LSC file or local AA certificate valid = checkSignature(attributes, validationErrors); if (valid) // Check targets valid = checkTargets(attributes, validationErrors); // AC extension checking to be compliant with rfc 3281 if (valid) valid = checkAuthorityKeyIdentifierExtension(attributes, validationErrors); if (valid) valid = checkNoRevAvailExtension(attributes, validationErrors); if (valid) valid = checkUnhandledCriticalExtensions(attributes, validationErrors); return new VOMSValidationResult(attributes, valid, validationErrors); } public synchronized VOMSValidationResult validateAC(VOMSAttribute attributes, X509Certificate[] chain) { boolean valid = true; List validationErrors = new ArrayList(); // Check temporal validity valid = checkACValidity(attributes, validationErrors); if (valid) // Verify signature on AC checking LSC file or local AA certificate valid = checkSignature(attributes, validationErrors); if (valid) // Check AC holder valid = checkACHolder(attributes, chain, validationErrors); if (valid) // Check targets valid = checkTargets(attributes, validationErrors); // AC extension checking to be compliant with rfc 3281 if (valid) valid = checkAuthorityKeyIdentifierExtension(attributes, validationErrors); if (valid) valid = checkNoRevAvailExtension(attributes, validationErrors); if (valid) valid = checkUnhandledCriticalExtensions(attributes, validationErrors); return new VOMSValidationResult(attributes, valid, validationErrors); } private boolean validateCertificate(X509Certificate c, List validationErrors) { return validateCertificateChain(new X509Certificate[] { c }, validationErrors); } private boolean validateCertificateChain(X509Certificate[] chain, List validationErrors) { ValidationResult result = certChainValidator.validate(chain); for (ValidationError e : result.getErrors()) validationErrors.add(VOMSValidationErrorMessage.newErrorMessage( canlError, e.getMessage())); return result.isValid(); } private boolean verifyACSignature(VOMSAttribute attributes, X509Certificate cert) { try { X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); ContentVerifierProvider cvp = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(certHolder); return attributes.getVOMSAC().isSignatureValid(cvp); } catch (Exception e) { throw new VOMSError("Error verifying AC signature: " + e.getMessage(), e); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSValidator.java000066400000000000000000000136041265712655300310310ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.ac.VOMSACLookupStrategy; import org.italiangrid.voms.ac.VOMSACValidationStrategy; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.asn1.VOMSACUtils; import org.italiangrid.voms.store.UpdatingVOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStores; import org.italiangrid.voms.util.CertificateValidatorBuilder; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.X509CertChainValidatorExt; /** * The default implementation of the VOMS validator. * * @author andreaceccanti * */ public class DefaultVOMSValidator extends DefaultVOMSACParser implements VOMSACValidator { public static final String DEFAULT_TRUST_ANCHORS_DIR = "/etc/grid-security/certificates"; private final VOMSACValidationStrategy validationStrategy; private final VOMSTrustStore trustStore; private ValidationResultListener validationResultListener; private final Object listenerLock = new Object(); public static class Builder { private VOMSACValidationStrategy validationStrategy; private VOMSTrustStore trustStore; private ValidationResultListener validationResultListener; private X509CertChainValidatorExt certChainValidator; private VOMSACLookupStrategy acLookupStrategy; public Builder() { } public Builder validationStrategy(VOMSACValidationStrategy s) { this.validationStrategy = s; return this; } public Builder trustStore(VOMSTrustStore ts) { this.trustStore = ts; return this; } public Builder validationListener(ValidationResultListener l) { this.validationResultListener = l; return this; } public Builder certChainValidator(X509CertChainValidatorExt v) { this.certChainValidator = v; return this; } public Builder acLookupStrategy(VOMSACLookupStrategy ls) { this.acLookupStrategy = ls; return this; } private void sanityChecks() { if (validationStrategy == null) { if (trustStore == null) trustStore = VOMSTrustStores.newTrustStore(); if (certChainValidator == null) certChainValidator = new CertificateValidatorBuilder() .trustAnchorsDir(DEFAULT_TRUST_ANCHORS_DIR).build(); validationStrategy = new DefaultVOMSValidationStrategy(trustStore, certChainValidator); } if (validationResultListener == null) { validationResultListener = NullListener.INSTANCE; } if (acLookupStrategy == null){ acLookupStrategy = new LeafACLookupStrategy(); } } public DefaultVOMSValidator build() { sanityChecks(); return new DefaultVOMSValidator(this); } } private DefaultVOMSValidator(Builder b) { super(b.acLookupStrategy); this.validationStrategy = b.validationStrategy; this.trustStore = b.trustStore; this.validationResultListener = b.validationResultListener; } public List validateWithResult( X509Certificate[] validatedChain) { return internalValidate(validatedChain); } protected List internalValidate( X509Certificate[] validatedChain) { List parsedAttrs = parse(validatedChain); List results = new ArrayList(); for (VOMSAttribute a : parsedAttrs) { VOMSValidationResult result = validationStrategy.validateAC(a, validatedChain); synchronized (listenerLock) { validationResultListener.notifyValidationResult(result); } results.add(result); } return results; } public List validate(X509Certificate[] validatedChain) { List validAttributes = new ArrayList(); for (VOMSValidationResult result : internalValidate(validatedChain)) { if (result.isValid()) { validAttributes.add(result.getAttributes()); } } return validAttributes; } public void shutdown() { if (trustStore instanceof UpdatingVOMSTrustStore) { ((UpdatingVOMSTrustStore) trustStore).cancel(); } } public List validateACs(List acs) { List validatedAcs = new ArrayList(); for (AttributeCertificate ac : acs) { VOMSAttribute vomsAttrs = VOMSACUtils.deserializeVOMSAttributes(ac); VOMSValidationResult result = validationStrategy.validateAC(vomsAttrs); synchronized (listenerLock) { validationResultListener.notifyValidationResult(result); } if (result.isValid()) { validatedAcs.add(ac); } } return validatedAcs; } public void setValidationResultListener(ValidationResultListener listener) { synchronized (listenerLock) { if (listener != null) { this.validationResultListener = listener; } } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/LeafACLookupStrategy.java000066400000000000000000000054461265712655300310670ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.io.IOException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.ac.ACLookupListener; import org.italiangrid.voms.ac.ACParsingContext; import org.italiangrid.voms.ac.VOMSACLookupStrategy; import org.italiangrid.voms.asn1.VOMSACUtils; import org.italiangrid.voms.asn1.VOMSConstants; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.proxy.ProxyUtils; /** * This strategy returns the leaf VOMS Attribute Certificate in a certificate * chain, i.e. the Attribute Certificate found in the latest delegation in the * chain. * * @author Andrea Ceccanti * */ public class LeafACLookupStrategy implements VOMSACLookupStrategy, VOMSConstants { private ACLookupListener listener; public LeafACLookupStrategy(ACLookupListener l) { this.listener = l; } public LeafACLookupStrategy() { this(NullListener.INSTANCE); } public List lookupVOMSAttributeCertificates( X509Certificate[] certChain) { List parsedACs = new ArrayList(); if (certChain == null || certChain.length == 0) throw new VOMSError( "Cannot extract VOMS Attribute Certificates from a null or empty certificate chain!"); for (int index = 0; index < certChain.length; index++) { X509Certificate cert = certChain[index]; listener.notifyACLookupEvent(certChain, index); try { if (ProxyUtils.isProxy(cert)) { List vomsACs = VOMSACUtils .getACsFromCertificate(cert); // Break at the first AC found from the top of the chain if (!vomsACs.isEmpty()) { listener.notifyACParseEvent(certChain, index); ACParsingContext ctx = new ACParsingContext(vomsACs, index, certChain); parsedACs.add(ctx); break; } } } catch (IOException e) { throw new VOMSError(e.getMessage(), e); } } return parsedACs; } } LeafVOMSExtensionNormalizationStrategy.java000066400000000000000000000031131265712655300345500ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.util.Collections; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.ac.ACParsingContext; import org.italiangrid.voms.ac.VOMSAttributesNormalizationStrategy; import org.italiangrid.voms.asn1.VOMSACUtils; import org.italiangrid.voms.asn1.VOMSConstants; /** * * This strategy extracts the VOMS attributes from the top VOMS extension found * in the parsing context passed as argument. * * @author Andrea Ceccanti * */ public class LeafVOMSExtensionNormalizationStrategy implements VOMSAttributesNormalizationStrategy, VOMSConstants { public List normalizeAttributes(List acs) { if (acs == null || acs.isEmpty()) return Collections.emptyList(); List attrs = acs.get(0).getACs(); return VOMSACUtils.deserializeVOMSAttributes(attrs); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/LocalHostnameResolver.java000066400000000000000000000021321265712655300313370ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.net.UnknownHostException; /** * A {@link LocalHostnameResolver} resolves the localhost host name. * */ public interface LocalHostnameResolver { /** * Resolves the hostname for localhost * * @return a String containing the localhost hostname * @throws UnknownHostException * when there is an error resolving the hostname */ public String resolveLocalHostname() throws UnknownHostException; } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/VOMSAttributesImpl.java000066400000000000000000000107521265712655300305500ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSGenericAttribute; import org.italiangrid.voms.util.TimeUtils; import eu.emi.security.authn.x509.impl.X500NameUtils; /** * The default implementation for voms attributes * * @author andreaceccanti * */ public class VOMSAttributesImpl implements VOMSAttribute { public static final int DEFAULT_CLOCK_SKEW_IN_MINUTES = 5; private String VO; private String host; private int port; private List FQANs; private X500Principal issuer; private X500Principal holder; private BigInteger holderSerialNumber; private Date notAfter; private Date notBefore; private byte[] signature; private List genericAttributes; private List acTargets; private X509Certificate[] aaCerts; private X509AttributeCertificateHolder VOMSAC; public VOMSAttributesImpl() { } public X500Principal getIssuer() { return issuer; } public String getPrimaryFQAN() { return FQANs.get(0); } public String getVO() { return VO; } public void setIssuer(X500Principal issuer) { this.issuer = issuer; } public void setVO(String vO) { VO = vO; } public List getFQANs() { return FQANs; } public void setFQANs(List fQANs) { FQANs = fQANs; } public String getHost() { return host; } public int getPort() { return port; } public X500Principal getHolder() { return holder; } public Date getNotBefore() { return notBefore; } public Date getNotAfter() { return notAfter; } public byte[] getSignature() { return signature; } public void setHost(String host) { this.host = host; } public void setPort(int port) { this.port = port; } public void setHolder(X500Principal holder) { this.holder = holder; } public void setNotAfter(Date notAfter) { this.notAfter = notAfter; } public void setNotBefore(Date notBefore) { this.notBefore = notBefore; } public void setSignature(byte[] signature) { this.signature = signature; } @Override public String toString() { return "VOMSAttributesImpl [VO=" + VO + ", host=" + host + ", port=" + port + ", FQANs=" + FQANs + ", gas=" + genericAttributes + ", issuer='" + X500NameUtils.getReadableForm(issuer) + "', holder='" + X500NameUtils.getReadableForm(holder) + "', notAfter=" + notAfter + ", notBefore=" + notBefore + ", targets=" + acTargets + " ]"; } public List getGenericAttributes() { return genericAttributes; } public void setGenericAttributes(List genericAttributes) { this.genericAttributes = genericAttributes; } public List getTargets() { return acTargets; } public void setTargets(List targets) { acTargets = targets; } public X509Certificate[] getAACertificates() { return aaCerts; } public void setAACertificates(X509Certificate[] aaCerts) { this.aaCerts = aaCerts; } public boolean isValid() { return validAt(new Date()); } public boolean validAt(Date date) { return TimeUtils.checkTimeInRangeWithSkew(date, getNotBefore(), getNotAfter(), DEFAULT_CLOCK_SKEW_IN_MINUTES); } public X509AttributeCertificateHolder getVOMSAC() { return VOMSAC; } public void setVOMSAC(X509AttributeCertificateHolder ac) { VOMSAC = ac; } public BigInteger getHolderSerialNumber() { return holderSerialNumber; } public void setHolderSerialNumber(BigInteger holderSerialNumber) { this.holderSerialNumber = holderSerialNumber; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/VOMSGenericAttributeImpl.java000066400000000000000000000050211265712655300316530ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.ac.impl; import org.italiangrid.voms.VOMSGenericAttribute; /** * The default implementation for VOMS Generic Attributes. * * @author Andrea Ceccanti * */ public class VOMSGenericAttributeImpl implements VOMSGenericAttribute { private String name; private String value; private String context; public VOMSGenericAttributeImpl() { } public String getName() { return name; } public String getValue() { return value; } public String getContext() { return context; } public void setName(String name) { this.name = name; } public void setValue(String value) { this.value = value; } public void setContext(String context) { this.context = context; } @Override public String toString() { return "VOMSGenericAttribute [name=" + name + ", value=" + value + ", context=" + context + "]"; } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((context == null) ? 0 : context.hashCode()); result = prime * result + ((name == null) ? 0 : name.hashCode()); result = prime * result + ((value == null) ? 0 : value.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; VOMSGenericAttributeImpl other = (VOMSGenericAttributeImpl) obj; if (context == null) { if (other.context != null) return false; } else if (!context.equals(other.context)) return false; if (name == null) { if (other.name != null) return false; } else if (!name.equals(other.name)) return false; if (value == null) { if (other.value != null) return false; } else if (!value.equals(other.value)) return false; return true; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/impl/package-info.java000066400000000000000000000013561265712655300274170ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * Implementation classes for VOMS attributes validation and parsing. */ package org.italiangrid.voms.ac.impl; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/ac/package-info.java000066400000000000000000000013761265712655300264600ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the APIs to perform validation and parsing * of VOMS attributes. */ package org.italiangrid.voms.ac; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/asn1/000077500000000000000000000000001265712655300235415ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/asn1/VOMSACGenerator.java000066400000000000000000000316371265712655300272550ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.asn1; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.EnumSet; import java.util.List; import java.util.Random; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.cert.AttributeCertificateHolder; import org.bouncycastle.cert.AttributeCertificateIssuer; import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.cert.X509v2AttributeCertificateBuilder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSGenericAttribute; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.proxy.CertificateExtension; /** * * This AC generator provides the VOMS AC encoding starting from a set of * attributes. * * @author Andrea Ceccanti * */ public class VOMSACGenerator implements VOMSConstants { public static enum ACGenerationProperties { SKIP_AC_CERTS_EXTENSION, FAKE_SIGNATURE_BITS, INCLUDE_FAKE_CRITICAL_EXTENSION, INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION, INCLUDE_CRITICAL_AKID_EXTENSION, INCLUDE_EMPTY_AC_CERTS_EXTENSION } public static final EnumSet defaultGenerationProperties = EnumSet .noneOf(ACGenerationProperties.class); static class RandomContentSigner implements ContentSigner { public static int SIG_LENGHT = 1024; ByteArrayOutputStream bos = new ByteArrayOutputStream(); AlgorithmIdentifier sigAlgId; public RandomContentSigner(String sigAlgName) { this.sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder() .find(sigAlgName); } public AlgorithmIdentifier getAlgorithmIdentifier() { return sigAlgId; } public OutputStream getOutputStream() { return bos; } public byte[] getSignature() { try { bos.close(); } catch (IOException e) { } Random r = new Random(); byte[] sigBytes = new byte[SIG_LENGHT]; r.nextBytes(sigBytes); return sigBytes; } } public static final ASN1ObjectIdentifier FAKE_EXT_OID = new ASN1ObjectIdentifier( "1.3.6.1.4.1.8005.100.120.82"); private X509Credential aaCredential; private ContentSigner signer; private ContentSigner getSigner(EnumSet properties) { if (signer == null) { JcaContentSignerBuilder builder = new JcaContentSignerBuilder( aaCredential.getCertificate().getSigAlgName()); builder.setProvider(BouncyCastleProvider.PROVIDER_NAME); try { if (properties.contains(ACGenerationProperties.FAKE_SIGNATURE_BITS)) signer = new RandomContentSigner(aaCredential.getCertificate() .getSigAlgName()); else signer = builder.build(aaCredential.getKey()); } catch (OperatorCreationException e) { throw new VOMSError(e.getMessage(), e); } } return signer; } public VOMSACGenerator(X509Credential aaCredential) { this.aaCredential = aaCredential; } private String buildVOURI(String voName, String host, int port) { return String.format("%s://%s:%d", voName, host, port); } private ASN1Encodable buildACCertsExtensionContent( EnumSet properties) { ASN1EncodableVector issuerCertsContainer = new ASN1EncodableVector(); if (properties .contains(ACGenerationProperties.INCLUDE_EMPTY_AC_CERTS_EXTENSION)) issuerCertsContainer.add(new DERSequence()); else issuerCertsContainer.add(new DERSequence( getCertAsDEREncodable(aaCredential.getCertificate()))); return new DERSequence(issuerCertsContainer); } private AuthorityKeyIdentifier buildAuthorityKeyIdentifier() { byte[] authKeyId = aaCredential.getCertificate().getExtensionValue( Extension.authorityKeyIdentifier.toString()); if (authKeyId != null) { return new AuthorityKeyIdentifier(authKeyId); } return null; } private ASN1Encodable buildFQANsAttributeContent(List fqans, GeneralName policyAuthorityInfo) { ASN1EncodableVector container = new ASN1EncodableVector(); ASN1EncodableVector encodedFQANs = new ASN1EncodableVector(); // Policy authority info DERTaggedObject pai = new DERTaggedObject(0, policyAuthorityInfo); container.add(pai); for (String s : fqans) encodedFQANs.add(new DEROctetString(s.getBytes())); container.add(new DERSequence(encodedFQANs)); return new DERSequence(container); } private ASN1Encodable buildGAExtensionContent( EnumSet properties, List gas, GeneralName policyAuthorityInfo) { ASN1EncodableVector tagContainer = new ASN1EncodableVector(); ASN1EncodableVector tagSequences = new ASN1EncodableVector(); for (VOMSGenericAttribute a : gas) tagSequences.add(buildTagSequence(a)); tagContainer.add(new GeneralNames(policyAuthorityInfo)); tagContainer.add(new DERSequence(tagSequences)); DERSequence finalSequence; // We wrap this three times as VOMS core does, even if I think this // is a bug finalSequence = new DERSequence(new DERSequence(new DERSequence( tagContainer))); return finalSequence; } private AttributeCertificateHolder buildHolder(X509Certificate holderCert) throws CertificateEncodingException { JcaX509CertificateHolder holderWrappedCert = new JcaX509CertificateHolder( holderCert); AttributeCertificateHolder acHolder = new AttributeCertificateHolder( holderWrappedCert.getSubject(), holderCert.getSerialNumber()); return acHolder; } private AttributeCertificateIssuer buildIssuer() throws CertificateEncodingException { JcaX509CertificateHolder issuer = new JcaX509CertificateHolder( aaCredential.getCertificate()); return new AttributeCertificateIssuer(issuer.getSubject()); } private GeneralName buildPolicyAuthorityInfo(String voName, String host, int port) { return new GeneralName(GeneralName.uniformResourceIdentifier, buildVOURI( voName, host, port)); } private DERSequence buildTagSequence(VOMSGenericAttribute ga) { ASN1EncodableVector tagSequence = new ASN1EncodableVector(); tagSequence.add(getDEROctetString(ga.getName())); tagSequence.add(getDEROctetString(ga.getValue())); tagSequence.add(getDEROctetString(ga.getContext())); return new DERSequence(tagSequence); } private ASN1Encodable buildTargetsExtensionContent( EnumSet properties, List targets) { ASN1EncodableVector targetSeq = new ASN1EncodableVector(); for (String s : targets) { DERTaggedObject encodedTarget = new DERTaggedObject(0, new GeneralName( GeneralName.uniformResourceIdentifier, s)); // We wrap the target in another sequence as the old VOMS does targetSeq.add(new DERSequence(encodedTarget)); } DERSequence targetExtensionContent = new DERSequence(new DERSequence( targetSeq)); return targetExtensionContent; } public X509AttributeCertificateHolder generateVOMSAttributeCertificate( List fqans, List gas, List targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) { return generateVOMSAttributeCertificate(defaultGenerationProperties, fqans, gas, targets, holderCert, serialNumber, notBefore, notAfter, voName, host, port); } public X509AttributeCertificateHolder generateVOMSAttributeCertificate( EnumSet generationProperties, List fqans, List gas, List targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) { AttributeCertificateHolder holder = null; AttributeCertificateIssuer issuer = null; try { holder = buildHolder(holderCert); issuer = buildIssuer(); X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder( holder, issuer, serialNumber, notBefore, notAfter); GeneralName policyAuthorityInfo = buildPolicyAuthorityInfo(voName, host, port); builder.addAttribute(VOMS_FQANS_OID, buildFQANsAttributeContent(fqans, policyAuthorityInfo)); if (gas != null && !gas.isEmpty()) { builder.addExtension( VOMS_GENERIC_ATTRS_OID, false, buildGAExtensionContent(generationProperties, gas, policyAuthorityInfo)); } if (targets != null && !targets.isEmpty()) { builder.addExtension(Extension.targetInformation, true, buildTargetsExtensionContent(generationProperties, targets)); } if (!generationProperties .contains(ACGenerationProperties.SKIP_AC_CERTS_EXTENSION)) { builder.addExtension(VOMS_CERTS_OID, false, buildACCertsExtensionContent(generationProperties)); } if (generationProperties .contains(ACGenerationProperties.INCLUDE_FAKE_CRITICAL_EXTENSION)) { builder.addExtension(FAKE_EXT_OID, true, new DERSequence()); } boolean noRevAvailIsCritical = false; boolean akidIsCritical = false; if (generationProperties .contains(ACGenerationProperties.INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION)) { noRevAvailIsCritical = true; } if (generationProperties .contains(ACGenerationProperties.INCLUDE_CRITICAL_AKID_EXTENSION)) { akidIsCritical = true; } builder.addExtension(Extension.noRevAvail, noRevAvailIsCritical, DERNull.INSTANCE); AuthorityKeyIdentifier akid = buildAuthorityKeyIdentifier(); builder.addExtension(Extension.authorityKeyIdentifier, akidIsCritical, akid != null ? akid : DERNull.INSTANCE); return builder.build(getSigner(generationProperties)); } catch (CertificateEncodingException e) { throw new VOMSError(e.getMessage(), e); } catch (CertIOException e) { throw new VOMSError(e.getMessage(), e); } } public CertificateExtension generateVOMSExtension( List acs) { ASN1EncodableVector vomsACs = new ASN1EncodableVector(); for (X509AttributeCertificateHolder ac : acs) vomsACs.add(ac.toASN1Structure()); DERSequence acSeq = new DERSequence(vomsACs); CertificateExtension ext = new CertificateExtension( VOMS_EXTENSION_OID.getId(), acSeq.toASN1Primitive(), false); return ext; } private ASN1Encodable getCertAsDEREncodable(X509Certificate cert) { try { byte[] certBytes = cert.getEncoded(); ByteArrayInputStream bais = new ByteArrayInputStream(certBytes); ASN1InputStream is = new ASN1InputStream(bais); ASN1Object derCert = is.readObject(); is.close(); return derCert; } catch (CertificateEncodingException e) { throw new VOMSError("Error encoding X509 certificate: " + e.getMessage(), e); } catch (IOException e) { throw new VOMSError("Error encoding X509 certificate: " + e.getMessage(), e); } } private DEROctetString getDEROctetString(String s) { return new DEROctetString(s.getBytes()); } }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/asn1/VOMSACUtils.java000066400000000000000000000374351265712655300264310ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.asn1; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; import java.util.List; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DLSequence; import org.bouncycastle.asn1.x509.Attribute; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.IetfAttrSyntax; import org.bouncycastle.asn1.x509.Target; import org.bouncycastle.asn1.x509.TargetInformation; import org.bouncycastle.asn1.x509.Targets; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.X509CertificateObject; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSGenericAttribute; import org.italiangrid.voms.ac.impl.VOMSAttributesImpl; import org.italiangrid.voms.ac.impl.VOMSGenericAttributeImpl; /** * A set of VOMS AC handling utilities. * * @author Andrea Ceccanti * */ public class VOMSACUtils implements VOMSConstants { public static final String POLICY_AUTHORITY_SEP = "://"; /** * Returns the VOMS extension, if present, in a given certificate * * @param cert * the {@link X509Certificate} where the extension will be searched * @return the DER-encoded octet string of the extension value or null if it * is not present. */ public static byte[] getVOMSExtensionFromCertificate(X509Certificate cert) { return cert.getExtensionValue(VOMSConstants.VOMS_EXTENSION_OID.getId()); } /** * Deserializes the VOMS Attribute certificates in a given certificate * extension * * @param vomsExtension * the VOMS extension * @return the possibly empty {@link List} of {@link AttributeCertificate} * extracted from a given extension * @throws IOException * in case of deserialization errors */ public static List getACsFromVOMSExtension( byte[] vomsExtension) throws IOException { List acs = null; if (vomsExtension == null) return Collections.emptyList(); acs = new ArrayList(); // Convert extension to a DEROctetString ASN1InputStream asn1Stream = new ASN1InputStream(new ByteArrayInputStream( vomsExtension)); byte[] payload = ((DEROctetString) asn1Stream.readObject()).getOctets(); asn1Stream.close(); asn1Stream = new ASN1InputStream(new ByteArrayInputStream(payload)); // VOMS extension is SEQUENCE of SET of AttributeCertificate // now, SET is an ordered sequence, and an AC is a sequence as // well -- thus the three nested ASN.1 sequences below... ASN1Sequence baseSequence = (ASN1Sequence) asn1Stream.readObject(); asn1Stream.close(); @SuppressWarnings("unchecked") Enumeration setSequence = baseSequence.getObjects(); while (setSequence.hasMoreElements()) { ASN1Sequence acSequence = setSequence.nextElement(); @SuppressWarnings("unchecked") Enumeration theACs = acSequence.getObjects(); while (theACs.hasMoreElements()) { AttributeCertificate parsedAC = AttributeCertificate.getInstance(theACs.nextElement()); acs.add(parsedAC); } } return acs; } /** * Deserializes the VOMS Attribute certificates, if present, in a given * certificate passed as argument * * @param cert * the {@link X509Certificate} where the ACs will be searched * @return the possibly empty {@link List} of {@link AttributeCertificate} * objects extracted from the VOMS extension * @throws IOException * in case of deserialization errors */ public static List getACsFromCertificate( X509Certificate cert) throws IOException { return getACsFromVOMSExtension(getVOMSExtensionFromCertificate(cert)); } /** * Deserializes the FQANs contained in a {@link IetfAttrSyntax} object * * @param attr * the {@link IetfAttrSyntax} attribute syntax object containing the * VOMS extension * @return a {@link List} of FQANs */ private static List deserializeFQANs(IetfAttrSyntax attr) { if (attr.getValueType() != IetfAttrSyntax.VALUE_OCTETS) raiseACNonConformantError("unsupported attribute values encoding."); List fqans = new ArrayList(); ASN1OctetString[] values = (ASN1OctetString[]) attr.getValues(); for (ASN1OctetString s : values) fqans.add(new String(s.getOctets())); return fqans; } @SuppressWarnings("rawtypes") private static List deserializeACTargets( X509AttributeCertificateHolder ac) { List targets = new ArrayList(); Extension targetExtension = ac.getExtension(Extension.targetInformation); if (targetExtension == null) return targets; TargetInformation ti = TargetInformation .getInstance((ASN1Sequence) targetExtension.getParsedValue()); // Only one Targets according to RFC 3281 Targets asn1TargetContainer = ti.getTargetsObjects()[0]; // The deserialization has to be done by hand since it seems VOMS // does not correctly encode the ACTargets extension... ASN1Sequence targetSequence = (ASN1Sequence) asn1TargetContainer .toASN1Primitive(); Target[] asn1Targets = new Target[targetSequence.size()]; int count = 0; for (Enumeration e = targetSequence.getObjects(); e.hasMoreElements();) { // There's one sequence more than expected here that makes // the bc constructor fail... ASN1Sequence seq = (ASN1Sequence) e.nextElement(); ASN1TaggedObject val = (ASN1TaggedObject) seq.getObjectAt(0); asn1Targets[count++] = Target.getInstance(val); } // Extract the actual string for (Target t : asn1Targets) { GeneralName targetURI = t.getTargetName(); if (targetURI.getTagNo() != GeneralName.uniformResourceIdentifier) raiseACNonConformantError("wrong AC target extension encoding. Only URI targets are supported."); String targetString = ((DERIA5String) targetURI.getName()).getString(); targets.add(targetString); } return targets; } private static void raiseACNonConformantError(String errorString) { throw new VOMSError("Non conformant VOMS Attribute certificate: " + errorString); } /** * Peforms some sanity checks on the format of the policy authority field * found in a VOMS extension. The enforced format is: vo://host:port * * @param attr * the {@link IetfAttrSyntax} attribute syntax object containing the * VOMS extension * @return the validated policy authority as a {@link String} */ private static String policyAuthoritySanityChecks(IetfAttrSyntax attr) { // The policy authority value is encoded as a DERIA5String String policyAuthority = ((DERIA5String) attr.getPolicyAuthority() .getNames()[0].getName()).getString(); // PolicyAuthority scheme: ://: int index = policyAuthority.indexOf(POLICY_AUTHORITY_SEP); if ((index < 0) || (index == policyAuthority.length() - 1)) raiseACNonConformantError("unsupported policy authority encoding '" + policyAuthority + "'"); return policyAuthority; } /** * Deserializes the information in a list of VOMS attribute certificates. * * @param acs * a {@link List} of VOMS acs * @return a possibly empty list of {@link VOMSAttribute} */ public static List deserializeVOMSAttributes( List acs) { if (acs == null || acs.size() == 0) return Collections.emptyList(); List attributes = new ArrayList(); for (AttributeCertificate a : acs) { attributes.add(deserializeVOMSAttributes(a)); } return attributes; } /** * Deserializes the information in a VOMS attribute certificate. * * @param ac * a VOMS {@link AttributeCertificate} * @return a {@link VOMSAttribute} object which provides more convenient * access to the VOMS authorization information */ public static VOMSAttribute deserializeVOMSAttributes(AttributeCertificate ac) { VOMSAttributesImpl attrs = new VOMSAttributesImpl(); X509AttributeCertificateHolder acHolder = new X509AttributeCertificateHolder( ac); Attribute[] asn1Attrs = acHolder.getAttributes(VOMS_FQANS_OID); for (Attribute a : asn1Attrs) { ASN1Primitive theVOMSDerObject = a.getAttributeValues()[0] .toASN1Primitive(); IetfAttrSyntax attrSyntax = IetfAttrSyntax.getInstance(ASN1Sequence .getInstance(theVOMSDerObject)); String policyAuthority = policyAuthoritySanityChecks(attrSyntax); // The policy authority string has the following format: // ://: attrs.setVO(policyAuthority.substring(0, policyAuthority.indexOf(POLICY_AUTHORITY_SEP))); attrs.setHost(policyAuthority.substring( policyAuthority.indexOf(POLICY_AUTHORITY_SEP) + 3, policyAuthority.lastIndexOf(":"))); attrs.setPort(Integer.parseInt(policyAuthority.substring(policyAuthority .lastIndexOf(":") + 1))); attrs.setFQANs(deserializeFQANs(attrSyntax)); attrs.setNotBefore(acHolder.getNotBefore()); attrs.setNotAfter(acHolder.getNotAfter()); attrs.setSignature(acHolder.getSignature()); attrs.setGenericAttributes(deserializeGAs(acHolder)); attrs.setAACertificates(deserializeACCerts(acHolder)); attrs.setTargets(deserializeACTargets(acHolder)); attrs.setVOMSAC(acHolder); try { attrs.setIssuer(new X500Principal(acHolder.getIssuer().getNames()[0] .getEncoded())); attrs.setHolder(new X500Principal(acHolder.getHolder().getIssuer()[0] .getEncoded())); attrs.setHolderSerialNumber(acHolder.getHolder().getSerialNumber()); } catch (IOException e) { throw new VOMSError( "Error parsing attribute certificate issuer or holder name: " + e.getMessage(), e); } } return attrs; } /** * Deserializes the VOMS generic attributes * * @param ac * the VOMS {@link X509AttributeCertificateHolder} * @return the {@link List} of {@link VOMSGenericAttribute} contained in the * ac */ private static List deserializeGAs( X509AttributeCertificateHolder ac) { List gas = new ArrayList(); Extension gasExtension = ac.getExtension(VOMS_GENERIC_ATTRS_OID); if (gasExtension == null) return gas; // SEQUENCE of TagList - contains just one taglist element ASN1Sequence tagContainerSeq = (ASN1Sequence) gasExtension.getParsedValue(); if (tagContainerSeq.size() != 1) raiseACNonConformantError("unsupported generic attributes container format."); // TagList - this also should be a sigle element sequence ASN1Sequence tagListSeq = (ASN1Sequence) tagContainerSeq.getObjectAt(0); if (tagListSeq.size() > 1) raiseACNonConformantError("unsupported taglist format."); // This TagList sequence is empty, gLite 3.2 VOMS versions had a bug // that added the extension even there were no attributes encoded... if (tagListSeq.size() == 0) return gas; // Down one level tagListSeq = (ASN1Sequence) tagListSeq.getObjectAt(0); // TODO: check policyAuthority!! // GeneralNames policyAuthority = // GeneralNames.getInstance(tagListSeq.getObjectAt(0)); // tags SEQUENCE OF Tag ASN1Sequence tags = (ASN1Sequence) tagListSeq.getObjectAt(1); @SuppressWarnings("unchecked") Enumeration e = tags.getObjects(); while (e.hasMoreElements()) { ASN1Sequence theActualTag = e.nextElement(); if (theActualTag.size() != 3) raiseACNonConformantError("unsupported tag format."); VOMSGenericAttributeImpl attribute = new VOMSGenericAttributeImpl(); attribute.setName(new String(DEROctetString.getInstance( theActualTag.getObjectAt(0)).getOctets())); attribute.setValue(new String(DEROctetString.getInstance( theActualTag.getObjectAt(1)).getOctets())); attribute.setContext(new String(DEROctetString.getInstance( theActualTag.getObjectAt(2)).getOctets())); gas.add(attribute); } return gas; } /** * Deserializes the VOMS ACCerts extension * * @param ac * the VOMS {@link X509AttributeCertificateHolder} * @return the parsed array of {@link X509Certificate} */ private static X509Certificate[] deserializeACCerts( X509AttributeCertificateHolder ac) { List certs = new ArrayList(); Extension e = ac.getExtension(VOMS_CERTS_OID); if (e == null) return null; ASN1Sequence certSeq = (ASN1Sequence) e.getParsedValue(); if (certSeq.size() != 1) raiseACNonConformantError("unsupported accerts format."); // Down one level certSeq = (ASN1Sequence) certSeq.getObjectAt(0); @SuppressWarnings("unchecked") Enumeration encodedCerts = certSeq.getObjects(); CertificateFactory cf = null; try { cf = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); } catch (Exception ex) { throw new VOMSError("Certificate factory creation error: " + ex.getMessage(), ex); } while (encodedCerts.hasMoreElements()) { DLSequence s = encodedCerts.nextElement(); X509CertificateObject certObj = null; byte[] certData = null; X509Certificate theCert = null; try { certObj = new X509CertificateObject( Certificate.getInstance(ASN1Sequence.getInstance(s))); certData = certObj.getEncoded(); theCert = (X509Certificate) cf .generateCertificate(new ByteArrayInputStream(certData)); } catch (CertificateParsingException ex) { throw new VOMSError("Certificate parsing error: " + ex.getMessage(), ex); } catch (CertificateEncodingException ex) { throw new VOMSError("Certificate encoding error: " + ex.getMessage(), ex); } catch (CertificateException ex) { throw new VOMSError("Error generating certificate from parsed data: " + ex.getMessage(), ex); } certs.add(theCert); } return certs.toArray(new X509Certificate[certs.size()]); } private VOMSACUtils() { } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/asn1/VOMSConstants.java000066400000000000000000000036331265712655300270720ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.asn1; import java.util.Arrays; import java.util.HashSet; import java.util.Set; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x509.Extension; /** * A set of useful constants for ASN.1 parsing of VOMS attributes. * * @author Andrea Ceccanti * */ public interface VOMSConstants { /** * The VOMS attribute certificate extension OID. */ public final ASN1ObjectIdentifier VOMS_EXTENSION_OID = new ASN1ObjectIdentifier( "1.3.6.1.4.1.8005.100.100.5"); /** * The VOMS attributes OID. */ public final ASN1ObjectIdentifier VOMS_FQANS_OID = new ASN1ObjectIdentifier( "1.3.6.1.4.1.8005.100.100.4"); /** * The VOMS Certs extension OID. */ public final ASN1ObjectIdentifier VOMS_CERTS_OID = new ASN1ObjectIdentifier( "1.3.6.1.4.1.8005.100.100.10"); /** * The VOMS Generic attributes extension OID. */ public final ASN1ObjectIdentifier VOMS_GENERIC_ATTRS_OID = new ASN1ObjectIdentifier( "1.3.6.1.4.1.8005.100.100.11"); public final Set VOMS_HANDLED_EXTENSIONS = new HashSet( Arrays.asList(VOMS_FQANS_OID, VOMS_CERTS_OID, VOMS_GENERIC_ATTRS_OID, Extension.targetInformation, Extension.noRevAvail, Extension.authorityKeyIdentifier)); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/asn1/package-info.java000066400000000000000000000014571265712655300267370ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides classes and utilities that deal with serialization and * deserialization of VOMS attributes from ASN.1 streams. */ package org.italiangrid.voms.asn1; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/000077500000000000000000000000001265712655300250115ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/FilePermissionError.java000066400000000000000000000021531265712655300316170ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; import org.italiangrid.voms.VOMSError; /** * This error is raised when there is an attempt to load a credential which has * the wrong file permissions * */ public class FilePermissionError extends VOMSError { public FilePermissionError(String message) { super(message); } public FilePermissionError(String message, Throwable cause) { super(message, cause); } /** * */ private static final long serialVersionUID = 1L; } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/LoadCredentialsEventListener.java000066400000000000000000000035141265712655300334240ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; /** * A {@link LoadCredentialsEventListener} is notified of the outcome of load * credentials operations. * * @author andreaceccanti * */ public interface LoadCredentialsEventListener { /** * Informs that credentials are been looked for in the locations passed as * argument. * * @param locations * the locations (as strings) where the credentials * are being searched */ public void notifyCredentialLookup(String... locations); /** * Informs that credentials have been succesfully loaded from the credentials * passed as argument. * * @param locations * the locations (as strings) where the credentials * are being searched */ public void notifyLoadCredentialSuccess(String... locations); /** * Informs that credentials could not be loaded form the locations passed as * argument. * * @param error * the {@link Throwable} that caused the credential load operation to * fail * @param locations * the locations where the credentials where loaded from */ public void notifyLoadCredentialFailure(Throwable error, String... locations); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/LoadCredentialsStrategy.java000066400000000000000000000023641265712655300324410ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; import org.bouncycastle.openssl.PasswordFinder; import eu.emi.security.authn.x509.X509Credential; /** * A strategy to load user credentials * * @author andreaceccanti * */ public interface LoadCredentialsStrategy { /** * Loads a user credential * * @param passwordFinder * the password finder used to potentially decrypt the credential * encrypted private key. * * @return an {@link X509Credential}, or null if no credential * was found */ public X509Credential loadCredentials(PasswordFinder passwordFinder); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/ProxyNamingPolicy.java000066400000000000000000000022561265712655300313140ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; /** * A {@link ProxyNamingPolicy} defines the naming policy for a VOMS proxy. * * @author andreaceccanti * */ public interface ProxyNamingPolicy { /** * Builds the file name of a VOMS proxy * * @param tmpPath * the path of the temporary directory of the system * @param userId * the effective user id the user for which the proxy is created * @return a {@link String} representing the proxy file name */ public String buildProxyFileName(String tmpPath, int userId); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/UserCredentials.java000066400000000000000000000033721265712655300307550ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; import org.bouncycastle.openssl.PasswordFinder; import org.italiangrid.voms.credential.impl.DefaultLoadCredentialsStrategy; import eu.emi.security.authn.x509.X509Credential; /** * This class implements convenience methods to load X509 user credentials in * PEM or PKCS12 format. * * @author Andrea Ceccanti * */ public class UserCredentials { private static LoadCredentialsStrategy loadCredentialsStrategy = new DefaultLoadCredentialsStrategy(); public static void setLoadCredentialsStrategy(LoadCredentialsStrategy strategy) { loadCredentialsStrategy = strategy; } public static X509Credential loadCredentials() { return loadCredentials((char[]) null); } public static X509Credential loadCredentials(final char[] keyPassword) { PasswordFinder pf = new PasswordFinder() { public char[] getPassword() { return keyPassword; } }; return loadCredentialsStrategy.loadCredentials(pf); } public static X509Credential loadCredentials(PasswordFinder passwordFinder) { return loadCredentialsStrategy.loadCredentials(passwordFinder); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/VOMSEnvironmentVariables.java000066400000000000000000000022121265712655300325130ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential; public interface VOMSEnvironmentVariables { public static final String X509_CERT_DIR = "X509_CERT_DIR"; public static final String X509_VOMS_DIR = "X509_VOMS_DIR"; public static final String X509_USER_PROXY = "X509_USER_PROXY"; public static final String X509_USER_CERT = "X509_USER_CERT"; public static final String X509_USER_KEY = "X509_USER_KEY"; public static final String PKCS12_USER_CERT = "PKCS12_USER_CERT"; public static final String VOMS_USER_ID = "VOMS_UID"; }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/impl/000077500000000000000000000000001265712655300257525ustar00rootroot00000000000000AbstractLoadCredentialsStrategy.java000066400000000000000000000132751265712655300350120ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/impl/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential.impl; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import org.bouncycastle.openssl.PasswordFinder; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.credential.LoadCredentialsStrategy; import org.italiangrid.voms.credential.VOMSEnvironmentVariables; import org.italiangrid.voms.util.FilePermissionHelper; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.KeystoreCredential; import eu.emi.security.authn.x509.impl.PEMCredential; /** * Base class for load credentials strategy providing utility classes for * loading credentials from the filesystem and notifying the results of load * operations to interested listeners (via {@link LoadCredentialsEventListener} * ). * * @author andreaceccanti * */ public abstract class AbstractLoadCredentialsStrategy implements LoadCredentialsStrategy, VOMSEnvironmentVariables { /** * The {@link LoadCredentialsEventListener} that is notified of load * credentials outcome. */ LoadCredentialsEventListener listener; /** * Constructor that let client pass in a {@link LoadCredentialsEventListener}. * * @param listener * the listener that is notified of load credential events from this * {@link AbstractLoadCredentialsStrategy}. */ protected AbstractLoadCredentialsStrategy( LoadCredentialsEventListener listener) { this.listener = listener; } /** * Convenience method to check if a file exists and is readable * * @param filename * the file to be checked * @return true if the file exists and is readable, * false otherwise */ protected boolean fileExistsAndIsReadable(String filename) { File f = new File(filename); return f.exists() && f.isFile() && f.canRead(); } /** * Loads a PEM X.509 credential and notifies the registered * {@link LoadCredentialsEventListener} of the load operation outcome. * * @param privateKeyPath * the path to the private key * @param certificatePath * the path to the certificate * @param pf * a {@link PasswordFinder} used to resolve the private key password * when needed * @return the loaded {@link X509Credential}, or null if the * credential couldn't be loaded */ protected X509Credential loadPEMCredential(String privateKeyPath, String certificatePath, PasswordFinder pf) { PEMCredential cred = null; listener.notifyCredentialLookup(privateKeyPath, certificatePath); try { FilePermissionHelper.checkPrivateKeyPermissions(privateKeyPath); cred = new PEMCredential(new FileInputStream(privateKeyPath), new FileInputStream(certificatePath), pf); listener.notifyLoadCredentialSuccess(privateKeyPath, certificatePath); } catch (Throwable t) { listener.notifyLoadCredentialFailure(t, privateKeyPath, certificatePath); } return cred; } /** * Loads a PCKS12 X.509 credential and notifies the registered * {@link LoadCredentialsEventListener} of the load operation outcome. * * @param pkcs12FilePath * the path to the pkcs12 credential * @param pf * a {@link PasswordFinder} used to resolve the private key password * @return the loaded {@link X509Credential}, or null if the * credential couldn't be loaded */ protected X509Credential loadPKCS12Credential(String pkcs12FilePath, PasswordFinder pf) { KeystoreCredential cred = null; listener.notifyCredentialLookup(pkcs12FilePath); if (fileExistsAndIsReadable(pkcs12FilePath)) { char[] keyPassword = pf.getPassword(); try { FilePermissionHelper.checkPKCS12Permissions(pkcs12FilePath); cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword, null, "PKCS12"); listener.notifyLoadCredentialSuccess(pkcs12FilePath); } catch (Throwable t) { listener.notifyLoadCredentialFailure(t, pkcs12FilePath); } } else listener.notifyLoadCredentialFailure(new FileNotFoundException( pkcs12FilePath + " (cannot read file)"), pkcs12FilePath); return cred; } /** * Loads an X.509 proxy credential and notifies the registered * {@link LoadCredentialsEventListener} of the load operation outcome. * * @param proxyPath * the path to the proxy credential * @return the loaded {@link X509Credential}, or null if the * credential couldn't be loaded */ protected X509Credential loadProxyCredential(String proxyPath) { PEMCredential cred = null; listener.notifyCredentialLookup(proxyPath); try { FilePermissionHelper.checkProxyPermissions(proxyPath); cred = new PEMCredential(new FileInputStream(proxyPath), (char[]) null); listener.notifyLoadCredentialSuccess(proxyPath); } catch (Throwable t) { listener.notifyLoadCredentialFailure(t, proxyPath); } return cred; } } DefaultLoadCredentialsStrategy.java000066400000000000000000000143141265712655300346260ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/impl/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential.impl; import org.bouncycastle.openssl.PasswordFinder; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.credential.ProxyNamingPolicy; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.X509Credential; /** * The default strategy used to load user credentials when no file is explicitly * pointed out by the user of this API. * * Credentials are searched in the following places (in sequence): * *
    * *
  • If the X509_USER_CERT and X509_USER_KEY * environment variables are set, their values are used to load the user * credentials
    • * *
  • If the X509_USER_CERT and X509_USER_KEY * system properties are set, their values are used to load the user * credentials
    • * *
  • If the PKCS12_USER_CERT environment variable is set, * its value is used to load the user credentials.
    • * *
  • If the PKCS12_USER_CERT system property is set, its * value is used to load the user credentials.
    • * *
  • The content of the .globus directory in the user's home is * searched for a PEM certificate (in the usercert.pem and * userkey.pem files).
    • * *
  • The content of the .globus directory in the user's home is searched for a * PKC12 certificate (in the usercert.p12 file).
    • *
* */ public class DefaultLoadCredentialsStrategy extends AbstractLoadCredentialsStrategy { private static final String GLOBUS_PKCS12_CRED_PATH_SUFFIX = ".globus/usercred.p12"; private static final String GLOBUS_PEM_CERT_PATH_SUFFIX = ".globus/usercert.pem"; private static final String GLOBUS_PEM_KEY_PATH_SUFFIX = ".globus/userkey.pem"; public static final String HOME_PROPERTY = "user.home"; public static final String TMPDIR_PROPERTY = "java.io.tmpdir"; public static final String TMPDIR_PATH = "/tmp"; private static final ProxyNamingPolicy proxyPathBuilder = new DefaultProxyPathBuilder(); private String home; private String tmpDir; public DefaultLoadCredentialsStrategy(String homeFolder, String tempDir, LoadCredentialsEventListener listener) { super(listener); this.home = homeFolder; this.tmpDir = tempDir; if (home == null) throw new VOMSError(HOME_PROPERTY + " not found in system properties!"); } public DefaultLoadCredentialsStrategy(String homeFolder) { this(homeFolder, System.getProperty(TMPDIR_PROPERTY), NullListener.INSTANCE); } public DefaultLoadCredentialsStrategy() { this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY), NullListener.INSTANCE); } public DefaultLoadCredentialsStrategy(LoadCredentialsEventListener listener) { this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY), listener); } /** * Looks for the value of a given property in the environment or in the system * properties * * @param propName * the property that will be looked for * @return the property value, or null if no property was found */ public String getFromEnvOrSystemProperty(String propName) { String val = System.getenv(propName); if (val == null) val = System.getProperty(propName); return val; } public X509Credential loadCredentials(PasswordFinder pf) { if (pf == null) throw new IllegalArgumentException( "Please provide a non-null password finder!"); try { X509Credential cred = loadPEMCredentialFromEnv(pf); if (cred == null) cred = loadPKCS12CredentialFromEnv(pf); if (cred == null) cred = loadPEMCredentialsFromGlobusDir(pf); if (cred == null) cred = loadPKCS12CredentialsFromGlobusDir(pf); return cred; } catch (Exception e) { throw new VOMSError("Error loading credential: " + e.getMessage(), e); } } protected X509Credential loadProxyFromUID() { String uid = getFromEnvOrSystemProperty(VOMS_USER_ID); if (uid != null) { String proxyFile = proxyPathBuilder.buildProxyFileName(tmpDir, Integer.parseInt(uid)); return loadProxyCredential(proxyFile); } return null; } protected X509Credential loadProxyFromEnv() { String proxyPath = getFromEnvOrSystemProperty(X509_USER_PROXY); if (proxyPath != null) return loadProxyCredential(proxyPath); return null; } protected X509Credential loadPEMCredentialFromEnv(PasswordFinder pf) { String certPath = getFromEnvOrSystemProperty(X509_USER_CERT); String keyPath = getFromEnvOrSystemProperty(X509_USER_KEY); if (certPath != null && keyPath != null) { return loadPEMCredential(keyPath, certPath, pf); } return null; } protected X509Credential loadPKCS12CredentialFromEnv(PasswordFinder pf) { String pkcs12Path = getFromEnvOrSystemProperty(PKCS12_USER_CERT); if (pkcs12Path != null) { return loadPKCS12Credential(pkcs12Path, pf); } return null; } protected X509Credential loadPKCS12CredentialsFromGlobusDir(PasswordFinder pf) { String credPath = String.format("%s/%s", home, GLOBUS_PKCS12_CRED_PATH_SUFFIX); return loadPKCS12Credential(credPath, pf); } protected X509Credential loadPEMCredentialsFromGlobusDir(PasswordFinder pf) { String certPath = String.format("%s/%s", home, GLOBUS_PEM_CERT_PATH_SUFFIX); String keyPath = String.format("%s/%s", home, GLOBUS_PEM_KEY_PATH_SUFFIX); return loadPEMCredential(keyPath, certPath, pf); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/impl/DefaultProxyPathBuilder.java000066400000000000000000000016551265712655300333760ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.credential.impl; import org.italiangrid.voms.credential.ProxyNamingPolicy; public class DefaultProxyPathBuilder implements ProxyNamingPolicy { public String buildProxyFileName(String tmpPath, int userId) { return String.format("%s/x509up_u%d", tmpPath, userId); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/impl/package-info.java000066400000000000000000000014411265712655300311410ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the implementation of the user credentials loading APIs. * * @author andreaceccanti * */ package org.italiangrid.voms.credential.impl;voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/credential/package-info.java000066400000000000000000000013521265712655300302010ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the API for loading user credentials. */ package org.italiangrid.voms.credential; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/error/000077500000000000000000000000001265712655300240305ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorCode.java000066400000000000000000000023371265712655300313040ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.error; /** * VOMS validation error codes. * * @author Andrea Ceccanti * */ public enum VOMSValidationErrorCode { // Temporal validity acNotValidAtCurrentTime, // LSC signature checks lscFileNotFound, emptyAcCertsExtension, lscDescriptionDoesntMatchAcCert, invalidAcCert, acCertFailsSignatureVerification, // Local AA cert signature checks aaCertNotFound, invalidAaCert, aaCertFailsSignatureVerification, // Holder checks acHolderDoesntMatchCertChain, // Targets checks localhostDoesntMatchAcTarget, // CAnL errors canlError, // Other other; } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorMessage.java000066400000000000000000000062031265712655300320120ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.error; import java.text.MessageFormat; import java.util.MissingResourceException; import java.util.ResourceBundle; /** * A VOMS validation error message class (freely inspired by the CANL validation * error message class). * * @author Andrea Ceccanti * */ public class VOMSValidationErrorMessage { static final String ERROR_BUNDLE = VOMSValidationErrorMessage.class .getPackage().getName() + "." + "validationErrors"; private VOMSValidationErrorCode errorCode; private String message; private Object[] parameters; public static VOMSValidationErrorMessage newErrorMessage( VOMSValidationErrorCode errorCode) { return new VOMSValidationErrorMessage(errorCode); } public static VOMSValidationErrorMessage newErrorMessage( VOMSValidationErrorCode errorCode, Object... params) { return new VOMSValidationErrorMessage(errorCode, params); } private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode) { this(errorCode, (Object[]) null); } private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode, Object... params) { this.errorCode = errorCode; this.parameters = params; ResourceBundle bundle = ResourceBundle.getBundle(ERROR_BUNDLE); String template = null; try { template = bundle.getString(errorCode.name()); } catch (MissingResourceException e) { template = "Other error"; } message = MessageFormat.format(template, parameters); } public VOMSValidationErrorCode getErrorCode() { return errorCode; } public String getMessage() { return message; } public Object[] getParameters() { return parameters; } @Override public String toString() { return String.format("[%s]:%s", errorCode.name(), message); } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((errorCode == null) ? 0 : errorCode.hashCode()); result = prime * result + ((message == null) ? 0 : message.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; VOMSValidationErrorMessage other = (VOMSValidationErrorMessage) obj; if (errorCode != other.errorCode) return false; if (message == null) { if (other.message != null) return false; } else if (!message.equals(other.message)) return false; return true; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/error/package-info.java000066400000000000000000000013641265712655300272230ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides error code and message definitions for the VOMS API. */ package org.italiangrid.voms.error; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/examples/000077500000000000000000000000001265712655300245155ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/examples/ValidationExample.java000066400000000000000000000033551265712655300307740ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.examples; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.KeyStoreException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import eu.emi.security.authn.x509.impl.PEMCredential; /** * A simple example showing how VOMS attributes validation is done with the new * API * * @author Andrea Ceccanti * */ public class ValidationExample { public ValidationExample() throws KeyStoreException, CertificateException, FileNotFoundException, IOException { VOMSACValidator validator = VOMSValidators.newValidator(); PEMCredential c = new PEMCredential(new FileInputStream("somefile"), (char[]) null); X509Certificate[] chain = c.getCertificateChain(); List attrs = validator.validate(chain); for (VOMSAttribute a : attrs) System.out.println(a); validator.shutdown(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/examples/package-info.java000066400000000000000000000013511265712655300277040ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides examples of the use of VOMS Java APIs. */ package org.italiangrid.voms.examples; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/package-info.java000066400000000000000000000016311265712655300260670ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * * This package provides main VOMS Java APIs class and interfaces. * For an introductory guide to the use of the API, check the API user manual * here. * * @author Andrea Ceccanti * */ package org.italiangrid.voms;voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/000077500000000000000000000000001265712655300243675ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/ACDecodingStrategy.java000066400000000000000000000020241265712655300306730ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * Decodes an encoded VOMS attribute certificate * * @author andreaceccanti * */ public interface ACDecodingStrategy { /** * Decodes an encoded VOMS attribute certificate * * @param ac * the encoded VOMS attribute certificate * @return a byte array containing the VOMS attribute certificate */ public byte[] decode(String ac); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/SSLSocketFactoryProvider.java000066400000000000000000000055371265712655300321210ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.util.CertificateValidatorBuilder; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.SocketFactoryCreator; /** * Provider for a SSL socket factory configured using CAnL. * * * @author valerioventuri * */ public class SSLSocketFactoryProvider { private X509Credential credential; private X509CertChainValidatorExt validator; public SSLSocketFactoryProvider(X509Credential credential, X509CertChainValidatorExt validator) { this.credential = credential; this.validator = validator; } public SSLSocketFactoryProvider(X509Credential credential) { this(credential, new CertificateValidatorBuilder() .trustAnchorsUpdateInterval(60000L).build()); } /** * Get the SSL socket factory. * * @return the {@link SSLSocketFactory} object */ public SSLSocketFactory getSSLSockectFactory() { SSLContext context = null; try { context = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { throw new VOMSError(e.getMessage(), e); } KeyManager[] keyManagers = new KeyManager[] { credential.getKeyManager() }; X509TrustManager trustManager = SocketFactoryCreator .getSSLTrustManager(validator); TrustManager[] trustManagers = new TrustManager[] { trustManager }; SecureRandom secureRandom = null; /* http://bugs.sun.com/view_bug.do?bug_id=6202721 */ /* * Use new SecureRandom instead of SecureRandom.getInstance("SHA1PRNG") to * avoid unnecessary blocking */ secureRandom = new SecureRandom(); try { context.init(keyManagers, trustManagers, secureRandom); } catch (KeyManagementException e) { throw new VOMSError(e.getMessage(), e); } return context.getSocketFactory(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSACRequest.java000066400000000000000000000025501265712655300275750ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.util.List; /** * A request for a VOMS Attribute certificate. * * @author Andrea Ceccanti * */ public interface VOMSACRequest { /** * @return the lifetime for this {@link VOMSACRequest}. */ public int getLifetime(); /** * @return the list of the requested FQANs specified in this * {@link VOMSACRequest} object. */ public List getRequestedFQANs(); /** * @return the list of targets (i.e., host where the requested ACs will be * valid) for this {@link VOMSACRequest} object. */ public List getTargets(); /** * @return the name of the VO this {@link VOMSACRequest} object is about. */ public String getVoName(); }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSACService.java000066400000000000000000000026031265712655300275440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import org.bouncycastle.asn1.x509.AttributeCertificate; import eu.emi.security.authn.x509.X509Credential; /** * The {@link VOMSACService} interface. * * @author Andrea Ceccanti * */ public interface VOMSACService { /** * Returns an {@link AttributeCertificate} given a {@link VOMSACRequest} for * VOMS attributes. * * @param credential * the credential to be used when contacting the service * @param request * the request for VOMS attributes * @return a possibly null {@link AttributeCertificate} containing (a subset * of) the requested attributes. */ public AttributeCertificate getVOMSAttributeCertificate( X509Credential credential, VOMSACRequest request); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSESLookupStrategy.java000066400000000000000000000024411265712655300311640ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.io.File; import java.util.List; /** * An strategy for building a list of {@link File} objects which will provide * access to the local trusted VOMS server contact information. * * @author Andrea Ceccanti * */ public interface VOMSESLookupStrategy { /** * @return a {@link List} of {@link File} objects that can be used to parse * VOMSES information. */ public List lookupVomsesInfo(); /** * @return a {@link List} of the paths that have been looked up to find * {@link File} objects that can be used to parse VOMSES information. */ public List searchedPaths(); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSESParser.java000066400000000000000000000033701265712655300274260ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.io.File; import java.io.Reader; import java.util.List; import org.italiangrid.voms.VOMSError; /** * A VOMSES file parser. * * @author Andrea Ceccanti * */ public interface VOMSESParser { /** * Parses the VOMS contact information from the {@link Reader} passed as * argument. * * @param vomsesReader * the {@link Reader} object where voms contact information can be * read from. * @return a {@link VOMSServerInfo} object containing the VOMS server contact * information. * @throws VOMSError * in case of parsing errors */ public List parse(Reader vomsesReader); /** * Parses the VOMS contact information from the {@link File} passed as * argument. * * @param f * the {@link File} object where voms contact information can be read * from. * @return a {@link VOMSServerInfo} object containing the VOMS server contact * information. * @throws VOMSError * in case of parsing errors */ public List parse(File f); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSESParserFactory.java000066400000000000000000000017671265712655300307660ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import org.italiangrid.voms.request.impl.LegacyVOMSESParserImpl; /** * A factory class for {@link VOMSESParser}. * * @author Andrea Ceccanti * */ public class VOMSESParserFactory { /** * @return Returns a {@link VOMSESParser}. */ public static VOMSESParser newVOMSESParser() { return new LegacyVOMSESParserImpl(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSErrorMessage.java000066400000000000000000000020441265712655300303350ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * */ public class VOMSErrorMessage extends VOMSMessage { public VOMSErrorMessage(int code, String message) { super(code, message); } public String toString() { return "voms error " + code + ": " + message; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSMessage.java000066400000000000000000000024241265712655300273250ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea CEccanti * */ public class VOMSMessage { int code; String message; public int getCode() { return code; } public void setCode(int code) { this.code = code; } public String getMessage() { return message; } public void setMessage(String message) { this.message = message; } public VOMSMessage(int code, String message) { this.code = code; this.message = message; } public String toString() { return "voms message " + code + ": " + message; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSProtocol.java000066400000000000000000000024471265712655300275470ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import eu.emi.security.authn.x509.X509Credential; /** * The request/response protocol for VOMS, with a methods accepting a rerquest * and returning a response. * * @author valerioventuri * */ public interface VOMSProtocol { /** * Makes a request, get the response. * * @param endpoint * the voms server endpoint information * @param credential * the credentials. * @param request * the request. * * @return a {@link VOMSResponse} containing the response. */ public VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSProtocolError.java000066400000000000000000000037221265712655300305560ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import org.italiangrid.voms.VOMSError; import eu.emi.security.authn.x509.X509Credential; /** * Exception used when errors are raised during the interaction with a * (possibly) remote VOMS server. * * @author andreaceccanti * */ public class VOMSProtocolError extends VOMSError { /** * */ private static final long serialVersionUID = 1L; /** * The request that is related with this error */ private final VOMSACRequest request; /** * The credential related with this error */ private final X509Credential credential; /** * The VOMS server endpoint information related with this error */ private final VOMSServerInfo serverInfo; public VOMSProtocolError(String message, VOMSServerInfo serv, VOMSACRequest req, X509Credential cred, Throwable c) { super(message, c); this.request = req; this.credential = cred; this.serverInfo = serv; } /** * @return the request that is related with this error */ public VOMSACRequest getRequest() { return request; } /** * @return the client credential related with this error */ public X509Credential getCredential() { return credential; } /** * @return the VOMS serverInfo related with this error */ public VOMSServerInfo getServerInfo() { return serverInfo; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSProtocolListener.java000066400000000000000000000026541265712655300312550ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * A listener that is notified of low-level VOMS protocol messages * * @author cecco * */ public interface VOMSProtocolListener { /** * Informs that a VOMS HTTP GET request is being issued for the URL passed as * argument * * @param url * the request url */ public void notifyHTTPRequest(String url); /** * Informs that a VOMS legacy request is being issued * * @param xmlLegacyRequest * a string representation of the XML legacy request */ public void notifyLegacyRequest(String xmlLegacyRequest); /** * Informs that a VOMSResponse was received from a remote VOMS server * * @param r * the received {@link VOMSResponse} */ public void notifyReceivedResponse(VOMSResponse r); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSRequestListener.java000066400000000000000000000051451265712655300311020ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * A listener that informs about events related with a request to a VOMS server. * * @author andreaceccanti * */ public interface VOMSRequestListener { /** * Informs of the start of a request to a VOMS server * * @param request * the request * @param si * the VOMS server endpoint information */ public void notifyVOMSRequestStart(VOMSACRequest request, VOMSServerInfo si); /** * Informs of the succesfull conclusion of a request to a VOMS server * * @param request * the request * @param endpoint * the VOMS server endpoint information */ public void notifyVOMSRequestSuccess(VOMSACRequest request, VOMSServerInfo endpoint); /** * Informs of a VOMS request failure * * @param request * the request * @param endpoint * the VOMS server endpoint information * @param error * the error related with the failure */ public void notifyVOMSRequestFailure(VOMSACRequest request, VOMSServerInfo endpoint, Throwable error); /** * Informs that errors were included in the VOMS response produced by a VOMS * server * * @param request * the request related to the received response * @param si * the VOMS server endpoint information * @param errors * the error messages included in the response */ public void notifyErrorsInVOMSReponse(VOMSACRequest request, VOMSServerInfo si, VOMSErrorMessage[] errors); /** * Informs that warnings were included in the VOMS response produced by a VOMS * server * * @param request * the request related to the received response * @param si * the VOMS server endpoint information * @param warnings * the warning messages included in the response */ public void notifyWarningsInVOMSResponse(VOMSACRequest request, VOMSServerInfo si, VOMSWarningMessage[] warnings); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSResponse.java000066400000000000000000000035021265712655300275350ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * * @author Andrea Ceccanti * */ public interface VOMSResponse { /** * @return true if this {@link VOMSResponse} has errors, * false otherwise */ public boolean hasErrors(); /** * @return true if this {@link VOMSResponse} has warnings, * false otherwise */ public boolean hasWarnings(); /** * * Extracts the AC from the VOMS response. * * @return an array of bytes containing the AC. */ public byte[] getAC(); /** * Extracts the version from the VOMS response. * * @return an integer containing the AC. */ public abstract int getVersion(); /** * * Extracts the error messages from the VOMS response. * * @return an array of {@link VOMSErrorMessage} objects. */ public VOMSErrorMessage[] errorMessages(); /** * Extracts the warning messags from the VOMS response. * * @return an array of {@link VOMSWarningMessage} objects. */ public VOMSWarningMessage[] warningMessages(); /** * * @return Returns the XML representation of the response as a string. */ public String getXMLAsString(); }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSResponseParsingStrategy.java000066400000000000000000000022341265712655300326050ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.io.InputStream; /** * The strategy for parsing a response coming from a VOMS service. * * @author valerioventuri * */ public interface VOMSResponseParsingStrategy { /** * Parse the response coming from a VOMS service and build a * {@link VOMSResponse} object. * * @param inputStream * the response from the VOMS service. * @return the response object representing the response from the service. */ public VOMSResponse parse(InputStream inputStream); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSServerInfo.java000066400000000000000000000031151265712655300300210ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.net.URI; /** * This interface represents a VOMS server contact information, typically * provided in vomses files. * * @see VOMSESLookupStrategy * @see VOMSESParser * * @author Andrea Ceccanti * */ public interface VOMSServerInfo { /** * Returns the alias for this {@link VOMSServerInfo}. * * @return the alias */ public String getAlias(); /** * Returns the VO name for this {@link VOMSServerInfo}. * * @return the vo name */ public String getVoName(); /** * Returns the URL for this {@link VOMSServerInfo}. * * @return the contact {@link URI} */ public URI getURL(); /** * Returns the certificate subject as listed in the VOMSES configuration for * this {@link VOMSServerInfo} * * @return a string containing the certificate subject, enconded following the * DN openssl slash-separated syntax */ public String getVOMSServerDN(); }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStore.java000066400000000000000000000032751265712655300310450ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.util.Set; /** * A store containing the contact information for locally trusted VOMS servers. * * @author Andrea Ceccanti * */ public interface VOMSServerInfoStore { /** * Returns a set of {@link VOMSServerInfo} object matching a vo name or alias * passed as argument. * * @param voName * a VO name * @return a possibly empty set of {@link VOMSServerInfo} object matching the * vo name or alias passed as argument */ public Set getVOMSServerInfo(String voName); /** * Returns a set of all {@link VOMSServerInfo} objects in this * {@link VOMSServerInfoStore}. * * @return a possibly empty set of all {@link VOMSServerInfo} objects in this * {@link VOMSServerInfoStore}. */ public Set getVOMSServerInfo(); /** * Adds a {@link VOMSServerInfo} to this {@link VOMSServerInfoStore}. * * @param info * the {@link VOMSServerInfo} object to add. */ public void addVOMSServerInfo(VOMSServerInfo info); }voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStoreListener.java000066400000000000000000000032751265712655300325530ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; import java.util.List; /** * This interface is used to notify about events related to the load operations * of VOMSES server endpoint information. * * @author andreaceccanti * */ public interface VOMSServerInfoStoreListener { /** * Informs that no valid VOMS information was found on the system. * * @param searchedPaths * the list of searched paths */ public void notifyNoValidVOMSESError(List searchedPaths); /** * Informs that VOMSES is being search at the path passed as argument * * @param vomsesPath * the path where VOMSES information are being looked for */ public void notifyVOMSESlookup(String vomsesPath); /** * Informs that VOMSES information was succesfully loaded from a given path * * @param vomsesPath * the path where VOMSES information was loaded from * @param info * the {@link VOMSServerInfo} voms endpoint information */ public void notifyVOMSESInformationLoaded(String vomsesPath, VOMSServerInfo info); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/VOMSWarningMessage.java000066400000000000000000000020141265712655300306460ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request; /** * * This class is used to decode VOMS error messages contained in a VOMS * response. * * @author Andrea CEccanti * */ public class VOMSWarningMessage extends VOMSMessage { public VOMSWarningMessage(int code, String message) { super(code, message); } public String toString() { return "voms warning " + code + ": " + message; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/000077500000000000000000000000001265712655300253305ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/AbstractVOMSProtocol.java000066400000000000000000000116521265712655300321720ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import javax.net.ssl.SSLSocketFactory; import org.italiangrid.voms.request.SSLSocketFactoryProvider; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; /** * * Base implementation class for the VOMS client/server protocol * */ public abstract class AbstractVOMSProtocol implements VOMSProtocol { /** * Enabled TLS protocols for VOMS legacy connections. */ public static final String[] VOMS_LEGACY_ENABLED_PROTOCOLS = { "TLSv1", "TLSv1.1", "TLSv1.2" }; /** * The default value for the socket connection timeout */ public static final int DEFAULT_CONNECT_TIMEOUT = 2000; /** * The default value for the socket read timeout */ public static final int DEFAULT_READ_TIMEOUT = 5000; /** * The default hostname checking policy. */ public static final boolean DEFAULT_SKIP_HOSTNAME_CHECKS = false; protected VOMSProtocolListener listener = NullListener.INSTANCE; /** * The CAnL validator used to manage SSL authentication. */ protected X509CertChainValidatorExt validator; /** * The tcp connection timeout (in milliseconds) */ protected int connectTimeout = DEFAULT_CONNECT_TIMEOUT; /** * The socket read timeout (in milliseconds) */ protected int readTimeout = DEFAULT_READ_TIMEOUT; /** * Whether to skip hostname checks */ protected boolean skipHostnameChecks = DEFAULT_SKIP_HOSTNAME_CHECKS; /** * Ctor. * * @param validator * the validator used to manage the SSL authentication */ public AbstractVOMSProtocol(X509CertChainValidatorExt validator) { this.validator = validator; } /** * Ctor. * * @param validator * the validator used to manage the SSL authentication * @param listener * the listener informed of low-level protocol details * @param connectTimeout * sets the socket connection timeout * @param readTimeout * sets the socket read timeout */ public AbstractVOMSProtocol(X509CertChainValidatorExt validator, VOMSProtocolListener listener, int connectTimeout, int readTimeout) { this.validator = validator; this.connectTimeout = connectTimeout; this.readTimeout = readTimeout; this.listener = listener; } /** * Builds an SSL socket factory based on the credential passed as argument and * the validator configured for this {@link AbstractVOMSProtocol} * * @param credential * the client credential used for the socket factory being created * @return an {@link SSLSocketFactory} */ protected SSLSocketFactory getSSLSocketFactory(X509Credential credential) { SSLSocketFactoryProvider sslSocketFactoryProvider = new SSLSocketFactoryProvider( credential, validator); return sslSocketFactoryProvider.getSSLSockectFactory(); } /** * @return The connect timeout value (in milliseconds) */ public int getConnectTimeout() { return connectTimeout; } /** * Sets the connection timeout value for the underlying socket of this * {@link AbstractVOMSProtocol} * * @param connectTimeout * the connection timeout in milliseconds */ public void setConnectTimeout(int connectTimeout) { this.connectTimeout = connectTimeout; } /** * @return the read timeout value (in milliseconds) */ public int getReadTimeout() { return readTimeout; } /** * Sets the read timeout value for the underlying socket * * @param readTimeout * the read timeout in milliseconds */ public void setReadTimeout(int readTimeout) { this.readTimeout = readTimeout; } /** * @return whether this protocol will skip hostname checks */ public boolean isSkipHostnameChecks() { return skipHostnameChecks; } /** * Sets whether this protocol will skip SSL hostname checks * * @param skipHostnameChecks * flag that defines whether hostname checks should be * skipped for this protocol */ public void setSkipHostnameChecks(boolean skipHostnameChecks) { this.skipHostnameChecks = skipHostnameChecks; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/BaseVOMSESLookupStrategy.java000066400000000000000000000033541265712655300327240ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.File; import java.util.ArrayList; import java.util.List; import org.italiangrid.voms.request.VOMSESLookupStrategy; /** * A base VOMSES lookup strategy which just run a existence check on a given * list of paths. * * @author Andrea Ceccanti * */ public class BaseVOMSESLookupStrategy implements VOMSESLookupStrategy { private final List checkedPaths; public BaseVOMSESLookupStrategy() { checkedPaths = new ArrayList(); } public BaseVOMSESLookupStrategy(List checkedPaths) { if (checkedPaths == null) throw new NullPointerException("Please provide a non-null list of paths."); this.checkedPaths = checkedPaths; } public List lookupVomsesInfo() { List vomsesPaths = new ArrayList(); for (String p : checkedPaths) { File f = new File(p); if (f.exists()) vomsesPaths.add(f); } return vomsesPaths; } public List searchedPaths() { return checkedPaths; } public void addPath(String vomsesPath) { checkedPaths.add(vomsesPath); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSACRequest.java000066400000000000000000000045361265712655300320510ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.Collections; import java.util.List; import java.util.concurrent.TimeUnit; import org.italiangrid.voms.request.VOMSACRequest; /** * The default implementation for a {@link VOMSACRequest}. * * @author Valerio Venturi * */ public class DefaultVOMSACRequest implements VOMSACRequest { public static final int DEFAULT_LIFETIME = (int) TimeUnit.HOURS.toSeconds(12); private int lifetime; private List requestedFQANs; private List targets; private String voName; public int getLifetime() { return lifetime; } public List getRequestedFQANs() { return requestedFQANs; } public List getTargets() { return targets; } public String getVoName() { return voName; } private DefaultVOMSACRequest(Builder b) { this.lifetime = b.lifetime; this.voName = b.voName; this.targets = b.targets; this.requestedFQANs = b.requestedFQANs; } public static class Builder { private int lifetime = DEFAULT_LIFETIME; private List requestedFQANs = Collections.emptyList(); private List targets = Collections.emptyList(); private String voName; public Builder(String voName) { this.voName = voName; } public Builder lifetime(int l) { this.lifetime = l; return this; } public Builder fqans(List fqans) { if (fqans != null) this.requestedFQANs = fqans; return this; } public Builder targets(List targets) { if (targets != null) this.targets = targets; return this; } public DefaultVOMSACRequest build() { return new DefaultVOMSACRequest(this); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSACService.java000066400000000000000000000377721265712655300320310ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.ArrayList; import java.util.Collections; import java.util.List; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolError; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; /** * The default implementation of the {@link VOMSACService}. * * * @author Valerio Venturi * @author Andrea Ceccanti * */ public class DefaultVOMSACService implements VOMSACService { /** * The listener that will be informed about request events */ protected VOMSRequestListener requestListener; /** * The listener that will be informed about low-level protocol details */ protected VOMSProtocolListener protocolListener; /** * The validator used for the SSL handshake */ protected X509CertChainValidatorExt validator; /** * The store used to keep VOMS server contact information. */ protected VOMSServerInfoStore serverInfoStore; /** * The http protocol implementation */ protected VOMSProtocol httpProtocol; /** * The voms legacy protocol implementation */ protected VOMSProtocol legacyProtocol; /** * Constructor which builds a {@link DefaultVOMSACService} from a * {@link Builder} * * @param builder * the builder object that provides the settings for this * {@link VOMSACService} */ protected DefaultVOMSACService(Builder builder) { this.validator = builder.validator; this.requestListener = builder.requestListener; this.protocolListener = builder.protocolListener; this.serverInfoStore = builder.serverInfoStore; this.httpProtocol = builder.httpProtocol; this.legacyProtocol = builder.legacyProtocol; } /** * Extracts an AC from a VOMS response * * @param request * the request * @param response * the received response * @return a possibly null {@link AttributeCertificate} object */ protected AttributeCertificate getACFromResponse(VOMSACRequest request, VOMSResponse response) { byte[] acBytes = response.getAC(); if (acBytes == null) return null; ASN1InputStream asn1InputStream = new ASN1InputStream(acBytes); AttributeCertificate attributeCertificate = null; try { attributeCertificate = AttributeCertificate.getInstance(asn1InputStream .readObject()); asn1InputStream.close(); return attributeCertificate; } catch (Throwable e) { requestListener.notifyVOMSRequestFailure(request, null, new VOMSError( "Error unmarshalling VOMS AC. Cause: " + e.getMessage(), e)); return null; } } private VOMSResponse doRequest(VOMSProtocol protocol, VOMSServerInfo endpoint, X509Credential cred, VOMSACRequest req) { VOMSResponse response = null; try { response = protocol.doRequest(endpoint, cred, req); } catch (VOMSProtocolError e) { requestListener.notifyVOMSRequestFailure(req, endpoint, e); } return response; } /** * Handles errors included in the VOMS response * * @param request * the request * @param si * the VOMS server endpoint information * @param response * the received {@link VOMSResponse} */ protected void handleErrorsInResponse(VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) { if (response.hasErrors()) requestListener.notifyErrorsInVOMSReponse(request, si, response.errorMessages()); } /** * Handles warnings included in the VOMS response * * @param request * the request * @param si * the VOMS server endpoint information * @param response * the received {@link VOMSResponse} */ protected void handleWarningsInResponse(VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) { if (response.hasWarnings()) requestListener.notifyWarningsInVOMSResponse(request, si, response.warningMessages()); } public AttributeCertificate getVOMSAttributeCertificate( X509Credential credential, VOMSACRequest request) { List vomsServerInfos = getVOMSServerInfos(request); if (vomsServerInfos.isEmpty()) throw new VOMSError("VOMS server for VO " + request.getVoName() + " " + "is not known! Check your vomses configuration."); VOMSResponse response = null; AttributeCertificate vomsAC = null; for (VOMSServerInfo vomsServerInfo : vomsServerInfos) { requestListener.notifyVOMSRequestStart(request, vomsServerInfo); // Try HTTP request first response = doRequest(httpProtocol, vomsServerInfo, credential, request); // If failed, try legacy request if (response == null) { response = doRequest(legacyProtocol, vomsServerInfo, credential, request); } // We had failures with both requests if (response == null) { requestListener.notifyVOMSRequestFailure(request, vomsServerInfo, new VOMSError("REST and legacy VOMS endpoints failed.")); // continue to next server continue; } // Notify that the server was contacted successfully requestListener.notifyVOMSRequestSuccess(request, vomsServerInfo); // Notify errors handleErrorsInResponse(request, vomsServerInfo, response); // Notify warnings handleWarningsInResponse(request, vomsServerInfo, response); vomsAC = getACFromResponse(request, response); // Exit the loop only when succesfully get an AC // out of the VOMS server if (!response.hasErrors() && vomsAC != null) { return vomsAC; } } // if we reach this point we had failures in contacting // all known voms server for the VO requestListener.notifyVOMSRequestFailure(request, null, null); return null; } /** * Get VOMS server endpoint information that matches with the * {@link VOMSACRequest} passed as argument. * * This method returns a random shuffle of the {@link VOMSServerInfo} objects * that match the input request. * * @param request * the request * @return a possibly empty {@link List} of {@link VOMSServerInfo} objects */ protected List getVOMSServerInfos(VOMSACRequest request) { List vomsServerInfos = new ArrayList( serverInfoStore.getVOMSServerInfo(request.getVoName())); if (!vomsServerInfos.isEmpty()) { Collections.shuffle(vomsServerInfos); } return vomsServerInfos; } /** * Creates a {@link DefaultVOMSACService} object. The * {@link DefaultVOMSACService} parameters can be set with the appropriate * methods. Example: * * 
   * 
   * 
   * 
   * 
   * 
   * 
   * 
   * 
   * 
   * 
   * {
   *   @code
   *   VOMSACService acService = new DefaultVOMSACService.Builder(certChainValidator)
   *     .requestListener(requestListener)
   *     .serverInfoStoreListener(serverInfoStoreListener)
   *     .protocolListener(protocolListener).build();
   * }
   *
* * */ public static class Builder { /** * The listener that will be informed about request events */ private VOMSRequestListener requestListener = NullListener.INSTANCE; /** * The listener that will be informed about low-level protocol details */ private VOMSProtocolListener protocolListener = NullListener.INSTANCE; /** * The listener that will be informed about server info store events */ private VOMSServerInfoStoreListener storeListener = NullListener.INSTANCE; /** * The validator used for the SSL handshake */ private X509CertChainValidatorExt validator; /** * The store used to keep VOMS server contact information. */ private VOMSServerInfoStore serverInfoStore; /** * The provided strategy to lookup vomses information. */ private VOMSESLookupStrategy vomsesLookupStrategy; /** * A list of paths where vomses information will be looked for, used to * create the server info store. */ private List vomsesLocations; /** * The connect timeout value */ private int connectTimeout = AbstractVOMSProtocol.DEFAULT_CONNECT_TIMEOUT; /** * The read timeout used */ private int readTimeout = AbstractVOMSProtocol.DEFAULT_READ_TIMEOUT; /** * Whether the client should skip hostname checking */ private boolean skipHostnameChecks = true; /** * The http protocol implementation */ protected VOMSProtocol httpProtocol; /** * The voms legacy protocol implementation */ protected VOMSProtocol legacyProtocol; /** * Creates a Builder for a {@link DefaultVOMSACService}. * * @param certChainValidator * the validator to use to setup the SSL connection and validate * the certificates */ public Builder(X509CertChainValidatorExt certChainValidator) { if (certChainValidator == null) throw new NullPointerException( "Please provide a non-null certificate chain validator"); this.validator = certChainValidator; } /** * Sets the request listener for the {@link DefaultVOMSACService} that this * builder is creating * * @param l * the request listener that will receive notifications about * request events * @return this {@link Builder} instance */ public Builder requestListener(VOMSRequestListener l) { this.requestListener = l; return this; } /** * Sets the {@link VOMSServerInfoStoreListener} for the * {@link DefaultVOMSACService} that this builder is creating * * @param sl * the store listener that will receive notifications about store * events * @return this {@link Builder} instance */ public Builder serverInfoStoreListener(VOMSServerInfoStoreListener sl) { this.storeListener = sl; return this; } /** * Sets the {@link VOMSServerInfoStore} for the {@link DefaultVOMSACService} * that this builder is creating * * @param sis * a {@link VOMSServerInfoStore} object * @return this {@link Builder} instance */ public Builder serverInfoStore(VOMSServerInfoStore sis) { this.serverInfoStore = sis; return this; } /** * Sets the {@link VOMSProtocolListener} for the * {@link DefaultVOMSACService} that this builder is creating * * @param pl * the {@link VOMSProtocolListener} that will receive notifications * about protocol events * @return this {@link Builder} instance */ public Builder protocolListener(VOMSProtocolListener pl) { this.protocolListener = pl; return this; } /** * Sets the connect timeout (in millisecods) for the * {@link DefaultVOMSACService} that this builder is creating * * @param timeout * the timeout value in milliseconds * @return this {@link Builder} instance */ public Builder connectTimeout(int timeout) { this.connectTimeout = timeout; return this; } /** * Sets the read timeout (in milliseconds) for the * {@link DefaultVOMSACService} that this builder is creating * * @param timeout * the timeout value in milliseconds * @return this {@link Builder} instance */ public Builder readTimeout(int timeout) { this.readTimeout = timeout; return this; } /** * Sets a flag to skip VOMS hostname checking. Allows for creative VOMS * server side certificate configuration. * * @param s * true to skip the checks, false * otherwise * * @return this {@link Builder} instance */ public Builder skipHostnameChecks(boolean s) { this.skipHostnameChecks = s; return this; } /** * Sets the vomses lookup strategy for the {@link DefaultVOMSACService} that * this builder is creating * * @param strategy * the {@link VOMSESLookupStrategy} object * @return this {@link Builder} instance */ public Builder vomsesLookupStrategy(VOMSESLookupStrategy strategy) { this.vomsesLookupStrategy = strategy; return this; } /** * Sets a list of locations that will be used to build a * {@link VOMSESLookupStrategy} for the {@link DefaultVOMSACService} that * this builder is creating * * @param vomsesLocations * a list of paths where vomses information will be looked for * @return this {@link Builder} instance */ public Builder vomsesLocations(List vomsesLocations) { this.vomsesLocations = vomsesLocations; return this; } /** * Sets the http protocol implementation * * @param httpProtocol * the http protocol implementatino * @return this {@link Builder} instance */ public Builder httpProtocol(VOMSProtocol httpProtocol) { this.httpProtocol = httpProtocol; return this; } /** * Sets the legacy protocol implementation * * @param legacyProtocol * the legacy protocol implementation * * @return * the {@link Builder} */ public Builder legacyProtocol(VOMSProtocol legacyProtocol) { this.legacyProtocol = legacyProtocol; return this; } /** * Builds the server info store */ protected void buildServerInfoStore() { if (serverInfoStore != null) return; serverInfoStore = new DefaultVOMSServerInfoStore.Builder() .lookupStrategy(vomsesLookupStrategy).storeListener(storeListener) .vomsesPaths(vomsesLocations).build(); } /** * Builds default protocols if needed */ protected void buildProtocols() { if (httpProtocol == null) { RESTProtocol p = new RESTProtocol(validator, protocolListener, connectTimeout, readTimeout); p.setSkipHostnameChecks(skipHostnameChecks); httpProtocol = p; } if (legacyProtocol == null) { LegacyProtocol p = new LegacyProtocol(validator, protocolListener, connectTimeout, readTimeout); p.setSkipHostnameChecks(skipHostnameChecks); legacyProtocol = p; } } /** * Builds the {@link DefaultVOMSACService} * * @return a {@link DefaultVOMSACService} configured as required by this * builder */ public DefaultVOMSACService build() { buildServerInfoStore(); buildProtocols(); return new DefaultVOMSACService(this); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSESLookupStrategy.java000066400000000000000000000024521265712655300334340ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.Arrays; /** * Default VOMSES information lookup strategy. * * This implementation looks for vomses information in the following paths: *
    *
  • /etc/vomses *
  • ${user.home}/.glite/vomses *
  • ${user.home}/.voms/vomses *
* * @author Andrea Ceccanti * */ public class DefaultVOMSESLookupStrategy extends BaseVOMSESLookupStrategy { public static final String DEFAULT_VOMSES_DIR = "/etc/vomses"; public DefaultVOMSESLookupStrategy() { super(Arrays.asList(DEFAULT_VOMSES_DIR, System.getProperty("user.home") + "/.glite/vomses", System.getProperty("user.home") + "/.voms/vomses")); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfo.java000066400000000000000000000061201265712655300322660ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.net.URI; import org.italiangrid.voms.request.VOMSServerInfo; /** * The default implementation of the {@link VOMSServerInfo} endpoint * information. * * @author andreaceccanti * */ public class DefaultVOMSServerInfo implements VOMSServerInfo { /** The VOMS server alias **/ String alias; /** The VO name **/ String voName; /** The VOMS server URI **/ URI URL; /** The VOMS server certificate subject **/ String vomsServerDN; public DefaultVOMSServerInfo() { } public String getAlias() { return alias; } public void setAlias(String alias) { this.alias = alias; } public String getVoName() { return voName; } public void setVoName(String voName) { this.voName = voName; } public String getVOMSServerDN() { return vomsServerDN; } public void setVOMSServerDN(String vomsServerDN) { this.vomsServerDN = vomsServerDN; } public URI getURL() { return URL; } public void setURL(URI uRL) { URL = uRL; } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((URL == null) ? 0 : URL.hashCode()); result = prime * result + ((alias == null) ? 0 : alias.hashCode()); result = prime * result + ((voName == null) ? 0 : voName.hashCode()); result = prime * result + ((vomsServerDN == null) ? 0 : vomsServerDN.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; DefaultVOMSServerInfo other = (DefaultVOMSServerInfo) obj; if (URL == null) { if (other.URL != null) return false; } else if (!URL.equals(other.URL)) return false; if (alias == null) { if (other.alias != null) return false; } else if (!alias.equals(other.alias)) return false; if (voName == null) { if (other.voName != null) return false; } else if (!voName.equals(other.voName)) return false; if (vomsServerDN == null) { if (other.vomsServerDN != null) return false; } else if (!vomsServerDN.equals(other.vomsServerDN)) return false; return true; } @Override public String toString() { return "VOMSServerInfo [alias=" + alias + ", voName=" + voName + ", URL=" + URL + ", vomsServerDN=" + vomsServerDN + "]"; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfoStore.java000066400000000000000000000151531265712655300333110ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.File; import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.TreeMap; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSESParser; import org.italiangrid.voms.request.VOMSESParserFactory; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.util.NullListener; /** * * A {@link DefaultVOMSServerInfoStore} organizes voms servers found in vomses * configuration files in map keyed by vo alias. This way is easy to know which * servers acts as replicas for the same vos. * * @author Andrea Ceccanti * * */ public class DefaultVOMSServerInfoStore implements VOMSServerInfoStore { private VOMSESLookupStrategy lookupStrategy; private VOMSServerInfoStoreListener listener; protected Map> serverInfoStore = new TreeMap>(); private VOMSESParser vomsesParser; private DefaultVOMSServerInfoStore(Builder b) { this.lookupStrategy = b.lookupStrategy; this.listener = b.listener; this.vomsesParser = b.vomsesParser; initializeStore(); } public void addVOMSServerInfo(VOMSServerInfo info) { addVOMSServerInfo(info, null); } private void addVOMSServerInfo(VOMSServerInfo info, String path) { if (serverInfoStore.containsKey(info.getAlias())) { serverInfoStore.get(info.getAlias()).add(info); } else { Set siCont = new HashSet(); siCont.add(info); serverInfoStore.put(info.getAlias(), siCont); } listener.notifyVOMSESInformationLoaded(path, info); } public Set getVOMSServerInfo() { Set allEntries = new HashSet(); for (Map.Entry> entry : serverInfoStore .entrySet()) allEntries.addAll(entry.getValue()); return allEntries; } public Set getVOMSServerInfo(String voName) { Set result = serverInfoStore.get(voName); if (result == null) { result = Collections.emptySet(); } return result; } private void initializeStore() { List vomsesPaths = lookupStrategy.lookupVomsesInfo(); if (vomsesPaths.isEmpty()) listener.notifyNoValidVOMSESError(lookupStrategy.searchedPaths()); for (File f : vomsesPaths) { listener.notifyVOMSESlookup(f.getAbsolutePath()); List vomsServerInfo = vomsesParser.parse(f); for (VOMSServerInfo si : vomsServerInfo) { addVOMSServerInfo(si, f.getAbsolutePath()); } } } /** * Creates a {@link DefaultVOMSServerInfoStore}. The * {@link DefaultVOMSServerInfoStore} parameters can be set with the * appropriate methods. Example: * * 
   * 
   * {
   *   @code
   *   VOMSServerInfoStore serverInfoStore = new DefaultVOMSServerInfoStore.Builder()
   *     .storeListener(storeListener).vomsesPaths(vomsesLocations).build();
   * };
   *
* */ public static class Builder { /** * A list of paths where vomses information will be looked for */ private List vomsesPaths; /** * The {@link VOMSESLookupStrategy} that will be used to lookup vomses * information */ private VOMSESLookupStrategy lookupStrategy; /** * The listener that will be notified of interesting store events */ private VOMSServerInfoStoreListener listener = NullListener.INSTANCE; /** * The parser implementation used to parse VOMSES files */ private VOMSESParser vomsesParser = VOMSESParserFactory.newVOMSESParser(); public Builder() { } /** * Sets the {@link VOMSESLookupStrategy} that will be used to lookup vomses * information for the {@link DefaultVOMSServerInfoStore} that this builder * is creating * * @param strategy * The strategy that will be used to lookup vomses information * @return this {@link Builder} instance */ public Builder lookupStrategy(VOMSESLookupStrategy strategy) { this.lookupStrategy = strategy; return this; } /** * Sets the {@link VOMSServerInfoStoreListener} that will receive * store-related notifications for the {@link DefaultVOMSServerInfoStore} * that this builder is creating * * @param l * the listener * @return this {@link Builder} instance */ public Builder storeListener(VOMSServerInfoStoreListener l) { this.listener = l; return this; } /** * Sets the {@link VOMSESParser} implementation that will be used to parse * vomses files * * @param p * the parser * @return this {@link Builder} instance */ public Builder vomsesParser(VOMSESParser p) { this.vomsesParser = p; return this; } /** * Sets a list of paths where vomses files will be looked up by the * {@link DefaultVOMSServerInfoStore} that this builder is creating * * @param paths * a list of paths * @return this {@link Builder} instance */ public Builder vomsesPaths(List paths) { this.vomsesPaths = paths; return this; } private void buildLookupStrategy() { if (lookupStrategy != null) return; if (vomsesPaths != null) lookupStrategy = new BaseVOMSESLookupStrategy(vomsesPaths); else lookupStrategy = new DefaultVOMSESLookupStrategy(); } /** * Builds the {@link DefaultVOMSServerInfoStore} * * @return a {@link DefaultVOMSServerInfoStore} configured as required by * this builder */ public DefaultVOMSServerInfoStore build() { buildLookupStrategy(); return new DefaultVOMSServerInfoStore(this); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/GoodACDecodingStrategy.java000066400000000000000000000016671265712655300324610ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import org.bouncycastle.util.encoders.Base64; import org.italiangrid.voms.request.ACDecodingStrategy; public class GoodACDecodingStrategy implements ACDecodingStrategy { public byte[] decode(String ac) { return Base64.decode(ac.trim().replaceAll("\n", "")); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/LegacyProtocol.java000066400000000000000000000073561265712655300311340ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.IOException; import java.io.InputStream; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.security.cert.X509Certificate; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolError; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.FormatMode; import eu.emi.security.authn.x509.impl.HostnameMismatchCallback; import eu.emi.security.authn.x509.impl.SocketFactoryCreator; /** * Protocol implementing the legacy interface. * * */ public class LegacyProtocol extends AbstractVOMSProtocol implements VOMSProtocol, HostnameMismatchCallback { public LegacyProtocol(X509CertChainValidatorExt validator, VOMSProtocolListener listener, int connectTimeout, int readTimeout) { super(validator, listener, connectTimeout, readTimeout); } public synchronized VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request) { SSLSocketFactory sslSocketFactory = getSSLSocketFactory(credential); SSLSocket sslSocket = null; try { sslSocket = (SSLSocket) sslSocketFactory.createSocket(); sslSocket.setSoTimeout(readTimeout); sslSocket.setEnabledProtocols(VOMS_LEGACY_ENABLED_PROTOCOLS); SocketAddress sa = new InetSocketAddress(endpoint.getURL().getHost(), endpoint.getURL().getPort()); sslSocket.connect(sa, connectTimeout); if (!isSkipHostnameChecks()) { SocketFactoryCreator.connectWithHostnameChecking(sslSocket, this); } } catch (Throwable t) { throw new VOMSProtocolError(t.getMessage(), endpoint, request, credential, t); } LegacyRequestSender protocol = LegacyRequestSender.instance(listener); VOMSResponse response = null; try { protocol.sendRequest(request, endpoint, sslSocket.getOutputStream()); InputStream inputStream = sslSocket.getInputStream(); response = new LegacyVOMSResponseParsingStrategy().parse(inputStream); sslSocket.close(); } catch (IOException e) { throw new VOMSProtocolError(e.getMessage(), endpoint, request, credential, e); } listener.notifyReceivedResponse(response); return response; } public void nameMismatch(SSLSocket socket, X509Certificate peerCertificate, String hostName) throws SSLException { String peerCertString = CertificateUtils.format(peerCertificate, FormatMode.MEDIUM_ONE_LINE); String message = String .format( "No subject alternative DNS name matching %s found. Peer certificate : %s", hostName, peerCertString); throw new SSLException(message); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/LegacyRequestSender.java000066400000000000000000000067061265712655300321220ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.OutputStream; import java.io.StringWriter; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSServerInfo; import org.w3c.dom.Document; /** * This class manages the client-side communication protocol with the VOMS * server. * * @author Andrea Ceccanti * */ public class LegacyRequestSender { private VOMSRequestFactory requestFactory = VOMSRequestFactory.instance(); private TransformerFactory transformerFactory; private VOMSProtocolListener listener; private LegacyRequestSender(VOMSProtocolListener listener) { transformerFactory = TransformerFactory.newInstance(); this.listener = listener; } public static LegacyRequestSender instance(VOMSProtocolListener listener) { return new LegacyRequestSender(listener); } protected String xmlDocAsString(Document doc) { Transformer transformer; try { transformer = transformerFactory.newTransformer(); } catch (TransformerConfigurationException e) { throw new VOMSError(e.getMessage(), e); } StringWriter writer = new StringWriter(); DOMSource source = new DOMSource(doc); StreamResult res = new StreamResult(writer); try { transformer.transform(source, res); } catch (TransformerException e) { throw new VOMSError(e.getMessage(), e); } writer.flush(); return writer.toString(); } /** * * This method is used to send a request to a VOMS server. * * * @param acRequest * the AC request parameters. See {@link VOMSACRequest}. * @param endpoint * the {@link VOMSServerInfo} endpoint to use for this * request * @param stream * an output stream. */ public void sendRequest(VOMSACRequest acRequest, VOMSServerInfo endpoint, OutputStream stream) { Document request = requestFactory.buildRequest(acRequest, endpoint); Transformer transformer; try { transformer = transformerFactory.newTransformer(); } catch (TransformerConfigurationException e) { throw new VOMSError(e.getMessage(), e); } listener.notifyLegacyRequest(xmlDocAsString(request)); DOMSource source = new DOMSource(request); StreamResult res = new StreamResult(stream); try { transformer.transform(source, res); stream.flush(); } catch (Exception e) { throw new VOMSError(e.getMessage(), e); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/LegacyVOMSESParserImpl.java000066400000000000000000000063551265712655300323440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.BufferedReader; import java.io.File; import java.io.FileFilter; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.Reader; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSESParser; import org.italiangrid.voms.request.VOMSServerInfo; public class LegacyVOMSESParserImpl implements VOMSESParser { private final VOMSESLineParser lineParser = new VOMSESLineParser(); protected void fileSanityChecks(File f) { if (!f.exists()) throw new VOMSError("VOMSES file does not exist: " + f.getAbsolutePath()); if (!f.canRead()) throw new VOMSError("VOMSES file is not readable: " + f.getAbsolutePath()); } protected VOMSServerInfo parseLine(String vomsesLine) throws URISyntaxException { return lineParser.parse(vomsesLine); } public List parse(Reader vomsesReader) { BufferedReader reader = new BufferedReader(vomsesReader); String line = null; List result = new ArrayList(); try { while ((line = reader.readLine()) != null) { // Ignore comments if (line.startsWith("#")) continue; // skip empty lines if (line.matches("\\s*$")) continue; VOMSServerInfo parsedInfo = parseLine(line); if (parsedInfo != null) result.add(parsedInfo); } } catch (Exception e) { throw new VOMSError("Error parsing VOMSES information...", e); } return result; } protected List parseDirectory(File directory) { Set joinedServerInfo = new HashSet(); File[] certFiles = directory.listFiles(new FileFilter() { public boolean accept(File pathname) { return pathname.isFile() && !pathname.getName().startsWith("."); } }); for (File f : certFiles) joinedServerInfo.addAll(parse(f)); return new ArrayList(joinedServerInfo); } public List parse(File f) { fileSanityChecks(f); if (f.isDirectory()) return parseDirectory(f); try { BufferedReader r = new BufferedReader(new FileReader(f)); return parse(r); } catch (FileNotFoundException e) { throw new VOMSError("VOMSES file not found: " + f.getAbsolutePath(), e); } catch (VOMSError e) { throw new VOMSError("Error parsing VOMSES file: " + f.getAbsolutePath(), e); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/LegacyVOMSResponse.java000066400000000000000000000110601265712655300316210ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.ArrayList; import java.util.List; import org.italiangrid.voms.request.VOMSErrorMessage; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSWarningMessage; import org.italiangrid.voms.util.VOMSBase64Decoder; import org.italiangrid.voms.util.XMLUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; public class LegacyVOMSResponse implements VOMSResponse { private static int ERROR_OFFSET = 1000; protected Document xmlResponse; /** * Builds a VOMSResponse starting from a DOM an XML document (see * {@link Document}). * * @param res * the XML document for the response */ public LegacyVOMSResponse(Document res) { xmlResponse = res; } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#getVersion() */ public int getVersion() { Element versionElement = (Element) xmlResponse.getElementsByTagName( "version").item(0); if (versionElement == null) { return 0; } return Integer.parseInt(versionElement.getFirstChild().getNodeValue()); } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#hasErrors() */ public boolean hasErrors() { return errorMessages() != null; } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#hasWarnings() */ public boolean hasWarnings() { return warningMessages() != null; } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#getAC() */ public byte[] getAC() { Element acElement = (Element) xmlResponse.getElementsByTagName("ac") .item(0); byte[] ac = VOMSBase64Decoder.decode(acElement.getFirstChild() .getNodeValue()); if (ac == null) ac = new GoodACDecodingStrategy().decode(acElement.getFirstChild() .getNodeValue()); return ac; } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#errorMessages() */ public VOMSErrorMessage[] errorMessages() { NodeList nodes = xmlResponse.getElementsByTagName("item"); if (nodes.getLength() == 0) return null; List errorList = new ArrayList(); for (int i = 0; i < nodes.getLength(); i++) { Element itemElement = (Element) nodes.item(i); Element numberElement = (Element) itemElement.getElementsByTagName( "number").item(0); Element messageElement = (Element) itemElement.getElementsByTagName( "message").item(0); int number = Integer.parseInt(numberElement.getFirstChild() .getNodeValue()); if (number >= ERROR_OFFSET) errorList.add(new VOMSErrorMessage(number, messageElement .getFirstChild().getNodeValue())); } if (errorList.isEmpty()) return null; return errorList.toArray(new VOMSErrorMessage[errorList.size()]); } public VOMSWarningMessage[] warningMessages() { NodeList nodes = xmlResponse.getElementsByTagName("item"); if (nodes.getLength() == 0) return null; List warningList = new ArrayList(); for (int i = 0; i < nodes.getLength(); i++) { Element itemElement = (Element) nodes.item(i); Element numberElement = (Element) itemElement.getElementsByTagName( "number").item(0); Element messageElement = (Element) itemElement.getElementsByTagName( "message").item(0); int number = Integer.parseInt(numberElement.getFirstChild() .getNodeValue()); if (number < ERROR_OFFSET) warningList.add(new VOMSWarningMessage(number, messageElement .getFirstChild().getNodeValue())); } if (warningList.isEmpty()) return null; return warningList.toArray(new VOMSWarningMessage[warningList.size()]); } public String getXMLAsString() { return XMLUtils.documentAsString(xmlResponse); } } LegacyVOMSResponseParsingStrategy.java000066400000000000000000000036141265712655300346170ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.InputStream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSResponseParsingStrategy; import org.w3c.dom.Document; /** * Parsing strategy for legacy VOMS responses. * * @author valerioventuri * */ public class LegacyVOMSResponseParsingStrategy implements VOMSResponseParsingStrategy { protected DocumentBuilder documentBuilder; public LegacyVOMSResponseParsingStrategy() { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); factory.setNamespaceAware(false); factory.setValidating(false); try { documentBuilder = factory.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new VOMSError(e.getMessage(), e); } } public VOMSResponse parse(InputStream inputStream) { try { Document document = documentBuilder.parse(inputStream); return new LegacyVOMSResponse(document); } catch (Exception e) { throw new VOMSError(e.getMessage()); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/RESTProtocol.java000066400000000000000000000065051265712655300305000ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.IOException; import java.io.InputStream; import java.net.URL; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolError; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; /** * Protocol implementing the REST-style interface. * * @author valerioventuri * */ public class RESTProtocol extends AbstractVOMSProtocol implements VOMSProtocol { public RESTProtocol(X509CertChainValidatorExt validator, VOMSProtocolListener listener, int connectTimeout, int readTimeout) { super(validator, listener, connectTimeout, readTimeout); } public VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request) { RESTServiceURLBuilder restQueryBuilder = new RESTServiceURLBuilder(); URL serviceUrl = restQueryBuilder.build(endpoint, request); RESTVOMSResponseParsingStrategy responseParsingStrategy = new RESTVOMSResponseParsingStrategy(); HttpsURLConnection connection = null; try { connection = (HttpsURLConnection) serviceUrl.openConnection(); if (isSkipHostnameChecks()){ connection.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }); } connection.setConnectTimeout(connectTimeout); connection.setReadTimeout(readTimeout); } catch (IOException e) { throw new VOMSProtocolError(e.getMessage(), endpoint, request, credential, e); } connection.setSSLSocketFactory(getSSLSocketFactory(credential)); listener.notifyHTTPRequest(serviceUrl.toExternalForm()); try { connection.connect(); } catch (IOException e) { throw new VOMSProtocolError(e.getMessage(), endpoint, request, credential, e); } InputStream is = null; try { if (connection.getResponseCode() != 200) { is = connection.getErrorStream(); } else is = connection.getInputStream(); } catch (IOException e) { throw new VOMSProtocolError(e.getMessage(), endpoint, request, credential, e); } VOMSResponse response = responseParsingStrategy.parse(is); listener.notifyReceivedResponse(response); connection.disconnect(); return response; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/RESTServiceURLBuilder.java000066400000000000000000000054601265712655300321700ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.net.MalformedURLException; import java.net.URL; import java.util.Iterator; import java.util.List; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSServerInfo; /** * An helper class which builds a URL suitable for an HTTPS VOMS REST request * starting from the VOMS URI as available in a {@link VOMSServerInfo} object. * * @author Valerio Venturi * */ public class RESTServiceURLBuilder { public URL build(VOMSServerInfo endpoint, VOMSACRequest request) { URL url = null; try { url = new URL("https", endpoint.getURL().getHost(), endpoint.getURL() .getPort(), buildPath(endpoint, request)); } catch (MalformedURLException e) { throw new VOMSError("Malformed URI: " + e.getMessage()); } return url; } private String buildPath(VOMSServerInfo endpoint, VOMSACRequest request) { StringBuilder stringBuilder = new StringBuilder(); stringBuilder.append("/generate-ac?fqans="); if (request.getRequestedFQANs().isEmpty()) { // Take voname from endpoint info stringBuilder.append("/" + endpoint.getVoName()); } else { List FQANs = request.getRequestedFQANs(); Iterator i = FQANs.iterator(); boolean first = true; while (i.hasNext()) { if (!first) stringBuilder.append(","); stringBuilder.append((String) i.next()); first = false; } } String targetString = targetListAsCommaSeparatedList(request.getTargets()); if (targetString != null && targetString.trim().length() != 0) { stringBuilder.append("&targets="); stringBuilder.append(targetString); } stringBuilder.append("&lifetime="); stringBuilder.append(request.getLifetime()); return stringBuilder.toString(); } private String targetListAsCommaSeparatedList(List targets) { StringBuilder targetStringBuilder = new StringBuilder(); for (String target : targets) { targetStringBuilder.append(target); targetStringBuilder.append(','); } return targetStringBuilder.toString(); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/RESTVOMSResponse.java000066400000000000000000000112041265712655300311720ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import org.italiangrid.voms.request.ACDecodingStrategy; import org.italiangrid.voms.request.VOMSErrorMessage; import org.italiangrid.voms.request.VOMSWarningMessage; import org.italiangrid.voms.util.XMLUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; /** * * This class is used to parse and represent VOMS server responses coming from a * RESTful VOMS service. * * @author Andrea Ceccanti * @author Vincenzo Ciaschini * @author Valerio Venturi * */ public class RESTVOMSResponse implements org.italiangrid.voms.request.VOMSResponse { private static int ERROR_OFFSET = 1000; protected Document xmlResponse; public RESTVOMSResponse(Document res) { xmlResponse = res; } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#getVersion() */ public int getVersion() { Element versionElement = (Element) xmlResponse.getElementsByTagName( "version").item(0); if (versionElement == null) { return 0; } return Integer.parseInt(versionElement.getFirstChild().getNodeValue()); } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#hasErrors() */ public boolean hasErrors() { return (xmlResponse.getElementsByTagName("error").getLength() != 0); } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#hasWarnings() */ public boolean hasWarnings() { return (xmlResponse.getElementsByTagName("warning").getLength() != 0); } /* * (non-Javadoc) * * @see org.glite.voms.contact.VOMSResponseIF#getAC() */ public byte[] getAC() { Element acElement = (Element) xmlResponse.getElementsByTagName("ac") .item(0); if (acElement == null || !acElement.hasChildNodes()) return null; String acString = acElement.getFirstChild().getNodeValue(); ACDecodingStrategy acDecodingStrategy = new GoodACDecodingStrategy(); byte[] decodedAc = acDecodingStrategy.decode(acString); return decodedAc; } public VOMSErrorMessage[] errorMessages() { NodeList nodes = xmlResponse.getElementsByTagName("error"); if (nodes.getLength() == 0) return null; VOMSErrorMessage[] result = new VOMSErrorMessage[nodes.getLength()]; for (int i = 0; i < nodes.getLength(); i++) { Element itemElement = (Element) nodes.item(i); Element codeElement = (Element) itemElement.getElementsByTagName("code") .item(0); Element messageElement = (Element) itemElement.getElementsByTagName( "message").item(0); String strcode = codeElement.getFirstChild().getNodeValue(); int code; if (strcode.equals("NoSuchUser")) code = 1001; else if (strcode.equals("BadRequest")) code = 1005; else if (strcode.equals("SuspendedUser")) code = 1004; else // InternalError code = 1006; result[i] = new VOMSErrorMessage(code, messageElement.getFirstChild() .getNodeValue()); } return result; } public VOMSWarningMessage[] warningMessages() { NodeList nodes = xmlResponse.getElementsByTagName("warning"); if (nodes.getLength() == 0) return null; VOMSWarningMessage[] result = new VOMSWarningMessage[nodes.getLength()]; for (int i = 0; i < nodes.getLength(); i++) { Element itemElement = (Element) nodes.item(i); // Element messageElement = (Element) // itemElement.getElementsByTagName("message").item(0); String message = itemElement.getFirstChild().getNodeValue(); int number; if (message.contains("validity")) number = 2; else if (message.contains("selected")) number = 1; else if (message.contains("contains attributes")) number = 3; else number = 4; if (number < ERROR_OFFSET) { result[i] = new VOMSWarningMessage(number, message); } } return result; } public String getXMLAsString() { return XMLUtils.documentAsString(xmlResponse); } } RESTVOMSResponseParsingStrategy.java000066400000000000000000000043031265712655300341640ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.io.InputStream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSResponseParsingStrategy; import org.w3c.dom.Document; /** * Strategy for parsing a response coming from a RESTFul VOMS. * * @author valerioventuri * */ public class RESTVOMSResponseParsingStrategy implements VOMSResponseParsingStrategy { private DocumentBuilder docBuilder; /** * */ public RESTVOMSResponseParsingStrategy() { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); factory.setNamespaceAware(false); factory.setValidating(false); try { docBuilder = factory.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new VOMSError(e.getMessage(), e); } } /** * Parse a response coming from a RESTFul VOMS service and builds a * {@link VOMSResponse} object representing the response. * * @param inputStream * the response coming from the service * @return a {@link VOMSResponse} object representing the response. * */ public VOMSResponse parse(InputStream inputStream) { try { Document document = docBuilder.parse(inputStream); return new RESTVOMSResponse(document); } catch (Exception e) { throw new VOMSError(e.getMessage()); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/VOMSESLineParser.java000066400000000000000000000116651265712655300312050ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.net.URI; import java.net.URISyntaxException; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSServerInfo; /** * A parser for VOMSES lines. * * The VOMSES line format is as follows: * * 
 * "alias" "hostname" "port" "server DN" "vo_name"
 *
* * This parser eats up whitespace and characters outside of quotes and tolerates * an additional quoted field ("globus_version") that was for some time needed. * * * @author andreaceccanti * */ public class VOMSESLineParser { private interface ParserState { void parse(char c); }; private final ParserState outsideQuotes = new ParserState() { public void parse(char c) { if (c == '"') VOMSESLineParser.this.tokenStart(); } }; private final ParserState insideQuotes = new ParserState() { public void parse(char c) { if (c == '"') { VOMSESLineParser.this.tokenEnd(); } else { VOMSESLineParser.this.tokenChar(c); } } }; static final String VOMSES_FIELD_NAMES[] = { "vo alias", "voms host", "voms port", "voms server DN", "vo name", "globus version" }; static final int VO_ALIAS = 0, VOMS_HOST = 1, VOMS_PORT = 2, VOMS_SERVER_DN = 3, VO_NAME = 4, GLOBUS_VERSION = 5; static final int MIN_VOMSES_FIELD_COUNT = 4; private String[] tokens = new String[VOMSES_FIELD_NAMES.length]; private StringBuilder currentToken; private int tokenCount; private boolean tokenComplete; private ParserState currentState; private void lineSanityChecks(String line) { if (line == null) throw new VOMSError("Cannot parse a null VOMSES line"); } private void init() { tokenCount = -1; currentToken = null; tokenComplete = false; currentState = outsideQuotes; for (int i = 0; i < tokens.length; i++) tokens[i] = null; } public VOMSServerInfo parse(String line) { init(); lineSanityChecks(line); if (line.isEmpty()) return null; for (int i = 0; i < line.length(); i++) { char c = line.charAt(i); currentState.parse(c); } if (!tokenComplete) { String msg = String.format( "Invalid VOMSES line: incomplete '%s' field. [line: %s]", VOMSES_FIELD_NAMES[tokenCount], line); throw new VOMSError(msg); } if (tokenCount < MIN_VOMSES_FIELD_COUNT) { String msg = String.format( "Invalid VOMSES line: incomplete information. [line: %s]", line); throw new VOMSError(msg); } DefaultVOMSServerInfo si = new DefaultVOMSServerInfo(); si.setAlias(tokens[VO_ALIAS]); String url = String.format("voms://%s:%s", tokens[VOMS_HOST], tokens[VOMS_PORT]); validateTokens(line); try { si.setURL(new URI(url)); si.setVOMSServerDN(tokens[VOMS_SERVER_DN]); si.setVoName(tokens[VO_NAME]); return si; } catch (URISyntaxException e) { String msg = String.format( "Invalid VOMSES line: cannot build URL for voms " + "service: %s", e.getMessage()); throw new VOMSError(msg); } } private void validateTokens(String line) { // Validate port number try { int portNo = Integer.parseInt(tokens[VOMS_PORT]); if (portNo <= 0 || portNo > 65535) { String msg = String.format( "Invalid VOMSES line: invalid port number: %d. [line: %s]", portNo, line); throw new VOMSError(msg); } } catch (NumberFormatException e) { String msg = String.format("Invalid VOMSES line: invalid port number. " + "[line: %s]. Error: %s", line, e.getMessage()); throw new VOMSError(msg, e); } } public void tokenStart() { if (++tokenCount == VOMSES_FIELD_NAMES.length) throw new VOMSError("Invalid VOMSES line: too many fields!"); currentToken = new StringBuilder(); currentState = insideQuotes; tokenComplete = false; } public void tokenEnd() { if (currentToken.length() != 0) { tokens[tokenCount] = currentToken.toString(); currentState = outsideQuotes; tokenComplete = true; } else { String msg = String.format("Invalid VOMSES line: empty '%s' field.", VOMSES_FIELD_NAMES[tokenCount]); throw new VOMSError(msg); } } public void tokenChar(char c) { currentToken.append(c); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/VOMSRequestFactory.java000066400000000000000000000155461265712655300316730ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.request.impl; import java.util.Iterator; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.util.VOMSFQANNamingScheme; import org.w3c.dom.Document; import org.w3c.dom.DocumentFragment; import org.w3c.dom.Element; /** * * This class builds VOMS XML requests starting from {@link VOMSACRequest} * objects. * * @author Andrea Ceccanti * */ public class VOMSRequestFactory { private static volatile VOMSRequestFactory instance = null; private String orderString; private String targetString; private long lifetime = 0; protected DocumentBuilder docBuilder; public synchronized static VOMSRequestFactory instance() { if (instance == null) instance = new VOMSRequestFactory(); return instance; } private VOMSRequestFactory() { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); factory.setNamespaceAware(false); factory.setValidating(false); try { docBuilder = factory.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new VOMSError(e.getMessage()); } } public long getLifetime() { return lifetime; } public void setLifetime(long lifetime) { this.lifetime = lifetime; } public String getOrderString() { return orderString; } public void setOrderString(String orderString) { this.orderString = orderString; } public String getTargetString() { return targetString; } public void setTargetString(String targetString) { this.targetString = targetString; } private void setOptionsForRequest(VOMSRequestFragment fragment) { if (orderString != null && orderString != "") fragment.buildOrderElement(orderString); if (targetString != null && targetString != "") fragment.buildTargetsElement(targetString); fragment.buildLifetime(lifetime); } private void loadOptions(VOMSACRequest options) { lifetime = options.getLifetime(); } public Document buildRequest(VOMSACRequest acRequest, VOMSServerInfo endpoint) { loadOptions(acRequest); Document request = docBuilder.newDocument(); VOMSRequestFragment frag = new VOMSRequestFragment(request); if (acRequest.getRequestedFQANs().isEmpty()) { frag.groupCommand("/" + endpoint.getVoName()); setOptionsForRequest(frag); request.appendChild(frag.getFragment()); return request; } Iterator fqanIter = acRequest.getRequestedFQANs().iterator(); frag.buildBase64(); frag.buildVersion(); while (fqanIter.hasNext()) { String FQAN = fqanIter.next(); if (FQAN.equals("all")) { frag.allCommand(); } else if (VOMSFQANNamingScheme.isGroup(FQAN)) { frag.groupCommand(FQAN); } else if (VOMSFQANNamingScheme.isRole(FQAN)) { frag.roleCommand(VOMSFQANNamingScheme.getRoleName(FQAN)); } else if (VOMSFQANNamingScheme.isQualifiedRole(FQAN)) { frag.mappingCommand(VOMSFQANNamingScheme.getGroupName(FQAN), VOMSFQANNamingScheme.getRoleName(FQAN)); } } setOptionsForRequest(frag); request.appendChild(frag.getFragment()); return request; } } /** * Helper class to manage the creation of VOMS XML requests. * * @author andreaceccanti * */ class VOMSRequestFragment { private Document doc; DocumentFragment fragment; Element root; Element command; Element order; Element targets; Element lifetime; Element base64; Element version; public VOMSRequestFragment(Document doc) { this.doc = doc; fragment = doc.createDocumentFragment(); buildRootElement(); } protected void buildRootElement() { root = doc.createElement("voms"); fragment.appendChild(root); } private void appendTextChild(Element e, String text) { e.appendChild(doc.createTextNode(text)); } private String buildCompatibleOrderString(String s) { String[] FQANs = s.split(","); if (FQANs.length == 0) return ""; for (int i = 0; i < FQANs.length; i++) { if (VOMSFQANNamingScheme.isQualifiedRole(FQANs[i])) FQANs[i] = VOMSFQANNamingScheme.toOldQualifiedRoleSyntax(FQANs[i]); } StringBuilder fqansString = new StringBuilder(); for (int i = 0; i < FQANs.length; i++) { fqansString.append(FQANs); if (i < FQANs.length - 1) fqansString.append(","); } return fqansString.toString(); } void buildCommandElement(String cmdString) { command = doc.createElement("command"); appendTextChild(command, cmdString); root.appendChild(command); } void buildOrderElement(String orderString) { order = doc.createElement("order"); // Temporary compatibility hack appendTextChild(order, buildCompatibleOrderString(orderString)); root.appendChild(order); } void buildTargetsElement(String targetString) { targets = doc.createElement("targets"); appendTextChild(targets, targetString); root.appendChild(targets); } void buildLifetime(long lifetime) { buildLifetime(Long.toString(lifetime)); } void buildLifetime(String lifetimeString) { lifetime = doc.createElement("lifetime"); appendTextChild(lifetime, lifetimeString); root.appendChild(lifetime); } void buildBase64() { base64 = doc.createElement("base64"); appendTextChild(base64, "1"); root.appendChild(base64); } void buildVersion() { version = doc.createElement("version"); appendTextChild(version, "4"); root.appendChild(version); } public DocumentFragment getFragment() { return fragment; } public void groupCommand(String groupName) { buildCommandElement("G" + groupName); } public void roleCommand(String roleName) { buildCommandElement("R" + roleName); } public void mappingCommand(String groupName, String roleName) { buildCommandElement("B" + groupName + ":" + roleName); } public void allCommand() { buildCommandElement("A"); } public void listCommand() { buildCommandElement("N"); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/impl/package-info.java000066400000000000000000000013761265712655300305260ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the implementation logic for VOMS attributes requests. */ package org.italiangrid.voms.request.impl; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/request/package-info.java000066400000000000000000000014041265712655300275550ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the API for requesting VOMS attribtues from a remote VOMS server. */ package org.italiangrid.voms.request; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/000077500000000000000000000000001265712655300240335ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/LSCFileParser.java000066400000000000000000000034361265712655300273020ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; import java.io.File; import java.io.InputStream; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.impl.LSCFile; /** * This interface defines a parser for VOMS LSC files. * * @author Andrea Ceccanti * */ public interface LSCFileParser { /** * Parses an LSC file. * * @param vo * the name of the VO this LSC file is about * @param hostname * the name of host this LSC file is about * @param file * the LSC file * @return an {@link LSCFile} object * @throws VOMSError * in case of parsing errors */ public LSCFile parse(String vo, String hostname, File file); /** * Parses an LSC file from a generic input stream. * * @param vo * the name of the VO this LSC file is about * @param hostname * the name of host this LSC file is about * @param is * an {@link InputStream} that contains the LSC information * * @return an {@link LSCFile} object * @throws VOMSError * in case of parsing errors */ public LSCFile parse(String vo, String hostname, InputStream is); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/LSCInfo.java000066400000000000000000000050361265712655300261370ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; import java.security.cert.X509Certificate; import java.util.List; /** * The VOMS LSC information. * * @author Andrea Ceccanti * */ public interface LSCInfo { /** * Sets the name of the file from where this LSC info was parsed from. * * @param filename * the name of the file from where this LSC info was parsed from. */ public void setFilename(String filename); /** * Returns the name of file from where this LSC info was parsed from. * * @return the name of the file from where this LSC info was parsed from. */ public String getFilename(); /** * Returns the VO name this LSC info applies to. * * @return the VO name this LSC info applies to */ public String getVOName(); /** * Returns the host name of the VOMS AA this LSC info applies to. * * @return the host name of the VOMS AA this LSC info applies to */ public String getHostname(); /** * Returns the certificate chain description of the VOMS AA for the given VO * and hostname. * * The certificate chain description is a list of X.500 distinguished names * encoded as strings according to the OpenSSL slash-separated format, as in: * /C=IT/O=INFN/CN=INFN CA * * The first element in the description is the leaf certificate, while the * last is the CA certificate. * * @return the certificate chain description of the VOMS AA for the given VO * and hostname. */ public List getCertificateChainDescription(); /** * Checks if the certificate chain description maintained in the LSC * information matches the certificate chain passed as argument. * * @param certChain * the certificate chain to be checked * @return true if the description matches, false * otherwise */ public boolean matches(X509Certificate[] certChain); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/Updateable.java000066400000000000000000000022131265712655300267420ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; /** * Represents an object which can be periodically updated according to an update * frequency. * * @author Andrea Ceccanti * */ public interface Updateable { /** * @return the frequency (in milliseconds) currently set for this * {@link Updateable} object. */ public long getUpdateFrequency(); /** * Updates the object. */ public void update(); /** * Cancels the future updates of this {@link Updateable} object. */ public void cancel(); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/UpdatingVOMSTrustStore.java000066400000000000000000000015221265712655300312350ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; /** * A VOMS trust store that can be periodically refreshed. * * @author Andrea Ceccanti * */ public interface UpdatingVOMSTrustStore extends VOMSTrustStore, Updateable { } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/VOMSTrustStore.java000066400000000000000000000063221265712655300275440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; import java.security.cert.X509Certificate; import java.util.List; import java.util.Map; import java.util.Set; import javax.security.auth.x500.X500Principal; /** * The VOMS trust store takes care of parsing local trusted information (being * certificates or LSC files) for known VOMS servers. * * @author Andrea Ceccanti * */ public interface VOMSTrustStore { /** * Returns the locally trusted directories where VOMS trust information (being * VOMS server certificates or LSC files) are searched for. * * @return a {@link List} of local paths */ public List getLocalTrustedDirectories(); /** * Returns the list of VOMS Attribute Authority certificates held in this * {@link VOMSTrustStore}. * * @return the collection of VOMS Attribute Authority certificates held in * this {@link VOMSTrustStore}, an empty list if no certificate was * found. */ public List getLocalAACertificates(); /** * Returns the VOMS Attribute Authority certificate held in this * {@link VOMSTrustStore} whose subject matches the subject passed as * argument. * * @param aaCertSubject * a certificate subject * @return the VOMS AA {@link X509Certificate} that matches the subject passed * as argument or null if no matching certificate is found in this * store */ public X509Certificate getAACertificateBySubject(X500Principal aaCertSubject); /** * Returns the LSC information held in this {@link VOMSTrustStore} for the vo * and hostname passed as arguments. * * @param voName * the name of the VO for which the LSC applies * @param hostname * the name of the host for which the LSC applies * @return a {@link LSCInfo} object, or null if no LSC matching the arguments * was found */ public LSCInfo getLSC(String voName, String hostname); /** * Returns all the LSC information held in this {@link VOMSTrustStore}. The * returned {@link Map} is keyed by VO name. * * @return a possibly empty map {@link LSCInfo} objects */ public Map> getAllLSCInfo(); /** * Loads trust information from the sources configured for this trust store. */ public void loadTrustInformation(); /** * Sets a {@link VOMSTrustStoreStatusListener} that is notified of events * related to this VOMS trust store * * @param statusListener * the status listener that will be notified */ public void setStatusListener(VOMSTrustStoreStatusListener statusListener); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/VOMSTrustStoreStatusListener.java000066400000000000000000000037541265712655300324640ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; import java.io.File; import java.security.cert.X509Certificate; /** * * This interface used to notify interested listeners in status changes of a * VOMS trust store. * * @author Andrea Ceccanti * */ public interface VOMSTrustStoreStatusListener { /** * Informs that certificates are being looked for in the directory passed as * argument * * @param dir * the directory where certificates are being looked for */ public void notifyCertficateLookupEvent(String dir); /** * Informs that VOMS LSC file information is being looked for in the directory * passed as argument. * * @param dir * the directory where certificates are being looked for */ public void notifyLSCLookupEvent(String dir); /** * Informs that a VOMS AA certificate has been loaded in the store * * @param cert * the VOMS AA certificate loaded * @param f * the file from which the certificate has been loaded */ public void notifyCertificateLoadEvent(X509Certificate cert, File f); /** * Informs that VOMS LSC information has been loaded in the store * * @param lsc * the loaded VOMS LSC information * @param f * the file from which the LSC information has been loaded */ public void notifyLSCLoadEvent(LSCInfo lsc, File f); } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/VOMSTrustStores.java000066400000000000000000000052311265712655300277250ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store; import java.util.List; import org.italiangrid.voms.store.impl.DefaultUpdatingVOMSTrustStore; /** * A factory for VOMS trust stores * * @author cecco * */ public class VOMSTrustStores { /** * Creates a {@link VOMSTrustStore} configured with default settings. * * @return a {@link VOMSTrustStore} configured with default settings. */ public static VOMSTrustStore newTrustStore() { return new DefaultUpdatingVOMSTrustStore(); } /** * Creates a {@link VOMSTrustStore} configured according to the parameters * passed as argument * * @param localTrustDirs * the directory where voms information will be searched * @param updateFrequency * the trust store update frequency in milliseconds * @param statusListener * a listener that is notified of events related to the created trust * store * @return a {@link VOMSTrustStore} configured as requested. */ public static VOMSTrustStore newTrustStore(List localTrustDirs, long updateFrequency, VOMSTrustStoreStatusListener statusListener) { return new DefaultUpdatingVOMSTrustStore(localTrustDirs, updateFrequency, statusListener); } /** * Creates a {@link VOMSTrustStore} configured according to the parameters * passed as argument * * @param localTrustDirs * the directory where voms information will be searched * @return a {@link VOMSTrustStore} configured as requested. */ public static VOMSTrustStore newTrustStore(List localTrustDirs) { return new DefaultUpdatingVOMSTrustStore(localTrustDirs); } /** * Creates a {@link VOMSTrustStore} configured according to the parameters * passed as argument * * @param updateFrequency * the trust store update frequency in milliseconds * @return a {@link VOMSTrustStore} configured as requested. */ public static VOMSTrustStore newTrustStore(long updateFrequency) { return new DefaultUpdatingVOMSTrustStore(updateFrequency); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/000077500000000000000000000000001265712655300247745ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/DefaultLSCFileParser.java000066400000000000000000000076551265712655300315570ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.LSCFileParser; /** * The default implementation for the LSC file parser. * * @author Andrea Ceccanti * */ public class DefaultLSCFileParser implements LSCFileParser { public static final String EMPTY_LINE_REGEX = "(?m)^\\s*?$"; public static final String MALFORMED_LSC_FILE_ERROR_TEMPLATE = "LSC file parsing error: Malformed LSC file (vo=%s, host=%s): %s"; private void checkFileExistanceAndReadabilty(File f) { if (!f.exists()) throw new VOMSError("LSC file does not exist: " + f.getAbsolutePath()); if (!f.canRead()) throw new VOMSError("LSC file is not readable: " + f.getAbsolutePath()); } public LSCFile parse(String vo, String hostname, String filename) { LSCFile lsc = null; try { File f = new File(filename); checkFileExistanceAndReadabilty(f); lsc = parse(vo, hostname, new FileInputStream(f)); lsc.setFilename(filename); } catch (IOException e) { throw new VOMSError("LSC file parsing error: " + e.getMessage(), e); } return lsc; } public synchronized LSCFile parse(String vo, String hostname, InputStream is) { LSCFile lsc = new LSCFile(); lsc.setHostname(hostname); lsc.setVo(vo); try { BufferedReader lscReader = new BufferedReader(new InputStreamReader(is)); String line = null; List certificateChainDescription = new ArrayList(); do { line = lscReader.readLine(); // This is EOF if (line == null) break; // Ignore comments if (line.startsWith("#")) continue; // Ignore ---NEXT CHAIN--- if (line.startsWith("-")) continue; // Ignore empty lines if (line.matches(EMPTY_LINE_REGEX)) continue; if (line.startsWith("/")) certificateChainDescription.add(line); } while (line != null); lscReader.close(); if (certificateChainDescription.size() % 2 != 0) { String errorMessage = String.format(MALFORMED_LSC_FILE_ERROR_TEMPLATE, vo, hostname, "Odd number of distinguished name entries."); throw new VOMSError(errorMessage); } if (certificateChainDescription.size() == 0) { String errorMessage = String.format(MALFORMED_LSC_FILE_ERROR_TEMPLATE, vo, hostname, "No distinguished name entries found."); throw new VOMSError(errorMessage); } lsc.setCertificateChainDescription(certificateChainDescription); } catch (IOException e) { throw new VOMSError("LSC file parsing error: " + e.getMessage(), e); } return lsc; } public LSCFile parse(String vo, String hostname, File file) { LSCFile lsc = null; try { checkFileExistanceAndReadabilty(file); lsc = parse(vo, hostname, new FileInputStream(file)); lsc.setFilename(file.getAbsolutePath()); } catch (IOException e) { throw new VOMSError("LSC file parsing error: " + e.getMessage(), e); } return lsc; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/DefaultUpdatingVOMSTrustStore.java000066400000000000000000000120341265712655300335030ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; import java.util.List; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.UpdatingVOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStoreStatusListener; import org.italiangrid.voms.util.NullListener; /** * A VOMS trust store that periodically updates itself. The update frequency is * set once at VOMS trust store creation time. * * * @author Andrea Ceccanti * */ public class DefaultUpdatingVOMSTrustStore extends DefaultVOMSTrustStore implements UpdatingVOMSTrustStore { /** * Default trust store update frequency (10 minutes). */ public static final long DEFAULT_UPDATE_FREQUENCY = TimeUnit.MINUTES .toMillis(10); /** * This trust store update frequency in milliseconds. */ private long updateFrequency; /** * The scheduler used to schedule the update tasks. */ private final ScheduledExecutorService scheduler = Executors .newSingleThreadScheduledExecutor(new VOMSNamedThreadFactory()); /** * Builds a trust store configured as defined in the parameters. * * @param localTrustDirs * where VOMS trust information will be looked for * @param updateFrequency * the update frequency in milliseconds * @param listener * a listener that is notified of interesting events related to this * store */ public DefaultUpdatingVOMSTrustStore(List localTrustDirs, long updateFrequency, VOMSTrustStoreStatusListener listener) { super(localTrustDirs, listener); updateFrequencySanityChecks(updateFrequency); this.updateFrequency = updateFrequency; scheduleUpdate(); } /** * Builds a trust store configured as defined in the parameters. * * @param updateFrequency * the update frequency in milliseconds * */ public DefaultUpdatingVOMSTrustStore(long updateFrequency) { this(buildDefaultTrustedDirs(), updateFrequency, NullListener.INSTANCE); } /** * Builds a trust store configured as defined in the parameters. * * @param localTrustDirs * where VOMS trust information will be looked for * @param updateFrequency * the update frequency in milliseconds * */ public DefaultUpdatingVOMSTrustStore(List localTrustDirs, long updateFrequency) { this(localTrustDirs, updateFrequency, NullListener.INSTANCE); } /** * Builds a trust store configured as defined in the parameters. * * @param localTrustDirs * where VOMS trust information will be looked for */ public DefaultUpdatingVOMSTrustStore(List localTrustDirs) { this(localTrustDirs, DEFAULT_UPDATE_FREQUENCY, NullListener.INSTANCE); } /** * Builds a trust store. VOMS information will be searched in the default VOMS * dir location ({@link DefaultVOMSTrustStore#DEFAULT_VOMS_DIR}). * * This store will be refreshed according to the value of * {@link #DEFAULT_UPDATE_FREQUENCY}. */ public DefaultUpdatingVOMSTrustStore() { this(buildDefaultTrustedDirs(), DEFAULT_UPDATE_FREQUENCY, NullListener.INSTANCE); } protected void updateFrequencySanityChecks(long updateFrequency) { if (updateFrequency <= 0) throw new VOMSError( "Please provide a positive value for this store update frequency!"); } protected void scheduleUpdate() { write.lock(); try { long frequency = getUpdateFrequency(); scheduler.scheduleWithFixedDelay(new Runnable() { // Just run update on the VOMS trust store and log any error public void run() { update(); } }, frequency, // First execution delay frequency, // Next iterations delay TimeUnit.MILLISECONDS); } finally { write.unlock(); } } /** * Returns the update frequency, in milliseconds, for this store. */ public long getUpdateFrequency() { read.lock(); try { return updateFrequency; } finally { read.unlock(); } } /** * Updates the information in this store */ public void update() { loadTrustInformation(); } /** * Cancel the background tasks which updates this store. */ public void cancel() { write.lock(); try { scheduler.shutdownNow(); } finally { write.unlock(); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.java000066400000000000000000000300741265712655300320130ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; import java.io.File; import java.io.FileFilter; import java.io.FileInputStream; import java.io.FilenameFilter; import java.io.IOException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; import javax.security.auth.x500.X500Principal; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.LSCInfo; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStoreStatusListener; import org.italiangrid.voms.util.NullListener; import eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding; /** * * The default implementation for the VOMS trust store. This implementation * does not refresh the trust information on a periodic basis. For an * updating trust store see {@link DefaultUpdatingVOMSTrustStore}. * * @author Andrea Ceccanti * */ public class DefaultVOMSTrustStore implements VOMSTrustStore { /** * The default directory where local VOMS trust information is rooted: * {@value #DEFAULT_VOMS_DIR} **/ public static final String DEFAULT_VOMS_DIR = "/etc/grid-security/vomsdir"; /** * The filename suffix used to match certificates in the VOMS local trust * directories **/ public static final String CERTIFICATE_FILENAME_SUFFIX = ".pem"; /** * The filename suffix used to match LSC files in the VOMS local trust * directories **/ public static final String LSC_FILENAME_SUFFIX = ".lsc"; /** * The list of local trusted directories that is searched for trust * information (certs or LSC files) **/ private final List localTrustedDirs; /** Map of local parsed AA certificates keyed by certificate subject hash **/ private Map localAACertificatesByHash = new HashMap(); /** The set of local parsed LSC information keyed by VO **/ private Map> localLSCInfo = new HashMap>(); /** * The trust store status listener that will be notified of changes in this * trust store **/ private VOMSTrustStoreStatusListener listener; /** The read/write lock that implements thread safety for this store **/ protected final ReadWriteLock rwLock = new ReentrantReadWriteLock(); /** A reference to the read lock **/ protected final Lock read = rwLock.readLock(); /** A reference to the write lock **/ protected final Lock write = rwLock.writeLock(); /** A lock to guard the setting of the status listener **/ protected final Object listenerLock = new Object(); /** * Builds a list of trusted directories containing only * {@link #DEFAULT_VOMS_DIR}. * * @return a list of default trusted directory containing the * {@link #DEFAULT_VOMS_DIR} **/ protected static List buildDefaultTrustedDirs() { List tDirs = new ArrayList(); tDirs.add(DEFAULT_VOMS_DIR); return tDirs; } /** * * @param localTrustDirs * a non-null list of local trust directories * @param listener * the {@link VOMSTrustStoreStatusListener} to use for this trust * store * @throws IllegalArgumentException * when the list passed as argument is null * */ public DefaultVOMSTrustStore(List localTrustDirs, VOMSTrustStoreStatusListener listener) { if (localTrustDirs == null) throw new IllegalArgumentException( "Please provide a non-null list of local trust directories!"); this.localTrustedDirs = localTrustDirs; this.listener = listener; loadTrustInformation(); } public DefaultVOMSTrustStore(VOMSTrustStoreStatusListener listener) { this(buildDefaultTrustedDirs(), listener); } public DefaultVOMSTrustStore(List localTrustDirs) { this(localTrustDirs, NullListener.INSTANCE); } /** * Default constructor. * * Sets the local trusted directories to the default of * {@value #DEFAULT_VOMS_DIR}. * * */ public DefaultVOMSTrustStore() { this(buildDefaultTrustedDirs()); } public List getLocalTrustedDirectories() { read.lock(); try { return localTrustedDirs; } finally { read.unlock(); } } public List getLocalAACertificates() { read.lock(); try { return Collections.unmodifiableList(new ArrayList( localAACertificatesByHash.values())); } finally { read.unlock(); } } public LSCInfo getLSC(String voName, String hostname) { read.lock(); try { Set candidates = localLSCInfo.get(voName); if (candidates == null) return null; for (LSCInfo lsc : candidates) { if (lsc.getHostname().equals(hostname)) return lsc; } return null; } finally { read.unlock(); } } /** * Loads all the certificates in the local directory. Only files with the * extension matching the {@link #CERTIFICATE_FILENAME_PATTERN} are * considered. * * @param directory */ private void loadCertificatesFromDirectory(File directory) { directorySanityChecks(directory); synchronized (listenerLock) { listener.notifyCertficateLookupEvent(directory.getAbsolutePath()); } File[] certFiles = directory.listFiles(new FilenameFilter() { public boolean accept(File dir, String name) { return name.endsWith(CERTIFICATE_FILENAME_SUFFIX); } }); for (File f : certFiles) loadCertificateFromFile(f); } /** * Loads a VOMS AA certificate from a given file and stores this certificate * in the local map of trusted VOMS AA certificate. * * @param file */ private void loadCertificateFromFile(File file) { certificateFileSanityChecks(file); try { X509Certificate aaCert = CertificateUtils.loadCertificate( new FileInputStream(file), Encoding.PEM); // Get certificate subject hash, using the CANL implementation for CA // files String aaCertHash = getOpensslCAHash(aaCert.getSubjectX500Principal()); // Store certificate in the local map localAACertificatesByHash.put(aaCertHash, aaCert); synchronized (listenerLock) { listener.notifyCertificateLoadEvent(aaCert, file); } } catch (IOException e) { String errorMessage = String.format( "Error parsing VOMS trusted certificate from %s. Reason: %s", file.getAbsolutePath(), e.getMessage()); throw new VOMSError(errorMessage, e); } } /** * * @param directory */ private void loadLSCFromDirectory(File directory) { directorySanityChecks(directory); synchronized (listenerLock) { listener.notifyLSCLookupEvent(directory.getAbsolutePath()); } File[] lscFiles = directory.listFiles(new FilenameFilter() { public boolean accept(File dir, String name) { return name.endsWith(LSC_FILENAME_SUFFIX); } }); if (lscFiles.length == 0) return; DefaultLSCFileParser lscParser = new DefaultLSCFileParser(); // In the VOMS trust anchor structure, LSC files are contained in a // directory named // as the VO the LSC belongs to String voName = directory.getName(); for (File lsc : lscFiles) { String lscFileName = lsc.getName(); // In the VOMS trust anchor structure, LSC files are named as // .lsc where hostname // is the name of host where the VOMS AA is running String hostname = lscFileName.substring(0, lscFileName.indexOf(LSC_FILENAME_SUFFIX)); LSCInfo info = null; info = lscParser.parse(voName, hostname, lsc); Set localLscForVo = localLSCInfo.get(voName); if (localLscForVo == null) { localLscForVo = new HashSet(); localLSCInfo.put(voName, localLscForVo); } localLscForVo.add(info); listener.notifyLSCLoadEvent(info, lsc); } } /** * Performs basic sanity checks performed on a file supposed to hold a VOMS AA * certificate. * * @param certFile */ private void certificateFileSanityChecks(File certFile) { if (!certFile.exists()) throw new VOMSError("Local VOMS trusted certificate does not exist:" + certFile.getAbsolutePath()); if (!certFile.canRead()) throw new VOMSError("Local VOMS trusted certificate is not readable:" + certFile.getAbsolutePath()); } /** * Performs basic sanity checks on a directory that is supposed to contain * VOMS AA certificates and LSC files. * * @param directory */ private void directorySanityChecks(File directory) { if (!directory.exists()) throw new VOMSError("Local trust directory does not exists:" + directory.getAbsolutePath()); if (!directory.isDirectory()) throw new VOMSError("Local trust directory is not a directory:" + directory.getAbsolutePath()); if (!directory.canRead()) throw new VOMSError("Local trust directory is not readable:" + directory.getAbsolutePath()); if (!directory.canExecute()) throw new VOMSError("Local trust directory is not traversable:" + directory.getAbsolutePath()); } private void cleanupStores() { localAACertificatesByHash.clear(); localLSCInfo.clear(); } public void loadTrustInformation() { write.lock(); try { if (localTrustedDirs.isEmpty()) { throw new VOMSError( "No local trust directory was specified for this trust store. Please provide at least one path where LSC and VOMS service certificates will be searched for."); } cleanupStores(); for (String localDir : localTrustedDirs) { File baseTrustDir = new File(localDir); // Legacy VOMS dir structure put all the certificates in the base trust // directory loadCertificatesFromDirectory(baseTrustDir); // Load LSC and certificates files starting from each of the // sub-directory of the starting trust info directory File[] voDirs = baseTrustDir.listFiles(new FileFilter() { public boolean accept(File pathname) { return pathname.isDirectory(); } }); for (File voDir : voDirs) { loadLSCFromDirectory(voDir); loadCertificatesFromDirectory(voDir); } } } finally { write.unlock(); } } private String getOpensslCAHash(X500Principal principal) { return OpensslTruststoreHelper.getOpenSSLCAHash(principal, false); } public X509Certificate getAACertificateBySubject(X500Principal aaCertSubject) { read.lock(); try { String theCertHash = getOpensslCAHash(aaCertSubject); return localAACertificatesByHash.get(theCertHash); } finally { read.unlock(); } } public Map> getAllLSCInfo() { read.lock(); try { return Collections.unmodifiableMap(localLSCInfo); } finally { read.unlock(); } } public void setStatusListener(VOMSTrustStoreStatusListener statusListener) { synchronized (listenerLock) { this.listener = statusListener; } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/LSCFile.java000066400000000000000000000106701265712655300270640ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; import java.security.cert.X509Certificate; import java.util.List; import org.italiangrid.voms.store.LSCInfo; import eu.emi.security.authn.x509.impl.OpensslNameUtils; import eu.emi.security.authn.x509.impl.X500NameUtils; /** * A VOMS LSC file. * * The LSC file describes the certificate chain that a VOMS attribute authority * uses to sign a VOMS attribute certificate. The LSC mechanism solves the * public key distribution problem for VOMS AA certificates and is used in the * VOMS validation process to validate the signature on the AC by extracting the * VOMS AA certificate included in the VOMS extension and checking that the * chain conforms to the description in the LSC file. * * Two {@link LSCFile} object are considered to be equal if their vo and * hostname fields match. * * @author Andrea Ceccanti * */ public class LSCFile implements LSCInfo { /** The LSC filename **/ String filename; /** The VO this LSC file is about **/ String vo; /** The hostname this LSC file is about **/ String hostname; /** The certificate chain description contained in this LSC file **/ List certChainDescription; public String getVOName() { return vo; } public String getHostname() { return hostname; } public List getCertificateChainDescription() { return certChainDescription; } public String getFilename() { return filename; } public String getVo() { return vo; } public void setFilename(String filename) { this.filename = filename; } public void setVo(String vo) { this.vo = vo; } public void setHostname(String hostname) { this.hostname = hostname; } public void setCertificateChainDescription(List certChainDesc) { this.certChainDescription = certChainDesc; } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((hostname == null) ? 0 : hostname.hashCode()); result = prime * result + ((vo == null) ? 0 : vo.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; LSCFile other = (LSCFile) obj; if (hostname == null) { if (other.hostname != null) return false; } else if (!hostname.equals(other.hostname)) return false; if (vo == null) { if (other.vo != null) return false; } else if (!vo.equals(other.vo)) return false; return true; } @Override public String toString() { return "LSCFile [filename=" + filename + ", vo=" + vo + ", hostname=" + hostname + ", certChainDescription=" + certChainDescription + "]"; } @SuppressWarnings("deprecation") public boolean matches(X509Certificate[] certChain) { if (certChainDescription == null || certChainDescription.isEmpty()) return false; if (certChain == null || certChain.length == 0) return false; if (certChainDescription.size() == certChain.length * 2) { for (int i = 0; i < certChain.length; i++) { String lscSubjectRFC2253 = OpensslNameUtils .opensslToRfc2253(certChainDescription.get(i)); String lscIssuerRFC2253 = OpensslNameUtils .opensslToRfc2253(certChainDescription.get(i + 1)); boolean subjectDoesMatch = X500NameUtils.equal( certChain[i].getSubjectX500Principal(), lscSubjectRFC2253); boolean issuerDoesMatch = X500NameUtils.equal( certChain[i].getIssuerX500Principal(), lscIssuerRFC2253); if (!subjectDoesMatch || !issuerDoesMatch) return false; } } else { // Cert chain description does not match certificate chain length return false; } return true; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/VOMSNamedThreadFactory.java000066400000000000000000000026371265712655300320600ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; import java.lang.Thread.UncaughtExceptionHandler; import java.util.concurrent.ThreadFactory; import java.util.concurrent.atomic.AtomicInteger; /** * A simple thread factory to create named VOMS background threads. * * @author Andrea Ceccanti * */ public class VOMSNamedThreadFactory implements ThreadFactory { private static final AtomicInteger created = new AtomicInteger(); private static final String poolBaseName = "voms-thread"; private UncaughtExceptionHandler handler; public VOMSNamedThreadFactory(UncaughtExceptionHandler h) { this.handler = h; } public VOMSNamedThreadFactory() { } public Thread newThread(Runnable r) { return new VOMSThread(r, poolBaseName + "-" + created.incrementAndGet(), handler); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/VOMSThread.java000066400000000000000000000026261265712655300275610ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.store.impl; /** * An helper class to create a named VOMS thread. This class just sets the name * for the thread and set an {@link java.lang.Thread.UncaughtExceptionHandler} * which logs the caught exception. * * @author Andrea Ceccanti * */ public class VOMSThread extends Thread { /** * Default constructor. * * @param target * the object whose run method is called. * @param name * the name of the new thread. * @param handler * the {@link java.lang.Thread.UncaughtExceptionHandler} * used for this thread */ public VOMSThread(Runnable target, String name, UncaughtExceptionHandler handler) { super(target, name); setUncaughtExceptionHandler(handler); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/impl/package-info.java000066400000000000000000000013671265712655300301720ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the implementation of VOMS trust store management. */ package org.italiangrid.voms.store.impl; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/store/package-info.java000066400000000000000000000013471265712655300272270ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides the API for managing VOMS trust stores. */ package org.italiangrid.voms.store; voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/000077500000000000000000000000001265712655300236545ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/CachingCertificateValidator.java000066400000000000000000000260111265712655300320640ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; import org.italiangrid.voms.VOMSError; import eu.emi.security.authn.x509.ProxySupport; import eu.emi.security.authn.x509.RevocationParameters; import eu.emi.security.authn.x509.StoreUpdateListener; import eu.emi.security.authn.x509.ValidationErrorListener; import eu.emi.security.authn.x509.ValidationResult; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.FormatMode; /** * A Certificate validator that caches validation results for a configurable * period of time. The cache is keyed by the fingerprint of the certificate at * the top of the chain (likely the EEC). * * * @author andreaceccanti * */ public class CachingCertificateValidator implements X509CertChainValidatorExt { /** * Simple concurrent cache for validation results */ protected final ConcurrentMap validationResultsCache; /** * The wrapped CANL certificate validator */ protected final X509CertChainValidatorExt validator; /** * The cache entry lifetime for this validator */ protected final long cacheEntryLifetimeMsec; /** * Builds a caching validator wrapping the validator passed as argument. * * @param val * The CANL validator to be wrapped. * @param maxCacheEntryLifetime * the maximum cache entry lifetime (in msecs) */ public CachingCertificateValidator(X509CertChainValidatorExt val, long maxCacheEntryLifetime) { cacheEntryLifetimeMsec = maxCacheEntryLifetime; validator = val; validationResultsCache = new ConcurrentHashMap(); } /** * Checks whether the {@link CachedValidationResult} passed as argument has * expired with respect to the {@link #cacheEntryLifetimeMsec} defined for * this validator and the reference time passed as argument. * * @param cvr * a {@link CachedValidationResult} object * @param referenceTime * the reference time (msecs since the epoch) * @return true when expired, false otherwise */ public boolean cachedValidationResultHasExpired(CachedValidationResult cvr, long referenceTime) { return (referenceTime - cvr.getTimestamp() > cacheEntryLifetimeMsec); } /** * Gets a validation result from the memory cache * * @param certFingerprint * the certificate fingerprint for the certificate at the top of the * chain * @return the validation result, if found. null otherwise. */ protected ValidationResult getCachedResult(String certFingerprint) { CachedValidationResult cvr = validationResultsCache.get(certFingerprint); if (cvr == null) return null; if (!cachedValidationResultHasExpired(cvr, System.currentTimeMillis())) { return cvr.getResult(); } validationResultsCache.remove(certFingerprint, cvr); return null; } /** * Obvious sanity checks on input certificate chain * * @param certChain * the chain to be checked */ private void certChainSanityChecks(X509Certificate[] certChain) { if (certChain == null) throw new IllegalArgumentException("Cannot validate a null cert chain."); if (certChain.length == 0) throw new IllegalArgumentException( "Cannot validate a cert chain of length 0."); } /** * Validates a certificate chain using the wrapped validator, caching the * result for future validation calls. * * @param certChain * the certificate chain that will be validated * @return a possibly cached {@link ValidationResult} * @see eu.emi.security.authn.x509.X509CertChainValidator#validate(java.security.cert.X509Certificate[]) */ public ValidationResult validate(X509Certificate[] certChain) { certChainSanityChecks(certChain); String certFingerprint = null; try { certFingerprint = FingerprintHelper .getFingerprint(certChain[certChain.length - 1]); } catch (Throwable t) { String errorMsg = String.format("Error computing fingerprint for " + "certificate: %s. Cause: %s", CertificateUtils.format(certChain[0], FormatMode.COMPACT_ONE_LINE), t.getMessage()); throw new VOMSError(errorMsg, t); } ValidationResult res = getCachedResult(certFingerprint); if (res == null) { res = validator.validate(certChain); validationResultsCache.putIfAbsent(certFingerprint, new CachedValidationResult(certFingerprint, res)); } return res; } /** * @see eu.emi.security.authn.x509.X509CertChainValidatorExt#dispose() */ public void dispose() { validator.dispose(); } /** * @return the proxy support information * @see eu.emi.security.authn.x509.X509CertChainValidatorExt#getProxySupport() */ public ProxySupport getProxySupport() { return validator.getProxySupport(); } /** * @param certPath * the certificate path that will be validated * @return the {@link ValidationResult} * @see eu.emi.security.authn.x509.X509CertChainValidator#validate(java.security.cert.CertPath) */ public ValidationResult validate(CertPath certPath) { return validator.validate(certPath); } /** * @return revocation parameters for the wrapped validator * @see eu.emi.security.authn.x509.X509CertChainValidatorExt#getRevocationCheckingMode() */ public RevocationParameters getRevocationCheckingMode() { return validator.getRevocationCheckingMode(); } /** * @return trusted issuers from the wrapped validator * @see eu.emi.security.authn.x509.X509CertChainValidator#getTrustedIssuers() */ public X509Certificate[] getTrustedIssuers() { return validator.getTrustedIssuers(); } /** * @param listener * the {@link ValidationErrorListener} to be added to this validator * * @see eu.emi.security.authn.x509.X509CertChainValidator#addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener) */ public void addValidationListener(ValidationErrorListener listener) { validator.addValidationListener(listener); } /** * @param listener * the {@link ValidationErrorListener} that must be removed from * this validator * @see eu.emi.security.authn.x509.X509CertChainValidator#removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener) */ public void removeValidationListener(ValidationErrorListener listener) { validator.removeValidationListener(listener); } /** * @param listener * the {@link StoreUpdateListener} that must be added to this * validator * * @see eu.emi.security.authn.x509.X509CertChainValidator#addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener) */ public void addUpdateListener(StoreUpdateListener listener) { validator.addUpdateListener(listener); } /** * @param listener * the {@link StoreUpdateListener} that must be removed from this * validator * * @see eu.emi.security.authn.x509.X509CertChainValidator#removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener) */ public void removeUpdateListener(StoreUpdateListener listener) { validator.removeUpdateListener(listener); } } /** * A validation result cache entry. * * @author cecco * */ class CachedValidationResult { /** * Default constructor. * * @param certificateFingerprint * the certificate fingerprint for this entry * @param res * the validation result */ public CachedValidationResult(String certificateFingerprint, ValidationResult res) { certFingerprint = certificateFingerprint; result = res; timestamp = System.currentTimeMillis(); } /** The certificate fingerprint for this cache entry **/ private String certFingerprint; /** The validation result for this cache entry **/ private ValidationResult result; /** The cache entry creation timestamp **/ private long timestamp; /** * Returns the validation result for this entry. * * @return a {@link ValidationResult} */ public ValidationResult getResult() { return result; } /** * Sets the validation result for this entry * * @param result * a {@link ValidationResult} */ public void setResult(ValidationResult result) { this.result = result; } /** * Returns this entry creation timestamp. * * @return the timestamp expressed as milliseconds since epoch */ public long getTimestamp() { return timestamp; } /** * Sets this entry creation timestamp (in milliseconds since the epoch). * * @param timestamp * the timestamp */ public void setTimestamp(long timestamp) { this.timestamp = timestamp; } /** * Returns the certificate fingerprint for this entry. * * The certificate fingerprint is the SHA1 hash of the DER encoding of the * certificate. * * * * @return the fingerprint for this entry * @see FingerprintHelper */ public String getCertFingerprint() { return certFingerprint; } /** * * Sets the certificate finger for this entry. The certificate fingerprint is * the SHA1 hash of the DER encoding of the certificate. * * It can be computed with the * {@link FingerprintHelper#getFingerprint(X509Certificate)} method. * * @param certFingerprint * a certificate fingerprint describing a certificate */ public void setCertFingerprint(String certFingerprint) { this.certFingerprint = certFingerprint; } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((certFingerprint == null) ? 0 : certFingerprint.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; CachedValidationResult other = (CachedValidationResult) obj; if (certFingerprint == null) { if (other.certFingerprint != null) return false; } else if (!certFingerprint.equals(other.certFingerprint)) return false; return true; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/CertificateValidatorBuilder.java000066400000000000000000000434271265712655300321300ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.util.Arrays; import org.italiangrid.voms.ac.impl.DefaultVOMSValidator; import eu.emi.security.authn.x509.CrlCheckingMode; import eu.emi.security.authn.x509.NamespaceCheckingMode; import eu.emi.security.authn.x509.OCSPCheckingMode; import eu.emi.security.authn.x509.OCSPParametes; import eu.emi.security.authn.x509.ProxySupport; import eu.emi.security.authn.x509.StoreUpdateListener; import eu.emi.security.authn.x509.ValidationErrorListener; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.CRLParameters; import eu.emi.security.authn.x509.impl.OpensslCertChainValidator; import eu.emi.security.authn.x509.impl.RevocationParametersExt; import eu.emi.security.authn.x509.impl.ValidatorParamsExt; /** * A utility class which provides convenient methods to build a certificate * validator with defaults that are meaningful for VOMS usage. * * @author cecco * */ public class CertificateValidatorBuilder { /** * This enum determine which hash function is configured for the canl * {@link OpensslCertChainValidator} to resolve CRLs and other trust anchors * files. */ public static enum OpensslHashFunction { MD5, SHA1 }; /** * The default Openssl hash function value. MD5 is chosen to ensure * compatibility with Openssl pre 1.0 deployments. */ public static final OpensslHashFunction DEFAULT_OPENSSL_HASH_FUNCTION = OpensslHashFunction.MD5; /** * The default CRL checking policy. */ public static final CrlCheckingMode DEFAULT_CRL_CHECKS = CrlCheckingMode.IF_VALID; /** * The default OCSP checking policy. */ public static final OCSPCheckingMode DEFAULT_OCSP_CHECKS = OCSPCheckingMode.IGNORE; /** * The default namespace checking policy. */ public static final NamespaceCheckingMode DEFAULT_NS_CHECKS = NamespaceCheckingMode.GLOBUS_EUGRIDPMA; /** * The default trust anchors directory. */ public static final String DEFAULT_TRUST_ANCHORS_DIR = "/etc/grid-security/certificates"; /** * By default this builder builds non-lazy validators */ public static final Boolean DEFAULT_VALIDATOR_IS_LAZY = Boolean.FALSE; /** * Default validator trust anchor update interval. */ public static final long DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL = 0L; private String trustAnchorsDir = DEFAULT_TRUST_ANCHORS_DIR; private ValidationErrorListener validationErrorListener = null; private StoreUpdateListener storeUpdateListener = null; private long trustAnchorsUpdateInterval = DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL; private boolean lazyAnchorsLoading = DEFAULT_VALIDATOR_IS_LAZY; private NamespaceCheckingMode namespaceChecks = DEFAULT_NS_CHECKS; private CrlCheckingMode crlChecks = DEFAULT_CRL_CHECKS; private OCSPCheckingMode ocspChecks = DEFAULT_OCSP_CHECKS; private OpensslHashFunction opensslHashFunction = DEFAULT_OPENSSL_HASH_FUNCTION; public CertificateValidatorBuilder() { } /** * Sets the openssl hash function for this builder * * @param f * the {@link OpensslHashFunction} * * @return the builder object */ public CertificateValidatorBuilder opensslHashFunction( OpensslHashFunction f) { opensslHashFunction = f; return this; } /** * Sets the store update listener for this builder * * @param l * the {@link StoreUpdateListener} * @return the builder object */ public CertificateValidatorBuilder storeUpdateListener( StoreUpdateListener l) { storeUpdateListener = l; return this; } /** * Sets the trust anchors dir for this builder * * @param dir * the trust anchors directory * @return the builder object */ public CertificateValidatorBuilder trustAnchorsDir(String dir) { trustAnchorsDir = dir; return this; } /** * Sets the validation error listener for this builder * * @param l * the {@link ValidationErrorListener} * @return the builder object */ public CertificateValidatorBuilder validationErrorListener( ValidationErrorListener l) { validationErrorListener = l; return this; } /** * Sets the trust anchors update interval for this builder * * @param interval * the update interval * @return the builder object */ public CertificateValidatorBuilder trustAnchorsUpdateInterval(long interval) { trustAnchorsUpdateInterval = interval; return this; } /** * Sets whether the created validator will be lazy in loading anchors * * @param lazyness * the boolean flag that determines if the validator will be lazy in * loading trust anchors * * @return the builder object */ public CertificateValidatorBuilder lazyAnchorsLoading(boolean lazyness) { lazyAnchorsLoading = lazyness; return this; } /** * Sets the namespace checking mode for this builder * * @param nsChecks * the {@link NamespaceCheckingMode} * @return the builder object */ public CertificateValidatorBuilder namespaceChecks( NamespaceCheckingMode nsChecks) { namespaceChecks = nsChecks; return this; } /** * Sets the crl checking mode for this builder * * @param crl * the {@link CrlCheckingMode} * @return the builder object */ public CertificateValidatorBuilder crlChecks(CrlCheckingMode crl) { crlChecks = crl; return this; } /** * Sets the ocsp checking mode for this builder * * @param ocsp * the {@link OCSPCheckingMode} * @return the builder object */ public CertificateValidatorBuilder ocspChecks(OCSPCheckingMode ocsp) { ocspChecks = ocsp; return this; } /** * Builds an {@link OpensslCertChainValidator} according to the parameters set * for this builder * * @return the {@link X509CertChainValidatorExt} */ public X509CertChainValidatorExt build() { RevocationParametersExt revocationParameters = new RevocationParametersExt( crlChecks, new CRLParameters(), new OCSPParametes(ocspChecks)); ValidatorParamsExt validationParams = new ValidatorParamsExt( revocationParameters, ProxySupport.ALLOW); if (storeUpdateListener != null){ validationParams.setInitialListeners(Arrays.asList(storeUpdateListener)); } boolean openssl1xMode = false; if (opensslHashFunction == OpensslHashFunction.SHA1){ openssl1xMode = true; } OpensslCertChainValidator validator = new OpensslCertChainValidator( trustAnchorsDir, openssl1xMode, namespaceChecks, trustAnchorsUpdateInterval, validationParams, lazyAnchorsLoading); if (validationErrorListener != null){ validator.addValidationListener(validationErrorListener); } return validator; } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param storeUpdateListener * the listener that will receive notifications about trust store * update events * @param updateInterval * the trust anchor store update interval * @param namespaceChecks * the namespace checking policy * @param crlChecks * the crl checking policy * @param ocspChecks * the ocsp checking policy * * @return an Openssl-style certificate validator configured as specified in * the parameters */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long updateInterval, NamespaceCheckingMode namespaceChecks, CrlCheckingMode crlChecks, OCSPCheckingMode ocspChecks) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, storeUpdateListener, updateInterval, namespaceChecks, crlChecks, ocspChecks, true); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param storeUpdateListener * the listener that will receive notifications about trust store * update events * @param updateInterval * the trust anchor store update interval * @param namespaceChecks * the namespace checking policy * @param crlChecks * the crl checking policy * @param ocspChecks * the ocsp checking policy * @param lazy * whether the validator should be lazy in loading crls and * certificates * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, StoreUpdateListener storeUpdateListener, long updateInterval, NamespaceCheckingMode namespaceChecks, CrlCheckingMode crlChecks, OCSPCheckingMode ocspChecks, boolean lazy) { CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); return builder.trustAnchorsDir(trustAnchorsDir) .validationErrorListener(validationErrorListener) .storeUpdateListener(storeUpdateListener) .trustAnchorsUpdateInterval(updateInterval) .namespaceChecks(namespaceChecks).crlChecks(crlChecks) .ocspChecks(ocspChecks).lazyAnchorsLoading(lazy).build(); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param storeListener * the listener that will be informed of trust store load errors * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, StoreUpdateListener storeListener) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, storeListener, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param storeListener * the listener that will be informed of trust store load errors * * @param updateInterval * the trust anchor store update interval * * @param lazy * whether the certificate validator should be lazy in loading crls * and CAs * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. * */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, StoreUpdateListener storeListener, long updateInterval, boolean lazy) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, storeListener, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS, lazy); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param storeListener * the listener that will be informed of trust store load errors * * @param updateInterval * the trust anchor store update interval * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. * */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, StoreUpdateListener storeListener, long updateInterval) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, storeListener, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param updateInterval * the trust anchor store update interval * @param lazy * whether the certificate validator should be lazy in loading crls * and CAs * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. * */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, long updateInterval, boolean lazy) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, null, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS, lazy); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * @param validationErrorListener * the listener that will receive notification about validation * errors * @param updateInterval * the trust anchor store update interval * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. * */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir, ValidationErrorListener validationErrorListener, long updateInterval) { return buildCertificateValidator(trustAnchorsDir, validationErrorListener, null, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } /** * Builds an Openssl-style certificate validator configured as specified in * the parameters * * @param trustAnchorsDir * the directory where trust anchors are loaded from * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. */ public static X509CertChainValidatorExt buildCertificateValidator( String trustAnchorsDir) { return buildCertificateValidator(trustAnchorsDir, null, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } /** * Builds an Openssl-style certificate validator. * * @return an Openssl-style certificate validator configured as specified in * the parameters * * @deprecated Create a {@link CertificateValidatorBuilder} object instead. */ public static X509CertChainValidatorExt buildCertificateValidator() { return buildCertificateValidator( DefaultVOMSValidator.DEFAULT_TRUST_ANCHORS_DIR, null, null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/CredentialsUtils.java000066400000000000000000000157321265712655300300050ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; import java.io.OutputStream; import java.io.RandomAccessFile; import java.nio.ByteBuffer; import java.nio.channels.FileChannel; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.Arrays; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.helpers.CertificateHelpers; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding; /** * An utility class for handling credentials * * @author Daniele Andreotti * @author Andrea Ceccanti * */ public class CredentialsUtils { /** * * The encoding used to serialize proxy credentials private key. * */ public enum PrivateKeyEncoding { PKCS_1, PKCS_8 } /** * The default encoding used when no encoding is specified by callers. */ public static final PrivateKeyEncoding DEFAULT_ENCONDING = PrivateKeyEncoding.PKCS_1; /** * Serializes a private key to an output stream according to an encoding. * * @param os * the target output stream * @param key * the key to be serialized * @param encoding * the encoding * * @throws IllegalArgumentException * for unsupported private key encodings * @throws IOException * if write fails for any reason on the output stream */ public static void savePrivateKey(OutputStream os, PrivateKey key, PrivateKeyEncoding encoding) throws IOException { switch (encoding) { case PKCS_1: savePrivateKeyPKCS1(os, key); break; case PKCS_8: savePrivateKeyPKCS8(os, key); break; default: throw new IllegalArgumentException("Unsupported private key encoding: " + encoding.name()); } } /** * Serializes a private key to an output stream following the pkcs8 encoding. * * This method just delegates to canl, but provides a much more understandable * signature. * * @param os * @param key * @throws IllegalArgumentException * @throws IOException */ private static void savePrivateKeyPKCS8(OutputStream os, PrivateKey key) throws IllegalArgumentException, IOException { CertificateUtils.savePrivateKey(os, key, Encoding.PEM, null, null); } /** * Serializes a private key to an output stream following the pkcs1 encoding. * * This method just delegates to canl, but provides a much more understandable * signature. * * @param os * @param key * @throws IllegalArgumentException * @throws IOException */ private static void savePrivateKeyPKCS1(OutputStream os, PrivateKey key) throws IllegalArgumentException, IOException { CertificateUtils.savePrivateKey(os, key, Encoding.PEM, null, new char[0], true); } /** * Saves user credentials as a plain text PEM data.
* Writes the user certificate chain first, then the user key. * * @param os * the output stream * @param uc * the user credential that must be serialized * @param encoding * the private key encoding * * * @throws IOException * in case of errors writing on the output stream */ public static void saveProxyCredentials(OutputStream os, X509Credential uc, PrivateKeyEncoding encoding) throws IOException { X509Certificate[] chain = CertificateHelpers.sortChain(Arrays.asList(uc .getCertificateChain())); PrivateKey key = uc.getKey(); X509Certificate cert = uc.getCertificate(); CertificateUtils.saveCertificate(os, cert, Encoding.PEM); if (key != null) savePrivateKey(os, key, encoding); X509Certificate c = null; for (int index = 1; index < chain.length; index++) { c = chain[index]; int basicConstraints = c.getBasicConstraints(); // Only save non-CA certs to proxy file if (basicConstraints < 0){ CertificateUtils.saveCertificate(os, c, Encoding.PEM); } } os.flush(); } /** * * Saves user credentials as a plain text PEM data.
* Writes the user certificate chain first, then the user key, using the * default encoding specified in {@link #DEFAULT_ENCONDING}. * * @param os * the output stream for the saved proxy * * @param uc * the user credential * * @throws IOException * in case of errors writing to the output stream * */ public static void saveProxyCredentials(OutputStream os, X509Credential uc) throws IOException { saveProxyCredentials(os, uc, DEFAULT_ENCONDING); } /** * Saves proxy credentials to a file. This method ensures that the stored * proxy is saved with the appropriate file permissions. * * @param proxyFileName * the file where the proxy will be saved * @param uc * the credential to be saved * @param encoding * the private key encoding * @throws IOException * in case of errors writing to the proxy file */ public static void saveProxyCredentials(String proxyFileName, X509Credential uc, PrivateKeyEncoding encoding) throws IOException { File f = new File(proxyFileName); RandomAccessFile raf = new RandomAccessFile(f, "rws"); FileChannel channel = raf.getChannel(); FilePermissionHelper.setProxyPermissions(proxyFileName); channel.truncate(0); ByteArrayOutputStream baos = new ByteArrayOutputStream(); saveProxyCredentials(baos, uc, encoding); baos.close(); channel.write(ByteBuffer.wrap(baos.toByteArray())); channel.close(); raf.close(); } /** * * Saves proxy credentials to a file. This method ensures that the stored * proxy is saved with the appropriate file permissions, using the default * encoding specified in {@link #DEFAULT_ENCONDING}. * * @param proxyFileName * the file where the proxy will be saved * @param uc * the credential to be saved * * @throws IOException * in case of errors writing the credential to the proxy file */ public static void saveProxyCredentials(String proxyFileName, X509Credential uc) throws IOException { saveProxyCredentials(proxyFileName, uc, DEFAULT_ENCONDING); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/FilePermissionHelper.java000066400000000000000000000173141265712655300306150ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.io.BufferedReader; import java.io.File; import java.io.IOException; import java.io.InputStreamReader; import java.util.EnumSet; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.credential.FilePermissionError; /** * An helper class that does simple unix file permissions checks (until we get * proper support for this stuff in Java 7) * * @author Andrea Ceccanti * */ public class FilePermissionHelper { public static enum PosixFilePermission { USER_RO("400", "-r--------"), USER_RW("600", "-rw-------"), USER_ALL("700", "-rwx------"), ALL_PERMS("777", "-rwxrwxrwx"); private PosixFilePermission(String chmodForm, String statForm) { this.chmodForm = chmodForm; this.statForm = statForm; } private String statForm; private String chmodForm; public String statForm() { return statForm; } public String chmodForm() { return chmodForm; } } /** * Required file permissions for the private key file */ public static final EnumSet PRIVATE_KEY_PERMS = EnumSet .of(PosixFilePermission.USER_RO, PosixFilePermission.USER_RW); /** * String representation of private key required permissions. */ public static final String PRIVATE_KEY_PERMS_STR = PosixFilePermission.USER_RO .chmodForm() + ", " + PosixFilePermission.USER_RW.chmodForm(); /** * The command used to retrieve file permissions for a given file */ public static final String LS_CMD_TEMPLATE = "ls -al %s"; /** * The command used to set file permissions on a given file */ public static final String CHMOD_CMD_TEMPLATE = "chmod %s %s"; /** * Checks whether a proxy file has the right permissions * * @param proxyFile * the file to be checked * * @throws IOException * if an error occurs checking file attributes * @throws FilePermissionError * if permissions are not as expected */ public static void checkProxyPermissions(String proxyFile) throws IOException { matchesFilePermissions(proxyFile, PosixFilePermission.USER_RW); } /** * Checks whether a private key file has the 'right' permissions * * @param privateKeyFile * the file to be checked * @throws IOException * if an error occurs checking file attributes * @throws FilePermissionError * if the permissions are not correct */ public static void checkPrivateKeyPermissions(String privateKeyFile) throws IOException { for (PosixFilePermission p : PRIVATE_KEY_PERMS) { try { matchesFilePermissions(privateKeyFile, p); return; } catch (FilePermissionError e) { } } final String errorMessage = String.format( "Wrong file permissions on file %s. Required permissions are: %s ", privateKeyFile, PRIVATE_KEY_PERMS_STR); throw new FilePermissionError(errorMessage); } /** * Chekcs whether a pkcs12 file has the 'right' permissions * * @param pkcs12File * the file to be checked * @throws IOException * if an error occurs checking file attributes * @throws FilePermissionError * if the permissions are not correct */ public static void checkPKCS12Permissions(String pkcs12File) throws IOException { matchesFilePermissions(pkcs12File, PosixFilePermission.USER_RW); } /** * Checks that a given file has the appropriate unix permissions. This naive * implementation just fetches the output of ls -al on a given file and * matches the resulting string with the permissionString passed as argument. * * So the permissionString must be something like: * * 
   * -rw-------
   *
* * @param filename * the filename to be checked * @param p * the permission string that must be matched * @throws IOException * if an error occurs checking file attributes * @throws FilePermissionError * if file permissions are not as requested */ public static void matchesFilePermissions(String filename, PosixFilePermission p) throws IOException { filenameSanityChecks(filename); if (p == null) throw new NullPointerException("null permission passed as argument"); File f = new File(filename); // Don't get fooled by symlinks... String canonicalPath = f.getCanonicalPath(); String filePerms = getFilePermissions(canonicalPath); if (!filePerms.startsWith(p.statForm)) throw new FilePermissionError("Wrong file permissions on file " + filename + ". Required permissions are: " + p.chmodForm()); } private static void filenameSanityChecks(String filename) { if (filename == null) throw new NullPointerException("null filename passed as argument"); File f = new File(filename); if (!f.exists()) throw new VOMSError("File not found: " + filename); } private static String getFilePermissions(String filename) { String cmd = String.format(LS_CMD_TEMPLATE, filename); String permString; ProcessBuilder pb = new ProcessBuilder(cmd.split(" ")); try { Process p = pb.start(); int exitStatus = p.waitFor(); if (exitStatus != 0) throw new VOMSError("Cannot list properties for file '" + filename + "': error invoking the '" + cmd + "' os command!"); BufferedReader r = new BufferedReader(new InputStreamReader( p.getInputStream())); permString = r.readLine(); if (permString == null) throw new VOMSError("Cannot list properties for file '" + filename + "': the output of '" + cmd + "' is empty!"); return permString; } catch (IOException e) { throw new VOMSError("Cannot list properties for file '" + filename + "': " + e.getMessage(), e); } catch (InterruptedException e) { return null; } } public static void setProxyPermissions(String filename) { filenameSanityChecks(filename); setFilePermissions(filename, PosixFilePermission.USER_RW); } public static void setPKCS12Permissions(String filename) { filenameSanityChecks(filename); setFilePermissions(filename, PosixFilePermission.USER_RW); } public static void setPrivateKeyPermissions(String filename) { filenameSanityChecks(filename); setFilePermissions(filename, PosixFilePermission.USER_RO); } public static void setFilePermissions(String filename, PosixFilePermission perm) { String cmd = String.format(CHMOD_CMD_TEMPLATE, perm.chmodForm(), filename); ProcessBuilder pb = new ProcessBuilder(cmd.split(" ")); try { Process p = pb.start(); int exitStatus = p.waitFor(); if (exitStatus != 0) throw new VOMSError("Cannot change permissions on file '" + filename + "': error invoking the '" + cmd + "' os command!"); } catch (IOException e) { throw new VOMSError("Cannot list properties for file '" + filename + "': " + e.getMessage(), e); } catch (InterruptedException e) { throw new VOMSError("Interrupted while running os command!", e); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/FingerprintHelper.java000066400000000000000000000032271265712655300301520ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; public class FingerprintHelper { public static final String DEFAULT_DIGEST_ALGORITHM = "SHA-1"; private static String hexify(byte[] bytes) { char[] hexDigits = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; StringBuffer buf = new StringBuffer(bytes.length * 2); for (int i = 0; i < bytes.length; ++i) { buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]); buf.append(hexDigits[bytes[i] & 0x0f]); } return buf.toString(); } public static String getFingerprint(X509Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException { MessageDigest md = MessageDigest.getInstance(DEFAULT_DIGEST_ALGORITHM); byte[] der = cert.getEncoded(); md.update(der); byte[] digest = md.digest(); return hexify(digest); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/NullListener.java000066400000000000000000000073411265712655300271440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.io.File; import java.lang.Thread.UncaughtExceptionHandler; import java.security.cert.X509Certificate; import java.util.List; import org.italiangrid.voms.ac.ACLookupListener; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSErrorMessage; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.request.VOMSWarningMessage; import org.italiangrid.voms.store.LSCInfo; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStoreStatusListener; /** * * A Singleton Listener which swallows notification. * * @author andreaceccanti * */ public enum NullListener implements ACLookupListener, ValidationResultListener, VOMSServerInfoStoreListener, LoadCredentialsEventListener, VOMSTrustStoreStatusListener, UncaughtExceptionHandler, VOMSRequestListener, VOMSProtocolListener { INSTANCE; public void notifyVOMSRequestStart(VOMSACRequest request, VOMSServerInfo si) { } public void notifyVOMSRequestSuccess(VOMSACRequest request, VOMSServerInfo endpoint) { } public void notifyVOMSRequestFailure(VOMSACRequest request, VOMSServerInfo endpoint, Throwable error) { } public void notifyErrorsInVOMSReponse(VOMSACRequest request, VOMSServerInfo si, VOMSErrorMessage[] errors) { } public void notifyWarningsInVOMSResponse(VOMSACRequest request, VOMSServerInfo si, VOMSWarningMessage[] warnings) { } public void uncaughtException(Thread t, Throwable e) { } public void notifyTrustStoreUpdate(VOMSTrustStore store) { } public void notifyCertficateLookupEvent(String dir) { } public void notifyLSCLookupEvent(String dir) { } public void notifyCertificateLoadEvent(X509Certificate cert, File f) { } public void notifyLSCLoadEvent(LSCInfo lsc, File f) { } public void notifyCredentialLookup(String... locations) { } public void notifyLoadCredentialSuccess(String... locations) { } public void notifyLoadCredentialFailure(Throwable error, String... locations) { } public void notifyNoValidVOMSESError(List searchedPaths) { } public void notifyVOMSESlookup(String vomsesPath) { } public void notifyVOMSESInformationLoaded(String vomsesPath, VOMSServerInfo info) { } public void notifyValidationResult(VOMSValidationResult result) { } public void notifyACLookupEvent(X509Certificate[] chain, int chainLevel) { } public void notifyACParseEvent(X509Certificate[] chain, int chainLevel) { } public void notifyHTTPRequest(String url) { } public void notifyLegacyRequest(String xmlLegacyRequest) { } public void notifyReceivedResponse(VOMSResponse r) { } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/TimeUtils.java000066400000000000000000000044741265712655300264470ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.util.Calendar; import java.util.Date; /** * Time utilities. * * @author cecco * */ public class TimeUtils { private TimeUtils() { } /** * Checks that a date falls in the interval allowing for a certain clock skew * expressed in minutes. The interval defined by (startDate, endDate) is * modified to be (startDate - skewInMinutes, endDate + skewInMinutes). * * @param timeToCheck * the time to be checked * @param startDate * the start date of the time range * @param endDate * the end date of the time range * @param skewInMinutes * the clock skew in minutes to take into account * * @throws IllegalArgumentException * if passed an illegal time range * @return true, if the time is in the given range, * false otherwise */ public static boolean checkTimeInRangeWithSkew(Date timeToCheck, Date startDate, Date endDate, int skewInMinutes) { if (startDate.after(endDate) || startDate.equals(endDate)) { String msg = String .format( "Illegal time interval: start date must be before end date. [start date: %s, end date: %s]", startDate, endDate); throw new IllegalArgumentException(msg); } Calendar cal = Calendar.getInstance(); cal.setTime(startDate); cal.add(Calendar.MINUTE, -skewInMinutes); Date skewedStartDate = cal.getTime(); cal.clear(); cal.setTime(endDate); cal.add(Calendar.MINUTE, skewInMinutes); Date skewedEndDate = cal.getTime(); return skewedEndDate.after(timeToCheck) && skewedStartDate.before(timeToCheck); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/VOMSBase64Decoder.java000066400000000000000000000062651265712655300275470ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; // Gidon Moont // Imperial College London // Copyright (C) April 2006 // Voms uses a non-standard Base-64 algorithm. Hmmm... import org.bouncycastle.util.encoders.Base64; /** * * This class implements a decoder for the non-standard Base-64 algorithm used * by voms. * * * @author Gidon Moont * @author Vincenzo Ciaschini * */ public class VOMSBase64Decoder { // matrix out of src/common/xml.c private static int[] decodemapint = new int[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 0, 0, 0, 0, 0, 0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 62, 0, 63, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0 }; private static byte[] decodemapbyte = new byte[128]; static { for (int i = 0; i < 128; i++) { decodemapbyte[i] = (byte) decodemapint[i]; } } public static byte[] decode(String s) { if (s.indexOf('\n') != -1) { return Base64.decode(s.trim().replaceAll("\n", "")); } else return mydecode(s); } private static byte[] mydecode(String s) { char[] in = s.toCharArray(); int iLen = in.length; // cuts off end - do I need this? // while (iLen > 0 && in[iLen-1] == '=') iLen--; int oLen = (iLen * 3) / 4; byte[] out = new byte[oLen]; int ip = 0; int op = 0; while (ip < iLen) { int i0 = in[ip++]; int i1 = in[ip++]; int i2 = ip < iLen ? in[ip++] : 'A'; int i3 = ip < iLen ? in[ip++] : 'A'; if (i0 > 127 || i1 > 127 || i2 > 127 || i3 > 127) throw new IllegalArgumentException( "Illegal character in Base64 encoded data."); int b0 = decodemapbyte[i0]; int b1 = decodemapbyte[i1]; int b2 = decodemapbyte[i2]; int b3 = decodemapbyte[i3]; if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0) throw new IllegalArgumentException( "Illegal character in Base64 encoded data."); // ???????????? int o0 = (b0 << 2) | (b1 >>> 4); int o1 = ((b1 & 0xf) << 4) | (b2 >>> 2); int o2 = ((b2 & 3) << 6) | b3; out[op++] = (byte) o0; if (op < oLen) out[op++] = (byte) o1; if (op < oLen) out[op++] = (byte) o2; } return out; } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/VOMSFQANNamingScheme.java000066400000000000000000000156461265712655300302440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.italiangrid.voms.VOMSError; /** * This class provides utility methods that are used for parsing, matching voms * FQANs (Fully Qualified Attribute Names). * * @author Karoly Lorentey * @author Andrea Ceccanti * * */ public class VOMSFQANNamingScheme { public static final String fqanSyntax = "^(/[\\w.-]+)+|((/[\\w.-]+)+/)?(Role=[\\w.-]+)|(Capability=[\\w\\s.-]+)$"; public static final String groupSyntax = "^(/[\\w.-]+)+$"; public static final String roleSyntax = "^Role=[\\w.-]+$"; public static final String qualifiedRoleSyntax = "^(/[\\w.-]+)+/Role=[\\w.-]+$"; public static final String capabilitySyntax = "^Capability=[\\w\\s.-]+$"; public static final Pattern fqanPattern = Pattern.compile(fqanSyntax); public static final Pattern groupPattern = Pattern.compile(groupSyntax); public static final Pattern rolePattern = Pattern.compile(roleSyntax); public static final Pattern qualifiedRolePattern = Pattern .compile(qualifiedRoleSyntax); public static final Pattern capabilityPattern = Pattern .compile(capabilitySyntax); /** * This methods checks that the string passed as argument complies with the * voms FQAN syntax. * * @param fqan * the string that must be checked for compatibility with FQAN * syntax. * @throws VOMSError * If there's an error in the FQAN syntax. */ public static void checkSyntax(String fqan) { if (fqan.length() > 255) throw new VOMSError("fqan.length() > 255"); if (!fqanPattern.matcher(fqan).matches()) throw new VOMSError("Syntax error in fqan: " + fqan); } /** * * This methods checks that the fqan passed as argument complies with the * syntax used by voms to identify groups. * * @param fqan * the string that has to be checked. * @throws VOMSError * If the string passed as argument doens not comply with the voms * sytax. */ public static void checkGroup(String fqan) { checkSyntax(fqan); if (!groupPattern.matcher(fqan).matches()) throw new VOMSError("Syntax error in group name: " + fqan); } /** * This methods checks that the string passed as argument complies with the * syntax used by voms to identify roles. * * * @param roleName * the name of the role * @throws VOMSError * If the string passed as argument doens not comply with the voms * sytax. */ public static void checkRole(String roleName) { if (roleName.length() > 255) throw new VOMSError("roleName.length()>255"); if (!rolePattern.matcher(roleName).matches()) throw new VOMSError("Syntax error in role name: " + roleName); } /** * This methods checks that the FQAN passed as argument identifies a voms * group. * * @param groupName * the string to check. * @return
    *
  • true, if the string passed as argument identifies a voms group. *
  • false, otherwise. *
*/ public static boolean isGroup(String groupName) { checkSyntax(groupName); return groupPattern.matcher(groupName).matches(); } /** * This methods checks that the FQAN passed as argument identifies a voms * role. * * @param roleName * the string to check. * @return
    *
  • true, if the string passed as argument identifies a voms role. *
  • false, otherwise. *
*/ public static boolean isRole(String roleName) { checkSyntax(roleName); return rolePattern.matcher(roleName).matches(); } /** * This methods checks that the FQAN passed as argument identifies a qualified * voms role, i.e., a role defined in the context of a voms group. * * @param fqan * the string to check. * @return
    *
  • true, if the string passed as argument identifies a qualified * voms role. *
  • false, otherwise. *
*/ public static boolean isQualifiedRole(String fqan) { checkSyntax(fqan); return qualifiedRolePattern.matcher(fqan).matches(); } /** * This method extracts the role name information from the FQAN passed as * argument. * * @param containerName * the FQAN * @return
    *
  • A string containing the role name, if found
    • *
  • null, if no role information is contained in the FQAN passed as * argument *
*/ public static String getRoleName(String containerName) { if (!isRole(containerName) && !isQualifiedRole(containerName)) throw new VOMSError("No role specified in \"" + containerName + "\" voms syntax."); Matcher m = fqanPattern.matcher(containerName); if (m.matches()) { String roleGroup = m.group(4); return roleGroup .substring(roleGroup.indexOf('=') + 1, roleGroup.length()); } return null; } /** * This method extracts group name information from the FQAN passed as * argument. * * @param containerName * the FQAN * @return
    *
  • A string containing the group name, if found
    • *
  • null, if no group information is contained in the FQAN passed * as argument *
*/ public static String getGroupName(String containerName) { checkSyntax(containerName); // If it's a container and it's not a role or a qualified role, then // it's a group! if (!isRole(containerName) && !isQualifiedRole(containerName)) return containerName; Matcher m = fqanPattern.matcher(containerName); if (m.matches()) { String groupName = m.group(2); if (groupName.endsWith("/")) return groupName.substring(0, groupName.length() - 1); else return groupName; } return null; } public static String toOldQualifiedRoleSyntax(String qualifiedRole) { checkSyntax(qualifiedRole); if (!isQualifiedRole(qualifiedRole)) throw new VOMSError("String passed as argument is not a qualified role!"); return getGroupName(qualifiedRole) + ":" + getRoleName(qualifiedRole); } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/XMLUtils.java000066400000000000000000000027601265712655300262050ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.util; import java.io.StringWriter; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.italiangrid.voms.VOMSError; import org.w3c.dom.Document; public class XMLUtils { public static String documentAsString(Document doc) { try { Transformer transformer = TransformerFactory.newInstance() .newTransformer(); transformer.setOutputProperty(OutputKeys.INDENT, "yes"); StreamResult result = new StreamResult(new StringWriter()); DOMSource source = new DOMSource(doc); transformer.transform(source, result); return result.getWriter().toString(); } catch (Throwable e) { throw new VOMSError(e.getMessage(), e); } } } voms-api-java-3.1.0/src/main/java/org/italiangrid/voms/util/package-info.java000066400000000000000000000013461265712655300270470ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package provides utility classes used in other packages. */ package org.italiangrid.voms.util; voms-api-java-3.1.0/src/main/resources/000077500000000000000000000000001265712655300177265ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/resources/org/000077500000000000000000000000001265712655300205155ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/resources/org/italiangrid/000077500000000000000000000000001265712655300230045ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/resources/org/italiangrid/voms/000077500000000000000000000000001265712655300237705ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/resources/org/italiangrid/voms/error/000077500000000000000000000000001265712655300251215ustar00rootroot00000000000000voms-api-java-3.1.0/src/main/resources/org/italiangrid/voms/error/validationErrors.properties000066400000000000000000000037151265712655300325740ustar00rootroot00000000000000# # Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ## Other other = Validation error: {0} ## CAnL canlError = CAnL certificate validation error: {0} ## Validity acNotValidAtCurrentTime = AC validity check failed: AC not valid at current time. [AC start time: {0}, AC end time: {1}, now: {2}] ## LSC lscFileNotFound = LSC validation failed: LSC file matching VOMS attributes not found in store. emptyAcCertsExtension = LSC validation failed: AC certs extension is empty. lscDescriptionDoesntMatchAcCert = LSC validation failed: LSC chain description does not match AA certificate chain embedded in the VOMS AC! invalidAcCert = LSC validation failed: AA certificate chain embedded in the VOMS AC failed certificate validation! acCertFailsSignatureVerification = LSC signature validation failed: matching AA cert {0} fails signature verification. ## Local AA cert aaCertNotFound = AC signature verification failure: no valid VOMS server credential found. invalidAaCert = AC signature verification failure: local AA cert failed certificate validation! aaCertFailsSignatureVerification = Signature validation failed: matching AA cert {0} fails signature verification. ## Holder check acHolderDoesntMatchCertChain = AC holder check failed: AC holder {0} does not match certificate chain subject {1}. ## Targets check localhostDoesntMatchAcTarget = AC target check failed: local host {0} is not in the AC target list {1}. voms-api-java-3.1.0/src/test/000077500000000000000000000000001265712655300157475ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/000077500000000000000000000000001265712655300166705ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/000077500000000000000000000000001265712655300174575ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/000077500000000000000000000000001265712655300217465ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/000077500000000000000000000000001265712655300227325ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/000077500000000000000000000000001265712655300237115ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestDefaultVOMSTrustStore.java000066400000000000000000000062711265712655300315720ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * */ package org.italiangrid.voms.test; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; import java.util.List; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore; import org.junit.Test; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding; /** * @author Andrea Ceccanti * */ public class TestDefaultVOMSTrustStore { @Test(expected = VOMSError.class) public void testEmptyTrustDirsFailure() { @SuppressWarnings({ "unused", "unchecked" }) DefaultVOMSTrustStore store = new DefaultVOMSTrustStore( Collections.EMPTY_LIST); } @Test(expected = VOMSError.class) public void testNonExistentTrustDirsFailure() { List trustDirs = Arrays.asList(new String[] { "/etc/do/not/exist", "/etc/grid-security/vomsdir" }); @SuppressWarnings("unused") DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(trustDirs); } // FIXME: This test assumes /etc/grid-security/vomsdir exists in the machine // where the test run. Disabling it // for now. public void testDefaultTrustDir() { DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(); List trustDirs = store.getLocalTrustedDirectories(); assertEquals(1, trustDirs.size()); assertEquals(DefaultVOMSTrustStore.DEFAULT_VOMS_DIR, trustDirs.get(0)); } @Test public void testEmptyTrustDir() { List trustDirs = Arrays.asList("src/test/resources/empty-vomsdir"); @SuppressWarnings("unused") DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(trustDirs); } @Test public void testCertificateParsing() throws FileNotFoundException, IOException { String vomsDir = "src/test/resources/vomsdir"; String certFileName = "src/test/resources/vomsdir/test-host.cnaf.infn.it.pem"; X509Certificate cert = CertificateUtils.loadCertificate( new FileInputStream(certFileName), Encoding.PEM); List trustDirs = Arrays.asList(new String[] { vomsDir }); DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(trustDirs); assertEquals(1, store.getLocalAACertificates().size()); assertTrue(cert.getSubjectX500Principal().equals( store.getLocalAACertificates().get(0).getSubjectX500Principal())); } public void testUpdatingVOMSTrustStore() { } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestFilePermissionHelper.java000066400000000000000000000050661265712655300315130ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.io.IOException; import org.italiangrid.voms.credential.FilePermissionError; import org.italiangrid.voms.util.FilePermissionHelper; import org.italiangrid.voms.util.FilePermissionHelper.PosixFilePermission; import org.junit.BeforeClass; import org.junit.Test; public class TestFilePermissionHelper { public static final String keyWithRightPerms = "src/test/resources/perm-test/test0.key.pem"; public static final String p12WithRightPerms = "src/test/resources/perm-test/test0.p12"; public static final String keyWithWrongPerms = "src/test/resources/perm-test/test1.key.pem"; public static final String p12WithWrongPerms = "src/test/resources/perm-test/test1.p12"; public static final String keyWith600Perms = "src/test/resources/perm-test/test2.key.pem"; @BeforeClass public static void setupPermissions() { FilePermissionHelper.setPrivateKeyPermissions(keyWithRightPerms); FilePermissionHelper.setPKCS12Permissions(p12WithRightPerms); FilePermissionHelper.setFilePermissions(keyWithWrongPerms, PosixFilePermission.ALL_PERMS); FilePermissionHelper.setFilePermissions(p12WithWrongPerms, PosixFilePermission.ALL_PERMS); FilePermissionHelper.setFilePermissions(keyWith600Perms, PosixFilePermission.USER_RW); } @Test public void testFilePermissions() throws IOException { FilePermissionHelper.checkPrivateKeyPermissions(keyWithRightPerms); FilePermissionHelper.checkPrivateKeyPermissions(keyWith600Perms); FilePermissionHelper.checkPKCS12Permissions(p12WithRightPerms); } @Test(expected = FilePermissionError.class) public void testFilePermissionsFailureKey() throws IOException { FilePermissionHelper.checkPrivateKeyPermissions(keyWithWrongPerms); } @Test(expected = FilePermissionError.class) public void testFilePermissionsFailureP12() throws IOException { FilePermissionHelper.checkPKCS12Permissions(p12WithWrongPerms); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestFingerprint.java000066400000000000000000000032641265712655300277100ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import org.italiangrid.voms.util.FingerprintHelper; import org.junit.Test; import eu.emi.security.authn.x509.impl.PEMCredential; public class TestFingerprint { public static final String keyPassword = "pass"; public static final String pemCert = "src/test/resources/certs/test0.cert.pem"; public static final String pemKey = "src/test/resources/certs/test0.key.pem"; @Test public void testGetFingerprint() throws KeyStoreException, CertificateException, FileNotFoundException, IOException, NoSuchAlgorithmException { PEMCredential cred = new PEMCredential(new FileInputStream(pemKey), new FileInputStream(pemCert), keyPassword.toCharArray()); String fingerprint = FingerprintHelper .getFingerprint(cred.getCertificate()); System.out.println(fingerprint); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestLSCParser.java000066400000000000000000000072401265712655300272150ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.fail; import java.io.ByteArrayInputStream; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.store.impl.DefaultLSCFileParser; import org.italiangrid.voms.store.impl.LSCFile; import org.junit.Test; public class TestLSCParser { @Test public void testParse() { DefaultLSCFileParser parser = new DefaultLSCFileParser(); String lscContent = "# First line is a comment \n" + "--- second line should skipped \n" + "/C=it/O=org/CN=commonName\n" + " \t\n" + "/C=it/O=org/CN=CA\n"; LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream(lscContent.getBytes())); assertNull(f.getFilename()); assertEquals("vo", f.getVo()); assertEquals("host", f.getHostname()); assertNotNull(f.getCertificateChainDescription()); assertEquals(2, f.getCertificateChainDescription().size()); assertEquals("/C=it/O=org/CN=commonName", f .getCertificateChainDescription().get(0)); assertEquals("/C=it/O=org/CN=CA", f.getCertificateChainDescription().get(1)); } @Test public void testOddLSCFileParseError() { String singleEntryLSCFile = "# This is a comment \n" + "/C=it/O=org/CN=commonName\n"; String errorMessage = "LSC file parsing error: " + "Malformed LSC file (vo=vo, host=host): " + "Odd number of distinguished name entries."; DefaultLSCFileParser parser = new DefaultLSCFileParser(); try { @SuppressWarnings("unused") LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream( singleEntryLSCFile.getBytes())); } catch (VOMSError e) { assertEquals(errorMessage, e.getMessage()); return; } fail("No error caught for malformed, single line LSC file parsing."); } @Test public void testEmptyLSCFileParseError() { DefaultLSCFileParser parser = new DefaultLSCFileParser(); String emptyLSCContent = "# This is a comment"; String errorMessage = "LSC file parsing error: " + "Malformed LSC file (vo=vo, host=host): " + "No distinguished name entries found."; try { @SuppressWarnings("unused") LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream( emptyLSCContent.getBytes())); } catch (VOMSError e) { assertEquals(errorMessage, e.getMessage()); return; } fail("No error caught for malformed, empty LSC file parsing."); } @Test public void testNonExistingFileParse() { DefaultLSCFileParser parser = new DefaultLSCFileParser(); String nonExistentFile = "/this/file/doesnt/exist"; try { @SuppressWarnings("unused") LSCFile f = parser.parse("vo", "host", nonExistentFile); } catch (VOMSError e) { assertEquals("LSC file does not exist: " + nonExistentFile, e.getMessage()); return; } fail("VOMS error not thrown for non existing LSC file parsing attempt."); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestOpensslHashFunction.java000066400000000000000000000100101265712655300313410ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.io.IOException; import java.security.KeyStoreException; import java.security.cert.CertificateException; import org.italiangrid.voms.util.CertificateValidatorBuilder; import org.italiangrid.voms.util.CertificateValidatorBuilder.OpensslHashFunction; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.ValidationResult; import eu.emi.security.authn.x509.impl.PEMCredential; public class TestOpensslHashFunction { static final String trustAnchorsDir = "src/test/resources/trust-anchors"; static final String md5TrustAnchorsDir = "src/test/resources/md5-trust-anchors"; static final String sha1TrustAnchorsDir = "src/test/resources/sha1-trust-anchors"; static final String keyPassword = "pass"; static final String userCert = "src/test/resources/certs/test0.cert.pem"; static final String userKey = "src/test/resources/certs/test0.key.pem"; static PEMCredential cred; @BeforeClass public static void init() throws KeyStoreException, CertificateException, IOException { cred = new PEMCredential(userKey, userCert, keyPassword.toCharArray()); } @Test public void testDefaultHashIsMD5() { CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); builder.trustAnchorsDir(md5TrustAnchorsDir); ValidationResult result = builder.build() .validate(cred.getCertificateChain()); Assert.assertTrue(result.isValid()); } @Test public void testSHA1Hash() { CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); builder.trustAnchorsDir(sha1TrustAnchorsDir) .opensslHashFunction(OpensslHashFunction.SHA1); ValidationResult result = builder.build() .validate(cred.getCertificateChain()); Assert.assertTrue(result.isValid()); } @Test public void testMD5HashFailsOnSHA1Dir() { CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); builder.trustAnchorsDir(sha1TrustAnchorsDir); ValidationResult result = builder.build() .validate(cred.getCertificateChain()); Assert.assertFalse(result.isValid()); Assert.assertEquals(2, result.getErrors().size()); Assert.assertEquals( "No trusted CA certificate was found for the certificate chain", result.getErrors().get(0).getMessage()); Assert.assertEquals( "Trusted issuer of this certificate was not established", result.getErrors().get(1).getMessage()); Assert.assertEquals(cred.getCertificate().getSubjectDN(), result.getErrors().get(1).getChain()[0].getSubjectDN()); } @Test public void testSHA1FailsOnMD5Dir() { CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); builder.trustAnchorsDir(md5TrustAnchorsDir) .opensslHashFunction(OpensslHashFunction.SHA1); ValidationResult result = builder.build() .validate(cred.getCertificateChain()); Assert.assertFalse(result.isValid()); Assert.assertEquals(2, result.getErrors().size()); Assert.assertEquals( "No trusted CA certificate was found for the certificate chain", result.getErrors().get(0).getMessage()); Assert.assertEquals( "Trusted issuer of this certificate was not established", result.getErrors().get(1).getMessage()); Assert.assertEquals(cred.getCertificate().getSubjectDN(), result.getErrors().get(1).getChain()[0].getSubjectDN()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestTimeUtils.java000066400000000000000000000047521265712655300273430ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.util.Calendar; import java.util.Date; import org.junit.Assert; import org.italiangrid.voms.util.TimeUtils; import org.junit.Test; public class TestTimeUtils { @Test public void testSuccessfulCompute() { Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.MINUTE, 1); Date nowPlus1Minute = cal.getTime(); Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, now, nowPlus1Minute, 1)); } @Test(expected = IllegalArgumentException.class) public void testSameArgumentFailure() { Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); TimeUtils.checkTimeInRangeWithSkew(now, now, now, 1); } @Test(expected = IllegalArgumentException.class) public void testInvertedIntervalFailure() { Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.MINUTE, -5); Date fiveMinutesAgo = cal.getTime(); TimeUtils.checkTimeInRangeWithSkew(now, now, fiveMinutesAgo, 1); } @Test public void testLowerBound() { Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.MINUTE, 2); Date nowPlus2minute = cal.getTime(); cal.add(Calendar.YEAR, 1); Date inOneYear = cal.getTime(); Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute, inOneYear, 2)); Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute, inOneYear, 3)); } @Test public void testUpperBound() { Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.YEAR, -1); Date oneYearAgo = cal.getTime(); Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now, 0)); Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now, 1)); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestVOMSESLineParser.java000066400000000000000000000167051265712655300304260ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThat; import static org.junit.Assert.fail; import java.net.URISyntaxException; import org.hamcrest.CoreMatchers; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.impl.VOMSESLineParser; import org.junit.Test; public class TestVOMSESLineParser { @Test public void nullLineFailure() throws URISyntaxException { String line = null; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertEquals("Cannot parse a null VOMSES line", e.getMessage()); } } @Test public void emptyLineReturnsNull() throws URISyntaxException { String line = ""; VOMSESLineParser p = new VOMSESLineParser(); VOMSServerInfo i = p.parse(line); assertNull(i); } @Test public void emptyAlias() { String line = "\"\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: empty 'vo alias' field.")); } } @Test public void incompleteAlias() { String line = "\"incomplete-alias"; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: incomplete 'vo alias' field.")); } } @Test public void incompleteHost() { String line = "\"alias\" \"voms.cnaf.infn.it"; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: incomplete 'voms host' field.")); } } @Test public void onlyAlias() { String line = "\"ciccio\" "; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: incomplete information")); } } @Test public void minimumInfoFailure() { String line = "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: incomplete information")); } } @Test public void minimumInfo() { String line = "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\" \"alice\" "; VOMSESLineParser p = new VOMSESLineParser(); VOMSServerInfo i = p.parse(line); assertThat(i.getAlias(), CoreMatchers.equalTo("a")); assertThat(i.getURL().toString(), CoreMatchers.equalTo("voms://voms.cern.ch:15000")); assertThat(i.getVoName(), CoreMatchers.equalTo("alice")); assertThat(i.getVOMSServerDN(), CoreMatchers.equalTo("DN=Illo")); } @Test public void whitespaceHandling() { String line = "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\" \"alice\" \"24\""; VOMSESLineParser p = new VOMSESLineParser(); VOMSServerInfo i = p.parse(line); assertThat(i.getAlias(), CoreMatchers.equalTo("a")); assertThat(i.getURL().toString(), CoreMatchers.equalTo("voms://voms.cern.ch:15000")); assertThat(i.getVoName(), CoreMatchers.equalTo("alice")); assertThat(i.getVOMSServerDN(), CoreMatchers.equalTo("DN=Illo")); } @Test public void tooManyFields() { String line = "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\" \"alice\" \"24\" \"Too much\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers.containsString("Invalid VOMSES line: too many fields!")); } } @Test public void invalidPort() { String line = "\t\"a\" \"voms.cern.ch\" \t \"ciccio\" \"DN=Illo\" \"alice\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: invalid port number.")); } } @Test public void portOutOfRange1() { String line = "\t\"a\" \"voms.cern.ch\" \t \"-1\" \"DN=Illo\" \"alice\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: invalid port number: -1")); } } @Test public void portOutOfRange2() { String line = "\t\"a\" \"voms.cern.ch\" \t \"65536\" \"DN=Illo\" \"alice\""; try { VOMSESLineParser p = new VOMSESLineParser(); p.parse(line); fail("No error raised."); } catch (VOMSError e) { assertNotNull("Got a null error message", e.getMessage()); assertThat(e.getMessage(), CoreMatchers .containsString("Invalid VOMSES line: invalid port number: 65536")); } } @Test public void tooMultiCall() { String line0 = "\"a\" \"voms.cern.ch\" \"15000\" \"DN=Illo\" \"alice\""; String line1 = "\"b\" \"voms.cern.ch\" \"15001\" \"DN=IllY\" \"bolice\""; VOMSESLineParser p = new VOMSESLineParser(); VOMSServerInfo i0 = p.parse(line0); VOMSServerInfo i1 = p.parse(line1); assertThat(i0.getAlias(), CoreMatchers.equalTo("a")); assertThat(i0.getURL().toString(), CoreMatchers.equalTo("voms://voms.cern.ch:15000")); assertThat(i0.getVoName(), CoreMatchers.equalTo("alice")); assertThat(i1.getAlias(), CoreMatchers.equalTo("b")); assertThat(i1.getURL().toString(), CoreMatchers.equalTo("voms://voms.cern.ch:15001")); assertThat(i1.getVoName(), CoreMatchers.equalTo("bolice")); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestVOMSESLookupStrategy.java000066400000000000000000000024541265712655300313520ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.io.File; import java.util.Arrays; import java.util.List; import org.junit.Assert; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy; import org.junit.Test; public class TestVOMSESLookupStrategy { @Test public void testLookupVomsesInfo() { VOMSESLookupStrategy strategy = new BaseVOMSESLookupStrategy(Arrays.asList( "src/test/resources/vomses", "/non/existent/path")); List paths = strategy.lookupVomsesInfo(); Assert.assertEquals(1, paths.size()); Assert.assertTrue(paths.contains(new File("src/test/resources/vomses"))); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestVOMSESParser.java000066400000000000000000000106221265712655300276060ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import java.io.File; import java.io.StringReader; import java.net.URI; import java.net.URISyntaxException; import java.util.List; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSESParser; import org.italiangrid.voms.request.VOMSESParserFactory; import org.italiangrid.voms.request.VOMSServerInfo; import org.junit.Assert; import org.junit.Test; public class TestVOMSESParser { @Test public void testNonExistingFileParser() { String nonExistentFile = "/this/file/doesnt/exist"; VOMSESParser parser = VOMSESParserFactory.newVOMSESParser(); try { @SuppressWarnings("unused") List info = parser.parse(new File(nonExistentFile)); } catch (VOMSError e) { Assert.assertEquals("VOMSES file does not exist: " + nonExistentFile, e.getMessage()); return; } Assert.fail("Parsing of non existent VOMSES file succeeded."); } @Test public void testValidStringParsing() throws URISyntaxException { String validVomsesString = "\"alice\" \"lcg-voms.cern.ch\" \"15000\" \"/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch\" \"alice\" \"24\""; VOMSESParser parser = VOMSESParserFactory.newVOMSESParser(); List info = parser .parse(new StringReader(validVomsesString)); Assert.assertEquals(1, info.size()); VOMSServerInfo aliceInfo = info.get(0); Assert.assertEquals("alice", aliceInfo.getAlias()); Assert.assertEquals("alice", aliceInfo.getVoName()); Assert.assertEquals(new URI("voms://lcg-voms.cern.ch:15000"), aliceInfo.getURL()); Assert.assertEquals("/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch", aliceInfo.getVOMSServerDN()); } @Test public void testValidFileParsing() throws URISyntaxException { String vomsesFile = "src/test/resources/vomses/eumed"; VOMSESParser parser = VOMSESParserFactory.newVOMSESParser(); List info = parser.parse(new File(vomsesFile)); Assert.assertEquals(2, info.size()); VOMSServerInfo pdVoms = info.get(0); Assert.assertEquals("eumed", pdVoms.getAlias()); Assert.assertEquals("eumed", pdVoms.getVoName()); Assert.assertEquals(new URI("voms://voms-02.pd.infn.it:15016"), pdVoms.getURL()); Assert.assertEquals("/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it", pdVoms.getVOMSServerDN()); VOMSServerInfo cnafVoms = info.get(1); Assert.assertEquals("eumed", cnafVoms.getAlias()); Assert.assertEquals("eumed", cnafVoms.getVoName()); Assert.assertEquals(new URI("voms://voms2.cnaf.infn.it:15016"), cnafVoms.getURL()); Assert.assertEquals("/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it", cnafVoms.getVOMSServerDN()); } @Test public void testValidDirectoryParsing() throws URISyntaxException { String vomsesDir = "src/test/resources/vomses"; VOMSESParser parser = VOMSESParserFactory.newVOMSESParser(); List info = parser.parse(new File(vomsesDir)); Assert.assertEquals(5, info.size()); } @Test public void testSingleCharAliasParsing() throws URISyntaxException { String validVomsesString = "\"a\" \"lcg-voms.cern.ch\" \"15000\" \"/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch\" \"alice\" \"24\""; VOMSESParser parser = VOMSESParserFactory.newVOMSESParser(); List info = parser .parse(new StringReader(validVomsesString)); Assert.assertEquals(1, info.size()); VOMSServerInfo aliceInfo = info.get(0); Assert.assertEquals("a", aliceInfo.getAlias()); Assert.assertEquals("alice", aliceInfo.getVoName()); Assert.assertEquals(new URI("voms://lcg-voms.cern.ch:15000"), aliceInfo.getURL()); Assert.assertEquals("/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch", aliceInfo.getVOMSServerDN()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/TestVOMSServerInfoStore.java000066400000000000000000000055611265712655300312270ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test; import static org.junit.Assert.assertEquals; import java.util.Arrays; import java.util.Set; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy; import org.italiangrid.voms.request.impl.DefaultVOMSServerInfoStore; import org.junit.Assert; import org.junit.Test; public class TestVOMSServerInfoStore { @Test public void testExistingVOMSESParsingSuccess() { VOMSESLookupStrategy strategy = new BaseVOMSESLookupStrategy( Arrays.asList("src/test/resources/vomses")); DefaultVOMSServerInfoStore store = new DefaultVOMSServerInfoStore.Builder() .lookupStrategy(strategy).build(); assertEquals(3, store.getVOMSServerInfo("atlas").size()); assertEquals(2, store.getVOMSServerInfo("eumed").size()); Assert.assertTrue(store.getVOMSServerInfo("non-existing-vo").isEmpty()); assertEquals(5, store.getVOMSServerInfo().size()); } @Test public void testVOMSESAliasLookup() { VOMSESLookupStrategy strategy = new BaseVOMSESLookupStrategy( Arrays.asList("src/test/resources/vomses-alias")); DefaultVOMSServerInfoStore store = new DefaultVOMSServerInfoStore.Builder() .lookupStrategy(strategy).build(); assertEquals(3, store.getVOMSServerInfo("atlas").size()); assertEquals(2, store.getVOMSServerInfo("eumed").size()); Assert.assertTrue(store.getVOMSServerInfo("non-existing-vo").isEmpty()); Set infos = store.getVOMSServerInfo("my-atlas"); Assert.assertFalse(infos.isEmpty()); Assert.assertEquals(2, infos.size()); } @Test public void testVOMSESSingleCharAliasLookup() { VOMSESLookupStrategy strategy = new BaseVOMSESLookupStrategy( Arrays.asList("src/test/resources/vomses-alias-singlechar")); DefaultVOMSServerInfoStore store = new DefaultVOMSServerInfoStore.Builder() .lookupStrategy(strategy).build(); assertEquals(1, store.getVOMSServerInfo("atlas").size()); Assert.assertTrue(store.getVOMSServerInfo("non-existing-vo").isEmpty()); Set infos = store.getVOMSServerInfo("a"); Assert.assertFalse(infos.isEmpty()); Assert.assertEquals(1, infos.size()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/000077500000000000000000000000001265712655300242745ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestACGeneration.java000066400000000000000000000336071265712655300303070ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import static org.italiangrid.voms.error.VOMSValidationErrorCode.aaCertNotFound; import static org.italiangrid.voms.error.VOMSValidationErrorCode.canlError; import static org.italiangrid.voms.error.VOMSValidationErrorCode.invalidAcCert; import static org.italiangrid.voms.error.VOMSValidationErrorCode.lscDescriptionDoesntMatchAcCert; import static org.italiangrid.voms.error.VOMSValidationErrorMessage.newErrorMessage; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Calendar; import java.util.Date; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.bouncycastle.operator.OperatorCreationException; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSGenericAttribute; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.ac.impl.VOMSGenericAttributeImpl; import org.italiangrid.voms.asn1.VOMSACGenerator; import org.italiangrid.voms.asn1.VOMSACUtils; import org.italiangrid.voms.error.VOMSValidationErrorMessage; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.impl.OpensslCertChainValidator; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions; import eu.emi.security.authn.x509.proxy.ProxyGenerator; public class TestACGeneration { static final String keyPassword = "pass"; static final String aaCert = "src/test/resources/certs/test_host_cnaf_infn_it.cert.pem"; static final String aaKey = "src/test/resources/certs/test_host_cnaf_infn_it.key.pem"; static final String aaCert2 = "src/test/resources/certs/wilco_cnaf_infn_it.cert.pem"; static final String aaKey2 = "src/test/resources/certs/wilco_cnaf_infn_it.key.pem"; static final String expiredCert = "src/test/resources/certs/expired.cert.pem"; static final String expiredKey = "src/test/resources/certs/expired.key.pem"; static final String revokedCert = "src/test/resources/certs/revoked.cert.pem"; static final String revokedKey = "src/test/resources/certs/revoked.key.pem"; static final String holderCert = "src/test/resources/certs/test0.cert.pem"; static final String holderKey = "src/test/resources/certs/test0.key.pem"; static final String defaultVO = "test.vo"; static final String defaultHost = "test-host.cnaf.infn.it"; static final int port = 15000; static final String vomsdir = "src/test/resources/vomsdir"; static final String trustAnchorsDir = "src/test/resources/trust-anchors"; static final List defaultFQANs = Arrays.asList("/test.vo", "/test.vo/G1", "/test.vo/G2"); final List defaultGAs = Arrays.asList( buildGA("test", "value", defaultVO), buildGA("test2", "value", defaultVO)); static PEMCredential aaCredential = null; static PEMCredential aaCredential2 = null; static PEMCredential expiredCredential = null; static PEMCredential revokedCredential = null; static PEMCredential holderCredential = null; static VOMSTrustStore trustStore; static OpensslCertChainValidator certValidator = null; static VOMSValidationErrorMessage expiredCertErrorMessage; static VOMSValidationErrorMessage expiredCertCRLErrorMessage; static VOMSValidationErrorMessage revokedCertErrorMessage; static VOMSACGenerator defaultGenerator; @BeforeClass static public void classTestSetup() throws KeyStoreException, CertificateException, FileNotFoundException, IOException { aaCredential = new PEMCredential(new FileInputStream(aaKey), new FileInputStream(aaCert), (char[]) null); aaCredential2 = new PEMCredential(new FileInputStream(aaKey2), new FileInputStream(aaCert2), (char[]) null); expiredCredential = new PEMCredential(new FileInputStream(expiredKey), new FileInputStream(expiredCert), keyPassword.toCharArray()); revokedCredential = new PEMCredential(new FileInputStream(revokedKey), new FileInputStream(revokedCert), keyPassword.toCharArray()); holderCredential = new PEMCredential(new FileInputStream(holderKey), new FileInputStream(holderCert), keyPassword.toCharArray()); trustStore = new DefaultVOMSTrustStore(Arrays.asList(vomsdir)); certValidator = new OpensslCertChainValidator(trustAnchorsDir); final String expirationMessage = String.format( "Certificate has expired on: %s", expiredCredential.getCertificate() .getNotAfter()); expiredCertErrorMessage = newErrorMessage(canlError, expirationMessage); expiredCertCRLErrorMessage = newErrorMessage( canlError, "CRL for an expired certificate was not resolved Cause: No CRLs found for issuer \"CN=Test CA, O=IGI, C=IT\""); final Date revocationDate = new Date(1348673124000L); final String revocationMessage = String.format( "Certificate was revoked at: " + "%s, the reason reported is: unspecified", revocationDate); revokedCertErrorMessage = newErrorMessage(canlError, revocationMessage); defaultGenerator = new VOMSACGenerator(aaCredential); } @AfterClass static public void classTestShutdown() { certValidator.dispose(); } private AttributeCertificate createAC(PEMCredential aaCredential, List fqans, List gas, String vo, String host) { VOMSACGenerator gen = new VOMSACGenerator(aaCredential); Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.HOUR, 12); Date expiration = cal.getTime(); X509AttributeCertificateHolder ac = gen.generateVOMSAttributeCertificate( fqans, gas, null, holderCredential.getCertificate(), BigInteger.ONE, now, expiration, vo, host, port); return ac.toASN1Structure(); } private VOMSGenericAttribute buildGA(String name, String value, String context) { VOMSGenericAttributeImpl ga = new VOMSGenericAttributeImpl(); ga.setName(name); ga.setValue(value); ga.setContext(context); return ga; } @Test public void testGeneratedACParsing() throws KeyStoreException, CertificateException, FileNotFoundException, IOException, OperatorCreationException { AttributeCertificate ac = createAC(aaCredential, defaultFQANs, defaultGAs, defaultVO, defaultHost); VOMSAttribute attrs = VOMSACUtils.deserializeVOMSAttributes(ac); // Check holder assertEquals(holderCredential.getCertificate().getSubjectX500Principal(), attrs.getHolder()); // Check holder serial number assertEquals(holderCredential.getCertificate().getSerialNumber(), attrs.getHolderSerialNumber()); // Check issuer assertEquals(aaCredential.getCertificate().getSubjectX500Principal(), attrs.getIssuer()); // Check policyAuthority assertEquals(defaultVO, attrs.getVO()); assertEquals(defaultHost, attrs.getHost()); assertEquals(port, attrs.getPort()); // Check FQANs ordered equality for (int i = 0; i < defaultFQANs.size(); i++) assertEquals(defaultFQANs.get(i), attrs.getFQANs().get(i)); // Check GAs ordered equality for (int i = 0; i < defaultGAs.size(); i++) assertEquals(defaultGAs.get(i), attrs.getGenericAttributes().get(i)); // Check targets assertTrue(attrs.getTargets().isEmpty()); } @Test public void testACValidation() { ValidationResultChecker c = new ValidationResultChecker(true); VOMSACValidator validator = VOMSValidators.newValidator(trustStore, certValidator, c); AttributeCertificate ac = createAC(aaCredential, defaultFQANs, defaultGAs, defaultVO, defaultHost); List validatedAttrs = validator.validateACs(Arrays .asList(ac)); assertEquals(validatedAttrs.size(), 1); } @Test public void testLSCValidationFailure() { ValidationResultChecker c = new ValidationResultChecker(false, newErrorMessage(lscDescriptionDoesntMatchAcCert), newErrorMessage(aaCertNotFound)); VOMSACValidator validator = VOMSValidators.newValidator(trustStore, certValidator, c); AttributeCertificate ac = createAC(aaCredential2, Arrays.asList("/test.vo.1"), defaultGAs, "test.vo.1", "wilco.cnaf.infn.it"); List validatedAttrs = validator.validateACs(Arrays .asList(ac)); assertEquals(validatedAttrs.size(), 0); } @Test public void testExpiredAACertValidationFailure() throws OperatorCreationException { ValidationResultChecker c = new ValidationResultChecker(false, expiredCertErrorMessage, expiredCertCRLErrorMessage, newErrorMessage(invalidAcCert), newErrorMessage(aaCertNotFound)); VOMSACValidator validator = VOMSValidators.newValidator(trustStore, certValidator, c); AttributeCertificate ac = createAC(expiredCredential, Arrays.asList("/test.vo.1"), defaultGAs, defaultVO, "test-expired.cnaf.infn.it"); List validatedAttrs = validator.validateACs(Arrays .asList(ac)); assertEquals(validatedAttrs.size(), 0); } @Test public void testRevokedAACertValidationFailure() { ValidationResultChecker c = new ValidationResultChecker(false, revokedCertErrorMessage, newErrorMessage(invalidAcCert), newErrorMessage(aaCertNotFound)); VOMSACValidator validator = VOMSValidators.newValidator(trustStore, certValidator, c); AttributeCertificate ac = createAC(revokedCredential, Arrays.asList("/test.vo.1"), defaultGAs, defaultVO, "test-revoked.cnaf.infn.it"); List validatedAttrs = validator.validateACs(Arrays .asList(ac)); assertEquals(validatedAttrs.size(), 0); } @Test public void testSuccesfullACExtractionFromProxy() { ValidationResultChecker c = new ValidationResultChecker(true); VOMSACValidator validator = VOMSValidators.newValidator(trustStore, certValidator, c); AttributeCertificate ac = createAC(aaCredential, defaultFQANs, defaultGAs, defaultVO, defaultHost); X509Certificate[] chain; try { chain = createVOMSProxy(holderCredential, new AttributeCertificate[] { ac }); } catch (Exception e) { throw new VOMSError("Error generating VOMS proxy:" + e.getMessage(), e); } List attrs = validator.validate(chain); assertEquals(1, attrs.size()); } private X509Certificate[] createVOMSProxy(PEMCredential holder, AttributeCertificate[] acs) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { ProxyCertificateOptions proxyOptions = new ProxyCertificateOptions( holder.getCertificateChain()); proxyOptions.setAttributeCertificates(acs); ProxyCertificate proxy = ProxyGenerator.generate(proxyOptions, holder.getKey()); return proxy.getCertificateChain(); } } class ValidationResultChecker implements ValidationResultListener { final List expectedErrorMessages; boolean expectedValidationResult; public ValidationResultChecker(boolean valid, VOMSValidationErrorMessage... expectedMessages) { expectedValidationResult = valid; expectedErrorMessages = Arrays.asList(expectedMessages); } private String errorMessage(String message, VOMSValidationResult result) { return String.format("%s. VOMSValidationResult: <%s>", message, result); } public void notifyValidationResult(VOMSValidationResult result) { assertEquals( errorMessage("ValidationResult validity check failed.", result), expectedValidationResult, result.isValid()); assertEquals(errorMessage("ValidationResult error message size check " + "failed.", result), expectedErrorMessages.size(), result .getValidationErrors().size()); List errorMessages = new ArrayList( result.getValidationErrors()); for (VOMSValidationErrorMessage expectedMessage : expectedErrorMessages) { String failureMessage = errorMessage(String.format( "<%s> was not found in error messages. Error messages: <%s>", expectedMessage, result.getValidationErrors()), result); assertTrue(failureMessage, result.getValidationErrors().contains(expectedMessage)); } if (errorMessages.size() > 0) { errorMessages.removeAll(expectedErrorMessages); assertTrue(errorMessage("ValidationResult check failed. " + "Got more error messages than expected.", result), errorMessages.isEmpty()); } } }voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestACParser.java000066400000000000000000000054451265712655300274470ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import java.io.IOException; import java.security.KeyStoreException; import java.security.cert.CertificateException; import java.util.Collections; import java.util.List; import org.junit.Assert; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.ac.impl.DefaultVOMSACParser; import org.italiangrid.voms.test.utils.Fixture; import org.italiangrid.voms.test.utils.Utils; import org.italiangrid.voms.test.utils.VOMSAA; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; public class TestACParser implements Fixture { static VOMSAA aa; static PEMCredential holder; @BeforeClass public static void setup() throws KeyStoreException, CertificateException, IOException { aa = Utils.getVOMSAA(); } @Test public void test() throws Exception { PEMCredential holder = Utils.getTestUserCredential(); ProxyCertificate proxy = aa.createVOMSProxy(holder, defaultVOFqans); DefaultVOMSACParser parser = new DefaultVOMSACParser(); List attrs = parser.parse(proxy.getCertificateChain()); Assert.assertFalse(attrs.isEmpty()); Assert.assertEquals(1, attrs.size()); Assert.assertEquals(defaultVOFqans, attrs.get(0).getFQANs()); } @Test(expected = NullPointerException.class) public void testParseNullChainFailure() { DefaultVOMSACParser parser = new DefaultVOMSACParser(); parser.parse(null); } @Test public void testEmptyFqansParsing() throws Exception { PEMCredential holder = Utils.getTestUserCredential(); List fqans = Collections.emptyList(); ProxyCertificate proxy = aa.createVOMSProxy(holder, fqans); DefaultVOMSACParser parser = new DefaultVOMSACParser(); try { parser.parse(proxy.getCertificateChain()); } catch (VOMSError e) { Assert .assertEquals( "Non conformant VOMS Attribute certificate: unsupported attribute values encoding.", e.getMessage()); return; } Assert.fail("No exception raised when parsing invalid VOMS AC!"); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestACParsingContext.java000066400000000000000000000034301265712655300311530ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.ac.ACParsingContext; import org.italiangrid.voms.test.utils.Fixture; import org.junit.Test; public class TestACParsingContext implements Fixture { @Test public void testGettersAndSetters() { X509Certificate[] emptyChain = new X509Certificate[5]; ACParsingContext ctxt = new ACParsingContext(null, 0, emptyChain); assertNull(ctxt.getACs()); assertEquals(0, ctxt.getCertChainPostion()); assertArrayEquals(emptyChain, ctxt.getCertChain()); X509Certificate[] nullChain = null; List emptyAttrs = new ArrayList(); ctxt.setACs(emptyAttrs); ctxt.setCertChain(nullChain); ctxt.setCertChainPostion(2); assertNull(ctxt.getCertChain()); assertEquals(emptyAttrs, ctxt.getACs()); assertEquals(2, ctxt.getCertChainPostion()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestACValidator.java000066400000000000000000000350371265712655300301400ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.KeyStoreException; import java.security.cert.CertificateException; import java.util.Arrays; import java.util.Date; import java.util.EnumSet; import java.util.List; import org.junit.Assert; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.ac.impl.LocalHostnameResolver; import org.italiangrid.voms.asn1.VOMSACGenerator.ACGenerationProperties; import org.italiangrid.voms.error.VOMSValidationErrorCode; import org.italiangrid.voms.error.VOMSValidationErrorMessage; import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore; import org.italiangrid.voms.test.utils.Fixture; import org.italiangrid.voms.test.utils.Utils; import org.italiangrid.voms.test.utils.VOMSAA; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; public class TestACValidator implements Fixture { static PEMCredential holder, holder2; static VOMSACValidator validator; @BeforeClass public static void setup() throws KeyStoreException, CertificateException, IOException { holder = Utils.getTestUserCredential(); holder2 = Utils.getTest1UserCredential(); validator = Utils.getVOMSValidator(); } @Test public void testValidityCheckSuccess() throws Exception { ProxyCertificate proxy = Utils.getVOMSAA().createVOMSProxy(holder, defaultVOFqans); List results = validator.validateWithResult(proxy .getCertificateChain()); assertTrue(results.size() == 1); assertTrue(results.get(0).isValid()); assertEquals(defaultVOFqans, results.get(0).getAttributes().getFQANs()); } @Test public void testTimeValidityFailure() throws Exception { Date start = Utils.getDate(1975, 12, 1); Date end = Utils.getDate(1975, 12, 2); ProxyCertificate proxy = Utils.getVOMSAA().setAcNotBefore(start) .setAcNotAfter(end).createVOMSProxy(holder, defaultVOFqans); List results = validator.validateWithResult(proxy .getCertificateChain()); assertTrue(results.size() == 1); VOMSValidationResult result = results.get(0); Assert.assertFalse(result.isValid()); Assert.assertTrue(result.getValidationErrors().size() == 1); VOMSValidationErrorMessage m = result.getValidationErrors().get(0); Assert.assertEquals(VOMSValidationErrorCode.acNotValidAtCurrentTime, m.getErrorCode()); } @Test public void testHolderCheckFailure() throws Exception { ProxyCertificate proxy = Utils.getVOMSAA().createVOMSProxy(holder, holder2, defaultVOFqans, null, null); List results = validator.validateWithResult(proxy .getCertificateChain()); assertTrue(results.size() == 1); VOMSValidationResult result = results.get(0); Assert.assertFalse(result.isValid()); Assert.assertTrue(result.getValidationErrors().size() == 1); VOMSValidationErrorMessage m = result.getValidationErrors().get(0); Assert.assertEquals(VOMSValidationErrorCode.acHolderDoesntMatchCertChain, m.getErrorCode()); } @Test public void testSignatureCheckFailure() throws Exception { ProxyCertificate proxy = Utils.getVOMSAA().createVOMSProxy(holder, defaultVOFqans); VOMSACValidator validator = Utils.getVOMSValidator(vomsdir_fake_aa_cert); List results = validator.validateWithResult(proxy .getCertificateChain()); assertTrue(results.size() == 1); VOMSValidationResult result = results.get(0); Assert.assertFalse(result.isValid()); Assert.assertTrue(result.getValidationErrors().size() == 2); Assert.assertEquals(VOMSValidationErrorCode.lscFileNotFound, result .getValidationErrors().get(0).getErrorCode()); Assert.assertEquals( VOMSValidationErrorCode.aaCertFailsSignatureVerification, result .getValidationErrors().get(1).getErrorCode()); } @Test public void testExpiredAACredFailure() throws Exception { ProxyCertificate proxy = Utils.getVOMSAA() .setCredential(Utils.getExpiredCredential()) .createVOMSProxy(holder, defaultVOFqans); X509CertChainValidatorExt certValidator = Utils.getCertificateValidator(); VOMSACValidator validator = VOMSValidators.newValidator( new DefaultVOMSTrustStore(Arrays.asList(vomsdir_expired_aa_cert)), certValidator); List results = validator.validateWithResult(proxy .getCertificateChain()); assertTrue(results.size() == 1); VOMSValidationResult result = results.get(0); Assert.assertFalse(result.isValid()); Assert.assertEquals(4, result.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.lscFileNotFound, result .getValidationErrors().get(0).getErrorCode()); // Certificate expired notification from CAnL Assert.assertEquals(VOMSValidationErrorCode.canlError, result .getValidationErrors().get(1).getErrorCode()); // This is probably a bug in CAnL: No valid CRL was found for the CA which // issued the chain. But this happens only when validating the expired cert. Assert.assertEquals(VOMSValidationErrorCode.canlError, result .getValidationErrors().get(2).getErrorCode()); Assert.assertEquals(VOMSValidationErrorCode.invalidAaCert, result .getValidationErrors().get(3).getErrorCode()); } @Test public void testEmptyACCertsExtensionSuccess() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.INCLUDE_EMPTY_AC_CERTS_EXTENSION)); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertTrue(r.isValid()); Assert.assertEquals(1, r.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.emptyAcCertsExtension, r .getValidationErrors().get(0).getErrorCode()); } @Test public void testMissingACCertsExtensionFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.SKIP_AC_CERTS_EXTENSION)); aa.setVoName("test.vo.2"); aa.setHost("wilco.cnaf.infn.it"); aa.setCredential(Utils.getAACredential2()); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo.2")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(2, r.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.emptyAcCertsExtension, r .getValidationErrors().get(0).getErrorCode()); Assert.assertEquals(VOMSValidationErrorCode.aaCertNotFound, r .getValidationErrors().get(1).getErrorCode()); } @Test public void testInvalidLSCSignatureFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setVoName("test.vo.2"); aa.setHost("wilco.cnaf.infn.it"); aa.setCredential(Utils.getAACredential2()); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.FAKE_SIGNATURE_BITS)); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo.2")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(2, r.getValidationErrors().size()); Assert.assertEquals( VOMSValidationErrorCode.acCertFailsSignatureVerification, r .getValidationErrors().get(0).getErrorCode()); Assert.assertEquals(VOMSValidationErrorCode.aaCertNotFound, r .getValidationErrors().get(1).getErrorCode()); } @Test public void testUnknownCriticalExtensionFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.INCLUDE_FAKE_CRITICAL_EXTENSION)); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(1, r.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.other, r.getValidationErrors() .get(0).getErrorCode()); Assert .assertEquals( "Validation error: unknown critical extension found in VOMS AC: 1.3.6.1.4.1.8005.100.120.82", r.getValidationErrors().get(0).getMessage()); } @Test public void testCriticalAKIDFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.INCLUDE_CRITICAL_AKID_EXTENSION)); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(VOMSValidationErrorCode.other, r.getValidationErrors() .get(0).getErrorCode()); Assert .assertEquals( "Validation error: AuthorityKeyIdentifier AC extension cannot be critical!", r.getValidationErrors().get(0).getMessage()); } @Test public void testCriticalNoRevAvailFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); aa.setGenerationProperties(EnumSet .of(ACGenerationProperties.INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION)); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(VOMSValidationErrorCode.other, r.getValidationErrors() .get(0).getErrorCode()); Assert.assertEquals( "Validation error: NoRevAvail AC extension cannot be critical!", r .getValidationErrors().get(0).getMessage()); } @Test public void testTargetValidationSuccess() throws Exception { VOMSAA aa = Utils.getVOMSAA(); String localhostName; try { localhostName = InetAddress.getLocalHost().getCanonicalHostName(); } catch (UnknownHostException e) { throw new VOMSError("Error resolving local hostname: " + e.getMessage(), e); } VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo"), null, Arrays.asList(localhostName)); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertTrue(r.isValid()); } @Test public void testTargetValidationFailure() throws Exception { VOMSAA aa = Utils.getVOMSAA(); VOMSACValidator validator = Utils.getVOMSValidator(); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo"), null, Arrays.asList("camaghe.cnaf.infn.it")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(1, r.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.localhostDoesntMatchAcTarget, r .getValidationErrors().get(0).getErrorCode()); } @Test public void testResolveHostnameException() throws Exception { VOMSAA aa = Utils.getVOMSAA(); VOMSACValidator validator = Utils .getVOMSValidator(new LocalHostnameResolver() { public String resolveLocalHostname() throws UnknownHostException { throw new UnknownHostException("misconfigured machine!"); } }); ProxyCertificate proxy = aa.createVOMSProxy(Utils.getTestUserCredential(), Arrays.asList("/test.vo"), null, Arrays.asList("camaghe.cnaf.infn.it")); List results = validator.validateWithResult(proxy .getCertificateChain()); Assert.assertEquals(1, results.size()); VOMSValidationResult r = results.get(0); Assert.assertFalse(r.isValid()); Assert.assertEquals(1, r.getValidationErrors().size()); Assert.assertEquals(VOMSValidationErrorCode.other, r.getValidationErrors() .get(0).getErrorCode()); Assert .assertEquals( "Validation error: Error resolving localhost name: misconfigured machine!", r.getValidationErrors().get(0).getMessage()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestNoExtensionValidation.java000066400000000000000000000045101265712655300322630ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.cert.CertificateParsingException; import java.util.List; import org.junit.Assert; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.test.utils.Fixture; import org.italiangrid.voms.test.utils.Utils; import org.junit.After; import org.junit.Before; import org.junit.Test; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions; import eu.emi.security.authn.x509.proxy.ProxyGenerator; import eu.emi.security.authn.x509.proxy.ProxyType; import java.io.IOException; public class TestNoExtensionValidation implements Fixture{ PEMCredential cred; @Before public void setUp() throws Exception { cred = new PEMCredential(holderKey, holderCert, keyPassword.toCharArray()); } @After public void tearDown() throws Exception { cred = null; } @Test public void testNoExtensionValidation() throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { ProxyCertificateOptions options = new ProxyCertificateOptions(cred.getCertificateChain()); options.setType(ProxyType.LEGACY); ProxyCertificate proxy = ProxyGenerator.generate(options, cred.getKey()); VOMSACValidator validator = Utils.getVOMSValidator(); List attrs = validator.validate(proxy.getCertificateChain()); Assert.assertNotNull(attrs); Assert.assertTrue(attrs.isEmpty()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/ac/TestVOMSValidationResult.java000066400000000000000000000022451265712655300320000ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.ac; import static org.junit.Assert.*; import org.italiangrid.voms.ac.VOMSValidationResult; import org.junit.Test; public class TestVOMSValidationResult { @Test public void testGettersAndSetters() { VOMSValidationResult r = new VOMSValidationResult(null, false); assertFalse(r.isValid()); assertNull(r.getAttributes()); assertTrue(r.getValidationErrors().isEmpty()); assertEquals( "VOMSValidationResult [valid=false, validationErrors=[], attributes=null]", r.toString()); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/cred/000077500000000000000000000000001265712655300246265ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/cred/TestLoadCredential.java000066400000000000000000000073441265712655300312130ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.cred; import org.bouncycastle.openssl.PasswordFinder; import org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy; import org.italiangrid.voms.credential.impl.DefaultLoadCredentialsStrategy; import org.italiangrid.voms.util.FilePermissionHelper; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.X500NameUtils; public class TestLoadCredential { public static final String keyPassword = "pass"; public static final String pemCert = "src/test/resources/certs/test0.cert.pem"; public static final String pemKey = "src/test/resources/certs/test0.key.pem"; public static final String pkcs12Cred = "src/test/resources/certs/test0.p12"; public static final String TEST_CERT_SUBJECT = "CN=test0, O=IGI, C=IT"; public static final String PROXY_TMP_PATH = "/tmp/tempProxy"; public static final String emptyHome = "src/test/resources/homes/empty"; public static final String emptyGlobusHome = "src/test/resources/homes/empty.globus"; public static final String pemCredsHome = "src/test/resources/homes/pem-creds"; public static final String pkcs12CredsHome = "src/test/resources/homes/pkcs12-creds"; @BeforeClass public static void setupFilePermissions() { FilePermissionHelper.setPrivateKeyPermissions(pemCredsHome + "/.globus/userkey.pem"); FilePermissionHelper.setPKCS12Permissions(pkcs12CredsHome + "/.globus/usercred.p12"); } static class TestPasswordFinder implements PasswordFinder { public char[] getPassword() { return keyPassword.toCharArray(); } } static class NullPasswordFinder implements PasswordFinder { public char[] getPassword() { return null; } } @Test public void testNoCredentialsFoundSuccess() { AbstractLoadCredentialsStrategy strategy = new DefaultLoadCredentialsStrategy( emptyHome); X509Credential cred = strategy.loadCredentials(new NullPasswordFinder()); Assert.assertNull(cred); } @Test public void testNoCredentialsFoundEmptyGlobusSuccess() { AbstractLoadCredentialsStrategy strategy = new DefaultLoadCredentialsStrategy( emptyGlobusHome); X509Credential cred = strategy.loadCredentials(new NullPasswordFinder()); Assert.assertNull(cred); } @Test public void testPEMCredentialLoadingSuccess() { AbstractLoadCredentialsStrategy strategy = new DefaultLoadCredentialsStrategy( pemCredsHome); X509Credential cred = strategy.loadCredentials(new TestPasswordFinder()); Assert.assertNotNull(cred); Assert.assertTrue(X500NameUtils.equal(cred.getCertificate() .getSubjectX500Principal(), TEST_CERT_SUBJECT)); } @Test public void testPKCS12CredentialLoadingSuccess() { AbstractLoadCredentialsStrategy strategy = new DefaultLoadCredentialsStrategy( pkcs12CredsHome); X509Credential cred = strategy.loadCredentials(new TestPasswordFinder()); Assert.assertNotNull(cred); Assert.assertTrue(X500NameUtils.equal(cred.getCertificate() .getSubjectX500Principal(), TEST_CERT_SUBJECT)); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/cred/package-info.java000066400000000000000000000013211265712655300300120ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * */ /** * @author andreaceccanti * */ package org.italiangrid.voms.test.cred;voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/mt/000077500000000000000000000000001265712655300243315ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/mt/TestConcurrentValidation.java000066400000000000000000000204751265712655300322010ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.mt; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.InvalidKeyException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Random; import java.util.concurrent.BrokenBarrierException; import java.util.concurrent.CyclicBarrier; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import org.junit.Assert; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.store.UpdatingVOMSTrustStore; import org.italiangrid.voms.store.impl.DefaultUpdatingVOMSTrustStore; import org.italiangrid.voms.test.utils.VOMSAA; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import eu.emi.security.authn.x509.NamespaceCheckingMode; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.OpensslCertChainValidator; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; public class TestConcurrentValidation { static X509CertChainValidatorExt sharedCertificateValidator; static UpdatingVOMSTrustStore sharedVOMSTrustStore; static final String trustAnchorsDir = "src/test/resources/trust-anchors"; static final long trustAnchorsRefreshInterval = TimeUnit.SECONDS.toMillis(15); static final String vomsTrustStoreDir = "src/test/resources/vomsdir"; static final long trustStoreRefreshInterval = TimeUnit.SECONDS.toMillis(5); static final int numHolderCredentials = 5; static PEMCredential[] holderCerts; static VOMSAA testVO_1, testVO_2; static final String aaCert = "src/test/resources/certs/test_host_cnaf_infn_it.cert.pem"; static final String aaKey = "src/test/resources/certs/test_host_cnaf_infn_it.key.pem"; static final String aaCert2 = "src/test/resources/certs/wilco_cnaf_infn_it.cert.pem"; static final String aaKey2 = "src/test/resources/certs/wilco_cnaf_infn_it.key.pem"; static final long NUM_ITERATIONS = 10; static final int NUM_WORKERS = 10; static final CyclicBarrier barrier = new CyclicBarrier(NUM_WORKERS + 1); static final ExecutorService pool = Executors.newCachedThreadPool(); static final String[][] fqans = { { "/test.vo" }, { "/test.vo.2" } }; static VOMSACValidator sharedValidator; static List testProxies; static final Random r = new Random(); static void loadHolderCredentials() throws KeyStoreException, CertificateException, FileNotFoundException, IOException { holderCerts = new PEMCredential[numHolderCredentials]; for (int i = 0; i < numHolderCredentials; i++) { String baseFileName = String.format("src/test/resources/certs/test%d", i); holderCerts[i] = new PEMCredential(new FileInputStream(baseFileName + ".key.pem"), new FileInputStream(baseFileName + ".cert.pem"), "pass".toCharArray()); } } static void initVOs() throws KeyStoreException, CertificateException, FileNotFoundException, IOException { PEMCredential aaCred1 = new PEMCredential(new FileInputStream(aaKey), new FileInputStream(aaCert), (char[]) null); PEMCredential aaCred2 = new PEMCredential(new FileInputStream(aaKey2), new FileInputStream(aaCert2), (char[]) null); testVO_1 = new VOMSAA(aaCred1, "test.vo", "test-host.cnaf.infn.it", 15000); testVO_2 = new VOMSAA(aaCred2, "test.vo.2", "wilco.cnaf.infn.it", 15001); } static void initVOMSProxies() throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { testProxies = new ArrayList(); for (int i = 0; i < numHolderCredentials; i++) for (int j = 0; j < 2; j++) { VOMSAA vo = (j == 0 ? testVO_1 : testVO_2); PEMCredential cert = holderCerts[i]; ProxyCertificate proxy = vo.createVOMSProxy(cert, Arrays.asList(fqans[j])); testProxies.add(proxy); } } static X509Certificate[] getRandomProxy() { int randomIndex = r.nextInt(testProxies.size()); return testProxies.get(randomIndex).getCertificateChain(); } @BeforeClass public static void setup() throws KeyStoreException, CertificateException, FileNotFoundException, IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { sharedVOMSTrustStore = new DefaultUpdatingVOMSTrustStore( Arrays.asList(vomsTrustStoreDir), trustStoreRefreshInterval); sharedCertificateValidator = new OpensslCertChainValidator(trustAnchorsDir, NamespaceCheckingMode.EUGRIDPMA_AND_GLOBUS, trustAnchorsRefreshInterval); loadHolderCredentials(); initVOs(); initVOMSProxies(); sharedValidator = VOMSValidators.newValidator(sharedVOMSTrustStore, sharedCertificateValidator); System.out.println("Setup done."); } @AfterClass public static void tearDown() { } @Test public void test() throws InterruptedException, BrokenBarrierException { long start = System.currentTimeMillis(); System.out.format("Workers: %d. Iterations: %d\n", NUM_WORKERS, NUM_ITERATIONS); for (int i = 0; i < NUM_WORKERS; i++) pool.execute(new ValidatorWorker()); barrier.await(); barrier.await(); pool.shutdown(); sharedVOMSTrustStore.cancel(); sharedCertificateValidator.dispose(); long duration = System.currentTimeMillis() - start; System.out .format( "Done. Test duration: %d milliseconds. Avg validation duration: %d milliseconds.\n", duration, duration / (NUM_WORKERS * NUM_ITERATIONS)); } class ValidatorWorker implements Runnable { private volatile boolean shutdownRequested = false; private long iterations = 0; public void run() { try { barrier.await(); } catch (InterruptedException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } catch (BrokenBarrierException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } while (true) { if (iterations++ > NUM_ITERATIONS) break; if (shutdownRequested) return; VOMSACValidator validator = getValidator(); try { X509Certificate[] chain = getRandomProxy(); List attrs = validator.validate(chain); Assert.assertEquals(1, attrs.size()); } catch (Exception e) { System.err.println(e.getMessage()); } } try { barrier.await(); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (BrokenBarrierException e) { // TODO Auto-generated catch block e.printStackTrace(); } } public synchronized void shutdown() { shutdownRequested = true; } } static X509Certificate[] buildProxy(int credentialIndex, int voIndex) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { VOMSAA vo = (voIndex == 0 ? testVO_1 : testVO_2); PEMCredential cert = holderCerts[credentialIndex]; ProxyCertificate proxy = vo.createVOMSProxy(cert, Arrays.asList(fqans[voIndex])); return proxy.getCertificateChain(); } static VOMSACValidator getValidator() { return sharedValidator; } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/package-info.java000066400000000000000000000013671265712655300271070ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * This package (and inner packages) provides unit tests for the VOMS * Java API. */ package org.italiangrid.voms.test; voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/req/000077500000000000000000000000001265712655300245005ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/req/TestRequests.java000066400000000000000000000141231265712655300300170ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.req; import java.util.Arrays; import java.util.List; import java.util.Random; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSProtocolError; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.impl.DefaultVOMSACRequest; import org.italiangrid.voms.test.utils.EchoVOMSProtocol; import org.italiangrid.voms.test.utils.Fixture; import org.italiangrid.voms.test.utils.Utils; import org.junit.Assert; import org.junit.Test; import org.mockito.Mockito; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.PEMCredential; public class TestRequests implements Fixture { @Test public void testEchoRequest() throws Exception { VOMSACService acService = Utils.buildACService(new EchoVOMSProtocol(Utils .getAACredential())); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.vo").build(); PEMCredential holder = Utils.getTestUserCredential(); AttributeCertificate ac = acService .getVOMSAttributeCertificate(holder, req); VOMSACValidator validator = Utils.getVOMSValidator(); List acs = validator.validateACs(Arrays.asList(ac)); Assert.assertFalse(acs.isEmpty()); } @Test public void testFailureIfVOIsNotKnown() throws Exception { VOMSACService acService = Utils.buildACService(new EchoVOMSProtocol(Utils .getAACredential())); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.unknown.vo") .build(); PEMCredential holder = Utils.getTestUserCredential(); try { acService.getVOMSAttributeCertificate(holder, req); } catch (VOMSError e) { Assert .assertEquals( "VOMS server for VO test.unknown.vo is not known! Check your vomses configuration.", e.getMessage()); return; } Assert.fail("No exceptions raised for unknown VO"); } @Test public void testNullACBytesHandling() throws Exception { VOMSProtocol nullBytesProtocol = new VOMSProtocol() { public VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request) { VOMSResponse r = Mockito.mock(VOMSResponse.class); return r; } }; VOMSACService acService = Utils.buildACService(nullBytesProtocol); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.vo").build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate( Utils.getTestUserCredential(), req); Assert.assertNull(ac); } @Test public void testRandomACBytesHandling() throws Exception { VOMSProtocol nullBytesProtocol = new VOMSProtocol() { public VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request) { Random r = new Random(); byte[] acBytes = new byte[2048]; r.nextBytes(acBytes); VOMSResponse response = Mockito.mock(VOMSResponse.class); Mockito.when(response.getAC()).thenReturn(acBytes); return response; } }; VOMSACService acService = Utils.buildACService(nullBytesProtocol); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.vo").build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate( Utils.getTestUserCredential(), req); Assert.assertNull(ac); } @Test public void testProtocolFallback() throws Exception { VOMSProtocol exceptionProtocol = Mockito.mock(VOMSProtocol.class); Mockito.when( exceptionProtocol.doRequest(Mockito.any(VOMSServerInfo.class), Mockito.any(X509Credential.class), Mockito.any(VOMSACRequest.class))) .thenReturn(null); VOMSProtocol fallBackProtocol = Mockito.mock(VOMSProtocol.class); VOMSACService acService = Utils.buildACService(exceptionProtocol, fallBackProtocol); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.vo").build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate( Utils.getTestUserCredential(), req); Mockito.verify(fallBackProtocol, Mockito.atLeastOnce()).doRequest( Mockito.any(VOMSServerInfo.class), Mockito.any(X509Credential.class), Mockito.any(VOMSACRequest.class)); Assert.assertNull(ac); } @Test public void testProtocolFallback2() throws Exception { VOMSProtocol exceptionProtocol = Mockito.mock(VOMSProtocol.class); Mockito.when( exceptionProtocol.doRequest(Mockito.any(VOMSServerInfo.class), Mockito.any(X509Credential.class), Mockito.any(VOMSACRequest.class))) .thenThrow( new VOMSProtocolError("protocol error", null, null, null, null)); VOMSProtocol fallBackProtocol = Mockito.mock(VOMSProtocol.class); VOMSACService acService = Utils.buildACService(exceptionProtocol, fallBackProtocol); VOMSACRequest req = new DefaultVOMSACRequest.Builder("test.vo").build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate( Utils.getTestUserCredential(), req); Mockito.verify(fallBackProtocol, Mockito.atLeastOnce()).doRequest( Mockito.any(VOMSServerInfo.class), Mockito.any(X509Credential.class), Mockito.any(VOMSACRequest.class)); Assert.assertNull(ac); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/000077500000000000000000000000001265712655300250515ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/EchoVOMSProtocol.java000066400000000000000000000045751265712655300310340ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.utils; import java.io.IOException; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.mockito.Mockito; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.PEMCredential; public class EchoVOMSProtocol implements VOMSProtocol { PEMCredential aaCredential; public EchoVOMSProtocol(PEMCredential aaCredential) { this.aaCredential = aaCredential; } public VOMSResponse doRequest(VOMSServerInfo endpoint, X509Credential credential, VOMSACRequest request) { VOMSAA aa = new VOMSAA(aaCredential, endpoint.getVoName(), endpoint .getURL().getHost(), endpoint.getURL().getPort()); int lifetimeInSeconds = request.getLifetime(); Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); cal.add(Calendar.SECOND, lifetimeInSeconds); Date endTime = cal.getTime(); List fqans; if (request.getRequestedFQANs().isEmpty()) { fqans = new ArrayList(); fqans.add("/" + request.getVoName()); } else fqans = request.getRequestedFQANs(); AttributeCertificate ac = aa.getAC(credential, fqans, null, request.getTargets(), now, endTime); VOMSResponse r = Mockito.mock(VOMSResponse.class); try { Mockito.when(r.getAC()).thenReturn(ac.getEncoded()); } catch (IOException e) { throw new VOMSError(e.getMessage(), e); } return r; } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/Fixture.java000066400000000000000000000044401265712655300273440ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.utils; import java.util.Arrays; import java.util.List; public interface Fixture { static final String keyPassword = "pass"; static final String aaCert = "src/test/resources/certs/test_host_cnaf_infn_it.cert.pem"; static final String aaKey = "src/test/resources/certs/test_host_cnaf_infn_it.key.pem"; static final String aaCert2 = "src/test/resources/certs/wilco_cnaf_infn_it.cert.pem"; static final String aaKey2 = "src/test/resources/certs/wilco_cnaf_infn_it.key.pem"; static final String expiredCert = "src/test/resources/certs/expired.cert.pem"; static final String expiredKey = "src/test/resources/certs/expired.key.pem"; static final String revokedCert = "src/test/resources/certs/revoked.cert.pem"; static final String revokedKey = "src/test/resources/certs/revoked.key.pem"; static final String holderCert = "src/test/resources/certs/test0.cert.pem"; static final String holderKey = "src/test/resources/certs/test0.key.pem"; static final String holderCert2 = "src/test/resources/certs/test1.cert.pem"; static final String holderKey2 = "src/test/resources/certs/test1.key.pem"; static final String vomsdir = "src/test/resources/vomsdir"; static final String vomsdir_fake_aa_cert = "src/test/resources/vomsdir-fake-aa-cert"; static final String vomsdir_expired_aa_cert = "src/test/resources/vomsdir-expired-aa-cert"; static final String trustAnchorsDir = "src/test/resources/trust-anchors"; static final String defaultVO = "test.vo"; static final String defaultVOHost = "test-host.cnaf.infn.it"; static final int defaultVOPort = 15000; static final List defaultVOFqans = Arrays.asList("/test.vo"); } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/LogListener.java000066400000000000000000000041571265712655300301520ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.utils; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSErrorMessage; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSWarningMessage; public enum LogListener implements VOMSRequestListener { INSTANCE; public void notifyVOMSRequestStart(VOMSACRequest request, VOMSServerInfo si) { System.out .format("Contacting %s for VO %s.\n", si.getURL(), si.getVoName()); } public void notifyVOMSRequestSuccess(VOMSACRequest request, VOMSServerInfo endpoint) { System.out.format("Request for VO %s succeded.\n", endpoint.getVoName()); } public void notifyVOMSRequestFailure(VOMSACRequest request, VOMSServerInfo endpoint, Throwable error) { System.out.format("Request for VO %s failed: %s.\n", request.getVoName(), error); } public void notifyErrorsInVOMSReponse(VOMSACRequest request, VOMSServerInfo si, VOMSErrorMessage[] errors) { System.out.format("Errors in voms response for VO %s.\n", si.getVoName()); for (VOMSErrorMessage e : errors) System.out.println(e.getMessage()); } public void notifyWarningsInVOMSResponse(VOMSACRequest request, VOMSServerInfo si, VOMSWarningMessage[] warnings) { System.out.format("Warnings in voms response for VO %s.\n", si.getVoName()); for (VOMSWarningMessage m : warnings) System.out.println(m.getMessage()); }; } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/Utils.java000066400000000000000000000133641265712655300270230ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.utils; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.security.KeyStoreException; import java.security.cert.CertificateException; import java.util.Arrays; import java.util.Calendar; import java.util.Date; import java.util.HashSet; import java.util.Set; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.impl.DefaultVOMSValidationStrategy; import org.italiangrid.voms.ac.impl.DefaultVOMSValidator; import org.italiangrid.voms.ac.impl.LocalHostnameResolver; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSProtocol; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.impl.DefaultVOMSACService; import org.italiangrid.voms.request.impl.DefaultVOMSServerInfo; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore; import org.italiangrid.voms.util.CertificateValidatorBuilder; import org.mockito.Mockito; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.impl.PEMCredential; public class Utils implements Fixture { private Utils() { } public static VOMSACService buildACService(VOMSProtocol main, VOMSProtocol fallback) throws Exception { VOMSServerInfoStore store = Mockito.mock(VOMSServerInfoStore.class); Set testVOEndpoints = new HashSet(); testVOEndpoints.add(getTestVOEndpoint()); Mockito.when(store.getVOMSServerInfo("test.vo")) .thenReturn(testVOEndpoints); DefaultVOMSACService acService = new DefaultVOMSACService.Builder( getCertificateValidator()).serverInfoStore(store) .requestListener(LogListener.INSTANCE).httpProtocol(main) .legacyProtocol(fallback).build(); return acService; } public static VOMSACService buildACService(VOMSProtocol protocol) throws Exception { return buildACService(protocol, null); } public static VOMSServerInfo getTestVOEndpoint() throws URISyntaxException { DefaultVOMSServerInfo si = new DefaultVOMSServerInfo(); si.setAlias("test.vo"); si.setVoName("test.vo"); si.setURL(new URI("http://localhost:15000")); si.setVOMSServerDN("Not checked"); return si; } public static X509CertChainValidatorExt getCertificateValidator() { return new CertificateValidatorBuilder().trustAnchorsDir(trustAnchorsDir) .build(); } public static VOMSACValidator getVOMSValidator(LocalHostnameResolver resolver) { X509CertChainValidatorExt validator = new CertificateValidatorBuilder() .trustAnchorsDir(trustAnchorsDir).build(); VOMSTrustStore ts = new DefaultVOMSTrustStore(Arrays.asList(vomsdir)); return new DefaultVOMSValidator.Builder().validationStrategy( new DefaultVOMSValidationStrategy(ts, validator, resolver)).build(); } public static VOMSACValidator getVOMSValidator() { X509CertChainValidatorExt validator = new CertificateValidatorBuilder() .trustAnchorsDir(trustAnchorsDir).build(); return VOMSValidators.newValidator( new DefaultVOMSTrustStore(Arrays.asList(vomsdir)), validator); } public static VOMSACValidator getVOMSValidator(String vomsDir) { X509CertChainValidatorExt validator = new CertificateValidatorBuilder() .trustAnchorsDir(trustAnchorsDir).build(); return VOMSValidators.newValidator( new DefaultVOMSTrustStore(Arrays.asList(vomsDir)), validator); } public static PEMCredential getAACredential() throws KeyStoreException, CertificateException, IOException { return new PEMCredential(aaKey, aaCert, keyPassword.toCharArray()); } public static PEMCredential getAACredential2() throws KeyStoreException, CertificateException, IOException { return new PEMCredential(aaKey2, aaCert2, keyPassword.toCharArray()); } public static PEMCredential getTestUserCredential() throws KeyStoreException, CertificateException, IOException { return new PEMCredential(holderKey, holderCert, keyPassword.toCharArray()); } public static PEMCredential getTest1UserCredential() throws KeyStoreException, CertificateException, IOException { return new PEMCredential(holderKey2, holderCert2, keyPassword.toCharArray()); } public static PEMCredential getExpiredCredential() throws KeyStoreException, CertificateException, IOException { return new PEMCredential(expiredKey, expiredCert, keyPassword.toCharArray()); } public static VOMSAA getVOMSAA() throws KeyStoreException, CertificateException, IOException { return new VOMSAA(getAACredential(), defaultVO, defaultVOHost, defaultVOPort); } public static Date getDate(int year, int month, int day, int hour, int minute, int second) { Calendar cal = Calendar.getInstance(); cal.set(year, month, day, hour, minute, second); return cal.getTime(); } public static Date getDate(int year, int month, int day) { Calendar cal = Calendar.getInstance(); cal.set(year, month, day); return cal.getTime(); } } voms-api-java-3.1.0/src/test/java/org/italiangrid/voms/test/utils/VOMSAA.java000066400000000000000000000130441265712655300267040ustar00rootroot00000000000000/** * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.italiangrid.voms.test.utils; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.cert.CertificateParsingException; import java.util.Calendar; import java.util.Date; import java.util.EnumSet; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.cert.X509AttributeCertificateHolder; import org.italiangrid.voms.VOMSGenericAttribute; import org.italiangrid.voms.asn1.VOMSACGenerator; import org.italiangrid.voms.asn1.VOMSACGenerator.ACGenerationProperties; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyCertificate; import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions; import eu.emi.security.authn.x509.proxy.ProxyGenerator; public class VOMSAA { X509Credential credential; String voName; String host; int port; Date acNotBefore; Date acNotAfter; EnumSet generationProperties = VOMSACGenerator.defaultGenerationProperties; private volatile long serial = 0L; public VOMSAA(X509Credential cred, String vo, String host, int port) { credential = cred; voName = vo; this.host = host; this.port = port; } private synchronized BigInteger getAndIncrementSerial() { return BigInteger.valueOf(serial++); } public ProxyCertificate createVOMSProxy(PEMCredential holder, List fqans, List gas, List targets) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { return createVOMSProxy(holder, holder, fqans, gas, targets); } public ProxyCertificate createVOMSProxy(PEMCredential holder, List fqans) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { return createVOMSProxy(holder, holder, fqans, null, null); } public AttributeCertificate getAC(X509Credential holder, List fqans, List attrs, List targets, Date notBefore, Date notAfter) { return getAC(credential, holder, voName, host, port, fqans, attrs, targets, notBefore, notAfter); } public AttributeCertificate getAC(X509Credential aaCredential, X509Credential holder, String voName, String host, int port, List fqans, List attrs, List targets, Date notBefore, Date notAfter) { VOMSACGenerator generator = new VOMSACGenerator(aaCredential); X509AttributeCertificateHolder acHolder = generator .generateVOMSAttributeCertificate(generationProperties, fqans, attrs, targets, holder.getCertificate(), getAndIncrementSerial(), notBefore, notAfter, voName, host, port); return acHolder.toASN1Structure(); } public ProxyCertificate createVOMSProxy(PEMCredential holder, PEMCredential proxyHolder, List fqans, List attrs, List targets) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { Calendar cal = Calendar.getInstance(); Date startDate = acNotBefore; Date endDate = acNotAfter; if (startDate == null) startDate = cal.getTime(); if (endDate == null) { cal.add(Calendar.HOUR, 12); endDate = cal.getTime(); } AttributeCertificate ac = getAC(credential, holder, voName, host, port, fqans, attrs, targets, startDate, endDate); return createVOMSProxy(proxyHolder, new AttributeCertificate[] { ac }); } public ProxyCertificate createVOMSProxy(PEMCredential holder, AttributeCertificate[] acs) throws InvalidKeyException, CertificateParsingException, SignatureException, NoSuchAlgorithmException, IOException { ProxyCertificateOptions proxyOptions = new ProxyCertificateOptions( holder.getCertificateChain()); proxyOptions.setAttributeCertificates(acs); ProxyCertificate proxy = ProxyGenerator.generate(proxyOptions, holder.getKey()); return proxy; } public VOMSAA setCredential(PEMCredential credential) { this.credential = credential; return this; } public VOMSAA setVoName(String voName) { this.voName = voName; return this; } public VOMSAA setHost(String host) { this.host = host; return this; } public VOMSAA setPort(int port) { this.port = port; return this; } public VOMSAA setAcNotBefore(Date acNotBefore) { this.acNotBefore = acNotBefore; return this; } public VOMSAA setAcNotAfter(Date acNotAfter) { this.acNotAfter = acNotAfter; return this; } public VOMSAA setGenerationProperties(EnumSet props) { this.generationProperties = props; return this; } } voms-api-java-3.1.0/src/test/resources/000077500000000000000000000000001265712655300177615ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/certs/000077500000000000000000000000001265712655300211015ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/certs/expired.cert.pem000066400000000000000000000111151265712655300241770ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 1 00:00:00 2011 GMT Not After : Dec 2 00:00:00 2011 GMT Subject: C=IT, O=IGI, CN=expired Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:c0:62:a2:af:9d:01:41:cf:b2:78:cf:a7:ef: a4:56:b5:80:c6:ba:19:d1:a2:73:9e:85:d4:ac:31: da:7b:cd:00:85:ae:8e:db:63:05:96:a1:24:e1:ad: 69:69:9b:4d:b5:4a:c7:17:69:32:e4:0e:95:6d:f9: 39:49:6d:a2:10:bb:a3:66:71:06:b5:b1:a4:69:e2: 61:e9:71:15:5e:a7:b3:2c:8d:f8:2d:a8:d8:b5:2f: c8:19:f7:59:ab:41:5c:bc:4e:01:5f:fe:f1:98:7d: 94:d5:ea:4d:ee:83:82:2f:bb:72:25:e0:0e:ec:d2: 77:b8:71:76:81:6e:f0:98:1c:e5:0e:e9:17:01:7c: 2c:64:b5:93:cf:ab:fe:20:e8:49:fe:29:72:b0:7d: 87:af:59:06:21:56:10:c4:ed:09:ca:26:eb:79:bd: 72:ad:07:48:79:09:b9:8c:fc:3d:c4:0f:e6:28:3e: d2:8c:5e:88:73:40:40:30:67:47:6f:63:e3:20:96: 06:da:54:a8:d7:eb:9c:ad:51:b0:b4:96:e8:da:ad: 08:cd:01:91:14:92:fa:31:10:8d:b0:31:d7:4d:1c: c4:45:cd:d3:d9:cd:ce:73:76:bf:d8:79:e1:e1:6c: 0a:d3:55:c4:d7:f6:59:78:c5:f3:94:43:2d:b4:ef: 18:bd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 15:1B:A1:18:28:FA:09:25:E9:F0:CE:49:1E:74:C8:94:DA:84:CB:45 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption c8:1d:2d:88:0a:d6:d4:ab:b9:85:5c:2c:12:f2:b7:d7:06:ce: 73:87:a0:27:ae:7a:b0:de:f2:a2:a4:49:07:fb:ec:01:64:de: 06:8d:28:d5:de:85:89:9a:c2:9b:33:ce:e8:06:4e:7e:1a:f3: bd:89:2f:91:41:96:d2:0b:7f:70:23:f0:04:6c:43:c2:bd:5a: 3b:14:d3:65:ea:0e:48:3d:14:59:ec:7c:01:53:5b:d6:28:ca: de:b7:6c:45:22:b2:cd:48:c2:a2:ae:e8:78:65:50:d4:8e:cf: 1e:82:dd:da:76:3f:c1:68:df:0c:73:c5:d1:c1:89:08:71:9c: e2:4a:cb:d7:4f:77:3d:d7:82:7b:4d:1f:64:44:27:b2:09:5d: 0b:63:34:de:b8:a9:32:a5:63:b9:53:23:a5:7b:83:af:f4:9a: 8f:05:af:4e:2f:e4:2a:00:c2:7d:a9:82:2c:30:de:ea:69:cf: b8:97:5b:c8:2d:51:52:e5:58:3c:98:49:b3:b2:1b:03:97:f3: 83:df:69:9f:8a:a1:cb:27:06:84:fa:17:df:73:67:5a:69:f7: 24:ab:a6:31:84:43:c4:2c:4c:cc:88:70:c8:79:a4:17:b8:84: dc:01:fe:a2:91:84:9e:c3:d1:06:45:6b:bb:97:fb:7d:9b:ad: 41:cd:0f:6c -----BEGIN CERTIFICATE----- MIIDnDCCAoSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMBoXCzExMTIwMTAwMDBaFwsx MTEyMDIwMDAwWjAtMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMRAwDgYDVQQD EwdleHBpcmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsBioq+d AUHPsnjPp++kVrWAxroZ0aJznoXUrDHae80Aha6O22MFlqEk4a1paZtNtUrHF2ky 5A6Vbfk5SW2iELujZnEGtbGkaeJh6XEVXqezLI34LajYtS/IGfdZq0FcvE4BX/7x mH2U1epN7oOCL7tyJeAO7NJ3uHF2gW7wmBzlDukXAXwsZLWTz6v+IOhJ/ilysH2H r1kGIVYQxO0Jyibreb1yrQdIeQm5jPw9xA/mKD7SjF6Ic0BAMGdHb2PjIJYG2lSo 1+ucrVGwtJbo2q0IzQGRFJL6MRCNsDHXTRzERc3T2c3Oc3a/2Hnh4WwK01XE1/ZZ eMXzlEMttO8YvQIDAQABo4HKMIHHMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBUb oRgo+gkl6fDOSR50yJTahMtFMA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1Bggr BgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUH AwQwHwYDVR0jBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwJwYDVR0RBCAwHoEc YW5kcmVhLmNlY2NhbnRpQGNuYWYuaW5mbi5pdDANBgkqhkiG9w0BAQUFAAOCAQEA yB0tiArW1Ku5hVwsEvK31wbOc4egJ656sN7yoqRJB/vsAWTeBo0o1d6FiZrCmzPO 6AZOfhrzvYkvkUGW0gt/cCPwBGxDwr1aOxTTZeoOSD0UWex8AVNb1ijK3rdsRSKy zUjCoq7oeGVQ1I7PHoLd2nY/wWjfDHPF0cGJCHGc4krL1093PdeCe00fZEQnsgld C2M03ripMqVjuVMjpXuDr/SajwWvTi/kKgDCfamCLDDe6mnPuJdbyC1RUuVYPJhJ s7IbA5fzg99pn4qhyycGhPoX33NnWmn3JKumMYRDxCxMzIhwyHmkF7iE3AH+opGE nsPRBkVru5f7fZutQc0PbA== -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/expired.key.pem000066400000000000000000000034521265712655300240370ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIMBm9CBtEOxICAggA MBQGCCqGSIb3DQMHBAifzqs3LrgrkQSCBMjaJEjoJJzAUNYRjxZZF1+Z/J7jkBZ3 V3x/XGErTNwigt7kBdwj9sW4rluJ9Dh2Aaqo2oVlsZTvbDqDvEAO4UdwYeTxDAEi KXJarAoVBMAm/UsN8cvGtiuhtfA8Qynw8WY4U8CYJ/zmVAfCprOYQz+4RNr0VHOf SAT3IiyFw0o7rkpUCNRjLgmsrUV1lrQ38TOzHLG5u7SYiUh42o3gE51acStDbTEF l7pH/iyLYbiQKN06y7OK/KfKInDAcC8+3G+pAfsKXPm1w4vx62HJ3GVmfxeHEqE7 3T/x1kKOzYbd9ZSJLh/86gLq76swtvYvAaJMbeQF6AVo6Dk7zDjUwP9oxmDOx2Qy tYR1DeSU0GyggIcrWzdYRJfogI3jPachUO6iuS82gyT7gpWvvVKb9rwL5gnIX1Zm 9yCHpiHeO14d+9FGMtX4h1n4DCKuMbSuW/Xc83UGbyJCEpfWeLLJd0o57WGGhpDH 8SKiKudYtyWexcbDXsO6O1SddYxohTYI1dxiVYsqug2opu4vrWVXSpyUhbQZwYwy fv8+XsKVsiW9tRZ9cmZUQzFzfXn66eLF13FoZT0ewvkS9E1S6qc2sFq5zmFhpE7j QCos02NyJzqreRSOJ4EQbgU0pSswXle4cWxThGfpOxgOF5II4uxQ1i9Ax5ucJlm+ zchuaWwfXYoPPlQrdCGw9Su0s8CAOngUyJzVbvDz9jxgv7+sXf6sBz8MjmcU7yyR SNHAhOSu1VZPCqBjDIY8vP2cR7q4ZU4NPpG+oBw/osv3n3UuUZjIKPzAF5Y6CUJ6 gMAmmPacmdW1LtyqSlXnG2nMug6p1fnQh3BKaSwiVe2OTrBQHuxdGmKpRxAk/UOJ 6OsXpopHLy1oMq5xr9aYkmEXPVqYT96QVgkwfsdtV1WVqv1LaAxF40P6Ig+NZs3T kIyCTTxXFcJeAxffFuJDa6+WFIT1ERTlBEdKSqr6eQznJVb1plZ7wZt8Zbl/7+cB gFRcdVCnjbmmAGXVztaMpA0azmNyeOQHBOzc3DtPHAWKfjdZm6uMLUiCInAIqM1N lFpAwDJTHxan6hVqIcWx4pbz5RvF48YyBliZtVrMp0vdvt88Z+lXbUa8MO6MwAZq f3hWjWpiFZ1+EJ9W3WgRtN3aCBvF+hAzb0mKqS/snH48x4zVGdCOsoZGNQcpssuo ZXNMC/xa33Qe4OOOwKQS+oLdh+l59/KxkO97k/ufTb50ZBWlN6DpL1Gr9j0D2KcL XCkDtIJ2k2JTBJAdVW7k9fqFfP/c9saH02/rU/gcfzNNQKJULvda0QzV8JZ09GBC Z7vnTtTKdTeSHZeTPnvbZX5GwvqUYSxx7+GqDqYrDP1PzyoZ3TOHva6eYq38TFWF +/bMHzs0xwiPRUgLe4hXmd+8oiNYq9/d3Uj4PGLFnqdsyvfG8m9/Yl1zYLLuBy1V DbgBp6ob2GJ1aeA3IrfRlrCvNyDiVg8uhLJS14EUo7t6z5C2EMACRGCOnwrIdplV qMFncH8ROHvrP0tQZzVyZJ7IFjsmQ8pbveOpPimwI/5RXQnyreNgDdR6KAwNDhmW HAANYO7JRWgADvBnZChxLU8nTOAZe7ZoCmh1ZXumXukDaf93b3+NbrZ5wrDm5gQN g3g= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/expired.p12000066400000000000000000000047451265712655300230770ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0+Tõèkv€‚é`P¦§¨oÂr1hÊuôɬ(Fñæ[F„TK~ê6Á¸Cê1Ê'«zÔa2ÎÈåÚ10”/ÇÌd Iuÿ3DQž…o`er¿¾‘á)é*¬nìïiÝ_{häÅ‚Ë’(`©CÇn¿¥ïz“îIb ²£Å›<à·‹|_¹u&u³ðqõº\µê¬´_²½ºüjv;F+¢Ð©..á=XÃþÖ•éÍ!Ib `.]@”JqÊáªNp³&è•®’*ûa¶¨hq`Þ-ÝL=^Ô¶™=´ã¡_5°çð†Ì*9yµï‹èvîœõáíÄ_‚atÆDž7Thö–Ý%ØkÁå¢pŒÝ´´‰Ù€7x¦34Ò£s#]´_nÉ Úó.Ãl’ …ÍÑŒ¦Ç<ëÂ?-š1 “ÔO¿É³"S4¦žÒg#eZŠëj¬f…ä2—.–Oßõ´ s“•zÔ‡ø9*<œý¾Ž?óÀñŒ#3”·hFÌ$MHû©šãWWòñúCâ·æ5³ä”õVËuÑýŠ-K ðo&7lgsàCO¤yÈD{À&\¢CWâC^àë¡^µc0CuåÙ<0lVt“ûjz¤h¡e¾”:•qƒß %Xnþ’i¡X-·ÛMûÂU½ïãiïv_¥Ìç‚NÕ©#Xø­eý_‚õH0 ©ùÙ< Ãn¬±!_•|ŽuKÎÄôRz)øÊÛñR¡aè È:ÃS{¸PY–7îãHøé!’Ä@8µÒ¾Sdzz¡â£6_%Œm/ |‡„éÑQYI«¹õ’f-&CžâÉI ¨ß¤*:C¨¾7J2å‡TÍcà/Í‘a‡öÄ(õxŸ4âwË¢§W+ ›­;÷TЮÏøgÖ¬Å#õ‰‰gQ5ãð©ÓûÙÏÆ9Çõ¼UmX$;†ÂÑSá`Wô Jïj’|É•Á ÐÂ…¥M[ ‚mA¬â!r»Æ1”çœ0;rߨhénïµçju‚:”ÔG&6œH?…|‡ä#º±ÌÖA ty2 [šõ¼?É ÈÚùÑΠ€e- Mû”My®í¯µ*˜¤š‰3…â 7gn§µˆ‚Çq*€pq¸r&Z½ª§$@tÿ ‹?éÈý,³¬Ûˆ‰âÛ”cl ²NšËEèÇ.ÿj) ÃÃö´oîiUωíœåQòŽZèž•s§·3_\П GuîSwåø9úøÆ[ót•ýôÂŒ9IW@˜¿ìІUÄý7•U«« YþF1Ê.GºaK|ëgáß°³hóí5…ì ß·I!Gl¯w7º‹b‚0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0­ª=œD™‚Èt@P¡‡³ÎË¿âÇS:Ô“® ¯Ôˆ*óÝ,jJnÌâOe~FÏåx°MàÏ"+®Òñ01ÝMS!¹½ÜÔâ—á¢~Èú~’ð0©ÈI¡q(P Ç  Ùz¥ÐNõ>7[‘îðê¦îG ;HkŸå0£r¨0Žô1óf•S~Ì ¤RbV_Ž¸zïÆ^¾GhÖg¹|ìZa¶'¶ ¯_-w†Ì eÕLÇO`XÝUPE#BtÔÌñÖi¯wÿ9 l‚°èYͪ|´<0j¥ùùIɃc@º.5?=÷<©.,˜¼Ùß0M‘ž%ó2É 0´õùmf  ‚"XÇÁª ³‚ßá·àø5@f¡“µ¡Þ7t à†ÃjXFev­™~š÷!òŒ?ÚúrÚ­$`åéת·°Ó”íIé(H\Õš ›—˜e£Ô)|šº÷7u…W¥´ß'o™_®ÇßfÙH§ßèàz­W!€(BV:ÝËÁ¥­I…]°Ç/²).â„ž°©¶¸™GOÚ2~·4eçC„Ę@¨Ròm rRuZ0²˜þÉŒTÂEMè*ø\-¾«‘'‘VZ5€M zùÿÚq¹ÈçÓb[qêIÁ¾ªŠ(”mÆÁºÓ¡Üú›ÿ/Âø)*ã„z"rs3é®Q0\òÆ6Êá@Qîï¯âZUˆijfÛŒ¾^S:&š•a/ '&®,ó´-cÅŒ‚kuX/A׳G&»wË"ð ;%ÆdBAj5¾‡Hð[B'¼ëé(è\œ»ûßúUK|Œ²oVI{Ïø2 ˜N*1¨FœœÁ -73÷Ib4KÍK= e2ã%A¬™ Ì“oä}Ðd;ŸÑ}21±,åõ‰hyê«âá#,ŠB+ ð­èx£ÿØsÞÑGĽ¼äoÖKgÂ×–SBb.™š{f.‰Q„²’¸vü-‡3gg,ú.S¥û>8%¡ÂÃKª>½ ÊV¶<º–«uR¸´ËEæ»+¢²%Ê$ ;q¦O 4w©éªfù×,y&¢uú5ÚGkfÿ½> 0 ø1ߊþTÈÜzPÁ;Ù‘šêÂ×—Jk°•2Tâ¥rŠLœç¬–±!Ÿ Æ…žû~“ë´¬¨À‰1üSùEÎðëºOÌ'â}¬7K,³•>ow‚°In!tIÒ90ìEã.Aoì¥#Q¼‡æ`¸ÛèEˆ¤E&TaÚ?QgžÛ7Ð*¢¤;è?Ú—æÙÜ6™&ÊUkü 8Í©ÊTUÙ ;p|ì10Yl692hû=R—”ÛÙÔ\¦>Ø,œõßÛx¶Ð¯EÀƒƒ6³´®çöòc’eÒÆ”+î“E uK9]ãª|õÔ`ÍŒÎ=rï¯u®`oFÐzÍ{/¢ÝŠt†ð"aÑgc‡QÎÊù¿çFÓÖHëu9îfÃr]zu癩紷Ÿã$Vú²XFh¸‡u>±ŸÀ›ïøÀ-ÊaÂ"¾É^þ¤èŒÅÂåŒô/K·a°ŸÛR\ÎlÚÁIè”jqÖxà(oºa\"_‚Åçò˜/+\2àLj_gÔ[››ÜAF†{÷µ™£Ó¹ðõê)˜1%0# *†H†÷  1¯$>ÊQÚªÿ‡{‡£ |ö„˜010!0 +ëäö–eL£S¡ ¤B6À?ró"èþh]voms-api-java-3.1.0/src/test/resources/certs/expired_cert_host_cnaf_infn_it.cert.pem000066400000000000000000000112121265712655300307440ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 22 (0x16) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 14 19:06:15 2012 GMT Not After : Dec 12 19:06:15 2022 GMT Subject: C=IT, O=IGI, CN=expired-cert-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:ca:21:e8:06:94:93:10:4e:7b:77:70:2c:0d: b1:f5:66:df:66:37:bf:fa:24:51:f7:c7:52:c3:46: 26:97:7b:d9:48:18:6a:01:45:b2:8f:aa:b8:95:a1: 66:22:c7:14:56:c7:b6:89:2f:dc:fc:7c:c4:a9:8b: 44:97:8d:f2:43:40:72:73:80:0d:23:55:33:fd:8b: 3b:63:4d:a8:e4:fc:72:50:a6:fb:cb:71:56:52:8a: a5:55:0b:5e:a8:c5:c3:69:51:a5:6b:43:6c:74:77: 0f:cf:69:f2:df:4b:80:4c:3f:c7:b6:bc:e3:a6:9a: 05:4e:45:89:32:44:17:3c:f0:db:31:9b:9e:a7:8b: 85:d2:d2:57:a4:cd:97:80:4e:ba:e5:e3:7c:47:9b: 43:cf:85:3b:b4:1d:1d:0d:b3:89:b6:c6:34:5e:83: 6b:00:2b:bb:a4:ae:d3:e9:4f:43:0f:df:e4:18:84: a9:a1:39:ed:df:c4:8c:04:bd:3f:b5:c3:c2:90:5e: b8:26:2f:c8:11:4f:71:ab:a1:83:5a:03:28:3b:15: b4:0a:b7:5f:62:0d:70:9d:56:5b:c8:8e:12:d3:7f: e5:d2:65:10:19:23:77:c2:2e:64:61:2e:d1:5a:8e: ec:02:50:f2:2f:71:14:e9:d2:9b:0c:59:de:86:d4: 83:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 09:9C:C2:A2:D9:BB:D4:27:77:DE:6E:12:B0:4C:17:58:B6:83:E8:B1 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 5b:c1:59:ca:31:5b:fa:d3:da:3c:0b:c3:0b:46:50:11:bd:99: 9c:ea:88:f9:5a:7a:ff:c9:9b:f8:a2:4b:e7:ee:23:47:fb:ca: 0b:56:12:ed:8f:12:4c:9d:69:e6:ec:51:bf:9b:af:98:f7:54: a5:9a:89:b8:c2:0a:92:35:4a:a4:31:0b:f0:c8:5a:a9:95:8c: 16:b1:49:8e:ec:0d:d2:24:ce:ec:fc:1a:fa:9c:fd:04:a5:9b: c9:d1:0b:a9:8b:9b:e6:7a:db:52:c8:fc:eb:84:4e:b0:dc:32: 4b:dc:76:00:f8:bf:69:77:5b:69:a8:17:79:67:d8:43:f0:ce: 59:f0:5f:36:2f:bb:a4:1a:14:f2:8e:07:40:2a:3d:0e:15:ef: af:05:97:d8:a0:18:5c:29:20:a9:64:cb:e6:40:b8:29:69:3d: 17:9f:03:73:09:1b:23:c2:32:38:89:f7:f9:ff:55:34:26:96: 91:6d:82:75:21:2b:c5:bd:c2:bd:c4:8c:b6:1b:80:fe:52:62: 38:2b:f6:60:a5:6c:8f:1f:cd:f0:09:d6:35:df:31:50:f2:a3: 83:a6:15:c6:bf:26:41:f0:0f:ec:38:b7:d1:b7:10:bb:dc:81: a6:45:22:63:db:00:b3:e4:d8:b0:ef:80:02:5f:bf:39:62:07: 1c:bc:f7:e7 -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIBFjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTIxNDE5MDYxNVoX DTIyMTIxMjE5MDYxNVowRDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEnMCUG A1UEAxMeZXhwaXJlZC1jZXJ0LWhvc3QuY25hZi5pbmZuLml0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8oh6AaUkxBOe3dwLA2x9WbfZje/+iRR98dS w0Yml3vZSBhqAUWyj6q4laFmIscUVse2iS/c/HzEqYtEl43yQ0Byc4ANI1Uz/Ys7 Y02o5PxyUKb7y3FWUoqlVQteqMXDaVGla0NsdHcPz2ny30uATD/HtrzjppoFTkWJ MkQXPPDbMZuep4uF0tJXpM2XgE665eN8R5tDz4U7tB0dDbOJtsY0XoNrACu7pK7T 6U9DD9/kGISpoTnt38SMBL0/tcPCkF64Ji/IEU9xq6GDWgMoOxW0CrdfYg1wnVZb yI4S03/l0mUQGSN3wi5kYS7RWo7sAlDyL3EU6dKbDFnehtSDGQIDAQABo4HKMIHH MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAmcwqLZu9Qnd95uErBMF1i2g+ixMA4G A1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCisG AQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2ey60 afMn6rf2CItKI6IRScYwJwYDVR0RBCAwHoEcYW5kcmVhLmNlY2NhbnRpQGNuYWYu aW5mbi5pdDANBgkqhkiG9w0BAQUFAAOCAQEAW8FZyjFb+tPaPAvDC0ZQEb2ZnOqI +Vp6/8mb+KJL5+4jR/vKC1YS7Y8STJ1p5uxRv5uvmPdUpZqJuMIKkjVKpDEL8Mha qZWMFrFJjuwN0iTO7Pwa+pz9BKWbydELqYub5nrbUsj864ROsNwyS9x2APi/aXdb aagXeWfYQ/DOWfBfNi+7pBoU8o4HQCo9DhXvrwWX2KAYXCkgqWTL5kC4KWk9F58D cwkbI8IyOIn3+f9VNCaWkW2CdSErxb3CvcSMthuA/lJiOCv2YKVsjx/N8AnWNd8x UPKjg6YVxr8mQfAP7Di30bcQu9yBpkUiY9sAs+TYsO+AAl+/OWIHHLz35w== -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/expired_cert_host_cnaf_infn_it.key.pem000066400000000000000000000032171265712655300306050ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAw8oh6AaUkxBOe3dwLA2x9WbfZje/+iRR98dSw0Yml3vZSBhq AUWyj6q4laFmIscUVse2iS/c/HzEqYtEl43yQ0Byc4ANI1Uz/Ys7Y02o5PxyUKb7 y3FWUoqlVQteqMXDaVGla0NsdHcPz2ny30uATD/HtrzjppoFTkWJMkQXPPDbMZue p4uF0tJXpM2XgE665eN8R5tDz4U7tB0dDbOJtsY0XoNrACu7pK7T6U9DD9/kGISp oTnt38SMBL0/tcPCkF64Ji/IEU9xq6GDWgMoOxW0CrdfYg1wnVZbyI4S03/l0mUQ GSN3wi5kYS7RWo7sAlDyL3EU6dKbDFnehtSDGQIDAQABAoIBABLbXPij6Ztgbq6l ikAz8XfZOJr3s5278ckTgX0dPIpKe1rePxdwRwpfPvfqW5Pt6J+TDJmZ6obG3YoW x7xxB2xCwMMvChTlF+TLjCS8Tg//4GK0Mnwdplq8z7+pIKzQn0l9e5khHUj6TqOD aMjo1KqDWhDXkHVzUB+Bwvz8YeCUhsg9ONJzb5XgdLhX1NjjaHuiIC/jzjI3M8y+ xXTuTpsr/RQ4IUmElX+BD9OHet1f5wlL+6FLl5eoNKSF73LT9ptfYT/uIhFBSjcR HIbF8RUTPCDpboKaPNaw78mjt0yq07NrHtPp6JrzkPH4ZMSayq9PVVL4UPZmLcru j87gaiECgYEA8X1RxLSw69BtHczH6RsGzCALL+RGJGdMC1hL494d6fBe+DMZWUp+ myAoGvZFTygXE+TN2G7dugK/jMwjHU6SHrgqDuaPIPXQFOQdnSImvhRhkC9n+KGW t0irwm/Hau3p4av+IKAv50TiHNf4fCKiDL1ltnlE15G5hIuBPph6ZUcCgYEAz43W 8vIIRJ9u2r6HlGjW9uxZmoBfQjRqQ1d+uIyNXn+QwYPH8Iw7R++oK0xLPBA62EPQ kwKyJhqs5L95M+SfP+/5GOQnjDOyKX//sqIvKHzV1dFZzr2DZo4vsJp/4pvY1x78 vteqDYjPNCsQbA1wTsx2PT2RovPf0AzWPgwxhJ8CgYEA0tIzFmUgp134RLHIPKsJ jh7TZWYGDjXX33egGTiKKPdeEZSapqcwTEEQgilJbMd1DjsLsc1n6MIJc+OrLCSx z/u7S/LgNUgj9nkHmWx9Iigs3HFmdVqsdyoMONzY3XMCYa+DVfxClcY/GCs7lTOv ASw/pcPM490mdp5LoNgA0nUCgYEAmP5QJRNeHt97QolRvYcudiOwxR+9mDq03eEA Cx+oEbFszgjK+DkWdadmSkxZ5PN9vO74L3W8RjRBn/i4ahUrgmDtOHjt4f41ZTvy CwZcRrcGlS9VyPyPgKhs5PxuKmeBBsnTuwWUV5eyTR01ZMDfOWaj/e6FjR3BrEXa IzCvy7cCgYBKsNp3XNEblw/VX3O0GWjdRdQP2Gz7T8SL6SZXe/4R7GG51yNP9MJf fRf8aukg1sCkkpl53Hc22l1r679NpUqJ/YL0fiWEa7OPchv//9MASCeNiJJmhkoQ vPQ7sFbY467YmAzSUiwq+/JaDFt+bOax7tt4qbgzN12AeNLlWKYTvA== -----END RSA PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/revoked.cert.pem000066400000000000000000000111211265712655300241730ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:20:43 2012 GMT Not After : Sep 24 15:20:43 2022 GMT Subject: C=IT, O=IGI, CN=revoked Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:54:52:82:ea:f0:fc:93:0c:af:f4:6b:51:31: a6:66:98:9e:6d:7f:dd:87:45:69:3d:bb:64:03:59: 58:d9:59:16:f0:f7:7f:a2:c1:6b:27:1c:f4:69:a0: 1c:dd:97:47:73:8c:fe:2e:c1:fa:0b:35:fb:f0:49: 01:6a:a8:12:e5:39:a5:3c:00:ec:de:8e:99:12:2c: e2:8c:4b:7a:5f:f1:41:7e:6c:ee:eb:44:fd:e3:b3: a7:f9:72:9f:75:8a:fb:98:c0:77:b5:7c:90:58:ff: 0c:04:9f:c9:11:3c:71:39:de:86:df:d8:22:f2:e3: 7a:32:ca:cd:91:dd:7a:3e:75:7e:20:72:6e:4e:e6: a3:ab:92:39:ba:7b:b7:73:35:5c:30:46:f9:d4:27: 60:79:ba:dd:ef:19:ee:30:15:9f:a1:76:04:a9:40: 94:83:03:74:4b:da:4e:b6:e9:9d:97:92:6c:39:9f: 64:51:fd:32:b2:b9:c8:41:e1:35:e7:86:37:86:26: fe:91:26:cd:7a:f5:84:42:77:34:54:04:f4:1f:7a: 65:85:13:db:3a:93:40:df:b7:5f:6c:3c:1a:3a:ad: af:e4:7b:94:1d:81:10:f3:29:bc:c9:2f:af:28:83: f2:af:c1:74:f9:c7:88:7c:50:24:e5:e3:80:12:6d: 82:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 96:99:F9:67:14:C1:69:AD:2C:92:37:FA:9C:83:54:95:F3:39:2F:B3 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 5d:3e:5d:1a:94:0a:eb:ea:30:e0:95:b3:53:9f:64:a3:b1:2f: aa:69:40:ca:b4:c6:c4:93:ee:96:da:66:f9:8c:59:9d:30:07: b6:ef:95:0b:34:f7:7b:0f:6b:5c:25:d1:16:59:e4:db:51:6a: 5e:83:8d:41:48:d3:48:29:58:82:e7:c7:8a:23:e6:d9:97:78: ba:b4:af:71:b5:2a:e6:65:e3:18:2e:48:05:cc:0a:76:49:e9: 61:e0:75:e7:40:8b:fb:1a:8c:a4:63:6e:09:07:26:40:20:33: ae:c7:74:01:8d:d0:d6:8e:9d:20:c5:c6:bc:71:e9:e8:db:cd: 97:b6:f8:76:fe:92:71:8f:6a:46:5e:88:93:94:74:7c:c4:a9: 35:d2:7d:ad:58:7c:d7:f0:a3:ec:32:84:2a:9c:88:9a:b5:b4: 1a:88:f8:5d:e8:f6:da:15:d9:d4:a8:b3:5e:c6:24:b7:c1:ba: d6:06:74:c4:16:75:a6:86:de:43:5c:d4:09:e7:b3:71:41:8a: 68:1d:e0:18:a4:e0:ed:2c:fc:6e:e9:80:08:8a:2b:a5:b8:af: 0a:1f:f1:43:78:41:99:ca:ee:18:45:10:44:e5:3d:56:69:87: 1e:9c:f5:50:64:fc:41:9c:11:03:a9:95:4a:ad:b7:eb:81:a0: 2a:56:69:a8 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBBDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MjA0M1oX DTIyMDkyNDE1MjA0M1owLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEQMA4G A1UEAxMHcmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBU UoLq8PyTDK/0a1ExpmaYnm1/3YdFaT27ZANZWNlZFvD3f6LBaycc9GmgHN2XR3OM /i7B+gs1+/BJAWqoEuU5pTwA7N6OmRIs4oxLel/xQX5s7utE/eOzp/lyn3WK+5jA d7V8kFj/DASfyRE8cTneht/YIvLjejLKzZHdej51fiBybk7mo6uSObp7t3M1XDBG +dQnYHm63e8Z7jAVn6F2BKlAlIMDdEvaTrbpnZeSbDmfZFH9MrK5yEHhNeeGN4Ym /pEmzXr1hEJ3NFQE9B96ZYUT2zqTQN+3X2w8Gjqtr+R7lB2BEPMpvMkvryiD8q/B dPnHiHxQJOXjgBJtgvMCAwEAAaOByjCBxzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBSWmflnFMFprSySN/qcg1SV8zkvszAOBgNVHQ8BAf8EBAMCBeAwPgYDVR0lBDcw NQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEGCCsG AQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMCcGA1UdEQQg MB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQwDQYJKoZIhvcNAQEFBQAD ggEBAF0+XRqUCuvqMOCVs1OfZKOxL6ppQMq0xsST7pbaZvmMWZ0wB7bvlQs093sP a1wl0RZZ5NtRal6DjUFI00gpWILnx4oj5tmXeLq0r3G1KuZl4xguSAXMCnZJ6WHg dedAi/sajKRjbgkHJkAgM67HdAGN0NaOnSDFxrxx6ejbzZe2+Hb+knGPakZeiJOU dHzEqTXSfa1YfNfwo+wyhCqciJq1tBqI+F3o9toV2dSos17GJLfButYGdMQWdaaG 3kNc1Anns3FBimgd4Bik4O0s/G7pgAiKK6W4rwof8UN4QZnK7hhFEETlPVZphx6c 9VBk/EGcEQOplUqtt+uBoCpWaag= -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/revoked.key.pem000066400000000000000000000034521265712655300240360ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIAKi/yY/JVnICAggA MBQGCCqGSIb3DQMHBAgXPKCKw7KDhwSCBMiQ0ECkW7LMbm6A0NLpIM5SZNjFySJ2 Eyj/D8JK0PqF8SWN80a99sSXslM7aWFlyOaKITXPKDkdtpocGEiLvR+kpMq1XeKX x3K+g/5bWfpKwPNeu04n8Dq7riqyKEgfiEk7gyQv9OEdQvOmq5I4kQq+xzsnLoS0 yoyjZhQw451iqBJpEtea5UIdvI8WAcA8jGFamdXALD/UsLM8/qCoaj2AyEudFVyz 1d9Ea52XgWG6ahXfFbjkjaVN4kE44QTkoq7ZpYPKQwyohbbYqlsY7fNFTcf4PiOr ltMNNuEaDJHFwsoOXL3LF2oLh5XNfYG3hnKZzlMgRgZKZrQFpuJhDNswZm4Pl+bz o0c8PeJW3amV3d/oWRusen9bq4eYYiO22hqE/sdqq4YYHJVoY/7CzUuPsELxWAVD M06F/WAC0Uqtopwyy40Q39TwZpUXNsrc/sQG+bL4VAZV5uYcYNm/75nFbbOiTlN/ 0JoWBlWjfqvEaNdITKGfSK5rv48TuJqUb5HBz2EKB7gUCWyOyuXupA7EgCXqm+n8 SSkuUImKuGpBNk0Lc6buLeXjUsCcupEhpYJrkCzebK/MW9NobXj6E1k3O43ZkO6a WtnDb3lI7w3wEOkl2ez2SsSc2fd/wIno+8TLpSbz4id6upEoYu03I7jPpFTuewgc gzWHay07ZNB5zfOkmIaSkmwNfganGtqR2fL8fPCBOoQURFrSzsjMHrovQgkjHyB1 0g6OdvCUXwyQBjzyEby2hO1g5Wjq3DcJgLtkMhSB7ImrLWo9BAAuyAAQUGj2umzZ VgxqxMZhA+vceDT5XAiY0hiID2AlkBO75L0thUtjJ659cjpBxGl5sNT4cpzMoWRM LlJGjfwNweBwsQ9GMkQAnRgM5/8uP7igBpCdmstuU54AEql51rLcXJPKIK96aYvL id3OLwodZDN2Fetr2lUZHb7TnJnHKpCy2HfFRc26780tiCvhOdG5D3RwGg3A/LGa vuhGq3VDi02JiMzGzMvsIuzvNsFRAAmwZ8+4PE8fheQARtmHASZ5hQFDFoPuvS9Y 6GWSebmrQmgcQoYFPsDqOsMNqJtxJFdLcTlfHz66RYpXm72PerDoQZA3JYQ6Yyb4 b0ZX29VnCBVfoVppPXrCdotDH86URlcYv6c25unkGNRZv9voSZiC5ikwz05Hwll8 804511PKFye4hlt1DEizwrXqsJO8Mn68SY2/TahrqclrpZNjlBskKZyvCHUivezn dqTHm2xjnqReOoALJPumbsdTcDdVHBxY6gXtn7CGQH7xicjBtvR9MpuKuMGavO3D 4BxRRhJXZgY9WgeUnXJDQ0bpj/2mmcY7Yd2mHT0GWc/TnrJclXwjx8/gp2Y8INp/ BN4HKMu5/xxFbwhZnBaAJQ/zZ9dzA6pbcqub0Ye91UuU9iQwHQVDB4Dce0wCxhYA mHHFLB3q0/h1BL1FyZhkNPL2r09SyAH8ztFHFqTDJLiCYsCiU7FcjG7RsN257nDO yLvP4oZCF0ZqgATrNVjmt1AY+yV4prVVO8MwmZlpSITH7DU3bGK80m3AKeUPSGms T+IovhGXNmNbi533wsi0D738B5I3eJodjtQ+S4yXWeZK57pTu3WrOdokPgvXgdLm pHQ= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/revoked.p12000066400000000000000000000047451265712655300230760ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0‹TÃIGI£L€‚딡/Ó©^Úe(Ì ,M_¢:HàŒÅý=ˆ0ºèØÍw1:ia(¶)6Ø ¸%b¨›“fP[ØvÖ—IÂþÅ7kqI¢+rtµ ÒÎm˜[õÄ¡ù÷º»Â*xnDà )õÿÈÛƒÓÙƒ)-£,Dc·OÐæÁ!£>«WéW`6è´Çàë=A»s‡…KõA7 Eˆtía.p—,~§ìÀä!±ó‚ÆÕÑï!=¦ÿf¾YÞ‚h½Ÿ=Ûâ|”gßÿj;Ã%P#¤G_K³Ã™?ŽÓâf§M;Úí­íŠŒ½áê¹îÆòò»xm-¯åþëÙî?Ikjîµ<àçæ?îWÖ-½ŠiVÀŽÎW;Ù÷då¹ -Ð²Ô ·+šéEY^.ÚüA0Hcê±*øêýFÏ©â °óùV­¯È`>z'ZG•G™Ò”ÎDˆ¿,áuÖÎÄüòƒ´øC쳕<Ò1ã4Y¤YB?é÷"ÔZµ=µË©|É_ ËFH:µý€ÖqS4ñÈýáøñÇû¸jÐUJ¨lË-c:ffrk9ìQ ÆÍ{™c¡ú’E^¶WFô(ZG?žâ«wÖ]×—îŸcŸ¨½ÄAÅ=œŸ@|>fúELæ°±Ê&{eÚ·žr`ëVr ËëÜ-娭ûñH%V w?1ç­sÏPÖ2è^e•:{ àÈk¦Ÿ» Ý ‘FZ¨‹xКæ쵈qÇEZÅñÿÃä™bs»YE¼Œä™qxóÏÇj~ò%tRÊs±ñf×ÌQÙ|ˆÈT¸+ÝÇe’‡>xJs<äŸÆ¬h‰ ‡G)u„FßÐKý‹÷2`‚$Ò–­|ù ó9ÀÃÍCÊÛסÒÂ#¨å·œZòÞÔ X‹;½H7rùu÷ÏÇÖŒzzÀ¿²cÃF('mF¦‹½¿÷>ä¾ÎJ%q1!ƒ !E[4‘¼mü/«µàÑ“[‰1<õŒuÓSpÂh¦0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0B „,lR‚Ȇ›é— —üe÷nÍw vN,ÜƯ»DÏ¿HÆl鹩Nqµ9Émá!.z ™—õiÁêSÏfÝBÿ± I+¼°MüUär9bŒPøHˆɺ¿Wõ*ÝÓؘè§ÓÌww—Ê’æ9­ÄlŠ GrÏ‹áÖCBléí'²MЋÍ/P (G+ïrÙ3YVÑŒ6ÿÇÇ°›ª»„8†ÓŽŒ˜q/À|«6ë&6‡ê³ŸÂù.¾…åÁEÑà†³rC6ÒDêëï;hG”h“eý1~y-xÕìš &~2”pFqY‰[X`½»*UnþûÖ4K—݉'Fy£‰ÏÉßÔ9%–eý!H[òÚU¸ÛK~ÈÙ‡i Ÿ ’çìMD.üfkoÂSÏ«B("W|0kQ1¤Ó2{~¤ ø M]6‘Šã'> XÔÓ‚ƒ:IW­á÷A” ©xóÀ~™¨ߦc"ÔŠo=Yq !ƒ~ÌS(Lzµ8²ÚM±0e¼ ‘E§ºfbWÄ`ΪŢâ©Ttæ F& z4ìÊ.» Ôk){ÚäÙ¢ú Þª¨ËÌ;ºÑ[SÕe)ê8+/…àÚ\˜ÌhðÔàÌ ‹Z°Gé]«C‰íÅܦ*/´%;ªþ~šÇøYRGÔ£“Ã;r!žÏ|fxíƒl1 iТ¿é,¸2Ý"ƒ£Í‚ït&$áð÷_ÿé-t@Ž‡Õpr¹J$Íø8ôq¼ØHÏm±Ìñ®È­`Ũÿnrhz)}Ö°ZnŠ S˜…0^^¢5 ä¤PÛÎùÄ„ê±d=õÍ©2 ¾°9ì]|ujb¦í“ÆÙSªø&tsã]ï0oÅ%<{$NØ“€æfv~Î;‘ûÂD1¢† ú´„/¢܆F͆*2‚nàŠ.¼ŒýMêÏûÀ ÿ2ö•±ç[ÑPÖniÃ7ò0‹¦”›ÃçÛ Ç.'SVÖ¯M-'½ïko†„–¸œ÷ Yñgü’ë=@”ªä*Å;,M{Þ¶ü\›Hç]B+<®w4’„óFø!“ODl¶ø%»ÐNÐõMMŠœgM—•¯`’Ñ—°Þ‡@– ¨úàvÁú®\Ÿ§—•×rR?û{7䯺WtÉëè/ÇÂ嘹x~KÞi(;;??¶•|ßÆï/ØŒqÝE}j<ÇÂVoà˜ùnÑ[f¥@Ï*¸e`JMžò È&/îÚ=n‡U7Yåméƒ%we'”Uò½˜èžÏfQæ¼IÿP*jhƒ·Èktsü³šôŠf%Í ëÕ¬Ëc¡¨¦m%uªß*a:ì~ã Ý~Ü—¯S;#œ¼ðs2vå- |’jÖ˜ok¾J¦ÖáF’n ¹<«Uå¶dQi¿Å>Qt=Û½ 6ÏEj`w°Éî*=kºÄ3ÅŸþ‹¿q˜Üï°ùâ1)Þ8åÖh–»š£¶³Øz`;VNÂÓ’nRŠB•Ãšæü—C”84¸ë ¢Á¡È¬¹îï„Hùsó¶% —@CÁA·š :Pn>ªº€€ˆÉ´'LÝ[œÄù£—zÿècžÊ´ŽVÞ«·ëOÀ,Ê$ïµæÄ‚€~è¦ÄËq&±»ËÐE}æ1ôx À#óI·mGbiAÂ[­™mâg¯Cû8¶• Hm12µ9ÊÀþ0B÷ékê6]Lx&%ðä Ñ>÷e&"/dbÀ?Nt1î„¢¿˜¬!®#ŒŠÏ¼Lt–µBd©lïNÆ–UرQk­§¼ÎK¸Ú¤¥ËùË͵ŽþÈ—•$•£¬v¬V ô?œ¼ÍŠ.ÀT _Û‹Ž±¹'9æë¹fSqTü[âÊãìe8ölµ‹ˆ­O 6ÇC¥0Ë6«Û3 ài£˜ÚMeàDZkÖG ?x›è·¿“e<¼\¾;Ï1FØ0WäÑÊŸë¨9œ\¦v9æyãÈ àÑD8l!]i]´ØO4âÌÅåU`Åü¸’«0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0š<_R¥I‚ȳ»Ú|fËú~XÃŒ¤h$§%+~p¥hîê#ëZož[ëîYJ–ú%°y6ÓOgã$~~è<ŸŒ Ÿþ}wõÝR.4éÓçë!8J™žŸo±„¶á”Úv‹Ü6ÔæÖâ°ïñâOã#ùXíabRüî¯ùò hÓâL88Õ£§éí—Žáh°×&æf6 ¢õ#´´]öÓÇ‹ÞOž ›«­H…j±_ò*ή®b:êî“D ¼%Wzò‘Æk%‚,v:äj#“«4®Éòoœ{Ì^ÒüÛˆ,RŒ_·[iþî KÖˆ‰äU³'.þÛ.D´qœ&­}d¶Æ¹v{ÒèFüª?ÛÇ1¿èÓ¾¶³]Â@åm.劇n"¾Oò?X®,Q“}Ó»ý-ßVÆÄ€T÷šÞ¸™½Ëšæa _\™s¥kksE_œrh¹[záb"a²dš6C½CÒ’'OմЪÙŒYé º˜ñ™Í`¯ÄAe.üñ˜nøÀ½khËw «Diy_¿ñfƒK¹Z@Nxñ­àk~úÑáIcˆŸ¸ã4ÐõòÅE½aÚ ÇU€Õzƒû\rVåÖ¯&?qXö9àƒpGUdd?ÃÛ‘Ô²¶ï ‹|–j IRâ  D¸ÉôKwðJV¾Sì.²÷ã±òíÝg¤š„ Á#1Z­êû4; o•°ÝÙSt‡õ°Ü.X£Ì´Eê‹—`ƒkW¯ù•zäT5Õìé.Ï Ø(¿=±0µÜdt¨å²‹[v(ˆg7X>"F‚£-n¿Zºízð ó­¨ñé¾.KžnXï<¢³[¶“¢`nU&êç˜H¸yØ"üJâTæ`üï"@wÐ>g—Ϻ4µ…€6)úªÂø#6D±LÃi`?=l)ú†ä©Šæ3–Ócƒ’7Þ¸’m‹V€¨AŸc”Þ–ô§&Å%M?âÖÒarBõúä æ§äÜYÓC¨Î¦±ðɈŽûðtÛ¯„ø…AöXde·UË ãÁº}dÇLjù>»‡Õr ÏžŠÓÅ8|*7#çƒC¾Væ¿ñmiF‚û[Có*¥×;ï-i-±Ègù/~¡Ëš¼À_Æ&HÌŽ'Ìü”ŒÈY}@ÝO«}õ o Çðw©ï0» ñáÈ‘¬QÁUj£`nb-KS¤ƒ'0£0@Çâ):9Üûù~¹˜j$à'GWîÐApbçq¢·Û’¯Î Z[&Np‡{fµ“ÅæÀ(^W9ÿë0XPÈ/ßþB3óPþ—oCHxo üE]a¤ôÊdF2–¯ø« 9»Í.–jt´Mƒ.Øã6,üîÐ~]dš&+n²nøôĘԑD;« Žü?韲ZÕ½p6·°Ó16ÇlÓ’GŠq´vu+ ,âÄ&¢«~¬ºžÐ!ñ˜,^ñ:Abn‡x}“ŒG2Œãwç$þ=lE7ÌÒ/&$ÞR+Rr̓ 9Cž!»*{ð8äŽQÔ°-2û..Ž9ŒòÓa}eŸUçŽYªEp¿‘ujÌ}>ÌV;Eý•ò¢Îª}·ò˜z]/~Åtn{ßÊe"¼–{Cøƒ1%0# *†H†÷  1¨5´ðZè¤2©£&ìÍ Žú 010!0 +½V ØèžoH®Šî «=Ÿ»$œ‚’Âý£ªÅvoms-api-java-3.1.0/src/test/resources/certs/test1.cert.pem000066400000000000000000000111141265712655300235760ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:36 2012 GMT Not After : Sep 24 15:39:36 2022 GMT Subject: C=IT, O=IGI, CN=test1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:d8:5f:03:36:b4:1d:28:58:22:0a:ce:1d:37: 79:17:d9:3c:8d:1e:35:34:76:04:f4:7f:9a:86:0c: 2e:06:26:02:9f:93:9b:7b:36:0d:8d:57:24:55:f3: c2:be:d0:9d:26:0e:91:54:86:48:fa:db:e7:35:ab: 53:63:ad:32:1e:78:13:69:a0:64:d2:19:9c:6a:9b: 1a:d6:e8:7a:b5:33:5e:01:e0:0e:1e:0d:9e:98:68: 0c:1e:6d:42:34:7e:45:6d:05:e0:70:05:88:a9:0f: 51:87:76:37:34:93:c8:58:1d:e0:b3:19:7d:1b:1c: d0:43:66:83:b7:64:92:98:ed:e2:ec:e7:75:eb:7e: 81:4c:51:99:3d:fc:5b:5a:8d:8b:fd:3b:ad:82:7d: 24:65:83:40:05:6b:01:37:f3:53:2e:80:8b:6a:f4: eb:41:9c:4a:a2:2f:03:e7:d1:74:c0:11:19:d6:04: 54:04:08:60:21:e3:a9:30:91:11:a3:e6:53:f4:7e: f6:9f:a7:14:bd:70:f3:c8:96:8d:0d:dc:a6:28:86: f7:f0:8a:34:02:7f:3c:15:dd:bc:79:f0:58:e2:fb: 33:fb:0a:a0:88:59:32:bc:c8:0e:94:a3:d5:de:3a: 80:00:61:be:31:9d:19:e5:ee:f6:08:3a:8c:f0:44: f0:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: DD:25:F1:5B:38:2B:67:15:1A:F3:B6:58:E7:3F:CC:C8:6A:14:4A:9E X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 6a:2b:55:3e:a9:29:94:d4:94:e4:e1:dc:1e:2f:a1:0c:14:90: fd:1c:39:86:43:6e:40:45:db:f5:66:90:dc:21:74:8f:9f:28: d2:46:c6:09:e9:28:f0:c1:cd:a1:81:e6:81:e9:be:f0:ae:38: 46:06:f9:50:70:12:7a:23:34:95:55:c7:3f:63:75:40:00:2b: fb:d5:2e:0c:5e:b6:95:70:11:61:70:63:14:8c:e5:be:9b:0d: 7b:3d:68:a2:90:61:01:bb:e8:be:a2:a6:93:60:a8:91:15:61: 93:0e:87:be:69:ca:af:4d:0f:3d:ed:0a:1e:d2:be:f5:54:8d: 12:91:38:33:f7:8c:75:9f:91:36:65:72:a6:28:8a:ac:cf:55: d9:29:40:62:a8:2d:48:d9:b6:dc:d3:09:e0:8e:00:06:ec:7b: c5:63:57:5e:d5:b2:85:cc:5e:5b:6f:f0:54:15:d6:e1:92:6b: 6d:75:72:45:f7:9b:d1:21:4f:79:81:91:54:85:e2:4c:fb:68: 27:e1:e1:a2:43:f7:8f:df:3e:8c:49:72:01:64:81:cb:2f:a4: 77:f6:ca:a7:cc:54:62:36:39:8a:04:c4:b9:6a:21:3a:6c:cb: d7:d3:33:ce:49:6e:3c:b4:83:bf:b3:bd:0f:6c:82:a1:7a:d7: c0:59:d7:61 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNloX DTIyMDkyNDE1MzkzNlowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO2F8D NrQdKFgiCs4dN3kX2TyNHjU0dgT0f5qGDC4GJgKfk5t7Ng2NVyRV88K+0J0mDpFU hkj62+c1q1NjrTIeeBNpoGTSGZxqmxrW6Hq1M14B4A4eDZ6YaAwebUI0fkVtBeBw BYipD1GHdjc0k8hYHeCzGX0bHNBDZoO3ZJKY7eLs53XrfoFMUZk9/FtajYv9O62C fSRlg0AFawE381MugItq9OtBnEqiLwPn0XTAERnWBFQECGAh46kwkRGj5lP0fvaf pxS9cPPIlo0N3KYohvfwijQCfzwV3bx58Fji+zP7CqCIWTK8yA6Uo9XeOoAAYb4x nRnl7vYIOozwRPDnAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU 3SXxWzgrZxUa87ZY5z/MyGoUSp4wDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQBqK1U+qSmU1JTk4dweL6EMFJD9HDmGQ25ARdv1ZpDcIXSPnyjSRsYJ6Sjwwc2h geaB6b7wrjhGBvlQcBJ6IzSVVcc/Y3VAACv71S4MXraVcBFhcGMUjOW+mw17PWii kGEBu+i+oqaTYKiRFWGTDoe+acqvTQ897Qoe0r71VI0SkTgz94x1n5E2ZXKmKIqs z1XZKUBiqC1I2bbc0wngjgAG7HvFY1de1bKFzF5bb/BUFdbhkmttdXJF95vRIU95 gZFUheJM+2gn4eGiQ/eP3z6MSXIBZIHLL6R39sqnzFRiNjmKBMS5aiE6bMvX0zPO SW48tIO/s70PbIKhetfAWddh -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test1.key.pem000066400000000000000000000034521265712655300234370ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2w+ugQqEGFkCAggA MBQGCCqGSIb3DQMHBAgPZjfe798p0wSCBMj14OJ0YNJgksOCyBC4d6Jf6pDKS5g0 RpITRrYmqrmcD6i9d86HVHMIXs/G4MYpe3UUerJPXOAEVR4gqvRXmDAphCNPF0fW X8f7erMqKHpfYtS9icsucu+hp/MCQ2t5Cu3KZ35ggAXX5xKxjDH89RrLYTUGUqL5 up9KkSu+wYM7UueZONnn/22OLGqyJfNNE+H2tX5On5xg+WKMnqcu54D5P+hLehDI km1idAtXGCAOwYQ9IV/WZ5h+5pllsjjV4HmNVWnog4SFs+eXjgsw6/LAiuq1wVcG CKU9cW8OZVqko88O58nWHAFyN9oNh6C9roIxKLjxm14OB+rTjxn2hKaGE3mOZWxw 5TCLukwbRRagtq/oyCcNuDdL8hOCQhtOaNV35VKAEFyasEJLk/Uml8uEkZIEWQsY O4XlNl4gToFSRYNFrA33ajJOeZwwPzuhjTutv89KhnSRSCboVchH2bvTLwuDztjL 2TtAu4r1IAmdUDBOJIfsmyLajCkFGRy1FijzLejrV+/VP/0cwvGyWG18So7mjDpD o0vBRD0xRcE/tx+Kf7/42cBGV6NKkVBjGTC9o5LDVjWUe6Kmt18ZNonwKqkvf41h pK78uODctK3KMfO/u/zjubvBdW9EXc7PwgcMdptEqF4s/dCdtmjB4HgB11th4Iuy 9ZZ8vkgA8paHk1JpLn1BpZYpDG0UZQcV4Kvb5x5LbrzB+ijpY6BBAmNhODSDYl/3 nj6exdm6Hd8wYMon7ehQA8wjqGyhuWT86nL2P8Pq7Ir5kNw42zTEdscx4ONe+l7h kWiT5UROM/1dskrIg9cGsr8/m6VCCIwb+uiEMV4+CfR27lOV0FV6Pjr/fxfrjVUA sOBw/pLYQWMt92zbZuD8IpmIrU1BTmr37uYqE34p0rgzjtfmabSrmXHzbFgDurRT toMt1iFQFxC8riMe3tZyOyAjsQl0l6uXyFv5od+WSkxdZ50sOmRs2UmVnvxVkXzv bBD/dn3D7EqQx+V7avVj6UD0koCYnu08ajWLfnQT9XHGFkngWkpZ3XXUYsBV0mKK +uZPqS6N63fhM4TZqFIMKuE78RQZjK/ks/NoGHHRJ7ptlBTMPcLO2AaJUZ+6CKaD zvFfLn0HpxbwvlgHwlakPyif5qqkpThHmXeblDL++BvVuOpUQSNGVZs5++YK8Bu2 I/op9GSg9KKkBFpokpoXwFPEtXRXOTsduXT5l3FqZrj4GEnwwm+z4jfcsF25ffne EAEYPe+1mFTf0rpKGRO+lor87ZmovVm87nsYIhzHYuaQVqJyRep2AlwvvRYJtbiS 3rvCBrjGsjjv9HwPqKqxQG6OMbdL9DOC3/rx/8uHtacHIJqnNON4FnhBE53cQU02 2zSQHXOFPDMSppSlXNJga2/UHBs8EWKbqWzNTpxdDRXeWh+INSXL+E1YQfeUEpJo 0g1aJT24pXDbA95iHvyZQvJO2wTT8tkOAuffCegP/MXfuSvOnleCTrsGM5mm0e59 HXpC9DWhTqG8vOWME+r92Zzk+MiMCFfe6oXgeavDF0BYswB4F03qKHF522EwIMWs 9Uw+EG42ePblRDpJ3P+o92/T3gbSEAV3npqZDVC4jyci0HeAZKho6487WSe6Yfg/ O1A= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/test1.p12000066400000000000000000000047451265712655300224770ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0 £§A" :'€‚}=s ¤mËQ›f›Zšû4²<¿%»j1]+7R?µ}–Wv–5ù«–äGûú AÙµJŽßq\‰4¯õB£W©ÝÈýv}‰ssoÄå•Po®ñ?"}̵l5ñÝ•úq13®­Uc“5Œ•Ÿóü²‚-³wáÄ)´"\4é39f¹öôzĈV¾ÿB@îû”çt2l¡ìtK&•FjZ®Ç_f FF¨µ%Vš_´ÃÐ-V©Fnè&²]ÊAæ?NO7Ô®t;Ç L“bÃæ-}÷óœ¾ó2¡Dä²Nëç;žç2uù7V5R!L†ŸT=„ úÔaݵ8]1 ˜)‡N­šP1`ž&^“; ²ËãK+˜ª|É3S™ªœ¡u/ï0o,”wñ«á¬bÍÜ¥[äNÍ…' ñúl>ÏéÒO´#jZ 2ï³J¯O­MŽMLLçîä4WDxév¢!>Ÿ=Cl-zî–9Ú€•j}QJK„UÀ·åQlÜŸ¦Väv¤n;dµ¿RÚ1’Y)$Ü §ã«[‚ôî2×A§¶(×( ˜ÎkIYOg1{^c”âbX3Ûv¥(% *ÝË~±»°pmžö{{ÛX6Ð$›ŸîLÚ ù ½m,€l ëCÌHÂZõI~³}Àê<…hOÊÍ^V[©º.h¸Þ¶VÈv°ÅqÎæÕƒ-Åc mÍDU—dœC*š`_:ûiØ —¤pt‰Æe½‘. $ŠhN™,ùú¦¶ç3¾}Üú`^ÃîZ‚…†!)à½æ~3ŒìÙ;ä«5Ú‘4à³ãZM‘4üñé¯Y‰ÅËÙÇŽ¥^¸« ‡^ šf—³° $?çÍÛ³Û3!ÐÁ9)LÈ©G¿°OÕ¯ðôøÖÿmxXß$›æs†b¦õ°Ì³w$¢GË¿Ú'£˜a ƒ¦Òs0a;Ö™Ž[Wõü~³ŸY¡"kinFŸ K›rì÷ÖçŸZ0EM«­t”[nœ«òf&šßЀU•Í¶÷…0¾¨í¯§I ?~܆K[³µìÑÊåKp€ï‹Dtù²mSA›jvöhng©ßÊþO3A†-i¯Âñö03‡M>2m«•œ”W©h¯“©çœø”ŸßtcBÎPR­l€~^Å¿E¦âZ6P¬rz×ÞÞœE÷T ‰Y·‡€.ge?«ÛDˉ0r-ë}½çªu0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0‡½%V䙂ȡÉàVþÒ•êçdĪ}×LØõä´˜Už¾ ÖOí+Y€ýë1‘ |{vîÞç»\œ™&‡"M åã¥EWü8í ”°ëÙ"œïŨ&¢u<ÕRñ´˜B)ÃÇ}‚\¶˜öÜšeL"’mZv2 ËÖÚ Ì àÛ1XÂú¤ /¡NX³™EÈzT¯‘'\»7˜Ýj>w†+’÷]:‡‰?d†Ø £Ž3à/Á"IïxyûQ†šÞ½¤xÑѳ²>Dºùðê¯"~©Ð{ö‰E÷–ɨ¸voED57Ü°ïúCá¯Rî»ØPÁôH7”ÞÅ"Š‰RI šŽ“ùÔ‹t'$ô^ô}²eØOzbVô-Êã\<Õ÷§ì5ŒÃ˜G(ú^mÂ"È”ÔhyyžÓŠ_É^ ÙnB5X lï ¨²ß¹ßQ²Tß3œÜâFýüå3hM”ÿú*kQ£¿e#èÝÊgbãgŒÔ,!ðL2üiv#}\J֣ؑ=q$Ðwí©=ý~' øœ±ØSÞÕ`~÷7ö4L`W3²‰«šéÁ¼*„«}Çëß(Ôî9„†Û/3÷‡ø›5j\ȤÙ$楴 áÙL©'»HôücÇl†MÅ«1r‰šmöœ,¡{Iõ«Ìæ=– ’Ä潩QNZÎ0Æï-™@f$XÎK 3š†–z…‰9_XmßnNÅ”DË^)À‚n;ÖhGðÙdÀµzð:'ÇDæ~†útzI£þ<…©‚eyÔ¯ §.©Î¿—Ë1‹ËW¸bïÂjfBVÝõ0‡ú¯›O¤¥(âý–6 ë4vQ}ådydm?0ìúxý½< ÿM|€çÐðé™ð¸tyK°µBWÁ¬ÆQgûÕË:„ò0zZ=‚S|¶[ˆÜ [öeçJÕÝ^=Ž2ä=<„ÏdP¢Z9»Ò‰ÝVPÁ£Z{n±÷×3œS¹´M‹¶#t „;Äù§¼…d¬`Gɱ¤ ¨ÚUÑÜ"µµÈJ€W£Døhµ!C<Ñ´úq…7 pÕÇóž~=ª"&ú›ù]û¨(««Ð[ʨ¬,¢îGòÅ`ÌÆ%SÞõú‚§Qµy »ZwžxÞl1Œ!¨S!3ûÏjÈ(­æú㈸X¶«šs ~0×7¶Ø.Vf×U“úØEÏY. N,-ó“ŒÃÒå¸E”úŽ}þz:Ãîh&½ êa†Ð*pÏNÂu®!\¿eÒYæO¡èý¹¢Md¶ÚGH耦(™¹Zì;Ž`MºÇX£°Bý¬S~ïWgdë`aÝÔ‡¨¤·ŽŽ"cõ’®Êèû1%0# *†H†÷  1Ú CQ¦ês)+óÌæþŠåö010!0 +.TWżÝÛ¥ïkÿ‘ønñÔõœÞ½KÛP}voms-api-java-3.1.0/src/test/resources/certs/test2.cert.pem000066400000000000000000000111141265712655300235770ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 11 (0xb) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:38 2012 GMT Not After : Sep 24 15:39:38 2022 GMT Subject: C=IT, O=IGI, CN=test2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c4:61:8c:28:7a:ae:6e:71:71:ac:21:9a:88:e5: 5d:f4:3a:61:19:4c:bc:f3:dd:30:ad:15:2a:7e:0d: 66:c5:1c:07:a2:89:93:4d:92:d2:b8:e2:e7:47:57: e9:30:4e:34:b1:1d:35:09:3f:d4:48:bc:20:08:32: 08:2d:be:26:de:b1:7a:d3:a7:55:07:00:5e:a9:d5: dd:86:69:49:94:fa:67:3f:cb:bc:d1:11:2c:6e:49: 7c:7e:4a:a5:82:c0:13:95:c4:ec:e3:0e:19:bd:a1: 69:60:dd:34:8d:72:d5:76:aa:fd:07:47:6b:7c:86: c9:df:b1:04:a1:50:bc:1a:50:99:90:67:57:c1:7c: 33:7a:1c:be:48:4d:ee:fb:a6:d5:c1:f3:81:f3:30: 09:8d:bf:47:24:a1:09:95:1a:d9:55:86:86:ac:a6: 94:e0:32:1a:16:bc:14:a0:b9:3d:45:1b:0e:c0:fd: af:19:cd:06:55:f2:b0:b5:04:ff:f5:2d:9b:51:8a: d1:e6:b2:d1:2b:53:25:0b:06:34:1e:92:9b:b7:56: 11:85:24:b0:85:0f:77:dc:ca:3a:01:2a:c2:31:0a: 6e:b6:36:1c:c7:2c:e1:7c:44:4f:a4:5b:4e:4c:44: 6a:d4:bb:4d:3b:0a:e5:77:c8:20:d9:3a:2c:48:03: 12:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 5C:D9:0D:FE:1B:FE:68:1A:FA:86:A3:6A:62:6D:55:6A:21:00:BE:97 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 4e:6a:f9:88:45:c0:6a:5a:71:85:99:c1:29:f3:32:7e:71:1d: e4:d3:65:1c:33:45:e0:ef:fb:c0:9f:12:7b:27:38:a7:88:c2: 4b:c8:1a:f1:01:a5:b5:8f:67:fa:a8:9a:da:a7:da:ca:f9:ab: a4:86:8b:c8:9d:34:ab:75:62:8c:eb:2e:5c:79:8d:30:ee:ee: 27:b2:ef:18:de:54:5f:de:0f:5e:ef:ae:a2:b9:8d:cd:7d:f9: 43:64:4d:8d:b3:72:6e:1d:99:63:c3:1e:cd:18:43:ab:af:f5: a2:e5:0d:60:f4:95:49:70:af:80:f9:a0:77:bc:f2:e8:4b:f5: 1c:f7:98:9b:76:a2:4a:1d:51:b4:ad:c2:8b:9e:a4:7a:01:5b: f3:c8:fc:49:b6:9c:24:e3:2c:b8:57:e8:ee:05:98:9b:d9:22: 26:05:62:7b:0b:95:47:b8:72:cc:00:ec:6d:35:5f:38:08:85: e9:76:f2:ca:7c:0d:41:8d:fd:d6:50:ca:dc:be:13:74:dc:be: f6:8f:d2:11:d1:61:19:94:53:1f:61:bc:6f:d6:06:cd:6e:8f: 9f:85:5a:37:8a:d1:c8:de:54:e5:d0:ad:01:0f:96:ce:3f:42: ea:b4:04:4b:81:9f:73:15:59:71:58:77:0a:52:a4:38:d5:94: 17:36:0e:d4 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCzANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzOFoX DTIyMDkyNDE1MzkzOFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEYYwo eq5ucXGsIZqI5V30OmEZTLzz3TCtFSp+DWbFHAeiiZNNktK44udHV+kwTjSxHTUJ P9RIvCAIMggtvibesXrTp1UHAF6p1d2GaUmU+mc/y7zRESxuSXx+SqWCwBOVxOzj Dhm9oWlg3TSNctV2qv0HR2t8hsnfsQShULwaUJmQZ1fBfDN6HL5ITe77ptXB84Hz MAmNv0ckoQmVGtlVhoasppTgMhoWvBSguT1FGw7A/a8ZzQZV8rC1BP/1LZtRitHm stErUyULBjQekpu3VhGFJLCFD3fcyjoBKsIxCm62NhzHLOF8RE+kW05MRGrUu007 CuV3yCDZOixIAxKVAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU XNkN/hv+aBr6hqNqYm1VaiEAvpcwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQBOavmIRcBqWnGFmcEp8zJ+cR3k02UcM0Xg7/vAnxJ7JziniMJLyBrxAaW1j2f6 qJrap9rK+aukhovInTSrdWKM6y5ceY0w7u4nsu8Y3lRf3g9e766iuY3NfflDZE2N s3JuHZljwx7NGEOrr/Wi5Q1g9JVJcK+A+aB3vPLoS/Uc95ibdqJKHVG0rcKLnqR6 AVvzyPxJtpwk4yy4V+juBZib2SImBWJ7C5VHuHLMAOxtNV84CIXpdvLKfA1Bjf3W UMrcvhN03L72j9IR0WEZlFMfYbxv1gbNbo+fhVo3itHI3lTl0K0BD5bOP0LqtARL gZ9zFVlxWHcKUqQ41ZQXNg7U -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test2.key.pem000066400000000000000000000034521265712655300234400ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0Z57bsdT8mgCAggA MBQGCCqGSIb3DQMHBAj9izQlFKwIKASCBMiwm7tzyV5yTlPFXu28pR4f3F5e270l ePLcf5zRzYU99PAP0Vdq/ccunQhK4ITPKzYjTJDII6OVEAK9jcRcOU+YnyoKTewd AS+RoSQRZeIaYHsrtTec75x6arBrEA1j+I1X/DxLIMEJuG1l1rJr2jbECX0B+z+Q IsWM1sZvuq82cbp6ybgpzGZ+IeTeu9FnN98AkD7UbPc/Jou2QTzByfBWgHW4n8H9 HqhFNgstf1/lhhCohC6qIXRoiFj6lLnfxvxsfClZk9V/ixn+Ww8P118fF2SoL48b IVN7aO82ARG4ujux7ZnNhrsLIa/MYLmtEw3h8CJQR9s8T5nNcKvzg3bMYFk4LDX3 GLvTvo5bawQZsJRVtDUqwWb82evzYF7DSupo/2JiW+L3E9nQ3+HJr1VG0VVfxXGj rVt5MKHoQl43nw1P/XASHRBMilHmHkpkeioiZ8U16A/J8ToU9Wk4GrjLc/biVu9k cSP1zeTAhehx2Y8ydXsAtVC6T/ZUGp4qavNI+z6Cd0sH2fo+ERPhXEp+sj7BvXDz Fs37ssc2zT0bbm3RNkKw9zlNjhT+VK+Lx16ZtuVSnaPbBQ9Pu0zkdOCRTDNST9yX jk6c7JrSVPHcPvY38GbNbiBXDjEDVYPVuxMlVLo/xxDTAsDeLg0L+s7/MhMRuSDr INk+utCLB3BiQqa8niUfcptD6NzbWmmKBpMOSa5StGo1UNiB3clJaEYNaTD6pe+S fttDV6pruihqppH2Wt7bJkLb9hG4KqdQUeo2cvJrQmV9xFoc9qrjMHkL8lechIQ8 mvlpBWW28xRuTtVIGlA43j3nxce6yGf4GX4iB4Tl+Nj2OIdbbbMKuVyFGhWNmoWQ QLlFvfFx/owrVyVUDCIH9VnZ8QtC1Qm3tPATkFG6TliuwhTr4a8fjxBlzPOyuwC7 x/vPLMtrQoc82sgB89fj6Bi+FWfQnRNjdyHNEgGgx+Gb1MK9EW6thaleNj+/ZkKM SHT8Qyq0JxZeRm4dnWzpvoW8vqYkd+7PpJNFPKwshyyrrCpn5SbLZZOZA/e5kK7H b1W95m1VgKiuG/jWAs0QPbhpdNe8ejEKS8k9UyjYbGEL/8Z8mjbwcJEEYSDM+Pcg j1cEM4aKapVIiTl5/lJL7hTms6/FPkRr4rGrLhHvBjHz9DalbbqdtAafFpUBxmJg O9iB/N99y9n5ySkGdnykYiVSA7ru61/btQu0JiFEK5OOT50aNv+hMkqe2bniPxhb c+SGJpCChlGE/VQ08hwWPj7fvDcXJc+xv6lKQ+fihR2OlhePaqZGH3Np54rOGcQ2 wDk0QAx0Mxd7HCOS82kVc2HSRyWVnOPz0nKmEW+LRTnYf8bVc6ihHtUko77jG0BC SkqFZiBdyzdm99EGkBxfhgVYEXjBkPwm0ycDsUOn1YaFBXskZmJWAlEZEd+p8afW gxkFKTH2xZmTiuvR0KwNEjzrpQX51+pv+FGHtKIEBx5+pQhKJ38VL3kHzuGsImxD UgRuhtTR6zV65FVc1HUwBn2kulo5/kyFlj7e6GgQyZ9v3H50sa4OiDfnFn+Fg1ag tA1Wh2AWmYm2IhWvxhqHPXsd1p9QIcngSjjwAyWC8K15i/awRKaZON/MqPo/s9X6 W54= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/test2.p12000066400000000000000000000047451265712655300225000ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0JT¡Ö±É‡€‚{F£ØÉØóÛÀÜ ¢æ.’軧¶7ÄaÀ®Z£š+]÷÷c°¹ÃYZó[ –—Ùâ˜;jnàrOž~T%¬„gœ•“dìdÁÊ‹ˆF#ûá çßR>{Þ©~ËžOhhéFSf¯ˆ¼¾ÆʪÐ`I¾—Pk ¾7E€—¹„Výµ®Ðè ´Ç0hNÊ…‚ˆ¢?ò“%ÖnÏ?e€ðÃI¾ÚÞËjÆ0„·B´ÊÏÒ6çÕ/Ò(ívá÷<šà´Ì nl£ïàMù¼`øTÀ*Œãìç ¤hãdƒ@‚8:¦[ö–¯cU¾§ïnž™üðE.gLü*cÙÕ b…ó2ʶI²¦$Tãrf´É—Ø|«³H£};VXxE,›½É—x&:œYTŽh%éóJº¶©çmâÖ˜Ìn7h[¬€Ef$° s–\ð÷wñ¶î˜ýÆ[²Æeÿõ@ŽðIà>ô\§ý"®Ñé"Š5b‰D(~S~9s0¶NZtþ¸«SÜ]déï*e92õÅ®nsÙK ¥ø›,+õí$&,R6Ú$=xtƒ—Û#p§°·ÓJF‹“6»-Jöñ^,LïñúÖ9%"ÁÅöÕ7¿ 20‚Oê£×€¡ˆÇƒ/ë’ÿ†9Ã[W逄d%€¬ šþ§H6`R½¡²‰]Y!··¿Ñ’¨·P ø¨ŸF›M”]+ÈTä¹`Y^|&šY> òÕ`d]åh¾ƒŒA<<øêiqÚ“Ø$¥¾¥ 5"ìÎȇ°/=Èœ™)#Ö/;¿_Õ ‚TâØLKO3 ¨´¦ÔV …5É&Ôísòr4ÕÛ§ßs÷ÁU…ýÕ÷ê©…¡ã'xA§xÛ>WûbbÄÕ”H¿]âþ»ì À¾ðd¾ðÃÁf^w¬ég¾ °‹"‹ªÉOïê®uÉa³ šÍlÿÚfïÂÚB(@ºA^éP“nˤxúa9FÞ±D(õ„šNòžAª¶ŠAºorI4»è/N¯Ó’+ýv@7dÌ°–" wÞ:«Ò@筲ݜ±þ’qr‘¹Á_©Ùqdçé*Яiqœýá™›.ê™ nÚôÖVX©¯¿ ?éÒ[]€Í­âH¯%|˜v:Ec(½À0}ϺÓtðcy7€,D©®Œ‚Ð쩪äs1t‰>W¾øCgüÎtŸÇq ´*ÂÔ\-‚ü/‡mª0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0éÏé´iHH€‚ÈÀ€kr¬WÁõöñ.aÁä0oB‘ÉíL9G8Ë •M‡‡Ë?‚ë….K{ú“*¡:3·Ÿõü¢^¾§·Bn ËË÷pAk½¸“»4/ò×iÎxSÛð‰˜WgZÓÜEW–pb|WØë’Ì­djAèoš{³¬mÓÈâ/S>ùñ½ âÀà²ëõrÍ Ž¾Ý,´p4¦:e ³Oÿ3‹]î’ñý¿0N>‰.{ä|¿Ö»êýòïsFºiCÆäËC?õ²œÃ£þ4ZÇ#ao™â…ÀYíáNG‚&$$ kž‚WDÝr"ˆÐ”Y¤K•ñ.¹{%Nôþ ºé›Ô+Gníõs|3ƒCV¢*3¨áv€õ_S_ì4é˜ò%¡ã‚Ù”¦P6Ôùö믙“>P²ð ¹VÿŒœž}ð²8üïà94ÉÇi±x  ;‚q¬t5rýH÷Ç£”‡èÄ…9ùgô×'—£¦y÷ô[EÏZµb% º$TÐ%M6¬±Àá©[êÆ™—sö¡Z<·ÁÔ.ÕÊ;às1C¨+tyùŠ €)òaÊÄR”áaí^D>@Œ4ÃÕV¥‘…° ×D_Û¶ò¸ptòBs6Sø9J<èN ~‡çc >‡>¼ÝÌòÇà þÚ :k£nQÓ¼™',ùîTú뺲Ë{¿*FjE¤iR°±òµD»\¶ãnÑS Ê.‹ŽÚ±wÆæ™zûª|O˜µT·U>¤0—Œ_4 n´¾&ý׋â¦ÜZwbDûì°Ð2pnæÌ#ë`¹­\ºô<ÎLÑéÈÂN,ñÊšô±¨×Æ*93h Ì5…_Õ>ïä½\CÃZW=8EeçÊqžë‰pÞ³F¿ x.urâ’ß%¬Ìã‡åÆ°Öe¾#€]q‡tÙ§À´ZÈ«±ˆ_/ÙSˆZéÕ±•Ÿ–0*Íý"{4?Ÿß­È8* "Õ ÒH®¯QÉ+­‰ûph<†Ë¢t]í.’·&FˆN¼¤×£Šö‰§ þ#+×k¯€˜ý#Ì Î+f`åÁÆ:âÑ3p&.\älêhlD%*á’ÏC+çš,+ •3ʾ4r~ V“3žEÜŽšGTÂñ]ï$"µV"l\GÒ|¨“[…ýøsËúM £ó¡‚*6N2­Ì¯IŒÁü³ÏàD BÉÔ3ßD°ºß=ñó0·Ñô0u ¤‚3 oLE˜À+x Ÿ©T[ô$‰?˜— ¯ JÓ 7~àÊHðG¬Ô}çÙ¾pÕµâ}% ¥­¡=Zª†^ï.–9ë)]3s?؈²"c+êá§h<î7A&'KªûÓk™X'ûí…Í ­èiJû¤šªI…’ŠO'‰² 3šÐZ¹0-œ-œµ­ €ŽoÍ´Jôsmƒ¬aš¹"«~ûƧŒ©¦³P,°?TdŽ&õ¤i‡™qÍ­L¥é©ˆ-cö÷mA¶<ì°$÷Íÿ®HÖ¢‘[8áég£ïŽ¸°kíê™–×þÒ+|;IöÙuœWHèN»¶¯kέëGa+¸±?Ce±÷í:ùÊt:YFb”ü¥…/è ÇFx1ó!m›Ô#Ȫë~þmä¯!21%0# *†H†÷  1«䃠³ƒäë)hÈ Úíª=Ìy¨010!0 +î»QÇ÷u§d­˜õCºü}XÔ·R)bsƒO¸voms-api-java-3.1.0/src/test/resources/certs/test3.cert.pem000066400000000000000000000111141265712655300236000ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 12 (0xc) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:41 2012 GMT Not After : Sep 24 15:39:41 2022 GMT Subject: C=IT, O=IGI, CN=test3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:36:36:a2:d7:85:b7:cb:46:7d:47:10:32:c1: 2f:04:fe:77:41:f0:f7:ce:95:db:b3:cc:ef:3c:f3: b3:f0:8b:42:df:79:24:38:42:59:8c:47:14:0a:27: a1:59:80:25:26:ab:2b:ca:f6:d0:02:bb:dc:ee:d2: a8:8c:ca:2d:97:04:73:d0:12:88:90:7d:6a:3c:7e: 1d:d2:74:54:4d:d5:f7:8d:0e:0b:6d:31:af:dd:91: af:5f:ab:ba:2a:b2:1f:f4:52:68:ad:fe:ca:d4:c9: de:60:81:a4:4f:23:ba:22:39:61:8a:d0:f0:80:29: cd:5f:8e:2f:84:5e:1d:6a:43:c8:44:54:fb:f0:b7: 4f:ed:98:57:07:63:fa:c4:e0:ad:4e:38:5b:c6:d8: b2:62:28:4b:aa:e2:98:62:20:c5:be:13:f0:ea:57: 62:05:d6:55:18:47:a1:5e:fa:05:96:cf:e2:50:75: a3:4f:41:28:d4:5c:18:4e:1e:c1:0c:d5:03:11:9b: 7d:fe:9e:53:6e:e4:a7:c7:4d:24:9c:37:c8:a1:76: 78:5f:62:bc:8b:65:a5:7a:4d:27:eb:e1:70:47:e5: c9:6f:c7:fe:50:1f:96:0e:e0:e2:eb:65:9f:0c:42: b9:29:46:4c:f9:20:19:9a:e7:3a:b4:ba:3e:10:24: 51:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 51:21:A4:CB:2C:73:88:CA:84:F0:54:3C:B7:23:3A:C7:8A:47:7E:29 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption a4:f8:b3:20:aa:3d:81:09:7c:69:d3:d6:af:e1:84:38:47:96: 49:1b:fa:51:db:9a:e1:1e:36:02:79:2c:73:d1:51:db:d0:6a: f3:fd:e7:72:8e:cf:eb:81:fc:31:0c:37:98:0e:8d:6a:f9:13: 68:72:fb:92:34:a1:a9:de:46:c2:ef:b9:a7:d0:cf:55:f2:b7: 96:7a:74:a3:da:79:fc:16:64:46:30:c2:a9:c3:93:94:61:1d: 07:48:fe:61:9b:e8:03:86:0f:70:ba:be:c3:e3:0d:3e:7c:88: e7:c7:03:a7:ce:ee:ce:8c:21:53:e4:4b:dd:0a:20:b5:1a:d0: 81:17:28:38:ed:c0:04:c6:07:06:e2:32:21:f7:3e:e6:4a:f8: 3a:97:49:93:cb:81:c2:53:ef:82:d5:07:f4:28:bc:0d:2c:57: 8e:37:c1:94:7c:55:2e:7e:a6:98:15:9f:b7:1b:a0:99:54:a5: f2:a0:52:64:b9:aa:4a:29:d1:6d:fb:55:00:85:e9:11:78:bb: fa:28:46:ac:99:37:ae:bf:8f:3c:59:01:59:3c:aa:26:7a:1c: 0e:23:e6:09:67:c5:fc:80:30:7c:b5:af:a5:a2:a0:0a:a2:e7: fe:51:24:84:fe:d9:cf:c0:01:a3:23:fa:8b:b2:c5:c5:ba:cc: 64:c0:ba:66 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBDDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1Mzk0MVoX DTIyMDkyNDE1Mzk0MVowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkNjai 14W3y0Z9RxAywS8E/ndB8PfOlduzzO8887Pwi0LfeSQ4QlmMRxQKJ6FZgCUmqyvK 9tACu9zu0qiMyi2XBHPQEoiQfWo8fh3SdFRN1feNDgttMa/dka9fq7oqsh/0Umit /srUyd5ggaRPI7oiOWGK0PCAKc1fji+EXh1qQ8hEVPvwt0/tmFcHY/rE4K1OOFvG 2LJiKEuq4phiIMW+E/DqV2IF1lUYR6Fe+gWWz+JQdaNPQSjUXBhOHsEM1QMRm33+ nlNu5KfHTSScN8ihdnhfYryLZaV6TSfr4XBH5clvx/5QH5YO4OLrZZ8MQrkpRkz5 IBma5zq0uj4QJFF9AgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU USGkyyxziMqE8FQ8tyM6x4pHfikwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQCk+LMgqj2BCXxp09av4YQ4R5ZJG/pR25rhHjYCeSxz0VHb0Grz/edyjs/rgfwx DDeYDo1q+RNocvuSNKGp3kbC77mn0M9V8reWenSj2nn8FmRGMMKpw5OUYR0HSP5h m+gDhg9wur7D4w0+fIjnxwOnzu7OjCFT5EvdCiC1GtCBFyg47cAExgcG4jIh9z7m Svg6l0mTy4HCU++C1Qf0KLwNLFeON8GUfFUufqaYFZ+3G6CZVKXyoFJkuapKKdFt +1UAhekReLv6KEasmTeuv488WQFZPKomehwOI+YJZ8X8gDB8ta+loqAKouf+USSE /tnPwAGjI/qLssXFusxkwLpm -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test3.key.pem000066400000000000000000000034521265712655300234410ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIfqA5SHR4QC8CAggA MBQGCCqGSIb3DQMHBAgVTvUSwM5aFwSCBMgv/sNjzlVGe2s8YbnqzD+0PNJEPxp5 DwyUddxy9nXP2+Ef3w6K9HlO81jBBvB+r8aNIg3VorGo34ztmFpB6N3af0xrFNA3 I6wIEuOUmgTC0ZYjCU1ySV/VIm6H6BYmhygCXWdQnohYRe8ViMymihdkWjLNC4xZ rWEmFP357B2QlQEWYKJZm/GLQ50YllZQNtFINWPZlptjDyenI0ZZkjzEFOBZPaxv uRSkfyDRWmrrir7bgW0Yv+xHcDN1u7QCoCDr8kvSkILevpNWUYSj05BpKtU2cU9K +roy5Yb93oNUz6JjlsyVxmDqkli8smcTXV6GLMhl1lDiu4dtDB4lhHyox1ik9aB1 1ZyQaXPirelpjKXknKnATxZv2BV/9p2c0W+ZrbJfMmW2Kr+LZj2lxzqHeZJClTpO zhwizLSEbCbsJJzSdF0Ke8yRXlg0AjM+HCyltnwbH2g8XHPP9Z0dNBwM1QdO83+W i12ig4bEiH0b26CFNtZhGQA2QnMSWXpEwSf3XYkKhhwFBO0My1hJPSDo19GP/Y3Q dDl40/B2+yuOyHWXDsTfWIxMk9IVa13iJk7RsfElEHFiogy6GFUqW6WrV8xPUHYF Lq0qPpszRwWYRC3B5wolQNiRcWDNY6jR7SZM5i3GQW80bX5JakVh4NheK22feAUJ 1z8K3dxcPl0hUihi8Z3JqNDQtN3dqCtSqKuHiHJO3jMd2lbti3dcYWOymHWbglvv UPtKGEix7YY1Kog4zWMOBgNrK6IiU6cZ0OAtDc2CU9CyWuaSp3Vt74bBJL2xr9LR lgVqj7tar2ssQBdZc7s6xPTVt/F9MAspQC399SOvF/B5dTLNrTQJuMGO2My7v5y6 WdhR4lO87XM6p8J67JUTBnKChRBonNVd7ds30++4PNwlw9+mv8rT0jGvvbco6Lmy L+EK6bhBeayNfSILwNmMVDfpTtVut5bGWdvQW/XethEp6cuvIImHbq82uP4Tmx+r MrenxpCwPE7K828GqubM21xFsAl7Pb4ZfAniiAagx1+01o5MOPINpyRG2T3hy8ML oycFY/6j8UGxB0dWiB94796lkUly8sgn1okUk+rqIPgGU8iTcHH+eYLPH5IVHSnx 37QDLuY4OellVxvWbGzLOfbd3rPn3NspbVO1nFdfbyODrm41eEdmpFaWPU4FizS/ KRRuBYZSkdO9MuEds9hcSji3cWXXJfNEGOji3UoCSnYliLOWd2SPdPvrX1TQLMNE 93+V80y+01SdUAleRjB5UPZsH3Di3TQBF9dU0vF4/xsHeaKtfQqc+0xIqNmMf4J6 1f4UGP0UUABmpU5dLKlgpIONJoabG2rn0189fN+6+lHccwMTM8SBNO6sPztKEcjo WNDy6APM8li4xqhRMv0k2Yh2tkh0iEk1GAelv+bROggjHTeS94sn+UkHzJmVszEz wIcD7OZOjfyjD3mz63EjhFbTHQGnZQL99xphZlhliL402Y2gWI41otcDHjTmoae5 1O8exWGwI/mgNW8VpVQEMtWSRV4vGwX2fUYsMUAO33aFso21Ca3NcwAwstiAVas5 ojAGTOtYLd//7cpX5u/S1Xr7KjNfRzsmNR4JhqBI5zJTp5YzpIEmYJ0w7Df0QfVV Is0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/test3.p12000066400000000000000000000047451265712655300225010ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0<|­X:çÔ‘€‚õÐ%~+¬Šå ®ðØ;$P=äË@"!9vË„ÚÀK ]s ÐLKús´uƒ®.6npÒ¦Ã#>A©,,žkßÎ{Ô˜.æõž„µŸÀ6 ʹ„[˜TÜÊÂÅîöMóÞÝiƒ€0O4³z±Q¢<Ÿjø»¹áБ»5Yæh IC|„ã ë4wÛS vlÀç’SБ#Ó¼(œšùE§ô -Y7Ó¹išu¿îd’î~{†$žÎZ?©tÓ– 6üåúÇTzL8‰ ÝßOd4¸î ÞåqgÉ$¸5±§ÑTP1%!Rª9X\6›¯¼ £˜yÊŒË8åˆ(¤ON)†,s~ZÛ¾ÞØÉ-5°59,ˆÖN¥'·b@#‹ßz×oßMˆ4á»Â? ™Ü2ò¡£—m`H¦ ¦Þî¹kñÐãújPùq7…ŠüõVR^~pIc î×±`ý¹ÑUýµ"JgÌL$.EìâæðºSdÙºG¶é ¤]Ó½{¦ ìnl`ß3Zïè`óÙyŒFêX¼=´lîÛÕÝUÐsÑ’-[«î1¯mÙUŸ#Qø˜ó¿¾ÅLÕÎöëýÂ{ZÍ$”QN†Y+*<Çt/Ó]{¿ÁhXFDý3B3]_iÊÏßÊÌZ†p©O4 ¡@vzX 6åÛꦔtk™m@ÁlxR”Ý‚ ~îHœÓÈÝJóCóøÚi“O1žÖÔG-X¾P%uG¿Ê?º’ÕNsÇ#Ì”Æ{íͱÈI:±˜±fKÎZˆ:•ï)÷¬ôç(‡eD `A1¡x9«ô8[tt}P¶4ßüFU¶dÇ]‡DÈPæÀ‹%l ¼âulÁèo.ku¢;œX ¶t!ÌÔE÷[®Dü{¾|F& ¢­´ª.tiòÏ«CÏ¥º+P¥` †¥ÅÚ0~9[A§µê˜(K¿yÑ bXqD^U~º×s=ëV[˜Ûõb"}ÂÑ+(žÒ ÍP³µn/¯Ë:UÄ@>ÃPÚ)“Kèk<€jœ”–ç yB·ÍEl3DûN‡&E—ý¤raöÕœÛSÙ%›4 þéuà¤Nú&"°˜[Ö@RŠÅ2`—óËy0­dm—V¤SŠTàYÌ ¾ üNr¤J”AÒGÍÂ9l…û¹8$ï'‡v®Dêo"×/ € ¶^2ñÓö~ø~ÉHg½áÌéÑdS3ð=ÉÏBù_±7¥ãô”' PÑUf²Ø¸ÎÈGßÏÓžÐü1† Ömѳø…{=çA?¹’®fÌ°&‹ *åTºkbŸAë“ÉÇ9ÇT¤HßsÕ¶ö(0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0$œÉ*þ©Œ~‚ÈCªšâŽv­÷º§‹½è?Ù5qi"NÉÜ©ëÈm_R!†­µá½.T=ÿÄ…’D†gëx<0½2î¥Ø• ï•98#ÿiR¬h°·â®xɨúù›[K±Ïõ»3{?[8Æç„”;ý6¡íÛû¢z%£8è>onÑãŒF[àÃþ”ÐSÃrëw±!˜ýI<Þ'…ì^+ºÛSEïQ'ÌMÁ ^¼%1BJj}£f"¿·åE{¿¡bâ›ñ)Û¦£*L>õ4Å‹"þ3TÿÀŽv5Ó¥;=*oªo9åÔh5.Hs+ëuÃB-D 0µû»Ì,ˆµ28õéq¾ÀºKV²ªÐùš¯xî æPÖ!Ù@{i{¾é5²L1ÒE€ÅlÍåÕ¡Û+9Ó¨Ô íþ#`b™Š½Oa×ýX"믽‡¼Ä3C°ÑÇ<‹{4x]´8<ë錯±ÿÅç§j1#Y ¦­¶nÅ©µS¥MÌ»þbjñµ¢3àE`Šœ$ù »Šæt‡Ò U<}'ZI)z‘ü°ý Sª¢»ª3ªî þ/0R×í?´ZU^ël²ÁÚ÷kqÃh^Û »yিYeƒ”×e Êõw÷Ϲ:üÉÃr,Z4hÊ÷ÒA8îŒmrσá¾8*‰]Ç¢øË\ 9FïÄN¨B÷3Ûd Ó‡GДTµ JÿÞžqOç†ËüLI'5û™Jtûy L•NiΚÉ[Å9>ÿdÆ1Й¢Kø!wuŽ‚DõÿÖV5Ý©fÁ~3Ý yBŠ¥Šò(!ì¿l@gé´CŸÞï([ÀÄËñšözå˯!çW+s‡«ý3s¤Ê“KLC3ëÂbs”¾ÒIQ¸#vdv¡à/ >º_~Ì¢Ñú¢Â¼¯ôŠöz­ªŽlI•!tÿ-E‰8äFô/èüƒŽbU=­Ó5c‚Oá­’½-*섧<¨F‰•O)ï‡?sÍŒRìW‰Æ!;´f:Z¦ŠAÅ)˜¶–¯¸ws0"BøÅgÚQGÕCº®íÈÅgÌÿUÙÕÙPËnÝvbÖ*\ëƒìÏ&Ô%•b³Z‡3YK_*·kÀ1'dÒ=ÍÉ“_Ì ªäC²¿á|B¦`Û6b™½±T-èé3R×}×qÓLÌ<ûÞÇ¢s 8þL…=En9r´Z\Z :¼ô]\d„ûØ&¯ïé '©ÖûxHÂòpÔw‰„‡à‡TŒ$Œ_úÛ쌒h¡ßƒ½$&þ:—±UšU^ù\q­€HåS“š.x˜ãh|^)U‡ü†o .%]p ±¯\T1%0# *†H†÷  1×ÆaÓzñ‰ö&ØL¶/P Ï‡¨010!0 +gøso~GåñÔÄõœ ä“1¼9ÖþÅÊvoms-api-java-3.1.0/src/test/resources/certs/test4.cert.pem000066400000000000000000000111141265712655300236010ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:44 2012 GMT Not After : Sep 24 15:39:44 2022 GMT Subject: C=IT, O=IGI, CN=test4 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a5:3e:06:e7:b1:ae:21:17:f8:03:4a:59:e7:f4: 00:f7:78:9d:e4:67:10:a6:60:7c:e9:c8:28:71:85: 60:45:c5:a6:fd:2b:c5:ba:a1:48:0f:9f:1c:06:5b: 4b:15:af:71:9c:eb:b2:a4:6b:48:1d:f1:06:00:db: 39:f9:dc:a0:8c:ab:76:ea:18:c9:7a:10:f5:18:b5: 83:60:37:17:76:1f:d8:62:1e:33:6d:49:6a:cf:d2: e3:c2:e7:a4:ff:39:27:39:66:44:b4:98:03:a6:b4: 01:5a:27:bb:06:2c:23:e6:14:14:0d:ff:32:9e:70: da:2a:73:3f:64:3a:46:71:99:e6:79:44:5c:70:7b: 28:09:e9:af:20:57:21:7b:33:15:96:62:dd:d4:a7: 10:62:42:ef:a9:ee:d4:21:0e:17:33:98:84:ac:95: c3:b6:f3:41:ab:42:51:e6:1a:6a:91:ad:16:34:ec: 0a:44:99:d0:61:6d:da:94:dc:a5:69:34:3f:20:f7: 1e:5a:8f:8f:60:74:00:f2:96:85:68:57:80:b8:18: 37:22:c2:e7:a5:57:c9:3a:a3:7b:ea:32:d2:c2:53: b9:e3:b6:28:c4:66:4c:91:ae:94:cc:db:91:e3:f9: f1:e6:f2:86:08:8e:59:c7:98:99:f8:10:17:ad:71: be:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 5E:7A:D7:CC:5A:B6:BE:8C:1A:F1:54:08:EF:1B:AC:65:F7:EC:72:96 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 14:81:3e:81:e9:8d:b6:6d:94:1f:f2:a1:46:1e:72:1c:4f:e8: 60:e5:2e:39:01:b2:a8:dd:2f:53:35:16:56:2e:58:2c:a3:34: c3:af:d5:c2:0a:10:2b:aa:20:fc:f7:1c:82:f3:60:90:65:30: 82:02:2f:36:fc:bf:04:f3:48:a0:ad:11:5c:ea:d6:b0:69:96: 04:e4:f1:0b:ec:0f:bd:1b:45:36:52:6b:01:47:ab:42:36:75: 3f:6f:cb:fe:6f:63:2d:9c:bf:72:f3:18:75:d4:88:1b:3d:40: 9d:ec:b5:90:e8:d1:88:98:3a:3f:32:95:03:92:11:ef:e2:81: 15:4d:35:a5:1b:d8:82:2d:b5:e4:8b:7b:a9:b9:65:8a:bf:24: a3:02:b5:5c:54:a6:ed:7b:49:40:6a:e3:bc:a1:f0:99:01:e5: eb:8d:d9:2b:e1:d9:87:59:a5:86:ce:b2:b5:55:74:2b:47:97: a1:60:0a:0a:ad:66:82:8a:db:98:b5:18:37:97:82:46:bb:4e: 57:69:d2:95:05:40:1c:13:b3:da:fc:bd:07:a6:ad:5a:b6:c6: 21:a8:4f:59:2b:0f:2b:8f:07:f3:0e:28:8c:01:60:37:38:ff: f6:ed:33:20:fa:ad:77:80:d1:44:79:98:e2:2d:b2:30:fc:8b: e5:20:be:2f -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBDTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1Mzk0NFoX DTIyMDkyNDE1Mzk0NFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPgbn sa4hF/gDSlnn9AD3eJ3kZxCmYHzpyChxhWBFxab9K8W6oUgPnxwGW0sVr3Gc67Kk a0gd8QYA2zn53KCMq3bqGMl6EPUYtYNgNxd2H9hiHjNtSWrP0uPC56T/OSc5ZkS0 mAOmtAFaJ7sGLCPmFBQN/zKecNoqcz9kOkZxmeZ5RFxweygJ6a8gVyF7MxWWYt3U pxBiQu+p7tQhDhczmISslcO280GrQlHmGmqRrRY07ApEmdBhbdqU3KVpND8g9x5a j49gdADyloVoV4C4GDciwuelV8k6o3vqMtLCU7njtijEZkyRrpTM25Hj+fHm8oYI jlnHmJn4EBetcb7fAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU XnrXzFq2vowa8VQI7xusZffscpYwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQAUgT6B6Y22bZQf8qFGHnIcT+hg5S45AbKo3S9TNRZWLlgsozTDr9XCChArqiD8 9xyC82CQZTCCAi82/L8E80igrRFc6tawaZYE5PEL7A+9G0U2UmsBR6tCNnU/b8v+ b2MtnL9y8xh11IgbPUCd7LWQ6NGImDo/MpUDkhHv4oEVTTWlG9iCLbXki3upuWWK vySjArVcVKbte0lAauO8ofCZAeXrjdkr4dmHWaWGzrK1VXQrR5ehYAoKrWaCituY tRg3l4JGu05XadKVBUAcE7Pa/L0Hpq1atsYhqE9ZKw8rjwfzDiiMAWA3OP/27TMg +q13gNFEeZjiLbIw/IvlIL4v -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test4.key.pem000066400000000000000000000034521265712655300234420ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInz4B0a/NCeECAggA MBQGCCqGSIb3DQMHBAgizPEg1fmyiASCBMjC69xBaMisvLIOieYGpZpgSVTt2VDk If1mtUzFAR3ytc7+Xvb9uu15B7vLOhaJZoOpLqw9iIp6J6mVQZ8b12zZwkt4vlXy 5eoV4eG7v9p36eZKUfff4Bnl0URFIfPn/U6z8h1YBOJVbygOzGL6Im6FSVM7MvhX O4xlcsMxPX+hd3Lw9pLL52XUq1xalavlrnRnuZm2stdwyfG4BwyhnwzQ6srGZ+nG AbFig4FuFwyldHIZLi0pxiLyj4piMEeUJNnLPK9YxwwOO5tcVj86ovniAC9JvkVy L6Vf3EmgrTk87q2vAnqXflgCfSfnAFOPBiY5plVKsBaij3w3b9Uk80HpUEK1mDXn N97s36yhxbXith+ZFWi2RHbM3/aE4Gxwfk8uSpezoIJpYEbP2C26CTfZjoEXsmIM oFU1vgUxe4Ud4bR3bcPcAFdle6qYPDM7lvxpvKjlIkxDyRk8JbJspqeScwEEANRB i1xT1RRv5HZ+OHWJsTwxkQAclKgnFDuHMsitACzm65K2oTS2xB3yBJTaBH3QIEwM eMD+k5uBCckcgw5lymy9PJ6SdltRNKY0mntcfjxffOFkRQT4hd8sdrppNsRF8PRK tP/i/C1znVmyoJV0nDOuvg5SgTISOybU1rhviO9Jcvp4owkk90ECW5tLxTpujf8d nIejf7vqjQQLGAjwcIAcvMHmSJCtYDKkhHN+UmAiB7ajW8kLLW8ScwHHvsCpLZ7d gndIiIWn3sSMG8Gjfm9oy9PcusupPpiWZR7ZGKEmgdrZ3zK7az1SJT+c/ElL2Ozb H2Gc6TP9zJNZOrakknjlG1zewsx4sFR50OTzUFbfOjdnqY46A8r6ydpIlnH3A+eL bYqXbdLd11whe+TOLwbVA4xJrrs17pA2IYHbg6AiWNwwDuR+iPKaO5wFy54hXTAq WqwwLIVaZSgoAA9B8fUuJaKLhIwCdBBoENm/K745ZMcnW9/jj0VIk+9k18Bg+Y7F y6VVATWDhfPCTnMaYDI7LOTudPZAQ73LesXlas7Mx8N2J/11FH+UGYfPbiBMvdSf wsUILtpc/wkn2lSrhUIIdADm+PVoxrLa5d3nQXddreQCux5icDqinvwv3yseF/1P JGdyxj1EmM0Ba/RVl4UZFYJeRo7jQfv62dxO5X5aHperQOEs+HuJ+huaMYjcfTyd ql58jARC271w4DhrhuyjI0MCmtPu2dFHdkmyCitpnnrXh7EzJYY7iTuUMXp9HmpX v508BOk5ECms7Ls0wjrJRe4XQOJeV5dsxmRK0goCmUE8IBHBjyLKmdF6cnkMqIM/ oP1M9sHB1zjtdC06W3Lp8JDlyyvrLBS7Sp0QEf8YpnDTQhKl7jmdfihrAoYfH7cc 04oJF+BHRMMwNHpL7c7ChD8huJHVfslIYYasRXzUYx73KZViW3OuH4reImhci0G/ Zjm3Bo0mdIuT+OnBLx6TetU0dyOePVyhym8aUN9SDyno0f1Exi7zuOOZYBrU7qnj qKZch51VqiAiJ8atKG4nuJq9sotk6w2yXRlrX7UZREADWbBYXzSOkUcf3b6L9EUf 9BC2piMUoZxc1mtvbaTe/zXOPFrczRqVMFhT97Ekn5MSKskNcmITIL1kB08unboY uW0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/test4.p12000066400000000000000000000047451265712655300225020ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0J‡]Á·Ì˜G€‚!™›`í®H  ÙO¼5b϶§ÏP!„nÌ(©ku4 \“¡uwâÀô#€ëa)pùNh žC®•ïäq÷í‡uŽ0Sì¯ÚˆÝæ‚š †·Á¡®€¹‚« hŠ‚÷Ç0j{ÖBåÓùd`•ÃVº™t."NߦH<Ÿ^´ðIĺùwyïסÏLD=µp~Þ3Ĉ’ü"™}†Çd°¿Ž—Ì?¹žI7â"ÿw)•_‡QWZ[pÿ3\Ûµ¶­Éõ"ÙmÞÑW "Uâæ°±70Å‚×êJ7´ê–¬ä½ËÒ`äfÇ:»»Õ‰“DkÔÂÐ:ç*•¹…ÖÎ5? ÌBr8R–¿8cÍ®”}ûÉ™)=dYý¿h¦ôèTX=„ÕÔ}ˆÅsvé¡LÕœâ,(ÐC¬‰tö+„Y1b»xToúT±úá\öíW•I¦Ì§œ§3WZßê Ì¡4þÐoÛKl•®z2ÁS(Hv.LÀ£<#oq‹H*UV2rÇ°‚€«0¸/4õ²µñpÈ=dH>×€×K8ì ª5 •6 Øú¨žìO‰Õs󩦊Òt£LèèP=‰úÙÀeÝas¶8É®RöóR³d ^j%iÒ.”´n$Å}Ò ( Ö™^õðâÞ« ì yª¨ÿò”€3×òéUwß’”‹}Úá! ó!£ðó2ˆ/“*¢¡*ÃRš®žÌä_y«Ù¢Sz'úæ‚ø}ÆÒåûâvoYtY³ÊÎ$æÔDêPKËaÏ«n»Á( Ú$-É#{ò%!`ÃÖl>?¾îò‘ŽÑ¯ºÉn¿_=°VMñûíIFƒFc/Ä*œ¤1ìz¹ïÃ-/,æáߎLç¦PÚsE©X´‘TÎ×ñ‹DÁ"1-9çžéü² )_x_ Na …ªÕ'~vÀ2&¦#éÅhØúç6˜ßY«u¬ïqGª‡ _ŽÔ6BÂl›˜ù|KhDòõåõТãiú–B#ΩÎæŠÂÀÇ­ ´ç}$hâb“¹I”9©ÃÀù:(D¡æFJà2w.Íc&^ß—­™¹#O`ÇcüÖƒ<¡‡°º¶Et9sMR¼‚J½l§IHðAË©§˜{O„Ú0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0Ž‚t-"Õó«‚Èk «££Uó‹?’­ä-:Æ/S^<­ý‡û)Údh{—ÅMƒ2ô$ŽÒó¹K(O2Ɇ#骱¯º(Ty(sT¦ô|¥³H ùÍŽ*Å×(”@¸¤À—²1µÚàâ[ªïóŠHï´Ìïð^“œ\0Ý©øA%\æh`tÔ–³ÒÏŸ‹×ù˜ˆKöÑúd•s2%„öaÚɲÚ—@à:ÉVŸ„Š;[Ž+¤íðŒ¡:¨Wu°ú5Í”âf«¤©‘MAå6u‚‹»Úõ4.䀄/ïÍ Ÿ Ðïý×;æe ÆY+Ž„[¯|Ó†L¹Wì«{ã21­¿¬±ÛlçJÔéx— ×/IJèÙ(Æ9Rãk\Êø8<ô÷WÒåŽV½ ôt«‰EÁ÷Áå]/†«säT&Å.4Å—ãùZ0—†¿\<†¯M¶w"¯ÓBázæ¬þÙdžµ ¤Ž{͆¬ëÅŒ„ÞsG¦°ñ)›ͦ2žQ'á5-§%'Ü£(šß1׌Äþ Q”'Þ­úAâxy¶ç‹â&5*ª Ñ1 l"D“•ªCïæ)ÎÐO\ºX‘݆ŽCb\‘¬«P/™6´PÝŸ°¦ÎIë5±¤“ÄgáøÚWÑò+ w¶;j:ÄÑî…篵Àø´ù~¾‰e’ìynö}x]ˆ{ÁÁBaIVšC@˜ÅÍÎòÎ΄OGà“î®ÂMÉe8‡(ßj¥ïDjUÜzòþÙ(e· Æ>?pê£ÌBÓJZT?R8ý&*[E;_v·î¦ß-›ØV`Œ=Ò“‰Hùý©¼Ž =^XÀUpäGPKù¶I¸ M¯M&”ù\ž'ëN6Ó[¬Øyge°ZÓ.Ž8~é"Úš| ¨}°¢eÜ‚¥Œ/;¶cô…G±"Xìˆr÷¬±å(f.4°>:äTyR¬L YÕ"ðOìß»[¤Cm”›5V‡ruµ¶Ñ§‚¿ÐŸ6ýoà–|ž XÁ‚»’Ãä(õ¸]ìºÿC]n7­H;fÑh½b¸›Š"—ÇpÐL1ãáÄøIO†Ó'9‹KïGHÞ©€›‰ÆRåm­{ÍÄX/tðoÝ c÷úÝÄ·rõ¼>L~ÂwŽí-ø°Ó..óÊ;f¥RéQàæJ#[[=®¬Yí=ä¹øªs J©;N“EY$wìý,šZF[±Ë¬=ƒNagZÑþAJòVy÷ͨ¯¦‘¹`[®T 5~Z|.×rœ\Äŵ9ù1Q~¿AïYƒ¦“œ@¡NÈ&³±4pzp¤I‰ýét¨WO&´0 qqÕÅH/ÞÀ…G¤1%0# *†H†÷  1\DálÍÜÓÙ™Oôfá‡í¤#/0010!0 +n@aœ»@`èêÅ™ŠPñîj&Õ•a%¤Ò€‚ûô± h`*×\—?iŠWGîÞnfÏgƒtŸô9öñ>£­¥íZaŒr¶žà‹ ZB²²ô)¤¦N™ê«²†R¶x×bÈ¿¾ØˆÞkyüÇ: ö“cë§FkÛJ¸ÝתÙÙ–žu6>Òj¦ùMcÛ~6M8|†ÈG2‹š¹º‹Fa¾ÏG¾£ªiîˆ[`)¶ÜMÉ~‚ÊN˜˜M– O¦Ç‡Ž û‹Zb9th›·0®dAÛ®ûF—6že¨~ÈóeÔy¼:öjWût)²‹‚ü+825¼¿˜}ƒ“=êWÏ.”2›OhÆx±~®GGí3i ®k®©Û±‹:ÕÇH1§<s•û@Óûs‚Á^  KÈ{¸p…;1òivãÚ棒§žß쉔híK¹·²…³ñž#(LñÿAøÕ†¼Š"4AF+ùš§eƒÛžÆ:{ã†Ãõ•wE¬÷=Ò ÛUù¶‚uüWnÚA† 4‰bn?&ŠE+Þ€‡ë"+ ÅUP¤¢¢‚K³xqïùNb6`ŠGd{lN”zUÈ*TÆË»úñ,âb¾ÉÄ6ŒDÍd‡`¨ ñ²6ýõ [FR0g_€5½ÃEsge³f¹ÿÀàDP”§‡ HÇŸõZÛþø¾ÓëÚõQ¡'zË8æ!ä°Í„ûãKÙî}î|âÿtl¡|/šžÕmÁ€,ï,àIª µ Ñ$o×ùˆùYhÇ1$¹gO–™"Òሎ¯Ÿhv>Œ2åh¡Õ¾Lm|¾R§ùÂ[G”™ ¿ø×a‰ï¬üú@ÃVEí}°²Ã÷ñX®€”›‰p‰ß .A8Ì ÀÌkð'¤ì•ù<â¾¹[·8ÂÓ™ðvI%<€wA5©ßOQ˜¡ÌCnÙÎTvÊ É‹LÐíÖÃÊæbGpyÆZ@CÃ9îÔwûbB‹xHç,²&±T€`f?y)Ik묾_r–¡czuÝp§¦¤—¡8–7õÌßË·´dã Ó Š2ÚM¸2—ÅôD¨ÇÙOß¡¢d7ç÷y·<§Þé>ÞèAZ¿õ%ëÂóõx¤C O*}Ÿ¹í“ÖôüVéÚmþ#úƒBxL%\|Q×ß×þ%HäÙÉŒùçˆùâÚ»ú¬úû½H »”&ðñÏSašåÁðº£7gUÇõÐGÝŒ,)Rb¯ûûzøelìt~ô)àêʹ–r+Bã»bD ®ef8¬>€@ ÞMLçpü<#r|ÛÑæþ/Y»CÙ‹"³m£ L9üè׬”ükH¶"KHL°ÈîdŠµ'Âm­d¥…B÷&çnéˬîRÞ}¨ÇØÿ0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0ÇUÁŒdN{0‚Ș5aÌ|ä÷>û)”Þ¨¨ƒÏlË^²'U‚Öj~?:7/z‘Í}ÑÒiNñRr~µ³vF ×•ù\¤þ0†¾0(s/Ñü:Ë.`Ñ·,i"‡wòH’›SG´=´ ˜x¡øßðA|ÛÌQõnÞU\Pˆ¦¤mÜd(º½%©yÇ®°jFæ,„Çš+Ró·î/NAïá÷Paiù~4ç£@A´ùç:ÅòžþåǹU¼7.¾RÉÖŸõ‰aKD¿ü¡·îi… .زfùš,ñ²è­ ZÑiщA1~Tú¸côVñÀðô£ŸFÖ³Æ>£’®ô$Õ7«‡WæS´n3õ#NN2Ññ÷dÊýD…~‚ÝËc«Ì1üðù""Ã* Rb àÅB;í+Ó–Ž$¶ŠÚÔmÖNh+[òsÙûÔ:º³Þç~v½õ© ¦'v ÍÓ[ÄÆ©Yv§Ø^=m nΕ9“¹•në(šGzKá}¦]Lâ[ËDëªQj‡éãì, ¤Oßì78…¢-ñ&rߟé&Ï~ðÜ+?_»TДh¯-£ZYâmf*©,®ÂŸý\á³”ÜGe*ßõg;¯HQ·î¼©lþVýN·A§ùZˆz_p߸ÐJ‹…ÿ†ì…ÛI{s)¢¦xZß]€Wç/¯ƒ_[DÊ»€H~¾(ãòãšksi³:eäø„ƒ»;VØËTSÞf¨E3ƒNuˆ?‡¾€2ƒ “°†è3SÌZ:¤}‰¡þRq$E/ôècSq ÕXŒµÆÑ@&K¸ôÆ,Y$¾ ÌU ®dÁíȳ`Qn †@œHΚz‚Ü 9¹øAB±ƒÙ×G«éÝŽÕ߈kˆ#â…X‹LÔ—ÆÛ³O~¿ð"š²Ú•©¼Ú=íDå/¼aµT–°'–ÿNáƒ~µB†(¾7X[G{Wª,]Ëwå­XožW\˜ØíUõ›ì3 V%›ŸÄIoÅ«3©]µ\5R&ΖçJ û$#XäSxÚ¯0YÛóø¶á°0s âûÚ¸í³‚IH!nòqÏϲöTªtP-g«´4Kbk.ªaHEu-¹:À™Ù¿T$W|”{° Ӫ׋kŠ8·ÜB£ßÏœ`°ô}¨R[>x£VV'ìòY)o’Ýj8@­iMÚIwÁùú¥Ëœ†_÷²I§)SLùÁå \f±ëGX&eZ[IeåFþêFß Ÿ‘ "µ•$nÂuNar#¯2+ÁË÷É`}lD;â³ ­=iGmѬá"÷2 “¢EÊà9I.ÛAÊÙñ|â@†A¨Þ¬ékÛ¬—Ć³ÛR ¡µNËxF›ÄB"CG&·A%¸]d„ÒÄy½V Ìõ‰ª¯[Dk9ÅÈ!¯kmÓíE} ÉÉå IÍh{w+•÷:Œy,Ïj]îV>Ì”ɾ£˜ A²CÒ2vL-Žø`3Ö¶üÃc¨ß9yìþ*h]­=t‹€?+q/ÅÍàvˆDÒÆ™³+².±ùQ¨Š%s’U™ìƒDǧðýÞÉx!«Æ`£gTIL59F`A# -‰sJ¶? ¬R1%0# *†H†÷  1`G”ío§-HÌ"6ˆœLÐg010!0 +`ò»ï£5á9K· s¹¯(@  Ê±•Ðvoms-api-java-3.1.0/src/test/resources/certs/test_host_2_cnaf_infn_it.cert.pem000066400000000000000000000111661265712655300274770ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 21 (0x15) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 14 18:44:17 2012 GMT Not After : Dec 12 18:44:17 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:8b:f4:59:d4:91:e9:03:92:5f:7f:3e:15:dd: 38:e1:1d:ed:9c:f0:9f:c1:c5:75:cb:7c:2d:e9:49: a7:be:76:5a:c5:cb:fb:0a:15:77:1b:5e:6b:47:b7: 8c:63:a3:ba:a4:3d:95:d4:a7:b9:e0:1e:47:6a:94: 8f:f2:27:41:c0:4e:ca:1f:9c:c6:37:d4:e6:6c:f7: 18:bf:4a:48:10:49:54:31:ad:07:b0:55:19:6b:0b: 7e:3b:2a:ca:b0:72:57:c0:09:d7:93:e0:0d:9c:e0: b9:b6:a9:c8:0c:65:11:19:9e:81:68:a6:a9:c9:de: b8:af:49:0f:ce:e9:d0:52:74:ed:8a:8d:5c:b4:52: 4d:cc:62:5a:a6:f4:4c:b8:d5:49:6e:36:e8:f2:74: 7e:ac:ce:19:0e:17:61:ea:b3:2e:ec:49:a5:02:89: 04:55:01:58:8b:ab:d1:6b:2f:27:00:4f:e7:33:32: c4:20:f2:7f:f0:97:8b:5f:7c:23:be:89:66:fd:e9: 81:11:79:c5:a3:c7:9c:57:8c:8d:f9:07:a3:45:cd: c7:88:cc:28:9f:cb:28:8b:53:91:a4:6e:ad:ff:b3: bd:ad:55:4c:00:85:3e:98:e2:47:03:71:02:5d:b5: 8f:ae:ae:7d:e2:67:1e:07:73:e2:83:fb:42:97:5c: f7:83 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E3:D1:54:6B:2B:2E:0A:3B:A5:49:8E:C4:C2:7E:11:DB:7B:AC:0D:DD X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption cf:44:b8:6e:bb:17:da:b2:39:fe:9b:10:e2:a7:64:e9:b1:13: b1:96:24:e9:08:22:0a:b3:47:67:6c:03:43:9d:f8:4f:d3:25: d8:a7:e0:7d:d6:3c:18:50:97:76:c9:f5:17:c0:42:60:c7:a3: b4:74:67:5b:a2:16:e1:85:6a:15:39:25:3a:02:59:dc:84:a3: f3:90:dc:69:51:2e:13:9b:f3:53:f5:51:78:f2:00:ca:46:65: 73:34:f0:5d:3f:49:51:f9:66:b6:4c:0c:5d:24:ef:db:2f:d7: 0f:72:c8:b4:93:f6:25:38:2f:fd:fa:c3:9b:d9:51:dd:07:90: eb:0d:98:36:78:89:58:f1:28:cc:4d:eb:0b:86:12:1e:54:d2: 88:d5:54:c4:ae:36:46:9b:7c:d9:f7:59:63:33:ad:f0:fd:2e: f1:ae:7c:55:49:df:3d:50:01:88:f5:6a:c1:2b:50:e0:74:b8: 35:ad:71:d3:ac:f1:da:e8:b8:2c:9a:9c:46:5d:b2:26:97:cf: 50:20:9b:de:8b:2b:21:52:a3:52:ac:2c:bc:bf:5a:84:c5:17: 58:c4:ff:a5:1c:14:c0:36:b9:31:58:ba:1a:f0:63:ff:6b:ee: d4:a2:b6:7f:6a:41:89:20:50:77:c3:1b:b5:0e:6e:02:ae:6d: b1:f1:4e:48 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBFTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTIxNDE4NDQxN1oX DTIyMTIxMjE4NDQxN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAKCL9FnUkekDkl9/PhXdOOEd7Zzwn8HFdct8LelJp752WsXL +woVdxtea0e3jGOjuqQ9ldSnueAeR2qUj/InQcBOyh+cxjfU5mz3GL9KSBBJVDGt B7BVGWsLfjsqyrByV8AJ15PgDZzgubapyAxlERmegWimqcneuK9JD87p0FJ07YqN XLRSTcxiWqb0TLjVSW426PJ0fqzOGQ4XYeqzLuxJpQKJBFUBWIur0WsvJwBP5zMy xCDyf/CXi198I76JZv3pgRF5xaPHnFeMjfkHo0XNx4jMKJ/LKItTkaRurf+zva1V TACFPpjiRwNxAl21j66ufeJnHgdz4oP7Qpdc94MCAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBTj0VRrKy4KO6VJjsTCfhHbe6wN3TAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAM9EuG67F9qyOf6bEOKnZOmxE7GWJOkIIgqzR2ds A0Od+E/TJdin4H3WPBhQl3bJ9RfAQmDHo7R0Z1uiFuGFahU5JToCWdyEo/OQ3GlR LhOb81P1UXjyAMpGZXM08F0/SVH5ZrZMDF0k79sv1w9yyLST9iU4L/36w5vZUd0H kOsNmDZ4iVjxKMxN6wuGEh5U0ojVVMSuNkabfNn3WWMzrfD9LvGufFVJ3z1QAYj1 asErUOB0uDWtcdOs8drouCyanEZdsiaXz1Agm96LKyFSo1KsLLy/WoTFF1jE/6Uc FMA2uTFYuhrwY/9r7tSitn9qQYkgUHfDG7UObgKubbHxTkg= -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test_host_2_cnaf_infn_it.key.pem000066400000000000000000000032131265712655300273240ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoIv0WdSR6QOSX38+Fd044R3tnPCfwcV1y3wt6UmnvnZaxcv7 ChV3G15rR7eMY6O6pD2V1Ke54B5HapSP8idBwE7KH5zGN9TmbPcYv0pIEElUMa0H sFUZawt+OyrKsHJXwAnXk+ANnOC5tqnIDGURGZ6BaKapyd64r0kPzunQUnTtio1c tFJNzGJapvRMuNVJbjbo8nR+rM4ZDhdh6rMu7EmlAokEVQFYi6vRay8nAE/nMzLE IPJ/8JeLX3wjvolm/emBEXnFo8ecV4yN+QejRc3HiMwon8soi1ORpG6t/7O9rVVM AIU+mOJHA3ECXbWPrq594mceB3Pig/tCl1z3gwIDAQABAoIBACqm4+TVn2n7Q/DQ +iqO2iSccdsG5jpxfijwNbZLlh/4i4cO+QOlzj3cKL4l2ktCXTxzDBIx+SS8hpaf H1ri6QnxJKufV93PVuROBSoUzu5cvNxxrqA/C4CvzfpkFPMpfXyMYNRtatBpt4z6 sCXy18cpoBGwbV0vKXuP+n4rCehNsmGmz970aYZERP8fvTA985BJGjfV/jplRpa9 ZQuTLIdPUoVMdKFGT7PxwYjvEBHqDrxw6jHG5ZOR1W4Yf2IIQM5UOEvL1ok8/JBC TsyM+0kozp17UloVFfAwScsNzYUgVN1zvDAfMBHI061uJGagQBaAZbeqGksS9gaw EA0otSECgYEA0cO0gYPtbMeZgK2Y22sxYssbwzHo7FSbHb171GnV3Cps4V7tNBx+ F1AJ6uq8W3cw4sx27ZQSoJUK6IWi++NT28Io+7X9tRPB9JPFIuT8gXd8e9vHSQ0H hB2YUQjtsvfyGjHvnUYSW94A46GY/+nr5b5WOa2LRdoxQf04TLxzp7ECgYEAw+8O 0xODNHcEllj6GhGPb80ajUtEqA4/pDoJyXMKSNrUsc873ECG4woel6q9vOu8EZy+ iL6k3N2q/6FQoMiV2mrF4OKuEN7HvhDt6Sld1z5Atqr56DaCTOGAlhZxyJlOmYfx 7akm8KeMCw4vM/J6F/AwzKcTt8DZRq3uEw1+k3MCgYBalHQB6YJBEwAKPOxg86zj yGk4pPi79Nz2vrgWRY2AASH7QA6WDie00W827h5gMNv/U+OXO/W/Ohz3w51ZwBSa NQGVkET6SIncn2LlapRPI9Wxdnpb5TB1sIHxnDVorwDwptedxoBvAzLHGSUEfXLM RqDdTz9w7oOOx1XkbQxUQQKBgC0Fel+QBT8B9iDh8x4YWOA0vdwnpnADTiZbW7JZ Z8yT0/nDh5q1jQkQYzUwe4a0mDNn0/Qx8kn5+XfhxlgbnytgC3YAQEUKG9WVqEVC RxjVaiNPKDtugwRNcLGMGLsiVwg6T6Hvk04LAcfsi3YhSmLDw0LTRVmcy5BNGP5x xFr3AoGBAL/CMzrlQt3XrRFoZ+Ae7/KxYUPjG6C6BKGmqJxVOT2bXGOnNkrujonA HqlIZjjaNWYCwvZ+NCcrregnLoWcyPLiJFIwRdn7ZiUjgDjlkYAdCM8LaQwLIpfz nBhqI4jl5CQ2PBdGHUO35aJmT6gHOdap/tU8Xk5olyFopL8C+s1/ -----END RSA PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/test_host_cnaf_infn_it.cert.pem000066400000000000000000000111661265712655300272560ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 16 (0x10) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Oct 10 16:03:07 2012 GMT Not After : Oct 8 16:03:07 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:0e:8d:89:5a:f5:3c:1a:d4:8d:8e:8d:66:f2: a4:74:6a:aa:94:42:3d:c4:57:c6:c6:db:3e:6b:ec: d4:16:08:d1:ad:5e:5e:44:a2:62:71:99:11:69:82: 5a:15:7e:49:26:65:4d:6b:41:63:c4:72:88:b7:97: 12:3d:43:12:ee:6b:d0:a2:90:57:2c:32:92:b6:91: 5a:61:b7:34:72:57:7a:48:10:9b:8c:77:5c:01:ca: be:56:30:d4:cf:f2:6a:08:f7:96:af:77:28:a0:ba: 97:26:ac:3b:34:a0:cb:c8:88:56:19:c8:18:9b:4e: fe:6a:56:91:58:a7:ee:3f:34:7a:82:b9:05:ea:26: 81:ff:1b:3a:5e:fb:d9:e3:52:23:56:8b:9e:07:0a: 15:ae:4e:7e:38:dc:51:5f:f0:6f:bb:fa:f3:a6:3a: d8:bc:49:31:24:e7:27:51:51:90:60:de:e5:82:e0: 3e:ed:de:51:6b:24:a9:8d:1e:09:09:1a:10:44:04: 51:f4:48:c7:f6:45:3e:e6:5a:ea:72:62:95:ec:ef: 08:98:62:b3:c9:af:79:30:be:58:a0:f1:39:67:48: a1:b6:f2:d0:dc:fa:15:fc:31:70:c7:e9:d7:e4:b1: f9:7e:3c:19:94:03:e1:07:57:3d:87:77:21:63:78: 1f:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:F4:A2:78:FF:3C:E8:62:86:73:1E:F1:AE:B4:15:35:D3:1D:03:81 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 96:28:72:52:23:32:b8:5f:43:ac:24:f4:7d:93:15:bd:33:58: 1b:bd:ef:c0:4a:cf:e2:c6:64:9e:f9:40:eb:a0:c4:b3:73:c1: 26:18:2c:18:91:eb:09:3c:e1:f9:84:c4:de:07:4c:6c:17:f7: dc:f6:12:de:bf:43:3a:22:ad:46:60:e0:15:4f:d5:56:8b:b6: 67:23:8a:16:df:83:fe:2f:22:6a:6c:eb:22:4d:f1:40:c3:99: 63:62:18:b8:12:bb:f0:ec:91:6b:bf:81:b5:90:83:63:10:b5: 01:96:98:6a:cb:68:9a:3b:ca:bd:95:bb:09:20:94:cc:e3:97: 43:00:49:c0:29:3b:55:59:cd:b1:c6:f4:f2:06:f1:1e:74:b0: 45:14:3f:02:3a:49:6f:ec:57:0a:87:e1:ef:c1:7c:01:93:2a: 23:84:9b:08:7f:18:02:09:b9:28:86:c3:62:73:42:f4:c5:59: 65:ce:ec:81:a3:23:73:59:28:1e:54:30:3d:38:28:29:c3:2a: d5:71:3f:9c:75:34:d7:5a:1e:28:ad:af:68:52:bd:05:f9:6e: 9f:9d:9e:e2:90:51:63:71:e1:7b:b3:0d:23:ae:ee:3d:92:e7: 0d:5c:3c:67:46:53:e9:27:6f:bd:cb:57:37:e8:64:29:5d:97: b1:8b:61:05 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBEDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTAxMDE2MDMwN1oX DTIyMTAwODE2MDMwN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALEOjYla9Twa1I2OjWbypHRqqpRCPcRXxsbbPmvs1BYI0a1e XkSiYnGZEWmCWhV+SSZlTWtBY8RyiLeXEj1DEu5r0KKQVywykraRWmG3NHJXekgQ m4x3XAHKvlYw1M/yagj3lq93KKC6lyasOzSgy8iIVhnIGJtO/mpWkVin7j80eoK5 Beomgf8bOl772eNSI1aLngcKFa5OfjjcUV/wb7v686Y62LxJMSTnJ1FRkGDe5YLg Pu3eUWskqY0eCQkaEEQEUfRIx/ZFPuZa6nJilezvCJhis8mveTC+WKDxOWdIobby 0Nz6FfwxcMfp1+Sx+X48GZQD4QdXPYd3IWN4H80CAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBT69KJ4/zzoYoZzHvGutBU10x0DgTAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAJYoclIjMrhfQ6wk9H2TFb0zWBu978BKz+LGZJ75 QOugxLNzwSYYLBiR6wk84fmExN4HTGwX99z2Et6/QzoirUZg4BVP1VaLtmcjihbf g/4vImps6yJN8UDDmWNiGLgSu/DskWu/gbWQg2MQtQGWmGrLaJo7yr2VuwkglMzj l0MAScApO1VZzbHG9PIG8R50sEUUPwI6SW/sVwqH4e/BfAGTKiOEmwh/GAIJuSiG w2JzQvTFWWXO7IGjI3NZKB5UMD04KCnDKtVxP5x1NNdaHiitr2hSvQX5bp+dnuKQ UWNx4XuzDSOu7j2S5w1cPGdGU+knb73LVzfoZCldl7GLYQU= -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/test_host_cnaf_infn_it.key.pem000066400000000000000000000032131265712655300271030ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAsQ6NiVr1PBrUjY6NZvKkdGqqlEI9xFfGxts+a+zUFgjRrV5e RKJicZkRaYJaFX5JJmVNa0FjxHKIt5cSPUMS7mvQopBXLDKStpFaYbc0cld6SBCb jHdcAcq+VjDUz/JqCPeWr3cooLqXJqw7NKDLyIhWGcgYm07+alaRWKfuPzR6grkF 6iaB/xs6XvvZ41IjVoueBwoVrk5+ONxRX/Bvu/rzpjrYvEkxJOcnUVGQYN7lguA+ 7d5RaySpjR4JCRoQRARR9EjH9kU+5lrqcmKV7O8ImGKzya95ML5YoPE5Z0ihtvLQ 3PoV/DFwx+nX5LH5fjwZlAPhB1c9h3chY3gfzQIDAQABAoIBABPaAdyIqj5W88X7 WbdVNUMoQn/k/W/qN4tMQa9wGkduLbQ2hHNFkawS8XTW/Kq0Qhdf/FIuPrVj8hhD g/QCdTjuNbJEZMG72d9GZM/X7rVzQW6bDhWtvE8nIDghuXqnP2RJ/kcmIRQEV7Yq UWkRLkgJoT26xaeEL9pUYm+CRKApXkbKzo+H9drsmGCsP45nPZ4mdln/tvZG2yJL +PPmrvwgseyQpNvUK2mQT4uwubPnbFkl6p2+Q/K8jINFbDuP8X2ek5IYex8Tq50n +PpmiYTAEZG3igVcT+QTyur2RlVzqxftWMQXMeQSZp5Giarv50SXQ0qy5IfgwvBy udK2l4ECgYEA5HkupVneV/9SFEywtriISzasBzXOdfg4g5K8NvYpEYOXMyyNvrAj ulppKZFogof3p0Y+GdhfUWLyclxXita71C9IT2uAAEG+FUIA7WzQIBX6hPLoiWY1 TI2D7XJrVfNZTzYUvOEWNgw7eZtgTy8Xj9DhsVUaQceYca1TahR2GbUCgYEAxmOH H/WlfEJQNen/UZ7Go2YbWyf7EVuUU8wzgAJjWRr/EGw1WAuNlzNwJ/mYUUZCg3pK N+i7SHaM0v+nbvjyVc7GR+k3zkU5KwG8TO4tShsvYbhkJ/z31NQnXJeyTGYRldPF G+CT0H6DdYw8VPTRGoE6W+n3uVoJ84bijpDo3LkCgYA/yVltjqaV2NGYm0Sm7uQW Y6AprysCIpfcnAXyLk2O9zcqcWDtgQ2ohH9hvJf6AW3yBJln69HIziA0L3W9bHAq MD029yNYbwJbuv65SqzcmGZF4e9sFN4CjmvrygsPhw5DIC0wAoOJ+WZNcES2NsaU P1QTh1f6T3hPHH3yWt4SFQKBgGt+RhsFCNOZQsjTrynUdCDZFH2B3kH7cxUskcMM iDQhso59czHvoJqKnnyqeuOexC9lNY2xpriOs6MoLtqsPPJNhZY1Qa2cSGuLFzI/ 435B2JyEQpCAOvCwu1sqPsuyili6VBTUzIKt6iDpCU+nDx3jY3GmBjoCFV5EecFx txrRAoGAZpAcSKzNP8l5I1vTPAui7fNN3U8EN8jtEGmz7XFHDbx3F2mlL/EVC+eb ecSEu+3+lXRaqZnZpBFF830CWqR5GVddDo71ay1c3/KZawz8uKWXAjFU8r2bfYnZ VWqe5bdB8rql1KJCsxuCYAGZRCfsmIJHho3sC7hbtchnh+2vnjw= -----END RSA PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/certs/wilco_cnaf_infn_it.cert.pem000066400000000000000000000111541265712655300263540ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:08:56 2012 GMT Not After : Sep 24 15:08:56 2022 GMT Subject: C=IT, O=IGI, CN=wilco.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:fa:14:c2:26:6e:07:03:5a:25:ca:b4:00:81:92: e8:21:ff:62:26:2e:fb:00:69:21:39:8e:f2:37:dc: 82:ef:1c:35:88:35:19:a4:67:39:4f:fd:ea:a4:9f: 07:45:e3:46:df:a0:16:ec:08:04:2b:be:09:6c:c4: 0b:ff:a5:47:77:2c:be:c3:4f:f8:34:7c:8c:99:8d: df:f0:1c:d4:35:99:2a:ac:55:f8:ac:98:6b:eb:ec: ce:c8:c9:8c:4a:fc:70:42:88:df:2b:9b:4a:26:a0: 41:5d:9c:7c:56:40:4c:f5:79:36:cb:0e:8c:df:f6: 73:d8:bc:f6:d7:e7:74:76:63:24:e9:2e:c1:81:01: 69:59:69:54:83:bb:ab:01:75:2a:12:a6:4b:4c:d1: 49:64:a2:58:d1:f2:87:6d:e9:f8:4a:3d:9c:74:ce: d4:5b:0b:fa:6f:37:d6:af:20:37:f7:e5:d7:8b:de: 40:f6:43:41:61:e6:97:f0:6d:b4:7d:be:b2:40:05: b9:fe:48:bf:77:94:55:f0:11:2c:3a:8b:21:f6:36: 3e:21:fc:8a:8d:e8:8b:fa:fd:a5:ea:f2:f9:61:06: ef:04:d4:2f:a4:5b:a4:63:f8:33:af:38:76:71:48: ed:b5:67:0e:15:f4:55:55:29:ec:b9:ce:03:3d:8e: 25:1f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 21:9A:C8:2A:83:F8:E9:64:90:D2:5A:23:CA:FD:9D:48:50:A1:F4:91 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 45:0f:5b:3f:01:53:c4:ee:28:15:2d:e8:b3:03:ea:e6:8e:9f: 43:77:cd:ed:ca:bc:fa:0d:fe:df:a6:b9:3f:e5:10:7a:fb:4c: a5:56:7c:b1:6e:b9:8e:0d:50:8e:12:d9:b3:58:2e:f4:07:1a: 41:85:24:d3:c0:12:0b:9f:53:4f:8a:b7:1f:bb:f2:a2:ad:c1: cd:85:37:71:ad:d4:28:0b:88:17:94:f0:57:a5:a5:49:c2:5d: 98:8a:bd:ea:58:a4:ff:6e:7c:0c:43:76:87:48:03:11:12:aa: b8:bc:17:2f:42:18:9f:d5:76:8e:d1:9a:83:03:92:7b:81:c8: 32:d2:10:07:fa:4b:ad:56:d2:6e:ee:e9:72:dc:73:44:45:e6: 03:46:09:4a:3c:bb:66:f1:d1:9b:27:b6:70:ea:dc:28:ea:30: 28:97:b9:bd:01:3a:1f:7a:2b:ad:47:0e:62:95:7e:ab:56:84: a0:04:9f:c2:3d:02:f3:76:7a:b8:d4:3d:8e:25:af:2c:93:06: 59:dd:b4:a4:1d:cf:4c:e2:14:75:5f:22:34:fd:ef:6f:d1:e4: dd:bf:f0:63:42:dd:be:ad:65:63:7a:e8:47:26:88:8d:3e:be: 3f:8d:f0:8d:5b:16:24:1d:fe:65:36:23:57:aa:4b:3e:f8:d6: 8b:bb:38:7a -----BEGIN CERTIFICATE----- MIIDqzCCApOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MDg1NloX DTIyMDkyNDE1MDg1NlowODELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEbMBkG A1UEAxMSd2lsY28uY25hZi5pbmZuLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA+hTCJm4HA1olyrQAgZLoIf9iJi77AGkhOY7yN9yC7xw1iDUZpGc5 T/3qpJ8HReNG36AW7AgEK74JbMQL/6VHdyy+w0/4NHyMmY3f8BzUNZkqrFX4rJhr 6+zOyMmMSvxwQojfK5tKJqBBXZx8VkBM9Xk2yw6M3/Zz2Lz21+d0dmMk6S7BgQFp WWlUg7urAXUqEqZLTNFJZKJY0fKHben4Sj2cdM7UWwv6bzfWryA39+XXi95A9kNB YeaX8G20fb6yQAW5/ki/d5RV8BEsOosh9jY+IfyKjeiL+v2l6vL5YQbvBNQvpFuk Y/gzrzh2cUjttWcOFfRVVSnsuc4DPY4lHwIDAQABo4HKMIHHMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFCGayCqD+OlkkNJaI8r9nUhQofSRMA4GA1UdDwEB/wQEAwIF 4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCG SAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2ey60afMn6rf2CItKI6IR ScYwJwYDVR0RBCAwHoEcYW5kcmVhLmNlY2NhbnRpQGNuYWYuaW5mbi5pdDANBgkq hkiG9w0BAQUFAAOCAQEARQ9bPwFTxO4oFS3oswPq5o6fQ3fN7cq8+g3+36a5P+UQ evtMpVZ8sW65jg1QjhLZs1gu9AcaQYUk08ASC59TT4q3H7vyoq3BzYU3ca3UKAuI F5TwV6WlScJdmIq96lik/258DEN2h0gDERKquLwXL0IYn9V2jtGagwOSe4HIMtIQ B/pLrVbSbu7pctxzREXmA0YJSjy7ZvHRmye2cOrcKOowKJe5vQE6H3orrUcOYpV+ q1aEoASfwj0C83Z6uNQ9jiWvLJMGWd20pB3PTOIUdV8iNP3vb9Hk3b/wY0Ldvq1l Y3roRyaIjT6+P43wjVsWJB3+ZTYjV6pLPvjWi7s4eg== -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/certs/wilco_cnaf_infn_it.key.pem000066400000000000000000000032171265712655300262100ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA+hTCJm4HA1olyrQAgZLoIf9iJi77AGkhOY7yN9yC7xw1iDUZ pGc5T/3qpJ8HReNG36AW7AgEK74JbMQL/6VHdyy+w0/4NHyMmY3f8BzUNZkqrFX4 rJhr6+zOyMmMSvxwQojfK5tKJqBBXZx8VkBM9Xk2yw6M3/Zz2Lz21+d0dmMk6S7B gQFpWWlUg7urAXUqEqZLTNFJZKJY0fKHben4Sj2cdM7UWwv6bzfWryA39+XXi95A 9kNBYeaX8G20fb6yQAW5/ki/d5RV8BEsOosh9jY+IfyKjeiL+v2l6vL5YQbvBNQv pFukY/gzrzh2cUjttWcOFfRVVSnsuc4DPY4lHwIDAQABAoIBAQCvIDZNvyM+H7Tz XFY2ZvAUTskmwCOZyAUyT34jzFIMrA540eahEIA8Gi5lFdB8CoqpM2yZ4Ys6Lpxf BHL6lX2UYUs9bxT7fHThW08E0MtytU4C3TmFdD+vOWgdh7atFFZw4XSXDupAXl0n 9tvDcsfx5u6OCCRy+h1qG/ooe7c85xKjX+8X4THcZruVqXop9JYRn8N2EWVLdbOi 6qGwc8w+702J003OrR0JRYz6XUCgCUEidDQ4uZIPw3jraeVtaEdhjunByX6K+hPx 8fuW84u6mfQZU2kv6jdn9RufThnI/1yrrJeT0uyFp1TiTVZ900efU8kKevKHWqnf xpK2k9PhAoGBAP0IRu7HAPOrGipkOo4OHPx3psuc6A57kjnLRGhLRDHCevU7XmWn Yo999ziMGT2I6UYbMWjnIi8t9vNLVvfU6RCuKaSZtmX01eIJGIodLHhZhC6Rn7sH WxuJU+MUV60lIwdu8sK6zm9AhG6Bf8JJRIMvkhS8mjNZdiesf78QnEn5AoGBAP0D nsrczq6zwuMlPmwyIIUfzTv7QT6WT/NVzybOAj6wZL/UGm6I2byR2lvvzuEw79I/ b4are9Jqb7vx8zjl8DY57ON3GFVEzTUJiIn3tiJSG3uA7NhA4r4t1LbusbzkybCG LUThunR3+665LArsHCutRa62hGAcLqiwy+dwdW3XAoGAUsQrV512nT3BkE46rQ7G wnps77tCWMJo4Uiw9qBwDQq9Z4vk48FtxtwAStngw7UOAOWSMusvzljtp0VkjCpz lgYyDupMtGryrz4kbcD/M9qsFwOBSQ8t6QLxkpyr1TIJlDvhYnryXYewCemIHcgT hgnAcdIDanp/4JhXLOtFBBkCgYA+wichKqQZsX0l2pchP03Rt5GwzyHf5Gjwcthv R6pG4nobGwFzaX6Yx5TiORmXwgu6mwGO5fpQtxYACIPMGTz8NmIMCf5/KBG+lh7I GimTWcp3WANnoLCde8DHn2127UkaAC46Z8NYIGrNbCEAlJBoRRKDw8ISFOt97Fyn i72VAQKBgQD8qwKWeSRdDukSFVf3D76X/1yW0TS8PIU1wQglLmLOYJCQJdQSrk2h vy+zi8mAkwWhUxEGJZHDIZ9hvPeuytXr1Jru+R2ZzmU9PfvHU3nat9WK37fwvw85 3mSiRImlUndl8InP0x4hAKMl62PGRgp2k4qVj2Y6FjsY5O/rUpYbgQ== -----END RSA PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/empty-vomsdir/000077500000000000000000000000001265712655300226005ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/empty-vomsdir/.this-dir-is-empty-on-purpose000066400000000000000000000000001265712655300301640ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/empty-vomses/000077500000000000000000000000001265712655300224315ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/empty-vomses/.this-should-be-ignored000066400000000000000000000000001265712655300266740ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/000077500000000000000000000000001265712655300210745ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/pem-creds/000077500000000000000000000000001265712655300227535ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/pem-creds/.globus/000077500000000000000000000000001265712655300243245ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/pem-creds/.globus/test0.cert.pem000066400000000000000000000111131265712655300270170ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:34 2012 GMT Not After : Sep 24 15:39:34 2022 GMT Subject: C=IT, O=IGI, CN=test0 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ca:c6:da:f0:86:86:76:ed:2c:71:21:28:e5:46: a5:a6:05:60:7a:53:e3:7f:c5:6d:a4:4b:5b:94:7e: b4:11:6a:fe:9a:b9:5b:66:b4:45:b8:e4:9e:38:55: 38:b7:59:6e:98:d7:5d:d1:07:09:92:ea:85:be:de: 5c:f2:04:16:55:3e:a9:e1:57:df:d5:91:3c:4b:a7: cd:e0:19:55:6f:1c:04:e0:1a:09:23:79:3c:48:b0: e1:3e:4e:43:ca:02:86:49:fd:01:5c:09:f3:e1:dd: 67:59:dc:03:48:d7:85:98:90:03:3d:55:7b:12:6e: 1d:a8:90:2b:16:19:ae:28:ea:9c:ed:dc:fb:75:cc: a9:32:3b:83:d6:d1:c0:64:95:eb:43:22:62:4a:da: fb:9f:b8:35:4d:9b:b2:33:ff:2d:ff:f2:96:3c:a7: 73:28:8b:06:c5:fc:f7:52:6d:ae:d7:40:0c:41:59: 42:4c:a1:a9:5e:87:cc:72:f0:74:91:3a:7e:ed:17: 66:a5:c6:80:cb:1f:84:16:86:9e:94:0e:7d:ab:bc: e5:ac:78:1a:94:30:f5:c5:8e:c5:22:d7:fa:e4:c3: 5a:07:02:33:2b:a1:39:39:94:bd:79:18:8d:0b:19: de:5d:4d:5a:29:90:a5:c5:6d:34:d8:c5:29:0f:cf: 53:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:B7:41:E7:E8:CE:F4:BC:96:37:6F:D5:08:D6:20:31:AD:23:BC:71 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 0d:62:d5:97:7a:d8:5e:49:e5:69:09:f9:c8:77:d4:e4:2b:22: 93:02:9f:11:6a:13:59:97:85:c5:ad:65:a7:d9:2f:56:7b:b0: 02:2b:f1:bb:bb:50:de:6c:96:31:77:c3:ce:a3:c0:a5:b1:ca: 17:c9:33:b6:07:31:c7:64:bc:5a:b8:42:88:cd:4b:fb:83:61: 9e:84:8f:92:72:47:d9:76:31:72:45:78:c3:d3:ec:0c:1b:0c: d7:ec:c0:ee:48:bd:c2:1b:66:96:b1:8a:64:06:78:fa:04:c9: 6b:d0:fd:e4:64:43:2a:57:9b:76:fb:64:e3:d3:e6:97:a6:90: 4f:57:0c:c9:c1:18:67:ad:22:62:3b:95:88:64:06:5f:e3:d6: 21:32:7e:b5:b1:02:2b:7a:9b:e1:ac:a1:14:47:85:d5:a2:b1: f6:06:3f:1e:93:5f:e2:2e:58:1c:98:53:01:39:db:3e:3e:b7: a1:49:14:7c:1a:7d:08:8e:51:20:0b:af:04:63:a2:8f:13:e1: 4a:c9:2b:92:ed:4a:fb:95:30:23:35:d7:5d:7d:d0:20:29:5e: a1:27:24:93:eb:f7:71:f3:29:88:91:bf:27:c4:23:e7:c4:27: 13:d8:8d:8d:bc:3c:5c:3c:c7:3f:c2:69:cc:6b:eb:26:35:a9: 74:b0:9e:a6 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK 2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf 49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N vDxcPMc/wmnMa+smNal0sJ6m -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/homes/pem-creds/.globus/test0.key.pem000066400000000000000000000034521265712655300266610ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/homes/pem-creds/.globus/usercert.pem000066400000000000000000000111131265712655300266600ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:34 2012 GMT Not After : Sep 24 15:39:34 2022 GMT Subject: C=IT, O=IGI, CN=test0 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ca:c6:da:f0:86:86:76:ed:2c:71:21:28:e5:46: a5:a6:05:60:7a:53:e3:7f:c5:6d:a4:4b:5b:94:7e: b4:11:6a:fe:9a:b9:5b:66:b4:45:b8:e4:9e:38:55: 38:b7:59:6e:98:d7:5d:d1:07:09:92:ea:85:be:de: 5c:f2:04:16:55:3e:a9:e1:57:df:d5:91:3c:4b:a7: cd:e0:19:55:6f:1c:04:e0:1a:09:23:79:3c:48:b0: e1:3e:4e:43:ca:02:86:49:fd:01:5c:09:f3:e1:dd: 67:59:dc:03:48:d7:85:98:90:03:3d:55:7b:12:6e: 1d:a8:90:2b:16:19:ae:28:ea:9c:ed:dc:fb:75:cc: a9:32:3b:83:d6:d1:c0:64:95:eb:43:22:62:4a:da: fb:9f:b8:35:4d:9b:b2:33:ff:2d:ff:f2:96:3c:a7: 73:28:8b:06:c5:fc:f7:52:6d:ae:d7:40:0c:41:59: 42:4c:a1:a9:5e:87:cc:72:f0:74:91:3a:7e:ed:17: 66:a5:c6:80:cb:1f:84:16:86:9e:94:0e:7d:ab:bc: e5:ac:78:1a:94:30:f5:c5:8e:c5:22:d7:fa:e4:c3: 5a:07:02:33:2b:a1:39:39:94:bd:79:18:8d:0b:19: de:5d:4d:5a:29:90:a5:c5:6d:34:d8:c5:29:0f:cf: 53:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:B7:41:E7:E8:CE:F4:BC:96:37:6F:D5:08:D6:20:31:AD:23:BC:71 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 0d:62:d5:97:7a:d8:5e:49:e5:69:09:f9:c8:77:d4:e4:2b:22: 93:02:9f:11:6a:13:59:97:85:c5:ad:65:a7:d9:2f:56:7b:b0: 02:2b:f1:bb:bb:50:de:6c:96:31:77:c3:ce:a3:c0:a5:b1:ca: 17:c9:33:b6:07:31:c7:64:bc:5a:b8:42:88:cd:4b:fb:83:61: 9e:84:8f:92:72:47:d9:76:31:72:45:78:c3:d3:ec:0c:1b:0c: d7:ec:c0:ee:48:bd:c2:1b:66:96:b1:8a:64:06:78:fa:04:c9: 6b:d0:fd:e4:64:43:2a:57:9b:76:fb:64:e3:d3:e6:97:a6:90: 4f:57:0c:c9:c1:18:67:ad:22:62:3b:95:88:64:06:5f:e3:d6: 21:32:7e:b5:b1:02:2b:7a:9b:e1:ac:a1:14:47:85:d5:a2:b1: f6:06:3f:1e:93:5f:e2:2e:58:1c:98:53:01:39:db:3e:3e:b7: a1:49:14:7c:1a:7d:08:8e:51:20:0b:af:04:63:a2:8f:13:e1: 4a:c9:2b:92:ed:4a:fb:95:30:23:35:d7:5d:7d:d0:20:29:5e: a1:27:24:93:eb:f7:71:f3:29:88:91:bf:27:c4:23:e7:c4:27: 13:d8:8d:8d:bc:3c:5c:3c:c7:3f:c2:69:cc:6b:eb:26:35:a9: 74:b0:9e:a6 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK 2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf 49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N vDxcPMc/wmnMa+smNal0sJ6m -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/homes/pem-creds/.globus/userkey.pem000066400000000000000000000034521265712655300265220ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/homes/pkcs12-creds/000077500000000000000000000000001265712655300232755ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/pkcs12-creds/.globus/000077500000000000000000000000001265712655300246465ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/homes/pkcs12-creds/.globus/test0.p12000066400000000000000000000047451265712655300262430ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0Öª @‡ûo€‚gr-U¾":5IW ïeŸý^ˆ‹L=˜°µŒ­‡ÑG§oâê)W:{†É˜k%ÏDûÜ<0œDDÄ_ƒ©dþÃó(¬Ö4ÕžU!ÌÝ„´‹M@Í•'áRO·y6'~eõ wAo£ykÄÂNÞnF£ÊÉ׬EúÝìA0Vr[RØK¢Y¸öe'þg¤Ô·(€Jx$VÑíh*'±ìQdã÷³ŸÓ9ì°—Øjž«nç øyBS¨=€¹Ž‚bPtd&ò*Ð)<—~,g¤ûÍÍ4A/{ûG¢%ö0#@t:Ü£GF ´­qt¢€‹›š0Ý<c­íª- 2ýRä°êL¤Èbžç§CT!³ b)[„—Û? ¦¨ÅÏ‹¥ÀŽW—ƒ²¢´UÙâÞ¼à¿6Ê"Ýà°µ"*\¹Ù¾.^7ŽT 7=ñ©ñ+ÂQJîü0zÔ6”öý“VS³í/^î‹iØÌJaVu8”/ŒæŸvÚå=}N„Ý¡e%ÕÉKðåq¨~Ï> :Pn>ªº€€ˆÉ´'LÝ[œÄù£—zÿècžÊ´ŽVÞ«·ëOÀ,Ê$ïµæÄ‚€~è¦ÄËq&±»ËÐE}æ1ôx À#óI·mGbiAÂ[­™mâg¯Cû8¶• Hm12µ9ÊÀþ0B÷ékê6]Lx&%ðä Ñ>÷e&"/dbÀ?Nt1î„¢¿˜¬!®#ŒŠÏ¼Lt–µBd©lïNÆ–UرQk­§¼ÎK¸Ú¤¥ËùË͵ŽþÈ—•$•£¬v¬V ô?œ¼ÍŠ.ÀT _Û‹Ž±¹'9æë¹fSqTü[âÊãìe8ölµ‹ˆ­O 6ÇC¥0Ë6«Û3 ài£˜ÚMeàDZkÖG ?x›è·¿“e<¼\¾;Ï1FØ0WäÑÊŸë¨9œ\¦v9æyãÈ àÑD8l!]i]´ØO4âÌÅåU`Åü¸’«0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0š<_R¥I‚ȳ»Ú|fËú~XÃŒ¤h$§%+~p¥hîê#ëZož[ëîYJ–ú%°y6ÓOgã$~~è<ŸŒ Ÿþ}wõÝR.4éÓçë!8J™žŸo±„¶á”Úv‹Ü6ÔæÖâ°ïñâOã#ùXíabRüî¯ùò hÓâL88Õ£§éí—Žáh°×&æf6 ¢õ#´´]öÓÇ‹ÞOž ›«­H…j±_ò*ή®b:êî“D ¼%Wzò‘Æk%‚,v:äj#“«4®Éòoœ{Ì^ÒüÛˆ,RŒ_·[iþî KÖˆ‰äU³'.þÛ.D´qœ&­}d¶Æ¹v{ÒèFüª?ÛÇ1¿èÓ¾¶³]Â@åm.劇n"¾Oò?X®,Q“}Ó»ý-ßVÆÄ€T÷šÞ¸™½Ëšæa _\™s¥kksE_œrh¹[záb"a²dš6C½CÒ’'OմЪÙŒYé º˜ñ™Í`¯ÄAe.üñ˜nøÀ½khËw «Diy_¿ñfƒK¹Z@Nxñ­àk~úÑáIcˆŸ¸ã4ÐõòÅE½aÚ ÇU€Õzƒû\rVåÖ¯&?qXö9àƒpGUdd?ÃÛ‘Ô²¶ï ‹|–j IRâ  D¸ÉôKwðJV¾Sì.²÷ã±òíÝg¤š„ Á#1Z­êû4; o•°ÝÙSt‡õ°Ü.X£Ì´Eê‹—`ƒkW¯ù•zäT5Õìé.Ï Ø(¿=±0µÜdt¨å²‹[v(ˆg7X>"F‚£-n¿Zºízð ó­¨ñé¾.KžnXï<¢³[¶“¢`nU&êç˜H¸yØ"üJâTæ`üï"@wÐ>g—Ϻ4µ…€6)úªÂø#6D±LÃi`?=l)ú†ä©Šæ3–Ócƒ’7Þ¸’m‹V€¨AŸc”Þ–ô§&Å%M?âÖÒarBõúä æ§äÜYÓC¨Î¦±ðɈŽûðtÛ¯„ø…AöXde·UË ãÁº}dÇLjù>»‡Õr ÏžŠÓÅ8|*7#çƒC¾Væ¿ñmiF‚û[Có*¥×;ï-i-±Ègù/~¡Ëš¼À_Æ&HÌŽ'Ìü”ŒÈY}@ÝO«}õ o Çðw©ï0» ñáÈ‘¬QÁUj£`nb-KS¤ƒ'0£0@Çâ):9Üûù~¹˜j$à'GWîÐApbçq¢·Û’¯Î Z[&Np‡{fµ“ÅæÀ(^W9ÿë0XPÈ/ßþB3óPþ—oCHxo üE]a¤ôÊdF2–¯ø« 9»Í.–jt´Mƒ.Øã6,üîÐ~]dš&+n²nøôĘԑD;« Žü?韲ZÕ½p6·°Ó16ÇlÓ’GŠq´vu+ ,âÄ&¢«~¬ºžÐ!ñ˜,^ñ:Abn‡x}“ŒG2Œãwç$þ=lE7ÌÒ/&$ÞR+Rr̓ 9Cž!»*{ð8äŽQÔ°-2û..Ž9ŒòÓa}eŸUçŽYªEp¿‘ujÌ}>ÌV;Eý•ò¢Îª}·ò˜z]/~Åtn{ßÊe"¼–{Cøƒ1%0# *†H†÷  1¨5´ðZè¤2©£&ìÍ Žú 010!0 +½V ØèžoH®Šî «=Ÿ»$œ‚’Âý£ªÅvoms-api-java-3.1.0/src/test/resources/homes/pkcs12-creds/.globus/usercred.p12000066400000000000000000000047451265712655300270200ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0Öª @‡ûo€‚gr-U¾":5IW ïeŸý^ˆ‹L=˜°µŒ­‡ÑG§oâê)W:{†É˜k%ÏDûÜ<0œDDÄ_ƒ©dþÃó(¬Ö4ÕžU!ÌÝ„´‹M@Í•'áRO·y6'~eõ wAo£ykÄÂNÞnF£ÊÉ׬EúÝìA0Vr[RØK¢Y¸öe'þg¤Ô·(€Jx$VÑíh*'±ìQdã÷³ŸÓ9ì°—Øjž«nç øyBS¨=€¹Ž‚bPtd&ò*Ð)<—~,g¤ûÍÍ4A/{ûG¢%ö0#@t:Ü£GF ´­qt¢€‹›š0Ý<c­íª- 2ýRä°êL¤Èbžç§CT!³ b)[„—Û? ¦¨ÅÏ‹¥ÀŽW—ƒ²¢´UÙâÞ¼à¿6Ê"Ýà°µ"*\¹Ù¾.^7ŽT 7=ñ©ñ+ÂQJîü0zÔ6”öý“VS³í/^î‹iØÌJaVu8”/ŒæŸvÚå=}N„Ý¡e%ÕÉKðåq¨~Ï> :Pn>ªº€€ˆÉ´'LÝ[œÄù£—zÿècžÊ´ŽVÞ«·ëOÀ,Ê$ïµæÄ‚€~è¦ÄËq&±»ËÐE}æ1ôx À#óI·mGbiAÂ[­™mâg¯Cû8¶• Hm12µ9ÊÀþ0B÷ékê6]Lx&%ðä Ñ>÷e&"/dbÀ?Nt1î„¢¿˜¬!®#ŒŠÏ¼Lt–µBd©lïNÆ–UرQk­§¼ÎK¸Ú¤¥ËùË͵ŽþÈ—•$•£¬v¬V ô?œ¼ÍŠ.ÀT _Û‹Ž±¹'9æë¹fSqTü[âÊãìe8ölµ‹ˆ­O 6ÇC¥0Ë6«Û3 ài£˜ÚMeàDZkÖG ?x›è·¿“e<¼\¾;Ï1FØ0WäÑÊŸë¨9œ\¦v9æyãÈ àÑD8l!]i]´ØO4âÌÅåU`Åü¸’«0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0š<_R¥I‚ȳ»Ú|fËú~XÃŒ¤h$§%+~p¥hîê#ëZož[ëîYJ–ú%°y6ÓOgã$~~è<ŸŒ Ÿþ}wõÝR.4éÓçë!8J™žŸo±„¶á”Úv‹Ü6ÔæÖâ°ïñâOã#ùXíabRüî¯ùò hÓâL88Õ£§éí—Žáh°×&æf6 ¢õ#´´]öÓÇ‹ÞOž ›«­H…j±_ò*ή®b:êî“D ¼%Wzò‘Æk%‚,v:äj#“«4®Éòoœ{Ì^ÒüÛˆ,RŒ_·[iþî KÖˆ‰äU³'.þÛ.D´qœ&­}d¶Æ¹v{ÒèFüª?ÛÇ1¿èÓ¾¶³]Â@åm.劇n"¾Oò?X®,Q“}Ó»ý-ßVÆÄ€T÷šÞ¸™½Ëšæa _\™s¥kksE_œrh¹[záb"a²dš6C½CÒ’'OմЪÙŒYé º˜ñ™Í`¯ÄAe.üñ˜nøÀ½khËw «Diy_¿ñfƒK¹Z@Nxñ­àk~úÑáIcˆŸ¸ã4ÐõòÅE½aÚ ÇU€Õzƒû\rVåÖ¯&?qXö9àƒpGUdd?ÃÛ‘Ô²¶ï ‹|–j IRâ  D¸ÉôKwðJV¾Sì.²÷ã±òíÝg¤š„ Á#1Z­êû4; o•°ÝÙSt‡õ°Ü.X£Ì´Eê‹—`ƒkW¯ù•zäT5Õìé.Ï Ø(¿=±0µÜdt¨å²‹[v(ˆg7X>"F‚£-n¿Zºízð ó­¨ñé¾.KžnXï<¢³[¶“¢`nU&êç˜H¸yØ"üJâTæ`üï"@wÐ>g—Ϻ4µ…€6)úªÂø#6D±LÃi`?=l)ú†ä©Šæ3–Ócƒ’7Þ¸’m‹V€¨AŸc”Þ–ô§&Å%M?âÖÒarBõúä æ§äÜYÓC¨Î¦±ðɈŽûðtÛ¯„ø…AöXde·UË ãÁº}dÇLjù>»‡Õr ÏžŠÓÅ8|*7#çƒC¾Væ¿ñmiF‚û[Có*¥×;ï-i-±Ègù/~¡Ëš¼À_Æ&HÌŽ'Ìü”ŒÈY}@ÝO«}õ o Çðw©ï0» ñáÈ‘¬QÁUj£`nb-KS¤ƒ'0£0@Çâ):9Üûù~¹˜j$à'GWîÐApbçq¢·Û’¯Î Z[&Np‡{fµ“ÅæÀ(^W9ÿë0XPÈ/ßþB3óPþ—oCHxo üE]a¤ôÊdF2–¯ø« 9»Í.–jt´Mƒ.Øã6,üîÐ~]dš&+n²nøôĘԑD;« Žü?韲ZÕ½p6·°Ó16ÇlÓ’GŠq´vu+ ,âÄ&¢«~¬ºžÐ!ñ˜,^ñ:Abn‡x}“ŒG2Œãwç$þ=lE7ÌÒ/&$ÞR+Rr̓ 9Cž!»*{ð8äŽQÔ°-2û..Ž9ŒòÓa}eŸUçŽYªEp¿‘ujÌ}>ÌV;Eý•ò¢Îª}·ò˜z]/~Åtn{ßÊe"¼–{Cøƒ1%0# *†H†÷  1¨5´ðZè¤2©£&ìÍ Žú 010!0 +½V ØèžoH®Šî «=Ÿ»$œ‚’Âý£ªÅvoms-api-java-3.1.0/src/test/resources/md5-trust-anchors/000077500000000000000000000000001265712655300232605ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/md5-trust-anchors/d82942ab.0000066400000000000000000000023711265712655300245030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/md5-trust-anchors/d82942ab.namespaces000066400000000000000000000002231265712655300264550ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-3.1.0/src/test/resources/md5-trust-anchors/d82942ab.r0000066400000000000000000000011451265712655300246630ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMzA5MjYxNjE5MzhaFw0yMzA5MjQxNjE5 MzhaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQBNeJur7RyRLD8LB6Ou55JBPnsupzB74cFfxSrM4/jt 4e830zplV9vLWgbHWLPqwaTXvAsSU+fUHAIcP9F5FysgUA7nmZ4rxeTbOGVwibDU ft/KSOjFeyGWLTDqexMd4JGVq/yBtMy2S3UIToucRbBgU3CccMMDdkZYTKQxhYPq oZWRbWGZYdmKAirC3hhcZxqnuSDziJKsPYLR9DcKkQFtInYRaSvPpNuSA/Jpj/R3 TJnyZXQyDcgO7ePy0CVSVMEyd0p5xrq3U5M8MVMkMHlRP+mQChAgoNNgRRbxzVgi wHwdYz7a1mu0rfFB0IFBue5sgnkk4DV8ZLtegzpbvONt -----END X509 CRL----- voms-api-java-3.1.0/src/test/resources/md5-trust-anchors/d82942ab.signing_policy000066400000000000000000000002171265712655300273560ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-3.1.0/src/test/resources/perm-test/000077500000000000000000000000001265712655300217015ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/perm-test/README.md000066400000000000000000000002171265712655300231600ustar00rootroot00000000000000# Test certificates for permission checks test0 has the right permissions. 400 for key and 600 for p12 cerficate. test1 has wrong permissions.voms-api-java-3.1.0/src/test/resources/perm-test/test0.cert.pem000066400000000000000000000111131265712655300243740ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:34 2012 GMT Not After : Sep 24 15:39:34 2022 GMT Subject: C=IT, O=IGI, CN=test0 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ca:c6:da:f0:86:86:76:ed:2c:71:21:28:e5:46: a5:a6:05:60:7a:53:e3:7f:c5:6d:a4:4b:5b:94:7e: b4:11:6a:fe:9a:b9:5b:66:b4:45:b8:e4:9e:38:55: 38:b7:59:6e:98:d7:5d:d1:07:09:92:ea:85:be:de: 5c:f2:04:16:55:3e:a9:e1:57:df:d5:91:3c:4b:a7: cd:e0:19:55:6f:1c:04:e0:1a:09:23:79:3c:48:b0: e1:3e:4e:43:ca:02:86:49:fd:01:5c:09:f3:e1:dd: 67:59:dc:03:48:d7:85:98:90:03:3d:55:7b:12:6e: 1d:a8:90:2b:16:19:ae:28:ea:9c:ed:dc:fb:75:cc: a9:32:3b:83:d6:d1:c0:64:95:eb:43:22:62:4a:da: fb:9f:b8:35:4d:9b:b2:33:ff:2d:ff:f2:96:3c:a7: 73:28:8b:06:c5:fc:f7:52:6d:ae:d7:40:0c:41:59: 42:4c:a1:a9:5e:87:cc:72:f0:74:91:3a:7e:ed:17: 66:a5:c6:80:cb:1f:84:16:86:9e:94:0e:7d:ab:bc: e5:ac:78:1a:94:30:f5:c5:8e:c5:22:d7:fa:e4:c3: 5a:07:02:33:2b:a1:39:39:94:bd:79:18:8d:0b:19: de:5d:4d:5a:29:90:a5:c5:6d:34:d8:c5:29:0f:cf: 53:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 7C:B7:41:E7:E8:CE:F4:BC:96:37:6F:D5:08:D6:20:31:AD:23:BC:71 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 0d:62:d5:97:7a:d8:5e:49:e5:69:09:f9:c8:77:d4:e4:2b:22: 93:02:9f:11:6a:13:59:97:85:c5:ad:65:a7:d9:2f:56:7b:b0: 02:2b:f1:bb:bb:50:de:6c:96:31:77:c3:ce:a3:c0:a5:b1:ca: 17:c9:33:b6:07:31:c7:64:bc:5a:b8:42:88:cd:4b:fb:83:61: 9e:84:8f:92:72:47:d9:76:31:72:45:78:c3:d3:ec:0c:1b:0c: d7:ec:c0:ee:48:bd:c2:1b:66:96:b1:8a:64:06:78:fa:04:c9: 6b:d0:fd:e4:64:43:2a:57:9b:76:fb:64:e3:d3:e6:97:a6:90: 4f:57:0c:c9:c1:18:67:ad:22:62:3b:95:88:64:06:5f:e3:d6: 21:32:7e:b5:b1:02:2b:7a:9b:e1:ac:a1:14:47:85:d5:a2:b1: f6:06:3f:1e:93:5f:e2:2e:58:1c:98:53:01:39:db:3e:3e:b7: a1:49:14:7c:1a:7d:08:8e:51:20:0b:af:04:63:a2:8f:13:e1: 4a:c9:2b:92:ed:4a:fb:95:30:23:35:d7:5d:7d:d0:20:29:5e: a1:27:24:93:eb:f7:71:f3:29:88:91:bf:27:c4:23:e7:c4:27: 13:d8:8d:8d:bc:3c:5c:3c:c7:3f:c2:69:cc:6b:eb:26:35:a9: 74:b0:9e:a6 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK 2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf 49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N vDxcPMc/wmnMa+smNal0sJ6m -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/perm-test/test0.key.pem000066400000000000000000000034521265712655300242360ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/perm-test/test0.p12000066400000000000000000000047451265712655300232760ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0Öª @‡ûo€‚gr-U¾":5IW ïeŸý^ˆ‹L=˜°µŒ­‡ÑG§oâê)W:{†É˜k%ÏDûÜ<0œDDÄ_ƒ©dþÃó(¬Ö4ÕžU!ÌÝ„´‹M@Í•'áRO·y6'~eõ wAo£ykÄÂNÞnF£ÊÉ׬EúÝìA0Vr[RØK¢Y¸öe'þg¤Ô·(€Jx$VÑíh*'±ìQdã÷³ŸÓ9ì°—Øjž«nç øyBS¨=€¹Ž‚bPtd&ò*Ð)<—~,g¤ûÍÍ4A/{ûG¢%ö0#@t:Ü£GF ´­qt¢€‹›š0Ý<c­íª- 2ýRä°êL¤Èbžç§CT!³ b)[„—Û? ¦¨ÅÏ‹¥ÀŽW—ƒ²¢´UÙâÞ¼à¿6Ê"Ýà°µ"*\¹Ù¾.^7ŽT 7=ñ©ñ+ÂQJîü0zÔ6”öý“VS³í/^î‹iØÌJaVu8”/ŒæŸvÚå=}N„Ý¡e%ÕÉKðåq¨~Ï> :Pn>ªº€€ˆÉ´'LÝ[œÄù£—zÿècžÊ´ŽVÞ«·ëOÀ,Ê$ïµæÄ‚€~è¦ÄËq&±»ËÐE}æ1ôx À#óI·mGbiAÂ[­™mâg¯Cû8¶• Hm12µ9ÊÀþ0B÷ékê6]Lx&%ðä Ñ>÷e&"/dbÀ?Nt1î„¢¿˜¬!®#ŒŠÏ¼Lt–µBd©lïNÆ–UرQk­§¼ÎK¸Ú¤¥ËùË͵ŽþÈ—•$•£¬v¬V ô?œ¼ÍŠ.ÀT _Û‹Ž±¹'9æë¹fSqTü[âÊãìe8ölµ‹ˆ­O 6ÇC¥0Ë6«Û3 ài£˜ÚMeàDZkÖG ?x›è·¿“e<¼\¾;Ï1FØ0WäÑÊŸë¨9œ\¦v9æyãÈ àÑD8l!]i]´ØO4âÌÅåU`Åü¸’«0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0š<_R¥I‚ȳ»Ú|fËú~XÃŒ¤h$§%+~p¥hîê#ëZož[ëîYJ–ú%°y6ÓOgã$~~è<ŸŒ Ÿþ}wõÝR.4éÓçë!8J™žŸo±„¶á”Úv‹Ü6ÔæÖâ°ïñâOã#ùXíabRüî¯ùò hÓâL88Õ£§éí—Žáh°×&æf6 ¢õ#´´]öÓÇ‹ÞOž ›«­H…j±_ò*ή®b:êî“D ¼%Wzò‘Æk%‚,v:äj#“«4®Éòoœ{Ì^ÒüÛˆ,RŒ_·[iþî KÖˆ‰äU³'.þÛ.D´qœ&­}d¶Æ¹v{ÒèFüª?ÛÇ1¿èÓ¾¶³]Â@åm.劇n"¾Oò?X®,Q“}Ó»ý-ßVÆÄ€T÷šÞ¸™½Ëšæa _\™s¥kksE_œrh¹[záb"a²dš6C½CÒ’'OմЪÙŒYé º˜ñ™Í`¯ÄAe.üñ˜nøÀ½khËw «Diy_¿ñfƒK¹Z@Nxñ­àk~úÑáIcˆŸ¸ã4ÐõòÅE½aÚ ÇU€Õzƒû\rVåÖ¯&?qXö9àƒpGUdd?ÃÛ‘Ô²¶ï ‹|–j IRâ  D¸ÉôKwðJV¾Sì.²÷ã±òíÝg¤š„ Á#1Z­êû4; o•°ÝÙSt‡õ°Ü.X£Ì´Eê‹—`ƒkW¯ù•zäT5Õìé.Ï Ø(¿=±0µÜdt¨å²‹[v(ˆg7X>"F‚£-n¿Zºízð ó­¨ñé¾.KžnXï<¢³[¶“¢`nU&êç˜H¸yØ"üJâTæ`üï"@wÐ>g—Ϻ4µ…€6)úªÂø#6D±LÃi`?=l)ú†ä©Šæ3–Ócƒ’7Þ¸’m‹V€¨AŸc”Þ–ô§&Å%M?âÖÒarBõúä æ§äÜYÓC¨Î¦±ðɈŽûðtÛ¯„ø…AöXde·UË ãÁº}dÇLjù>»‡Õr ÏžŠÓÅ8|*7#çƒC¾Væ¿ñmiF‚û[Có*¥×;ï-i-±Ègù/~¡Ëš¼À_Æ&HÌŽ'Ìü”ŒÈY}@ÝO«}õ o Çðw©ï0» ñáÈ‘¬QÁUj£`nb-KS¤ƒ'0£0@Çâ):9Üûù~¹˜j$à'GWîÐApbçq¢·Û’¯Î Z[&Np‡{fµ“ÅæÀ(^W9ÿë0XPÈ/ßþB3óPþ—oCHxo üE]a¤ôÊdF2–¯ø« 9»Í.–jt´Mƒ.Øã6,üîÐ~]dš&+n²nøôĘԑD;« Žü?韲ZÕ½p6·°Ó16ÇlÓ’GŠq´vu+ ,âÄ&¢«~¬ºžÐ!ñ˜,^ñ:Abn‡x}“ŒG2Œãwç$þ=lE7ÌÒ/&$ÞR+Rr̓ 9Cž!»*{ð8äŽQÔ°-2û..Ž9ŒòÓa}eŸUçŽYªEp¿‘ujÌ}>ÌV;Eý•ò¢Îª}·ò˜z]/~Åtn{ßÊe"¼–{Cøƒ1%0# *†H†÷  1¨5´ðZè¤2©£&ìÍ Žú 010!0 +½V ØèžoH®Šî «=Ÿ»$œ‚’Âý£ªÅvoms-api-java-3.1.0/src/test/resources/perm-test/test1.cert.pem000066400000000000000000000111141265712655300243760ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Sep 26 15:39:36 2012 GMT Not After : Sep 24 15:39:36 2022 GMT Subject: C=IT, O=IGI, CN=test1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:d8:5f:03:36:b4:1d:28:58:22:0a:ce:1d:37: 79:17:d9:3c:8d:1e:35:34:76:04:f4:7f:9a:86:0c: 2e:06:26:02:9f:93:9b:7b:36:0d:8d:57:24:55:f3: c2:be:d0:9d:26:0e:91:54:86:48:fa:db:e7:35:ab: 53:63:ad:32:1e:78:13:69:a0:64:d2:19:9c:6a:9b: 1a:d6:e8:7a:b5:33:5e:01:e0:0e:1e:0d:9e:98:68: 0c:1e:6d:42:34:7e:45:6d:05:e0:70:05:88:a9:0f: 51:87:76:37:34:93:c8:58:1d:e0:b3:19:7d:1b:1c: d0:43:66:83:b7:64:92:98:ed:e2:ec:e7:75:eb:7e: 81:4c:51:99:3d:fc:5b:5a:8d:8b:fd:3b:ad:82:7d: 24:65:83:40:05:6b:01:37:f3:53:2e:80:8b:6a:f4: eb:41:9c:4a:a2:2f:03:e7:d1:74:c0:11:19:d6:04: 54:04:08:60:21:e3:a9:30:91:11:a3:e6:53:f4:7e: f6:9f:a7:14:bd:70:f3:c8:96:8d:0d:dc:a6:28:86: f7:f0:8a:34:02:7f:3c:15:dd:bc:79:f0:58:e2:fb: 33:fb:0a:a0:88:59:32:bc:c8:0e:94:a3:d5:de:3a: 80:00:61:be:31:9d:19:e5:ee:f6:08:3a:8c:f0:44: f0:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: DD:25:F1:5B:38:2B:67:15:1A:F3:B6:58:E7:3F:CC:C8:6A:14:4A:9E X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 6a:2b:55:3e:a9:29:94:d4:94:e4:e1:dc:1e:2f:a1:0c:14:90: fd:1c:39:86:43:6e:40:45:db:f5:66:90:dc:21:74:8f:9f:28: d2:46:c6:09:e9:28:f0:c1:cd:a1:81:e6:81:e9:be:f0:ae:38: 46:06:f9:50:70:12:7a:23:34:95:55:c7:3f:63:75:40:00:2b: fb:d5:2e:0c:5e:b6:95:70:11:61:70:63:14:8c:e5:be:9b:0d: 7b:3d:68:a2:90:61:01:bb:e8:be:a2:a6:93:60:a8:91:15:61: 93:0e:87:be:69:ca:af:4d:0f:3d:ed:0a:1e:d2:be:f5:54:8d: 12:91:38:33:f7:8c:75:9f:91:36:65:72:a6:28:8a:ac:cf:55: d9:29:40:62:a8:2d:48:d9:b6:dc:d3:09:e0:8e:00:06:ec:7b: c5:63:57:5e:d5:b2:85:cc:5e:5b:6f:f0:54:15:d6:e1:92:6b: 6d:75:72:45:f7:9b:d1:21:4f:79:81:91:54:85:e2:4c:fb:68: 27:e1:e1:a2:43:f7:8f:df:3e:8c:49:72:01:64:81:cb:2f:a4: 77:f6:ca:a7:cc:54:62:36:39:8a:04:c4:b9:6a:21:3a:6c:cb: d7:d3:33:ce:49:6e:3c:b4:83:bf:b3:bd:0f:6c:82:a1:7a:d7: c0:59:d7:61 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBCjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNloX DTIyMDkyNDE1MzkzNlowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG A1UEAxMFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO2F8D NrQdKFgiCs4dN3kX2TyNHjU0dgT0f5qGDC4GJgKfk5t7Ng2NVyRV88K+0J0mDpFU hkj62+c1q1NjrTIeeBNpoGTSGZxqmxrW6Hq1M14B4A4eDZ6YaAwebUI0fkVtBeBw BYipD1GHdjc0k8hYHeCzGX0bHNBDZoO3ZJKY7eLs53XrfoFMUZk9/FtajYv9O62C fSRlg0AFawE381MugItq9OtBnEqiLwPn0XTAERnWBFQECGAh46kwkRGj5lP0fvaf pxS9cPPIlo0N3KYohvfwijQCfzwV3bx58Fji+zP7CqCIWTK8yA6Uo9XeOoAAYb4x nRnl7vYIOozwRPDnAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU 3SXxWzgrZxUa87ZY5z/MyGoUSp4wDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB AQBqK1U+qSmU1JTk4dweL6EMFJD9HDmGQ25ARdv1ZpDcIXSPnyjSRsYJ6Sjwwc2h geaB6b7wrjhGBvlQcBJ6IzSVVcc/Y3VAACv71S4MXraVcBFhcGMUjOW+mw17PWii kGEBu+i+oqaTYKiRFWGTDoe+acqvTQ897Qoe0r71VI0SkTgz94x1n5E2ZXKmKIqs z1XZKUBiqC1I2bbc0wngjgAG7HvFY1de1bKFzF5bb/BUFdbhkmttdXJF95vRIU95 gZFUheJM+2gn4eGiQ/eP3z6MSXIBZIHLL6R39sqnzFRiNjmKBMS5aiE6bMvX0zPO SW48tIO/s70PbIKhetfAWddh -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/perm-test/test1.key.pem000077500000000000000000000034521265712655300242420ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2w+ugQqEGFkCAggA MBQGCCqGSIb3DQMHBAgPZjfe798p0wSCBMj14OJ0YNJgksOCyBC4d6Jf6pDKS5g0 RpITRrYmqrmcD6i9d86HVHMIXs/G4MYpe3UUerJPXOAEVR4gqvRXmDAphCNPF0fW X8f7erMqKHpfYtS9icsucu+hp/MCQ2t5Cu3KZ35ggAXX5xKxjDH89RrLYTUGUqL5 up9KkSu+wYM7UueZONnn/22OLGqyJfNNE+H2tX5On5xg+WKMnqcu54D5P+hLehDI km1idAtXGCAOwYQ9IV/WZ5h+5pllsjjV4HmNVWnog4SFs+eXjgsw6/LAiuq1wVcG CKU9cW8OZVqko88O58nWHAFyN9oNh6C9roIxKLjxm14OB+rTjxn2hKaGE3mOZWxw 5TCLukwbRRagtq/oyCcNuDdL8hOCQhtOaNV35VKAEFyasEJLk/Uml8uEkZIEWQsY O4XlNl4gToFSRYNFrA33ajJOeZwwPzuhjTutv89KhnSRSCboVchH2bvTLwuDztjL 2TtAu4r1IAmdUDBOJIfsmyLajCkFGRy1FijzLejrV+/VP/0cwvGyWG18So7mjDpD o0vBRD0xRcE/tx+Kf7/42cBGV6NKkVBjGTC9o5LDVjWUe6Kmt18ZNonwKqkvf41h pK78uODctK3KMfO/u/zjubvBdW9EXc7PwgcMdptEqF4s/dCdtmjB4HgB11th4Iuy 9ZZ8vkgA8paHk1JpLn1BpZYpDG0UZQcV4Kvb5x5LbrzB+ijpY6BBAmNhODSDYl/3 nj6exdm6Hd8wYMon7ehQA8wjqGyhuWT86nL2P8Pq7Ir5kNw42zTEdscx4ONe+l7h kWiT5UROM/1dskrIg9cGsr8/m6VCCIwb+uiEMV4+CfR27lOV0FV6Pjr/fxfrjVUA sOBw/pLYQWMt92zbZuD8IpmIrU1BTmr37uYqE34p0rgzjtfmabSrmXHzbFgDurRT toMt1iFQFxC8riMe3tZyOyAjsQl0l6uXyFv5od+WSkxdZ50sOmRs2UmVnvxVkXzv bBD/dn3D7EqQx+V7avVj6UD0koCYnu08ajWLfnQT9XHGFkngWkpZ3XXUYsBV0mKK +uZPqS6N63fhM4TZqFIMKuE78RQZjK/ks/NoGHHRJ7ptlBTMPcLO2AaJUZ+6CKaD zvFfLn0HpxbwvlgHwlakPyif5qqkpThHmXeblDL++BvVuOpUQSNGVZs5++YK8Bu2 I/op9GSg9KKkBFpokpoXwFPEtXRXOTsduXT5l3FqZrj4GEnwwm+z4jfcsF25ffne EAEYPe+1mFTf0rpKGRO+lor87ZmovVm87nsYIhzHYuaQVqJyRep2AlwvvRYJtbiS 3rvCBrjGsjjv9HwPqKqxQG6OMbdL9DOC3/rx/8uHtacHIJqnNON4FnhBE53cQU02 2zSQHXOFPDMSppSlXNJga2/UHBs8EWKbqWzNTpxdDRXeWh+INSXL+E1YQfeUEpJo 0g1aJT24pXDbA95iHvyZQvJO2wTT8tkOAuffCegP/MXfuSvOnleCTrsGM5mm0e59 HXpC9DWhTqG8vOWME+r92Zzk+MiMCFfe6oXgeavDF0BYswB4F03qKHF522EwIMWs 9Uw+EG42ePblRDpJ3P+o92/T3gbSEAV3npqZDVC4jyci0HeAZKho6487WSe6Yfg/ O1A= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/perm-test/test1.p12000077500000000000000000000047451265712655300233020ustar00rootroot000000000000000‚ á0‚ § *†H†÷  ‚ ˜‚ ”0‚ 0‚G *†H†÷  ‚80‚40‚- *†H†÷ 0 *†H†÷  0 £§A" :'€‚}=s ¤mËQ›f›Zšû4²<¿%»j1]+7R?µ}–Wv–5ù«–äGûú AÙµJŽßq\‰4¯õB£W©ÝÈýv}‰ssoÄå•Po®ñ?"}̵l5ñÝ•úq13®­Uc“5Œ•Ÿóü²‚-³wáÄ)´"\4é39f¹öôzĈV¾ÿB@îû”çt2l¡ìtK&•FjZ®Ç_f FF¨µ%Vš_´ÃÐ-V©Fnè&²]ÊAæ?NO7Ô®t;Ç L“bÃæ-}÷óœ¾ó2¡Dä²Nëç;žç2uù7V5R!L†ŸT=„ úÔaݵ8]1 ˜)‡N­šP1`ž&^“; ²ËãK+˜ª|É3S™ªœ¡u/ï0o,”wñ«á¬bÍÜ¥[äNÍ…' ñúl>ÏéÒO´#jZ 2ï³J¯O­MŽMLLçîä4WDxév¢!>Ÿ=Cl-zî–9Ú€•j}QJK„UÀ·åQlÜŸ¦Väv¤n;dµ¿RÚ1’Y)$Ü §ã«[‚ôî2×A§¶(×( ˜ÎkIYOg1{^c”âbX3Ûv¥(% *ÝË~±»°pmžö{{ÛX6Ð$›ŸîLÚ ù ½m,€l ëCÌHÂZõI~³}Àê<…hOÊÍ^V[©º.h¸Þ¶VÈv°ÅqÎæÕƒ-Åc mÍDU—dœC*š`_:ûiØ —¤pt‰Æe½‘. $ŠhN™,ùú¦¶ç3¾}Üú`^ÃîZ‚…†!)à½æ~3ŒìÙ;ä«5Ú‘4à³ãZM‘4üñé¯Y‰ÅËÙÇŽ¥^¸« ‡^ šf—³° $?çÍÛ³Û3!ÐÁ9)LÈ©G¿°OÕ¯ðôøÖÿmxXß$›æs†b¦õ°Ì³w$¢GË¿Ú'£˜a ƒ¦Òs0a;Ö™Ž[Wõü~³ŸY¡"kinFŸ K›rì÷ÖçŸZ0EM«­t”[nœ«òf&šßЀU•Í¶÷…0¾¨í¯§I ?~܆K[³µìÑÊåKp€ï‹Dtù²mSA›jvöhng©ßÊþO3A†-i¯Âñö03‡M>2m«•œ”W©h¯“©çœø”ŸßtcBÎPR­l€~^Å¿E¦âZ6P¬rz×ÞÞœE÷T ‰Y·‡€.ge?«ÛDˉ0r-ë}½çªu0‚A *†H†÷  ‚2‚.0‚*0‚& *†H†÷   ‚î0‚ê0 *†H†÷  0‡½%V䙂ȡÉàVþÒ•êçdĪ}×LØõä´˜Už¾ ÖOí+Y€ýë1‘ |{vîÞç»\œ™&‡"M åã¥EWü8í ”°ëÙ"œïŨ&¢u<ÕRñ´˜B)ÃÇ}‚\¶˜öÜšeL"’mZv2 ËÖÚ Ì àÛ1XÂú¤ /¡NX³™EÈzT¯‘'\»7˜Ýj>w†+’÷]:‡‰?d†Ø £Ž3à/Á"IïxyûQ†šÞ½¤xÑѳ²>Dºùðê¯"~©Ð{ö‰E÷–ɨ¸voED57Ü°ïúCá¯Rî»ØPÁôH7”ÞÅ"Š‰RI šŽ“ùÔ‹t'$ô^ô}²eØOzbVô-Êã\<Õ÷§ì5ŒÃ˜G(ú^mÂ"È”ÔhyyžÓŠ_É^ ÙnB5X lï ¨²ß¹ßQ²Tß3œÜâFýüå3hM”ÿú*kQ£¿e#èÝÊgbãgŒÔ,!ðL2üiv#}\J֣ؑ=q$Ðwí©=ý~' øœ±ØSÞÕ`~÷7ö4L`W3²‰«šéÁ¼*„«}Çëß(Ôî9„†Û/3÷‡ø›5j\ȤÙ$楴 áÙL©'»HôücÇl†MÅ«1r‰šmöœ,¡{Iõ«Ìæ=– ’Ä潩QNZÎ0Æï-™@f$XÎK 3š†–z…‰9_XmßnNÅ”DË^)À‚n;ÖhGðÙdÀµzð:'ÇDæ~†útzI£þ<…©‚eyÔ¯ §.©Î¿—Ë1‹ËW¸bïÂjfBVÝõ0‡ú¯›O¤¥(âý–6 ë4vQ}ådydm?0ìúxý½< ÿM|€çÐðé™ð¸tyK°µBWÁ¬ÆQgûÕË:„ò0zZ=‚S|¶[ˆÜ [öeçJÕÝ^=Ž2ä=<„ÏdP¢Z9»Ò‰ÝVPÁ£Z{n±÷×3œS¹´M‹¶#t „;Äù§¼…d¬`Gɱ¤ ¨ÚUÑÜ"µµÈJ€W£Døhµ!C<Ñ´úq…7 pÕÇóž~=ª"&ú›ù]û¨(««Ð[ʨ¬,¢îGòÅ`ÌÆ%SÞõú‚§Qµy »ZwžxÞl1Œ!¨S!3ûÏjÈ(­æú㈸X¶«šs ~0×7¶Ø.Vf×U“úØEÏY. N,-ó“ŒÃÒå¸E”úŽ}þz:Ãîh&½ êa†Ð*pÏNÂu®!\¿eÒYæO¡èý¹¢Md¶ÚGH耦(™¹Zì;Ž`MºÇX£°Bý¬S~ïWgdë`aÝÔ‡¨¤·ŽŽ"cõ’®Êèû1%0# *†H†÷  1Ú CQ¦ês)+óÌæþŠåö010!0 +.TWżÝÛ¥ïkÿ‘ønñÔõœÞ½KÛP}voms-api-java-3.1.0/src/test/resources/perm-test/test2.key.pem000066400000000000000000000034521265712655300242400ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4 Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2 q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7 xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4 pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I 1o0= -----END ENCRYPTED PRIVATE KEY----- voms-api-java-3.1.0/src/test/resources/sha1-trust-anchors/000077500000000000000000000000001265712655300234275ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/sha1-trust-anchors/10b10516.0000066400000000000000000000023711265712655300244720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/sha1-trust-anchors/10b10516.namespaces000066400000000000000000000002231265712655300264440ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-3.1.0/src/test/resources/sha1-trust-anchors/10b10516.r0000066400000000000000000000011451265712655300246520ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMzA5MjYxNjE5MzhaFw0yMzA5MjQxNjE5 MzhaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQBNeJur7RyRLD8LB6Ou55JBPnsupzB74cFfxSrM4/jt 4e830zplV9vLWgbHWLPqwaTXvAsSU+fUHAIcP9F5FysgUA7nmZ4rxeTbOGVwibDU ft/KSOjFeyGWLTDqexMd4JGVq/yBtMy2S3UIToucRbBgU3CccMMDdkZYTKQxhYPq oZWRbWGZYdmKAirC3hhcZxqnuSDziJKsPYLR9DcKkQFtInYRaSvPpNuSA/Jpj/R3 TJnyZXQyDcgO7ePy0CVSVMEyd0p5xrq3U5M8MVMkMHlRP+mQChAgoNNgRRbxzVgi wHwdYz7a1mu0rfFB0IFBue5sgnkk4DV8ZLtegzpbvONt -----END X509 CRL----- voms-api-java-3.1.0/src/test/resources/sha1-trust-anchors/10b10516.signing_policy000066400000000000000000000002171265712655300273450ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-3.1.0/src/test/resources/trust-anchors/000077500000000000000000000000001265712655300225755ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/trust-anchors/10b10516.0000066400000000000000000000023711265712655300236400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/trust-anchors/10b10516.namespaces000066400000000000000000000002231265712655300256120ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-3.1.0/src/test/resources/trust-anchors/10b10516.r0000066400000000000000000000011451265712655300240200ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMzA5MjYxNjE5MzhaFw0yMzA5MjQxNjE5 MzhaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQBNeJur7RyRLD8LB6Ou55JBPnsupzB74cFfxSrM4/jt 4e830zplV9vLWgbHWLPqwaTXvAsSU+fUHAIcP9F5FysgUA7nmZ4rxeTbOGVwibDU ft/KSOjFeyGWLTDqexMd4JGVq/yBtMy2S3UIToucRbBgU3CccMMDdkZYTKQxhYPq oZWRbWGZYdmKAirC3hhcZxqnuSDziJKsPYLR9DcKkQFtInYRaSvPpNuSA/Jpj/R3 TJnyZXQyDcgO7ePy0CVSVMEyd0p5xrq3U5M8MVMkMHlRP+mQChAgoNNgRRbxzVgi wHwdYz7a1mu0rfFB0IFBue5sgnkk4DV8ZLtegzpbvONt -----END X509 CRL----- voms-api-java-3.1.0/src/test/resources/trust-anchors/10b10516.signing_policy000066400000000000000000000002171265712655300265130ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-3.1.0/src/test/resources/trust-anchors/d82942ab.0000066400000000000000000000023711265712655300240200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2 MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS 8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY 4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7 LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/trust-anchors/d82942ab.namespaces000066400000000000000000000002231265712655300257720ustar00rootroot00000000000000TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=it/O=IGI/.*" TO Issuer "/C=IT/O=IGI/CN=Test CA" \ PERMIT Subject "/C=IT/O=IGI/.*" voms-api-java-3.1.0/src/test/resources/trust-anchors/d82942ab.r0000066400000000000000000000011451265712655300242000ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIIBnTCBhjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD SUdJMRAwDgYDVQQDDAdUZXN0IENBFw0xMzA5MjYxNjE5MzhaFw0yMzA5MjQxNjE5 MzhaMCgwEgIBBBcNMTIwOTI2MTUyNTI0WjASAgERFw0xMjEwMjQxNDMzMzdaMA0G CSqGSIb3DQEBBQUAA4IBAQBNeJur7RyRLD8LB6Ou55JBPnsupzB74cFfxSrM4/jt 4e830zplV9vLWgbHWLPqwaTXvAsSU+fUHAIcP9F5FysgUA7nmZ4rxeTbOGVwibDU ft/KSOjFeyGWLTDqexMd4JGVq/yBtMy2S3UIToucRbBgU3CccMMDdkZYTKQxhYPq oZWRbWGZYdmKAirC3hhcZxqnuSDziJKsPYLR9DcKkQFtInYRaSvPpNuSA/Jpj/R3 TJnyZXQyDcgO7ePy0CVSVMEyd0p5xrq3U5M8MVMkMHlRP+mQChAgoNNgRRbxzVgi wHwdYz7a1mu0rfFB0IFBue5sgnkk4DV8ZLtegzpbvONt -----END X509 CRL----- voms-api-java-3.1.0/src/test/resources/trust-anchors/d82942ab.signing_policy000066400000000000000000000002171265712655300266730ustar00rootroot00000000000000access_id_CA X509 '/C=IT/O=IGI/CN=Test CA' pos_rights globus CA:sign cond_subjects globus '"/C=IT/O=IGI/*"' voms-api-java-3.1.0/src/test/resources/vomsdir-expired-aa-cert/000077500000000000000000000000001265712655300244145ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir-expired-aa-cert/expired.cert.pem000066400000000000000000000111151265712655300275120ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 1 00:00:00 2011 GMT Not After : Dec 2 00:00:00 2011 GMT Subject: C=IT, O=IGI, CN=expired Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:c0:62:a2:af:9d:01:41:cf:b2:78:cf:a7:ef: a4:56:b5:80:c6:ba:19:d1:a2:73:9e:85:d4:ac:31: da:7b:cd:00:85:ae:8e:db:63:05:96:a1:24:e1:ad: 69:69:9b:4d:b5:4a:c7:17:69:32:e4:0e:95:6d:f9: 39:49:6d:a2:10:bb:a3:66:71:06:b5:b1:a4:69:e2: 61:e9:71:15:5e:a7:b3:2c:8d:f8:2d:a8:d8:b5:2f: c8:19:f7:59:ab:41:5c:bc:4e:01:5f:fe:f1:98:7d: 94:d5:ea:4d:ee:83:82:2f:bb:72:25:e0:0e:ec:d2: 77:b8:71:76:81:6e:f0:98:1c:e5:0e:e9:17:01:7c: 2c:64:b5:93:cf:ab:fe:20:e8:49:fe:29:72:b0:7d: 87:af:59:06:21:56:10:c4:ed:09:ca:26:eb:79:bd: 72:ad:07:48:79:09:b9:8c:fc:3d:c4:0f:e6:28:3e: d2:8c:5e:88:73:40:40:30:67:47:6f:63:e3:20:96: 06:da:54:a8:d7:eb:9c:ad:51:b0:b4:96:e8:da:ad: 08:cd:01:91:14:92:fa:31:10:8d:b0:31:d7:4d:1c: c4:45:cd:d3:d9:cd:ce:73:76:bf:d8:79:e1:e1:6c: 0a:d3:55:c4:d7:f6:59:78:c5:f3:94:43:2d:b4:ef: 18:bd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 15:1B:A1:18:28:FA:09:25:E9:F0:CE:49:1E:74:C8:94:DA:84:CB:45 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption c8:1d:2d:88:0a:d6:d4:ab:b9:85:5c:2c:12:f2:b7:d7:06:ce: 73:87:a0:27:ae:7a:b0:de:f2:a2:a4:49:07:fb:ec:01:64:de: 06:8d:28:d5:de:85:89:9a:c2:9b:33:ce:e8:06:4e:7e:1a:f3: bd:89:2f:91:41:96:d2:0b:7f:70:23:f0:04:6c:43:c2:bd:5a: 3b:14:d3:65:ea:0e:48:3d:14:59:ec:7c:01:53:5b:d6:28:ca: de:b7:6c:45:22:b2:cd:48:c2:a2:ae:e8:78:65:50:d4:8e:cf: 1e:82:dd:da:76:3f:c1:68:df:0c:73:c5:d1:c1:89:08:71:9c: e2:4a:cb:d7:4f:77:3d:d7:82:7b:4d:1f:64:44:27:b2:09:5d: 0b:63:34:de:b8:a9:32:a5:63:b9:53:23:a5:7b:83:af:f4:9a: 8f:05:af:4e:2f:e4:2a:00:c2:7d:a9:82:2c:30:de:ea:69:cf: b8:97:5b:c8:2d:51:52:e5:58:3c:98:49:b3:b2:1b:03:97:f3: 83:df:69:9f:8a:a1:cb:27:06:84:fa:17:df:73:67:5a:69:f7: 24:ab:a6:31:84:43:c4:2c:4c:cc:88:70:c8:79:a4:17:b8:84: dc:01:fe:a2:91:84:9e:c3:d1:06:45:6b:bb:97:fb:7d:9b:ad: 41:cd:0f:6c -----BEGIN CERTIFICATE----- MIIDnDCCAoSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMBoXCzExMTIwMTAwMDBaFwsx MTEyMDIwMDAwWjAtMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMRAwDgYDVQQD EwdleHBpcmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsBioq+d AUHPsnjPp++kVrWAxroZ0aJznoXUrDHae80Aha6O22MFlqEk4a1paZtNtUrHF2ky 5A6Vbfk5SW2iELujZnEGtbGkaeJh6XEVXqezLI34LajYtS/IGfdZq0FcvE4BX/7x mH2U1epN7oOCL7tyJeAO7NJ3uHF2gW7wmBzlDukXAXwsZLWTz6v+IOhJ/ilysH2H r1kGIVYQxO0Jyibreb1yrQdIeQm5jPw9xA/mKD7SjF6Ic0BAMGdHb2PjIJYG2lSo 1+ucrVGwtJbo2q0IzQGRFJL6MRCNsDHXTRzERc3T2c3Oc3a/2Hnh4WwK01XE1/ZZ eMXzlEMttO8YvQIDAQABo4HKMIHHMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBUb oRgo+gkl6fDOSR50yJTahMtFMA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1Bggr BgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUH AwQwHwYDVR0jBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwJwYDVR0RBCAwHoEc YW5kcmVhLmNlY2NhbnRpQGNuYWYuaW5mbi5pdDANBgkqhkiG9w0BAQUFAAOCAQEA yB0tiArW1Ku5hVwsEvK31wbOc4egJ656sN7yoqRJB/vsAWTeBo0o1d6FiZrCmzPO 6AZOfhrzvYkvkUGW0gt/cCPwBGxDwr1aOxTTZeoOSD0UWex8AVNb1ijK3rdsRSKy zUjCoq7oeGVQ1I7PHoLd2nY/wWjfDHPF0cGJCHGc4krL1093PdeCe00fZEQnsgld C2M03ripMqVjuVMjpXuDr/SajwWvTi/kKgDCfamCLDDe6mnPuJdbyC1RUuVYPJhJ s7IbA5fzg99pn4qhyycGhPoX33NnWmn3JKumMYRDxCxMzIhwyHmkF7iE3AH+opGE nsPRBkVru5f7fZutQc0PbA== -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/vomsdir-fake-aa-cert/000077500000000000000000000000001265712655300236625ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir-fake-aa-cert/test_host_2_cnaf_infn_it.cert.pem000066400000000000000000000111661265712655300322600ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 21 (0x15) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Dec 14 18:44:17 2012 GMT Not After : Dec 12 18:44:17 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:8b:f4:59:d4:91:e9:03:92:5f:7f:3e:15:dd: 38:e1:1d:ed:9c:f0:9f:c1:c5:75:cb:7c:2d:e9:49: a7:be:76:5a:c5:cb:fb:0a:15:77:1b:5e:6b:47:b7: 8c:63:a3:ba:a4:3d:95:d4:a7:b9:e0:1e:47:6a:94: 8f:f2:27:41:c0:4e:ca:1f:9c:c6:37:d4:e6:6c:f7: 18:bf:4a:48:10:49:54:31:ad:07:b0:55:19:6b:0b: 7e:3b:2a:ca:b0:72:57:c0:09:d7:93:e0:0d:9c:e0: b9:b6:a9:c8:0c:65:11:19:9e:81:68:a6:a9:c9:de: b8:af:49:0f:ce:e9:d0:52:74:ed:8a:8d:5c:b4:52: 4d:cc:62:5a:a6:f4:4c:b8:d5:49:6e:36:e8:f2:74: 7e:ac:ce:19:0e:17:61:ea:b3:2e:ec:49:a5:02:89: 04:55:01:58:8b:ab:d1:6b:2f:27:00:4f:e7:33:32: c4:20:f2:7f:f0:97:8b:5f:7c:23:be:89:66:fd:e9: 81:11:79:c5:a3:c7:9c:57:8c:8d:f9:07:a3:45:cd: c7:88:cc:28:9f:cb:28:8b:53:91:a4:6e:ad:ff:b3: bd:ad:55:4c:00:85:3e:98:e2:47:03:71:02:5d:b5: 8f:ae:ae:7d:e2:67:1e:07:73:e2:83:fb:42:97:5c: f7:83 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: E3:D1:54:6B:2B:2E:0A:3B:A5:49:8E:C4:C2:7E:11:DB:7B:AC:0D:DD X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption cf:44:b8:6e:bb:17:da:b2:39:fe:9b:10:e2:a7:64:e9:b1:13: b1:96:24:e9:08:22:0a:b3:47:67:6c:03:43:9d:f8:4f:d3:25: d8:a7:e0:7d:d6:3c:18:50:97:76:c9:f5:17:c0:42:60:c7:a3: b4:74:67:5b:a2:16:e1:85:6a:15:39:25:3a:02:59:dc:84:a3: f3:90:dc:69:51:2e:13:9b:f3:53:f5:51:78:f2:00:ca:46:65: 73:34:f0:5d:3f:49:51:f9:66:b6:4c:0c:5d:24:ef:db:2f:d7: 0f:72:c8:b4:93:f6:25:38:2f:fd:fa:c3:9b:d9:51:dd:07:90: eb:0d:98:36:78:89:58:f1:28:cc:4d:eb:0b:86:12:1e:54:d2: 88:d5:54:c4:ae:36:46:9b:7c:d9:f7:59:63:33:ad:f0:fd:2e: f1:ae:7c:55:49:df:3d:50:01:88:f5:6a:c1:2b:50:e0:74:b8: 35:ad:71:d3:ac:f1:da:e8:b8:2c:9a:9c:46:5d:b2:26:97:cf: 50:20:9b:de:8b:2b:21:52:a3:52:ac:2c:bc:bf:5a:84:c5:17: 58:c4:ff:a5:1c:14:c0:36:b9:31:58:ba:1a:f0:63:ff:6b:ee: d4:a2:b6:7f:6a:41:89:20:50:77:c3:1b:b5:0e:6e:02:ae:6d: b1:f1:4e:48 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBFTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTIxNDE4NDQxN1oX DTIyMTIxMjE4NDQxN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAKCL9FnUkekDkl9/PhXdOOEd7Zzwn8HFdct8LelJp752WsXL +woVdxtea0e3jGOjuqQ9ldSnueAeR2qUj/InQcBOyh+cxjfU5mz3GL9KSBBJVDGt B7BVGWsLfjsqyrByV8AJ15PgDZzgubapyAxlERmegWimqcneuK9JD87p0FJ07YqN XLRSTcxiWqb0TLjVSW426PJ0fqzOGQ4XYeqzLuxJpQKJBFUBWIur0WsvJwBP5zMy xCDyf/CXi198I76JZv3pgRF5xaPHnFeMjfkHo0XNx4jMKJ/LKItTkaRurf+zva1V TACFPpjiRwNxAl21j66ufeJnHgdz4oP7Qpdc94MCAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBTj0VRrKy4KO6VJjsTCfhHbe6wN3TAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAM9EuG67F9qyOf6bEOKnZOmxE7GWJOkIIgqzR2ds A0Od+E/TJdin4H3WPBhQl3bJ9RfAQmDHo7R0Z1uiFuGFahU5JToCWdyEo/OQ3GlR LhOb81P1UXjyAMpGZXM08F0/SVH5ZrZMDF0k79sv1w9yyLST9iU4L/36w5vZUd0H kOsNmDZ4iVjxKMxN6wuGEh5U0ojVVMSuNkabfNn3WWMzrfD9LvGufFVJ3z1QAYj1 asErUOB0uDWtcdOs8drouCyanEZdsiaXz1Agm96LKyFSo1KsLLy/WoTFF1jE/6Uc FMA2uTFYuhrwY/9r7tSitn9qQYkgUHfDG7UObgKubbHxTkg= -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/vomsdir/000077500000000000000000000000001265712655300214445ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/atlas/000077500000000000000000000000001265712655300225505ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/atlas/lcg-voms.cern.ch.lsc000066400000000000000000000001471265712655300263230ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-3.1.0/src/test/resources/vomsdir/atlas/vo.racf.bnl.gov.lsc000066400000000000000000000001631265712655300261550ustar00rootroot00000000000000/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 voms-api-java-3.1.0/src/test/resources/vomsdir/atlas/voms.cern.ch.lsc000066400000000000000000000001431265712655300255540ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-3.1.0/src/test/resources/vomsdir/cms/000077500000000000000000000000001265712655300222265ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/cms/lcg-voms.cern.ch.lsc000066400000000000000000000001471265712655300260010ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-3.1.0/src/test/resources/vomsdir/cms/voms.cern.ch.lsc000066400000000000000000000001431265712655300252320ustar00rootroot00000000000000/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority voms-api-java-3.1.0/src/test/resources/vomsdir/igi.italiangrid.it/000077500000000000000000000000001265712655300251155ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/igi.italiangrid.it/vomsmania.cnaf.infn.it.lsc000066400000000000000000000001161265712655300320620ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=CNAF/CN=vomsmania.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-3.1.0/src/test/resources/vomsdir/superbvo.org/000077500000000000000000000000001265712655300240775ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/superbvo.org/voms-02.pd.infn.it.lsc000066400000000000000000000001141265712655300277470ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-3.1.0/src/test/resources/vomsdir/superbvo.org/voms2.cnaf.infn.it.lsc000066400000000000000000000001121265712655300301140ustar00rootroot00000000000000/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA voms-api-java-3.1.0/src/test/resources/vomsdir/test-host.cnaf.infn.it.pem000066400000000000000000000111661265712655300263600ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 16 (0x10) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=IGI, CN=Test CA Validity Not Before: Oct 10 16:03:07 2012 GMT Not After : Oct 8 16:03:07 2022 GMT Subject: C=IT, O=IGI, CN=test-host.cnaf.infn.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:0e:8d:89:5a:f5:3c:1a:d4:8d:8e:8d:66:f2: a4:74:6a:aa:94:42:3d:c4:57:c6:c6:db:3e:6b:ec: d4:16:08:d1:ad:5e:5e:44:a2:62:71:99:11:69:82: 5a:15:7e:49:26:65:4d:6b:41:63:c4:72:88:b7:97: 12:3d:43:12:ee:6b:d0:a2:90:57:2c:32:92:b6:91: 5a:61:b7:34:72:57:7a:48:10:9b:8c:77:5c:01:ca: be:56:30:d4:cf:f2:6a:08:f7:96:af:77:28:a0:ba: 97:26:ac:3b:34:a0:cb:c8:88:56:19:c8:18:9b:4e: fe:6a:56:91:58:a7:ee:3f:34:7a:82:b9:05:ea:26: 81:ff:1b:3a:5e:fb:d9:e3:52:23:56:8b:9e:07:0a: 15:ae:4e:7e:38:dc:51:5f:f0:6f:bb:fa:f3:a6:3a: d8:bc:49:31:24:e7:27:51:51:90:60:de:e5:82:e0: 3e:ed:de:51:6b:24:a9:8d:1e:09:09:1a:10:44:04: 51:f4:48:c7:f6:45:3e:e6:5a:ea:72:62:95:ec:ef: 08:98:62:b3:c9:af:79:30:be:58:a0:f1:39:67:48: a1:b6:f2:d0:dc:fa:15:fc:31:70:c7:e9:d7:e4:b1: f9:7e:3c:19:94:03:e1:07:57:3d:87:77:21:63:78: 1f:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: FA:F4:A2:78:FF:3C:E8:62:86:73:1E:F1:AE:B4:15:35:D3:1D:03:81 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection X509v3 Authority Key Identifier: keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6 X509v3 Subject Alternative Name: email:andrea.ceccanti@cnaf.infn.it Signature Algorithm: sha1WithRSAEncryption 96:28:72:52:23:32:b8:5f:43:ac:24:f4:7d:93:15:bd:33:58: 1b:bd:ef:c0:4a:cf:e2:c6:64:9e:f9:40:eb:a0:c4:b3:73:c1: 26:18:2c:18:91:eb:09:3c:e1:f9:84:c4:de:07:4c:6c:17:f7: dc:f6:12:de:bf:43:3a:22:ad:46:60:e0:15:4f:d5:56:8b:b6: 67:23:8a:16:df:83:fe:2f:22:6a:6c:eb:22:4d:f1:40:c3:99: 63:62:18:b8:12:bb:f0:ec:91:6b:bf:81:b5:90:83:63:10:b5: 01:96:98:6a:cb:68:9a:3b:ca:bd:95:bb:09:20:94:cc:e3:97: 43:00:49:c0:29:3b:55:59:cd:b1:c6:f4:f2:06:f1:1e:74:b0: 45:14:3f:02:3a:49:6f:ec:57:0a:87:e1:ef:c1:7c:01:93:2a: 23:84:9b:08:7f:18:02:09:b9:28:86:c3:62:73:42:f4:c5:59: 65:ce:ec:81:a3:23:73:59:28:1e:54:30:3d:38:28:29:c3:2a: d5:71:3f:9c:75:34:d7:5a:1e:28:ad:af:68:52:bd:05:f9:6e: 9f:9d:9e:e2:90:51:63:71:e1:7b:b3:0d:23:ae:ee:3d:92:e7: 0d:5c:3c:67:46:53:e9:27:6f:bd:cb:57:37:e8:64:29:5d:97: b1:8b:61:05 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIBEDANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMTAxMDE2MDMwN1oX DTIyMTAwODE2MDMwN1owPDELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEfMB0G A1UEAxMWdGVzdC1ob3N0LmNuYWYuaW5mbi5pdDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALEOjYla9Twa1I2OjWbypHRqqpRCPcRXxsbbPmvs1BYI0a1e XkSiYnGZEWmCWhV+SSZlTWtBY8RyiLeXEj1DEu5r0KKQVywykraRWmG3NHJXekgQ m4x3XAHKvlYw1M/yagj3lq93KKC6lyasOzSgy8iIVhnIGJtO/mpWkVin7j80eoK5 Beomgf8bOl772eNSI1aLngcKFa5OfjjcUV/wb7v686Y62LxJMSTnJ1FRkGDe5YLg Pu3eUWskqY0eCQkaEEQEUfRIx/ZFPuZa6nJilezvCJhis8mveTC+WKDxOWdIobby 0Nz6FfwxcMfp1+Sx+X48GZQD4QdXPYd3IWN4H80CAwEAAaOByjCBxzAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBT69KJ4/zzoYoZzHvGutBU10x0DgTAOBgNVHQ8BAf8E BAMCBeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMD BglghkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giL SiOiEUnGMCcGA1UdEQQgMB6BHGFuZHJlYS5jZWNjYW50aUBjbmFmLmluZm4uaXQw DQYJKoZIhvcNAQEFBQADggEBAJYoclIjMrhfQ6wk9H2TFb0zWBu978BKz+LGZJ75 QOugxLNzwSYYLBiR6wk84fmExN4HTGwX99z2Et6/QzoirUZg4BVP1VaLtmcjihbf g/4vImps6yJN8UDDmWNiGLgSu/DskWu/gbWQg2MQtQGWmGrLaJo7yr2VuwkglMzj l0MAScApO1VZzbHG9PIG8R50sEUUPwI6SW/sVwqH4e/BfAGTKiOEmwh/GAIJuSiG w2JzQvTFWWXO7IGjI3NZKB5UMD04KCnDKtVxP5x1NNdaHiitr2hSvQX5bp+dnuKQ UWNx4XuzDSOu7j2S5w1cPGdGU+knb73LVzfoZCldl7GLYQU= -----END CERTIFICATE----- voms-api-java-3.1.0/src/test/resources/vomsdir/test.vo.1/000077500000000000000000000000001265712655300232055ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/test.vo.1/wilco.cnaf.infn.it.lsc000066400000000000000000000000761265712655300273020ustar00rootroot00000000000000/C=IT/O=IGI/CN=wilco-error.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-3.1.0/src/test/resources/vomsdir/test.vo.2/000077500000000000000000000000001265712655300232065ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/test.vo.2/wilco.cnaf.infn.it.lsc000066400000000000000000000000701265712655300272750ustar00rootroot00000000000000/C=IT/O=IGI/CN=wilco.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-3.1.0/src/test/resources/vomsdir/test.vo/000077500000000000000000000000001265712655300230465ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomsdir/test.vo/test-expired.cnaf.infn.it.lsc000066400000000000000000000000551265712655300304400ustar00rootroot00000000000000/C=IT/O=IGI/CN=expired /C=IT/O=IGI/CN=Test CAvoms-api-java-3.1.0/src/test/resources/vomsdir/test.vo/test-host.cnaf.infn.it.lsc000066400000000000000000000000741265712655300277560ustar00rootroot00000000000000/C=IT/O=IGI/CN=test-host.cnaf.infn.it /C=IT/O=IGI/CN=Test CAvoms-api-java-3.1.0/src/test/resources/vomsdir/test.vo/test-revoked.cnaf.infn.it.lsc000066400000000000000000000000551265712655300304370ustar00rootroot00000000000000/C=IT/O=IGI/CN=revoked /C=IT/O=IGI/CN=Test CAvoms-api-java-3.1.0/src/test/resources/vomses-alias-singlechar/000077500000000000000000000000001265712655300245015ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomses-alias-singlechar/atlas000066400000000000000000000002701265712655300255270ustar00rootroot00000000000000"atlas" "lcg-voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "atlas" "24" "a" "voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "atlas" "24" voms-api-java-3.1.0/src/test/resources/vomses-alias/000077500000000000000000000000001265712655300223645ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomses-alias/atlas000066400000000000000000000007431265712655300234170ustar00rootroot00000000000000"atlas" "lcg-voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "atlas" "24" "atlas" "voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "atlas" "24" "atlas" "vo.racf.bnl.gov" "15003" "/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov" "atlas" "24" "my-atlas" "voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "atlas" "24" "my-atlas" "vo.racf.bnl.gov" "15003" "/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov" "atlas" "24"voms-api-java-3.1.0/src/test/resources/vomses-alias/eumed000066400000000000000000000003031265712655300234020ustar00rootroot00000000000000"eumed" "voms-02.pd.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it" "eumed" "eumed" "voms2.cnaf.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "eumed"voms-api-java-3.1.0/src/test/resources/vomses/000077500000000000000000000000001265712655300212755ustar00rootroot00000000000000voms-api-java-3.1.0/src/test/resources/vomses/atlas000066400000000000000000000004371265712655300223300ustar00rootroot00000000000000"atlas" "lcg-voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "atlas" "24" "atlas" "voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "atlas" "24" "atlas" "vo.racf.bnl.gov" "15003" "/DC=org/DC=doegrids/OU=Services/CN=vo.racf.bnl.gov" "atlas" "24"voms-api-java-3.1.0/src/test/resources/vomses/eumed000066400000000000000000000003031265712655300223130ustar00rootroot00000000000000"eumed" "voms-02.pd.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it" "eumed" "eumed" "voms2.cnaf.infn.it" "15016" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "eumed"