pax_global_header00006660000000000000000000000064147775123410014525gustar00rootroot0000000000000052 comment=e973846a043a8a899289687e038492425a50d5fe voms-clients-3.3.5/000077500000000000000000000000001477751234100141605ustar00rootroot00000000000000voms-clients-3.3.5/.github/000077500000000000000000000000001477751234100155205ustar00rootroot00000000000000voms-clients-3.3.5/.github/workflows/000077500000000000000000000000001477751234100175555ustar00rootroot00000000000000voms-clients-3.3.5/.github/workflows/build-rpm.yaml000066400000000000000000000105221477751234100223340ustar00rootroot00000000000000# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 name: Build RPM on: push jobs: build-rpm: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name strategy: fail-fast: false matrix: os: [almalinux] version: [8, 9] outputs: repo: ${{ steps.info.outputs.repo }} version_pom: ${{ steps.info.outputs.version_pom }} runs-on: ubuntu-latest container: '${{ matrix.os }}:${{ matrix.version }}' steps: - name: Install dependencies run: | dnf upgrade -y dnf module enable -y maven:3.8 dnf install -y git rpmdevtools rpmlint maven-openjdk17 jpackage-utils - name: Setup build tree run: | echo "%_topdir $(pwd)/rpmbuild" >> ~/.rpmmacros rpmdev-setuptree - uses: actions/checkout@v4 with: path: 'rpmbuild/BUILD' fetch-depth: 0 - name: Calculate version and repo id: info run: | cd rpmbuild/BUILD VERSION_POM=$(mvn org.apache.maven.plugins:maven-help-plugin:evaluate -Dexpression=project.version -q -DforceStdout) # Maven uses -SNAPSHOT for pre-releases, change the - to ~ in the RPM VERSION_RPM=$(echo ${VERSION_POM} | sed 's/-/~/') if [[ ${{ github.ref_type }} = 'tag' ]]; then # In case is a tag, check if the tag matches v.. if [[ ${GITHUB_REF_NAME} =~ ^v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then REPO='stable' VERSION="${BASH_REMATCH[1]}" if [[ ${VERSION} != ${VERSION_POM} ]]; then echo "Version mismatch between tag (${VERSION}) and POM file (${VERSION_POM})" exit 1 fi fi elif [[ ${GITHUB_REF_NAME} = ${{ github.event.repository.default_branch }} ]]; then # Check if the version in POM file matches ..-SNAPSHOT if [[ ${VERSION_POM} =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]]; then REPO='nightly' fi fi echo "REPO=${REPO}" >> "${GITHUB_ENV}" echo "repo=${REPO}" >> "${GITHUB_OUTPUT}" echo "VERSION_POM=${VERSION_POM}" >> "${GITHUB_ENV}" echo "version_pom=${VERSION_POM}" >> "${GITHUB_OUTPUT}" echo "VERSION_RPM=${VERSION_RPM}" >> "${GITHUB_ENV}" echo "Version POM: ${VERSION_POM}" echo "Version RPM: ${VERSION_RPM}" echo "Repo: ${REPO:-none}" - name: Build RPM run: | cp rpmbuild/BUILD/voms-clients.spec rpmbuild/SPECS/voms-clients.spec rpmlint rpmbuild/SPECS/voms-clients.spec rpmbuild --define "base_version ${VERSION_RPM}" --define "version_pom ${VERSION_POM}" -ba rpmbuild/SPECS/voms-clients.spec - uses: actions/upload-artifact@v4 with: name: build-rpm-${{ matrix.os }}-${{ matrix.version }} path: | rpmbuild/RPMS/noarch/*.rpm - name: Upload release to repo if: env.REPO != '' run: | for file in rpmbuild/RPMS/noarch/*.rpm; do curl --fail --user "${{ vars.NEXUS_USERNAME }}:${{ secrets.NEXUS_PASSWORD }}" --upload-file "${file}" https://repo.cloud.cnaf.infn.it/repository/voms-rpm-${REPO}/redhat${{ matrix.version }}/ done create-release: needs: build-rpm runs-on: ubuntu-latest env: GH_TOKEN: ${{ github.token }} VERSION_POM: ${{ needs.build-rpm.outputs.version_pom }} if: needs.build-rpm.outputs.repo == 'stable' steps: - name: Check out repository code uses: actions/checkout@v4 - uses: actions/download-artifact@v4 - name: Create release run: | # Get from the changelog file only the part related to the tagged release, in particular: # - Delete lines up to the one beginning with "## .." (inclusive) # - Delete lines from the next one beginning with "## " until the end of the file # - Change all the "### " to "## " to use heading level 2 instead of level 3 sed -e "1,/^## ${VERSION_POM}/d;/^## /,\$d;s/^### /## /g" CHANGELOG.md > RELEASE-CHANGELOG.md gh release create v${VERSION_POM} --title "VOMS Clients Java ${VERSION_POM}" --notes-file RELEASE-CHANGELOG.md build-*/* voms-clients-3.3.5/.github/workflows/maven.yaml000066400000000000000000000037561477751234100215620ustar00rootroot00000000000000# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 name: Maven build on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: 17 server-id: central server-username: MAVEN_CENTRAL_USERNAME server-password: MAVEN_CENTRAL_PASSWORD gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Cache Maven packages uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Build with Maven run: mvn -B clean package - name: Deploy to Maven Central env: MAVEN_CENTRAL_USERNAME: ${{ vars.MAVEN_CENTRAL_USERNAME }} MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} run: | VERSION_POM=$(mvn org.apache.maven.plugins:maven-help-plugin:evaluate -Dexpression=project.version -q -DforceStdout) if [[ ${{ github.ref_type }} = 'tag' ]]; then # In case is a tag, check if the tag matches v.. if [[ ${GITHUB_REF_NAME} =~ ^v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then VERSION="${BASH_REMATCH[1]}" if [[ ${VERSION} != ${VERSION_POM} ]]; then echo "Version mismatch between tag (${VERSION}) and POM file (${VERSION_POM})" exit 1 fi mvn deploy -P central-staging fi elif [[ ${GITHUB_REF_NAME} = ${{ github.event.repository.default_branch }} ]]; then # Check if the version in POM file matches ..-SNAPSHOT if [[ ${VERSION_POM} =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]]; then mvn deploy -P central-staging fi fi voms-clients-3.3.5/.github/workflows/reuse.yaml000066400000000000000000000006531477751234100215700ustar00rootroot00000000000000# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # SPDX-FileCopyrightText: 2020 Free Software Foundation Europe e.V. # # SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: CC0-1.0 name: REUSE Compliance Check on: [push, pull_request] jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: REUSE Compliance Check uses: fsfe/reuse-action@v4 voms-clients-3.3.5/.gitignore000066400000000000000000000002441477751234100161500ustar00rootroot00000000000000# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 /.settings /target /.classpath /.project /.checkstyle voms-clients-3.3.5/CHANGELOG.md000066400000000000000000000010601477751234100157660ustar00rootroot00000000000000 # Changelog ## 3.3.5 (2025-04-11) ### Changed * Bump to Java 17 * Bump to CANL 2.8.3 and Bouncy Castle 1.80, through the latest voms-api-java v3.3.5 * Respect X509_USER_PROXY environment variable inside voms-proxy-destroy ## 3.3.4 (2024-09-12) ### Fixed * Revert modified env variable VOMS_CLIENTS_JAVA_OPTIONS ## 3.3.3 (2024-07-31) ### Changed * Modified env variable VOMS_CLIENTS_JAVA_OPTIONS * Upgraded voms-api-java version to 3.3.3 voms-clients-3.3.5/LICENSE000066400000000000000000000261361477751234100151750ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-clients-3.3.5/LICENSES/000077500000000000000000000000001477751234100153655ustar00rootroot00000000000000voms-clients-3.3.5/LICENSES/Apache-2.0.txt000066400000000000000000000240501477751234100176050ustar00rootroot00000000000000Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-clients-3.3.5/LICENSES/CC0-1.0.txt000066400000000000000000000156101477751234100167720ustar00rootroot00000000000000Creative Commons Legal Code CC0 1.0 Universal CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; ii. moral rights retained by the original author(s) and/or performer(s); iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; v. rights protecting the extraction, dissemination, use and reuse of data in a Work; vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. voms-clients-3.3.5/README.md000066400000000000000000000130331477751234100154370ustar00rootroot00000000000000 # VOMS Clients ![Build Status](https://github.com/italiangrid/voms-clients/actions/workflows/maven.yaml/badge.svg) Command-line clients for Virtual Organization Membership Service (VOMS), i.e.: - *voms-proxy-init*: creates a VOMS proxy containing VOMS attributes - *voms-proxy-info*: shows information about a created VOMS proxy certificate - *voms-proxy-destroy*: destroys a VOMS proxy certificate ## Build instructions Clone this github repo. Build packages with: ```bash mvn package ``` ## Build You will need maven and Java >= 8. To build the clients, type: mvn package ## Install A tarball containing the clients can be found in the `target` directory under the source tree. Untar the tarball to a directory of your choice. You may want to add the bin directory to your path to be able to directly call voms-proxy-* from you shell ```bash export PATH=$PATH:/bin ``` ## Quickstart ### Credentials User credentials typically live in the ```bash $HOME/.globus ``` directory. PKCS12 and PEM X.509 credentials are both supported. For PKCS12 the credential file should be named: ```bash $HOME/.globus/usercred.p12 ``` PEM credential files should be named: ```bash $HOME/.globus/usercert.pem $HOME/.globus/userkey.pem ``` In case both PEM and PKCS12 formats are present, PEM takes precedence. Please setup your user credentials so that the private key is only readable by the user owning the credentials (i.e., unix mode 0400). ### Configuring VOMS servers locations VOMS server contact information is typically maintained in `/etc/vomses` or in `$HOME/.glite/vomses` directory. For more information on the format of these files and what information should be there, consult the `vomses` man page. ### Configuring trust for VOMS servers VOMS server trust information in typically maintained in the `/etc/grid-security/vomsdir` directory, or in the directory pointed by the `X509_VOMS_DIR` environment variable. For more information on the format of this directory and what information should be there, consult the `vomsdir` man page. ### Creating a VOMS proxy certificate `voms-proxy-init` is the command that creates VOMS proxies which can be used for authorization purposes on the Grid. Its basic syntax is: ```bash $ voms-proxy-init --voms ``` where `test` is the name of the VO to which the user belongs. This command will create a proxy containing all the groups to which the user belongs, but none of the roles. The -voms option may be speciļ¬ed multiple times to request multiple attributes or attributes from multiple VOs. VOMS roles are conditional attributes which are included in a VOMS attribute certificate only when explicitly requested. Roles can be requested using a command like the following one: ```bash voms-proxy-init -voms atlas:/atlas/Role=pilot ``` If the `-voms` option is not specified, a proxy without VOMS extension will be created. ### Validity constraints By default, voms-proxy-init will generate a proxy valid for 12 hours including a VOMS extension valid for the same time (if requested). These time periods can be changed using the *-valid* option, which will set the validity of both the proxy and the AC. Note that the validity of the AC can only be "proposed" by voms-proxy-init, as the AC validity is set by the VOMS server and its maximum value is limited by local VOMS server configuration (typically the maximum value is 24 hours). More information can be found in the `voms-proxy-init` man page. ### Displayng information embedded in a VOMS proxy certificate Once a proxy has been created, the `voms-proxy-info` command allows the user to print the information cointained in it. ```bash subject : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti/CN=proxy issuer : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti identity : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti type : proxy strength : 2048 path : /tmp/x509up_u501 timeleft : 11:59:48 key usage : digitalSignature keyEncipherment dataEncipherment ``` Information about VOMS attributes can be printed passing the `-all` option to the command: ```bash $ voms-proxy-info --all subject : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti/CN=proxy issuer : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti identity : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Andrea Ceccanti type : proxy strength : 2048 path : /tmp/x509up_u501 timeleft : 12:04:48 key usage : digitalSignature keyEncipherment dataEncipherment === VO testers.eu-emi.eu extension information === VO : testers.eu-emi.eu subject : CN=Andrea Ceccanti,L=CNAF,OU=Personal Certificate,O=INFN,C=IT issuer : CN=emitestbed07.cnaf.infn.it,L=CNAF,OU=Host,O=INFN,C=IT attribute : /testers.eu-emi.eu/Role=NULL/Capability=NULL attribute : /testers.eu-emi.eu/pseudotest1/Role=NULL/Capability=NULL attribute : /testers.eu-emi.eu/test/Role=NULL/Capability=NULL attribute : /testers.eu-emi.eu/test1/Role=NULL/Capability=NULL attribute : test_ga = val (/testers.eu-emi.eu/test) attribute : default-group = camaghe (testers.eu-emi.eu) timeleft : 11:59:18 uri : emitestbed07.cnaf.infn.it:15002 ``` More information can be found in the `voms-proxy-info` man page. ### Destroying a proxy certificate The `voms-proxy-destroy` command erases an existing proxy from the system. Its basic use is: ```bash $ voms-proxy-destroy ``` More information can be found in the `voms-proxy-destroy` man page. voms-clients-3.3.5/man/000077500000000000000000000000001477751234100147335ustar00rootroot00000000000000voms-clients-3.3.5/man/README.md000066400000000000000000000004501477751234100162110ustar00rootroot00000000000000 The man page source is in [AsciiDoc](https://asciidoctor.org/). Currently these man pages are generated automatically with Maven. To run manually, use: ``` mvn generate-resources ```voms-clients-3.3.5/man/voms-proxy-destroy.1.adoc000066400000000000000000000020531477751234100215540ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 VOMS-PROXY-DESTROY(1) ===================== :doctype: manpage NAME ---- voms-proxy-destroy - destroys a VOMS proxy SYNOPSIS -------- voms-proxy-destroy DESCRIPTION ----------- The voms-proxy-destroy command is intended to be used after a proxy is no longer useful, to destroy it. OPTIONS ------- Options may be specified indifferently with either a "-" or "--" prefix. *-h*, *-help* Displays usage *-v*, *-version* Displays version *-debug* Enables extra debug output *-q*, *--quiet* Quiet mode, minimal output *-f*, *-file* The name of the file containing the proxy, in case it is in a non-standard place. *-dry* Doesn't actually destroy the proxy. *-c*, *-conf* Read options from file. BUGS ---- https://savannah.cern.ch/bugs/?group=jra1mdw AUTHOR ------ Enrico Vianello Francesco Giacomini SEE ALSO -------- voms-proxy-init(1), voms-proxy-info(1) voms-clients-3.3.5/man/voms-proxy-info.1.adoc000066400000000000000000000054111477751234100210170ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 VOMS-PROXY-INFO(1) ================== :doctype: manpage == NAME voms-proxy-info - prints information about a proxy with VOMS extensions == SYNOPSIS *voms-proxy-info* [options] == DESCRIPTION The voms-proxy-info command prints information about a proxy, including information about the VOMS extension. The default location of the proxy is ---- /tmp/x509up_u ---- where user_id is the effective user id of the user running the command. A non-standard location for the proxy can be specified using the *-file* option. == OPTIONS Options may be specified indifferently with either a "-" or "--" prefix. *--acexists * Returns 0 if AC exists corresponding to voname, 1 otherwise *--acissuer* Prints the DN of AC issuer (certificate signer) *--acsubject* Prints the distinguished name (DN) of AC subject *--actimeleft* Prints time (in seconds) until AC expires *--all* All proxy options in a human readable format *-b,--bits * [option to -exists] strength requirement for proxy to be valid *--chain* Prints information about the whole proxy certificate chain (CA excluded) *--conf * Read options from *--debug* Enables extra debug output *-e,--exists* Returns 0 if valid proxy exists, 1 otherwise *--file * Reads information from file *--fqan* Prints VOMS fully qualified attribute names (FQANs) *--help* Displays helps and exits *--hours * [option to -exists] time requirement for proxy to be valid (deprecated, use -valid instead) *--identity* Prints the DN of the identity represented by the proxy *--issuer* Prints the proxy issuer DN *-k,--keyusage* Prints content of the KeyUsage extension *-p,--path* Prints the proxy file pathname *--serial* Prints the AC serial number *--strength* Prints the proxy key size (in bits) *--subject* Prints the proxy subject Distinguished name (DN) *--text* Prints all information regarding the certificate *--timeleft* Prints time (in seconds) until proxy expires *--type* Prints the proxy type (full or limited) *--uri* Prints the URI of the VOMS server that issued the attributes *--usage* Displays helps and exits *--valid * [option to -exists] time requirement for proxy to be valid *--version* Displays version *--vo* Prints the vo name BUGS ---- To report bugs or ask for support, use GGUS: https://ggus.eu/pages/home.php AUTHORS ------ Enrico Vianello Francesco Giacomini SEE ALSO -------- voms-proxy-destroy(1), voms-proxy-info(1), vomses(5), vomsdir(5) voms-clients-3.3.5/man/voms-proxy-init.1.adoc000066400000000000000000000156161477751234100210370ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 VOMS-PROXY-INIT(1) ================== :doctype: manpage == NAME voms-proxy-init - creates a proxy certificate with VOMS extensions == SYNOPSIS *voms-proxy-init* [options] == DESCRIPTION The voms-proxy-init command generates a proxy with the VOMS information included in an X.509 non critical extension. The VOMS attributes are obtained from a known VOMS server. The list of known VOMS servers is configured using a *vomses* configuration file, whose syntax is documented in the *vomses* man page. A custom vomses location can be specified using the *--vomses* option. VOMS attributes are requested only if the *-voms* option is passed on the command line, specifying for which Virtual Organizations (VOs) attributes are requested. VOMS attributes are signed by the VOMS server that issues them. The signature is verified on the client side leveraging local trust information, which is typically maintained in */etc/grid-security/vomsdir*. The vomsdir structure is documented in the *vomsdir* man page. A custom vomsdir can be specified using the *--vomsdir* option. The default location of the proxy generated by voms-proxy-init is ---- /tmp/x509up_u ---- where user_id is the effective user id of the user running the command. A non-standard location for the proxy can be specified using the *-out* option. === Requesting VOMS attributes Attributes can be requested using the *-voms* option. A basic usage is given in the following example: ---- voms-proxy-init -voms ---- where voname is the name of one of the configured VOs. The above command will create a proxy containing a VOMS extension which holds all group attributes beloging to the user. VOMS roles are conditional attributes which are included in a VOMS attribute certificate only when explicitly requested. Roles can be requested using a command like the following one: ---- voms-proxy-init -voms atlas:/atlas/Role=pilot ---- === Ordering requested attributes Typically VOMS attributes are returned in the order on which they are requested on the command line. For instance, the following command: ---- voms-proxy-init -voms infngrid:/infngrid/group1 -voms infngrid:/infngrid/Role=pilot ---- will produce an Attribute Certificate which has as the primary attribute `/infngrid/group1`, followed by `/infngrid/Role=pilot`, and then by the other attributes belonging to the user. The *-order* can also be used to express order requirements. === Setting the validity period of the generated proxy and attribute certificate By default, voms-proxy-init will generate a proxy valid for 12 hours including a VOMS extension valid for the same time (if requested). These time periods can be changed using the *-valid* option, which will set the validity of both the proxy and the AC. Note that the validity of the AC can only be "proposed" by voms-proxy-init, as the AC validity is set by the VOMS server and its maximum value is limited by local VOMS server configuration (typically the maximum value is 24 hours). === Setting the type of proxy generated by voms-proxy-init By default, voms-proxy-init generates a legacy proxy compatible with Globus Toolkit version 2. This behaviour can be changed using the *-rfc* option, which will produce an RFC3820 compliant proxy. In order to generate a Globus Toolkit version 3 proxy, i.e. a draft compliant proxy, use the *-proxyver 3* option. == CONFIGURATION Local configuration for trusted VOs is needed for _voms-proxy-init_ to work properly. See the _vomses(5)_ and _vomsdir(5)_ man pages for more details. == OPTIONS Options may be specified using either a "-" or "--" prefix. *-b,--bits * Number of bits in key {512|1024|2048|4096} *--cert * Nonstandard location of user certificate *--certdir * Nonstandard location of trusted cert dir *--conf * Read options from *--debug* Enables extra debug output *--dont_verify_ac* Skips AC verification *-f,--failonwarn* Treat warnings as errors *--help* Displays helps and exits *--hours * Sets the generated proxy validity to H hours (default:12). Note that this option only sets the lifetime of the generated proxy. Use -valid to set lifetime for both the proxy and the AC. *--ignorewarn* Ignore warnings *-k,--key * Non standard location of user key *--limited* Creates a limited proxy *-n,--noregen* Use an existing proxy certificate to obtain VOMS attributes and to sign the new generated proxy *--old* Creates a legacy, GT2 compliant proxy (synonymous with '-proxyver 2') *--order * The fqan specified with this option is set as the primary FQAN if present in the list of attributes returned by the server. Use this option more than once if you want to set the order for more than one FQAN. *--out * Non standard location of the generated proxy certificate *--path_length * Allow a chain of at most L proxies to be generated and signed from the proxy created by voms-proxy-init. *--proxyver <2|3|4>* Sets the type of proxy generated by VOMS proxy init. 2 stands for legacy proxy,3 for draft proxy, 4 for rfc proxy. Use -old or -rfc instead of this option. *--pwstdin* Reads private key passphrase from standard input. *-q,--quiet* Quiet mode, minimal output *-r,--rfc* Creates an RFC 3820 compliant proxy (synonymous with '-proxyver 4') *--target * Targets the AC against a specific hostname. Multiple targets can be expressed using this option multiple times. *--usage* Displays helps and exits *--valid * Sets generated proxy and AC validity to h hours and m minutes (defaults to 12:00). Note that the VOMS server could shorten the validity of the issued AC depending on the server configuration. *--verify* Verifies the validity of the user certificate. *--version* Displays version *--voms >* Specifies the VO for which the AC is requested. <:fqan> is optional,and is used to ask for specific attributes (e.g: --voms atlas:/atlas/Role=pilot). This option can be used multiple times to request multiple FQANs for different VOs. The order in which the option appears on the command line influence the order of the issued attributes. *--vomsdir * Sets the path where lsc files and other local VOMS trust anchors will be looked for. *--vomses * Specifies the name of a VOMSES file from which VOMS server contact information is parsed. *--vomslife * Sets the validity of the requested VOMS attribute certificate to h hours and m minutes (defaults to the value of the '-valid' option) BUGS ---- To report bugs or ask for support, use GGUS: https://ggus.eu/pages/home.php AUTHORS ------ Enrico Vianello Francesco Giacomini SEE ALSO -------- voms-proxy-destroy(1), voms-proxy-info(1), vomses(5), vomsdir(5) voms-clients-3.3.5/man/vomsdir.5.adoc000066400000000000000000000050531477751234100174140ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 VOMSDIR(5) ========== :doctype: manpage == NAME vomsdir - The structure of the vomsdir VOMS server trust anchor directory == SYNOPSIS */etc/grid-security/vomsdir* == DESCRIPTION This manual page describes the structure of the _vomsdir_ VOMS server trust anchor directory. The function of this directory is to keep local information about trusted VOMS servers which is used to verify the signatures on the attributes issued by VOMS servers. The _vomsdir_ directory is structured as follows: ---- | |--vo1 | |--vo2 | |--vo3 | ---- A subdirectory is created for each of the trusted VOs. Inside each VO directory two types of files can be found: * *LSC files* An LSC file contains a description of the certificate chain of the certificate used by a VOMS server to sign VOMS attributes. * *X509 certificates* The certificate used by a VOMS server to sign attributes. These files are commonly named using the following pattern: ---- .lsc .pem ---- Where hostname is the host where the VOMS server is running. When both lsc and pem files are present for a given VO and hostname, the lsc file takes precedence. === LSC file syntax The LSC file contains a list of X.509 subject strings, one on each line, encoded in OpenSSL slash-separated syntax, describing the certificate chain (up and including the CA that issued the certificate). For instance, the voms.cnaf.infn.it VOMS server has the following LSC file: ---- /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms.cnaf.infn.it /C=IT/O=INFN/CN=INFN CA ---- == EXAMPLES Assuming locally two VOs are trusted, the *cms* VO and the *cdf* VO, the */etc/grid-security/vomsdir* directory will be structured as follows: ---- /etc/grid-security/vomsdir /etc/grid-security/vomsdir/cms /etc/grid-security/vomsdir/cdf ---- The */etc/grid-security/vomsdir/cms* directory will contain the following files: ---- lcg-voms.cern.ch.lsc voms.cern.ch.lsc ---- The */etc/grid-security/vomsdir/cdf* directory will contain the following files: ---- voms-01.pd.infn.it.lsc voms.cnaf.infn.it.lsc voms.fnal.gov.lsc ---- The LSC files will contain descriptions of the certificate chains used by VOMS servers to sign attribute certificates. == BUGS To report bugs or ask for support, use GGUS: https://ggus.eu/pages/home.php == AUTHORS Enrico Vianello Francesco Giacomini == SEE ALSO voms-proxy-destroy(1), voms-proxy-info(1), voms-lsc(5)voms-clients-3.3.5/man/vomses.5.adoc000066400000000000000000000034571477751234100172530ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 VOMSES(5) ========= :doctype: manpage == NAME vomses - The VOMS server contact table == SYNOPSIS */etc/vomses* *~/.glite/vomses* == DESCRIPTION This manual page describes the format of _vomses_ files. _vomses_ files contain contact information for VOMS servers and are typically organized in the */etc/vomses* directory. A _vomses_ file is a simple text file which contains one or more lines formatted as follows: "alias" "hostname" "port" "server DN" "vo_name" Where: *alias*: an alias that can be used for this VOMS server (this is typically identical to the vo_name) *hostname*: the hostname where the VOMS server is running *vo_name*: the name of the VO served by the VOMS server *port*: the port where the VOMS server is listening for incoming requests *server DN*: the certificate subject of the VOMS server System wide VOMSES configuration is maintained in the */etc/vomses* file or directory. If */etc/vomses* is a directory, all the files contained in such directory are parsed looking for VOMS contact information. A user can define its custom *vomses* configuration in the *~/.glite/vomses* file or directory, which will be parsed in the same way as just described. == EXAMPLES The following is an example of valid vomes file for the *cms* VO: ---- "cms" "lcg-voms.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "cms" "cms" "voms.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "cms" ---- == BUGS To report bugs or ask for support, use GGUS: https://ggus.eu/pages/home.php == AUTHORS Enrico Vianello Francesco Giacomini == SEE ALSO voms-proxy-destroy(1), voms-proxy-info(1), vomsdir(5) voms-clients-3.3.5/pom.xml000066400000000000000000000235451477751234100155060ustar00rootroot00000000000000 4.0.0 org.italiangrid voms-clients 3.3.5 voms-clients VOMS service command-line clients https://github.com/italiangrid/voms-clients The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo https://github.com/italiangrid/voms-clients scm:git:git://github.com/italiangrid/voms-clients.git scm:git:ssh://git@github.com:italiangrid/voms-clients.git UTF-8 UTF-8 3.1 2.2.2 2.2.1 2.4.1 2.8.2 2.5 2.9.1 3.2.7 0.7.0 3.1.1 4.13.2 2.18.0 1.9.0 3.3.5 vianello Enrico Vianello enrico.vianello@cnaf.infn.it Istituto Nazionale di Fisica Nucleare Developer giaco Francesco Giacomini francesco.giacomini@cnaf.infn.it Istituto Nazionale di Fisica Nucleare Developer Central Portal Snapshots central-portal-snapshots https://central.sonatype.com/repository/maven-snapshots/ false true org.apache.maven.plugins maven-jar-plugin ${plugin.jar.version} true org.apache.maven.plugins maven-compiler-plugin ${plugin.compiler.version} 17 17 maven-assembly-plugin ${plugin.assembly.version} ${project.name} false ${project.build.directory} ${basedir}/src/main/assemblies/assembly.xml package single org.apache.maven.plugins maven-javadoc-plugin ${plugin.javadoc.version} 17 ${project.build.directory}/javadoc attach-javadocs jar org.apache.maven.plugins maven-source-plugin ${plugin.source.version} attach-sources jar-no-fork org.apache.maven.plugins maven-release-plugin ${plugin.release.version} forked-path org.apache.maven.plugins maven-deploy-plugin ${plugin.deploy.version} org.asciidoctor asciidoctor-maven-plugin ${plugin.asciidoctor.version} manpage man asciidoc-to-html generate-resources process-asciidoc junit junit ${junit.version} test commons-cli commons-cli ${commons-cli.version} commons-io commons-io ${commons-io.version} org.italiangrid voms-api-java ${voms-api-java.version} release-sign-artifacts performRelease true org.apache.maven.plugins maven-gpg-plugin ${plugin.maven-gpg.version} ${env.GPG_PASSPHRASE} sign-artifacts verify sign local-staging true cnaf-releases CNAF releases https://repo.cloud.cnaf.infn.it/repository/cnaf-releases/ cnaf-snapshots CNAF snapshots https://repo.cloud.cnaf.infn.it/repository/cnaf-snapshots/ central-staging org.sonatype.central central-publishing-maven-plugin ${plugin.central-publishing.version} true central org.apache.maven.plugins maven-gpg-plugin ${plugin.maven-gpg.version} sign-artifacts verify sign --pinentry-mode loopback voms-clients-3.3.5/src/000077500000000000000000000000001477751234100147475ustar00rootroot00000000000000voms-clients-3.3.5/src/main/000077500000000000000000000000001477751234100156735ustar00rootroot00000000000000voms-clients-3.3.5/src/main/assemblies/000077500000000000000000000000001477751234100200225ustar00rootroot00000000000000voms-clients-3.3.5/src/main/assemblies/assembly.xml000066400000000000000000000042511477751234100223650ustar00rootroot00000000000000 voms-clients tar.gz /share/java/voms-clients ${project.build.directory} /share/java/voms-clients *.jar target/generated-docs /share/man/man1 voms-proxy-init.1 voms-proxy-info.1 voms-proxy-destroy.1 target/generated-docs /share/man/man5 vomses.5 vomsdir.5 ${basedir}/src/main/bash/voms-proxy-init.sh true voms-proxy-init bin 0755 ${basedir}/src/main/bash/voms-proxy-info.sh true voms-proxy-info bin 0755 ${basedir}/src/main/bash/voms-proxy-destroy.sh true voms-proxy-destroy bin 0755 voms-clients-3.3.5/src/main/bash/000077500000000000000000000000001477751234100166105ustar00rootroot00000000000000voms-clients-3.3.5/src/main/bash/voms-proxy-destroy.sh000077500000000000000000000017211477751234100230020ustar00rootroot00000000000000#!/bin/bash # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 #set -x VOMSCLIENTS_LIBS=${voms-clients.libs} if [ "x$VOMSCLIENTS_LIBS" == "x" ]; then PRG="$0" while [ -h "$PRG" ]; do ls=`ls -ld "$PRG"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then PRG="$link" else PRG=`dirname "$PRG"`/"$link" fi done PRGDIR=`dirname "$PRG"` VOMSCLIENTS_HOME=`cd "$PRGDIR/.." ; pwd` VOMSCLIENTS_LIBS=$VOMSCLIENTS_HOME/share/java/voms-clients fi # ':' separated list of jars, for the classpath VOMSCLIENTS_CP=`ls -1 $VOMSCLIENTS_LIBS/*.jar | tr '\n' ':'` # the class implementing voms-proxy-destroy VOMSPROXYDESTROY_CLASS="org.italiangrid.voms.clients.VomsProxyDestroy" # JVM options VOMS_CLIENTS_JAVA_OPTIONS=${VOMS_CLIENTS_JAVA_OPTIONS:-"-XX:+UseSerialGC -Xmx16m"} java $VOMS_CLIENTS_JAVA_OPTIONS -cp $VOMSCLIENTS_CP $VOMSPROXYDESTROY_CLASS "$@" voms-clients-3.3.5/src/main/bash/voms-proxy-info.sh000077500000000000000000000017041477751234100222450ustar00rootroot00000000000000#!/bin/bash # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 #set -x VOMSCLIENTS_LIBS=${voms-clients.libs} if [ "x$VOMSCLIENTS_LIBS" == "x" ]; then PRG="$0" while [ -h "$PRG" ]; do ls=`ls -ld "$PRG"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then PRG="$link" else PRG=`dirname "$PRG"`/"$link" fi done PRGDIR=`dirname "$PRG"` VOMSCLIENTS_HOME=`cd "$PRGDIR/.." ; pwd` VOMSCLIENTS_LIBS=$VOMSCLIENTS_HOME/share/java/voms-clients fi # ':' separated list of jars, for the classpath VOMSCLIENTS_CP=`ls -1 $VOMSCLIENTS_LIBS/*.jar | tr '\n' ':'` # the class implementing voms-proxy-info VOMSPROXYINFO_CLASS="org.italiangrid.voms.clients.VomsProxyInfo" # JVM options VOMS_CLIENTS_JAVA_OPTIONS=${VOMS_CLIENTS_JAVA_OPTIONS:-"-XX:+UseSerialGC -Xmx16m"} java $VOMS_CLIENTS_JAVA_OPTIONS -cp $VOMSCLIENTS_CP $VOMSPROXYINFO_CLASS "$@" voms-clients-3.3.5/src/main/bash/voms-proxy-init.sh000077500000000000000000000017041477751234100222550ustar00rootroot00000000000000#!/bin/bash # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 #set -x VOMSCLIENTS_LIBS=${voms-clients.libs} if [ "x$VOMSCLIENTS_LIBS" == "x" ]; then PRG="$0" while [ -h "$PRG" ]; do ls=`ls -ld "$PRG"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then PRG="$link" else PRG=`dirname "$PRG"`/"$link" fi done PRGDIR=`dirname "$PRG"` VOMSCLIENTS_HOME=`cd "$PRGDIR/.." ; pwd` VOMSCLIENTS_LIBS=$VOMSCLIENTS_HOME/share/java/voms-clients fi # ':' separated list of jars, for the classpath VOMSCLIENTS_CP=`ls -1 $VOMSCLIENTS_LIBS/*.jar | tr '\n' ':'` # the class implementing voms-proxy-init VOMSPROXYINIT_CLASS="org.italiangrid.voms.clients.VomsProxyInit" # JVM options VOMS_CLIENTS_JAVA_OPTIONS=${VOMS_CLIENTS_JAVA_OPTIONS:-"-XX:+UseSerialGC -Xmx16m"} java $VOMS_CLIENTS_JAVA_OPTIONS -cp $VOMSCLIENTS_CP $VOMSPROXYINIT_CLASS "$@" voms-clients-3.3.5/src/main/java/000077500000000000000000000000001477751234100166145ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/000077500000000000000000000000001477751234100174035ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/000077500000000000000000000000001477751234100216725ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/000077500000000000000000000000001477751234100226565ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/000077500000000000000000000000001477751234100243175ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/AbstractCLI.java000066400000000000000000000147731477751234100272710ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.Arrays; import java.util.List; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.clients.options.CLIOption; import org.italiangrid.voms.clients.options.CommonOptions; import org.italiangrid.voms.clients.options.ProxyInitOptions; import org.italiangrid.voms.clients.util.MessageLogger; import org.italiangrid.voms.clients.util.OptionsFileLoader; import org.italiangrid.voms.clients.util.VersionProvider; import eu.emi.security.authn.x509.impl.CertificateUtils; /** * AbstractCLI provides a base class for command-line interface (CLI) tools. * It handles command-line parsing, option initialization, and logging. * *

This class provides functionality such as:

*
    *
  • Parsing command-line arguments and configuration files
    • *
  • Handling verbosity levels
    • *
  • Displaying help and version information
    • *
* * @author Istituto Nazionale di Fisica Nucleare * @since 2006 */ public abstract class AbstractCLI { static { // Configure the security provider for certificate handling CertificateUtils.configureSecProvider(); } /** Default temporary file path **/ public static final String DEFAULT_TMP_PATH = "/tmp"; /** CLI options container **/ protected Options cliOptions; /** Parser for command-line options **/ protected CommandLineParser cliParser = new DefaultParser(); /** Parsed command-line arguments **/ protected CommandLine commandLine = null; /** Name of the command **/ protected String commandName; /** Logger for displaying messages **/ protected MessageLogger logger; /** Flag indicating quiet mode **/ boolean isQuiet = false; /** Flag indicating verbose mode **/ boolean isVerbose = false; /** * Constructs an AbstractCLI instance with the specified command name. * * @param commandName the name of the command */ protected AbstractCLI(String commandName) { this.commandName = commandName; } /** * Displays the usage information for the command. */ protected final void displayUsage() { int lineWidth = 120; String header = "options:"; String footer = ""; HelpFormatter helpFormatter = new HelpFormatter(); helpFormatter.printHelp(lineWidth, commandName + " [options]", header, cliOptions, footer); } /** * Parses options from the command-line arguments. * * @param args the command-line arguments */ protected final void parseOptionsFromCommandLine(String[] args) { try { commandLine = cliParser.parse(cliOptions, args); if (commandLineHasOption(CommonOptions.CONF)) { parseOptionsFromFile(getOptionValue(CommonOptions.CONF)); } setVerbosityFromCommandLine(); displayVersionIfRequested(); displayHelpIfRequested(); } catch (ParseException e) { System.err.println("Error parsing command line arguments: " + e.getMessage()); displayUsage(); System.exit(1); } } /** * Parses options from a file and merges them with command-line arguments. * * @param optionFileName the options file * @throws ParseException if an error occurs while parsing options */ private void parseOptionsFromFile(String optionFileName) throws ParseException { List options = OptionsFileLoader.loadOptions(optionFileName); options.addAll(commandLine.getArgList()); commandLine = cliParser.parse(cliOptions, options.toArray(new String[0])); } /** * Displays version information. */ protected final void displayVersion() { VersionProvider.displayVersionInfo(commandName); } /** * Initializes the available CLI options. * * @param options a list of CLI options */ protected final void initOptions(List options) { cliOptions = new Options(); for (CLIOption o : options) { cliOptions.addOption(o.getOption()); } } /** * Checks if a command-line option is present. * * @param option the CLI option * @return true if the option is present, false otherwise */ protected final boolean commandLineHasOption(CLIOption option) { return commandLine.hasOption(option.getLongOptionName()); } /** * Displays help information if requested. */ protected final void displayHelpIfRequested() { if (commandLineHasOption(CommonOptions.HELP) || commandLineHasOption(CommonOptions.USAGE)) { displayUsage(); System.exit(0); } } /** * Displays version information if requested. */ protected final void displayVersionIfRequested() { if (commandLineHasOption(CommonOptions.VERSION)) { displayVersion(); System.exit(0); } } /** * Retrieves the value of a given command-line option. * * @param option the CLI option * @return the option value, or null if not present */ protected final String getOptionValue(CLIOption option) { if (commandLineHasOption(option)) { return commandLine.getOptionValue(option.getLongOptionName()); } return null; } /** * Retrieves a list of values for a given command-line option. * * @param option the CLI option * @return a list of option values, or null if not present */ protected final List getOptionValues(CLIOption option) { if (commandLineHasOption(option)) { String[] values = commandLine.getOptionValues(option.getLongOptionName()); return Arrays.asList(values); } return null; } /** * Sets verbosity levels based on command-line options. */ protected final void setVerbosityFromCommandLine() { if (commandLineHasOption(CommonOptions.DEBUG)) { isVerbose = true; } if (commandLineHasOption(ProxyInitOptions.QUIET_MODE)) { isQuiet = true; } if (isVerbose && isQuiet) { throw new VOMSError("Command cannot be both verbose and quiet at the same time!"); } if (isVerbose) { logger = new MessageLogger(MessageLogger.VERBOSE); } else if (isQuiet) { logger = new MessageLogger(MessageLogger.QUIET); } else { logger = new MessageLogger(); } } /** * Executes the CLI command. This method must be implemented by subclasses. */ protected abstract void execute(); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/ProxyDestroyBehaviour.java000066400000000000000000000007211477751234100315220ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; /** * * * @author valerioventuri * */ public interface ProxyDestroyBehaviour { /** * * The method implementing the voms-proxy-destroy behaviour * * @param params * the params describing this voms-proxy-destroy invocation */ void destroyProxy(ProxyDestroyParams params); }voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/ProxyDestroyParams.java000066400000000000000000000017011477751234100310200ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; /** * * Holder for parameters used by the {@link VomsProxyDestroy} class. * * @author valerioventuri * */ public class ProxyDestroyParams { /** * Whether the command should run in dry mode. * */ private boolean dryRun; /** * Name of the proxy certificate file. */ private String proxyFile; /** * @return the dryRun */ public boolean isDryRun() { return dryRun; } /** * @param dryRun * the dryRun to set */ public void setDryRun(boolean dryRun) { this.dryRun = dryRun; } /** * @return the proxyFile */ public String getProxyFile() { return proxyFile; } /** * @param proxyFile * the proxyFile to set */ public void setProxyFile(String proxyFile) { this.proxyFile = proxyFile; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/ProxyInfoParams.java000066400000000000000000000052231477751234100302650ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.EnumSet; /** * This class represents the parameters that drive the {@link VomsProxyInfo} * command when inspecting a VOMS proxy. * * @author Daniele Andreotti * */ public class ProxyInfoParams { public enum PrintOption { SUBJECT, ISSUER, PROXY_EXISTS, AC_EXISTS, CHAIN, IDENTITY, TYPE, TIMELEFT, KEYSIZE, ALL_OPTIONS, TEXT, PROXY_PATH, VONAME, FQAN, ACSUBJECT, ACISSUER, ACTIMELEFT, ACSERIAL, SERVER_URI, KEYUSAGE, PROXY_TIME_VALIDITY, PROXY_HOURS_VALIDITY, PROXY_STRENGTH_VALIDITY; } private final EnumSet setOfPrintOptions = EnumSet .noneOf(PrintOption.class); public final EnumSet acOptions = EnumSet.of( PrintOption.AC_EXISTS, PrintOption.ACISSUER, PrintOption.ACSERIAL, PrintOption.ACSUBJECT, PrintOption.ACTIMELEFT, PrintOption.SERVER_URI, PrintOption.VONAME, PrintOption.FQAN); /** * Name of the proxy certificate file. */ private String proxyFile; private boolean verifyAC = true; private String ACVO; private String keyLength; private String validTime; private String validHours; public String getProxyFile() { return proxyFile; } public void setProxyFile(String proxyFile) { this.proxyFile = proxyFile; } public boolean isVerifyAC() { return verifyAC; } public void setVerifyAC(boolean verifyAC) { this.verifyAC = verifyAC; } public void addPrintOption(PrintOption opt) { setOfPrintOptions.add(opt); } public boolean containsOption(PrintOption opt) { return setOfPrintOptions.contains(opt); } public boolean hasACOptions() { for (PrintOption p : acOptions) if (setOfPrintOptions.contains(p)) return true; return false; } public String getACVO() { return ACVO; } public void setACVO(String aCVO) { ACVO = aCVO; } public String getKeyLength() { return keyLength; } public void setKeyLength(String keyLength) { this.keyLength = keyLength; } public String getValidTime() { return validTime; } public void setValidTime(String validTime) { this.validTime = validTime; } public String getValidHours() { return validHours; } public void setValidHours(String validHours) { this.validHours = validHours; } public boolean isEmpty() { return setOfPrintOptions.isEmpty(); } public int getNumberOfOptions() { return setOfPrintOptions.size(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/ProxyInitParams.java000066400000000000000000000175761477751234100303130ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.List; import java.util.concurrent.TimeUnit; import eu.emi.security.authn.x509.proxy.ProxyType; /** * This class represents the parameters that drive the * {@link org.italiangrid.voms.clients.strategies.ProxyInitStrategy} when creating a VOMS proxy. * * @author Andrea Ceccanti * */ public class ProxyInitParams { public static final int DEFAULT_PROXY_LIFETIME = (int) TimeUnit.HOURS.toSeconds(12); public static final int DEFAULT_AC_LIFETIME = (int) TimeUnit.HOURS.toSeconds(12); public static final int DEFAULT_KEY_SIZE = 2048; public static final int DEFAULT_CONNECT_TIMEOUT_IN_SECONDS = 10; private String certFile; private String keyFile; private int keySize = DEFAULT_KEY_SIZE; private String trustAnchorsDir; private String generatedProxyFile; private String policyFile; private String policyLanguage; private int pathLenConstraint = Integer.MAX_VALUE; private ProxyType proxyType = ProxyType.RFC3820; private int timeoutInSeconds = DEFAULT_CONNECT_TIMEOUT_IN_SECONDS; private boolean verifyAC = true; private boolean readPasswordFromStdin = false; private boolean limited = false; private List vomsCommands; private List targets; private List fqanOrder; private int proxyLifetimeInSeconds = DEFAULT_PROXY_LIFETIME; private int acLifetimeInSeconds = DEFAULT_AC_LIFETIME; private boolean validateUserCredential = false; private boolean noRegen = false; private List vomsesLocations; private boolean enforcingChainIntegrity = true; private String vomsdir; private boolean skipHostnameChecks = false; private boolean enableLegacyProtocol = false; /** * @return the certFile */ public String getCertFile() { return certFile; } /** * @param certFile the certFile to set */ public void setCertFile(String certFile) { this.certFile = certFile; } /** * @return the keyFile */ public String getKeyFile() { return keyFile; } /** * @param keyFile the keyFile to set */ public void setKeyFile(String keyFile) { this.keyFile = keyFile; } /** * @return the generatedProxyFile */ public String getGeneratedProxyFile() { return generatedProxyFile; } /** * @param generatedProxyFile the generatedProxyFile to set */ public void setGeneratedProxyFile(String generatedProxyFile) { this.generatedProxyFile = generatedProxyFile; } /** * @return the policyFile */ public String getPolicyFile() { return policyFile; } /** * @param policyFile the policyFile to set */ public void setPolicyFile(String policyFile) { this.policyFile = policyFile; } /** * @return the policyLanguage */ public String getPolicyLanguage() { return policyLanguage; } /** * @param policyLanguage the policyLanguage to set */ public void setPolicyLanguage(String policyLanguage) { this.policyLanguage = policyLanguage; } /** * @return the pathLenConstraint */ public int getPathLenConstraint() { return pathLenConstraint; } /** * @param pathLenConstraint the pathLenConstraint to set */ public void setPathLenConstraint(int pathLenConstraint) { this.pathLenConstraint = pathLenConstraint; } /** * @return the proxyType */ public ProxyType getProxyType() { return proxyType; } /** * @param proxyType the proxyType to set */ public void setProxyType(ProxyType proxyType) { this.proxyType = proxyType; } /** * @return the timeoutInSeconds */ public int getTimeoutInSeconds() { return timeoutInSeconds; } /** * @param timeoutInSeconds the timeoutInSeconds to set */ public void setTimeoutInSeconds(int timeoutInSeconds) { this.timeoutInSeconds = timeoutInSeconds; } /** * @return the verifyAC */ public boolean verifyAC() { return verifyAC; } /** * @param verifyAC the verifyAC to set */ public void setVerifyAC(boolean verifyAC) { this.verifyAC = verifyAC; } /** * @return the vomsCommands */ public List getVomsCommands() { return vomsCommands; } /** * @param vomsCommands the vomsCommands to set */ public void setVomsCommands(List vomsCommands) { this.vomsCommands = vomsCommands; } /** * @return the readPasswordFromStdin */ public boolean isReadPasswordFromStdin() { return readPasswordFromStdin; } /** * @param readPasswordFromStdin the readPasswordFromStdin to set */ public void setReadPasswordFromStdin(boolean readPasswordFromStdin) { this.readPasswordFromStdin = readPasswordFromStdin; } /** * @return the targets */ public List getTargets() { return targets; } /** * @param targets the targets to set */ public void setTargets(List targets) { this.targets = targets; } /** * @return the limited */ public boolean isLimited() { return limited; } /** * @param limited the limited to set */ public void setLimited(boolean limited) { this.limited = limited; } /** * @return the proxyLifetimeInSeconds */ public int getProxyLifetimeInSeconds() { return proxyLifetimeInSeconds; } /** * @param proxyLifetimeInSeconds the proxyLifetimeInSeconds to set */ public void setProxyLifetimeInSeconds(int proxyLifetimeInSeconds) { this.proxyLifetimeInSeconds = proxyLifetimeInSeconds; } /** * @return the acLifetimeInSeconds */ public int getAcLifetimeInSeconds() { return acLifetimeInSeconds; } /** * @param acLifetimeInSeconds the acLifetimeInSeconds to set */ public void setAcLifetimeInSeconds(int acLifetimeInSeconds) { this.acLifetimeInSeconds = acLifetimeInSeconds; } /** * @return the noRegen */ public boolean isNoRegen() { return noRegen; } /** * @param noRegen the noRegen to set */ public void setNoRegen(boolean noRegen) { this.noRegen = noRegen; } public String getTrustAnchorsDir() { return trustAnchorsDir; } public void setTrustAnchorsDir(String trustAnchorsDir) { this.trustAnchorsDir = trustAnchorsDir; } public boolean validateUserCredential() { return validateUserCredential; } public void setValidateUserCredential(boolean validateUserCredential) { this.validateUserCredential = validateUserCredential; } /** * @return the keySize */ public int getKeySize() { return keySize; } /** * @param keySize the keySize to set */ public void setKeySize(int keySize) { this.keySize = keySize; } /** * @return the fqanOrder */ public List getFqanOrder() { return fqanOrder; } /** * @param fqanOrder the fqanOrder to set */ public void setFqanOrder(List fqanOrder) { this.fqanOrder = fqanOrder; } public List getVomsesLocations() { return vomsesLocations; } public void setVomsesLocations(List vomsesLocations) { this.vomsesLocations = vomsesLocations; } public boolean isEnforcingChainIntegrity() { return enforcingChainIntegrity; } public void setEnforcingChainIntegrity(boolean enforcingChainIntegrity) { this.enforcingChainIntegrity = enforcingChainIntegrity; } public String getVomsdir() { return vomsdir; } public void setVomsdir(String vomsdir) { this.vomsdir = vomsdir; } public boolean isSkipHostnameChecks() { return skipHostnameChecks; } public void setSkipHostnameChecks(boolean skipHostnameChecks) { this.skipHostnameChecks = skipHostnameChecks; } public boolean isEnableLegacyProtocol() { return enableLegacyProtocol; } public void setEnableLegacyProtocol(boolean enableLegacyProtocol) { this.enableLegacyProtocol = enableLegacyProtocol; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/VomsProxyDestroy.java000066400000000000000000000047721477751234100305340ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import org.apache.commons.cli.CommandLine; import org.italiangrid.voms.clients.impl.DefaultProxyDestroyBehaviour; import org.italiangrid.voms.clients.impl.ProxyDestroyListenerHelper; import org.italiangrid.voms.clients.options.CLIOption; import org.italiangrid.voms.clients.options.ProxyDestroyOptions; /** * This class implements the voms-proxy-destroy command-line client. * * @author valerioventuri * */ public class VomsProxyDestroy extends AbstractCLI { /** * The command name. */ private static final String COMMAND_NAME = "voms-proxy-destroy"; /** * The listener. * */ private ProxyDestroyListenerHelper listenerHelper; /** * The main. * * @param args * an array of {@link String} containing commman line options. */ public static void main(String[] args) { new VomsProxyDestroy(args); } /** * Constructor. * * @param args * an array of {@link String} containing command line options. */ public VomsProxyDestroy(String[] args) { super(COMMAND_NAME); initOptions(); parseOptionsFromCommandLine(args); listenerHelper = new ProxyDestroyListenerHelper(logger); execute(); } /** * Initialize options. * */ private void initOptions() { List options = new ArrayList(); options.addAll(Arrays.asList(ProxyDestroyOptions.values())); initOptions(options); } @Override protected void execute() { ProxyDestroyParams params = getProxyDestroyParamsFromCommandLine(commandLine); new DefaultProxyDestroyBehaviour(listenerHelper).destroyProxy(params); } /** * Get option values from a {@link CommandLine} object to build a * {@link ProxyDestroyParams} object containing the parameters for * voms-proxy-destroy. * * @param commandLine * @return the parameters for the {@link VomsProxyDestroy} command */ private ProxyDestroyParams getProxyDestroyParamsFromCommandLine( CommandLine commandLine) { ProxyDestroyParams params = new ProxyDestroyParams(); if (commandLineHasOption(ProxyDestroyOptions.DRY)) { params.setDryRun(true); } if (commandLineHasOption(ProxyDestroyOptions.FILE)) { params.setProxyFile(getOptionValue(ProxyDestroyOptions.FILE)); } return params; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/VomsProxyInfo.java000066400000000000000000000125711477751234100277720ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import org.apache.commons.cli.CommandLine; import org.italiangrid.voms.clients.ProxyInfoParams.PrintOption; import org.italiangrid.voms.clients.impl.DefaultVOMSProxyInfoBehaviour; import org.italiangrid.voms.clients.impl.ProxyInfoListenerHelper; import org.italiangrid.voms.clients.options.CLIOption; import org.italiangrid.voms.clients.options.CommonOptions; import org.italiangrid.voms.clients.options.ProxyInfoOptions; import org.italiangrid.voms.clients.strategies.ProxyInfoStrategy; /** * * This class implements a command-line voms-proxy-info client. * * @author Daniele Andreotti * */ public class VomsProxyInfo extends AbstractCLI { private static final String COMMAND_NAME = "voms-proxy-info"; private static final int EXIT_ERROR_CODE = 1; /** The implementation of the VOMS proxy info behaviour **/ private ProxyInfoStrategy proxyInfoBehaviour; private final ProxyInfoListenerHelper listenerHelper; protected VomsProxyInfo(String[] args) { super(COMMAND_NAME); initOptions(); parseOptionsFromCommandLine(args); listenerHelper = new ProxyInfoListenerHelper(logger); execute(); } /** * Initializes command-line options */ private void initOptions() { List options = new ArrayList(); options.addAll(Arrays.asList(CommonOptions.values())); options.addAll(Arrays.asList(ProxyInfoOptions.values())); initOptions(options); } private ProxyInfoParams getProxyInfoParamsFromCommandLine( CommandLine commandLine) { ProxyInfoParams params = new ProxyInfoParams(); if (commandLineHasOption(ProxyInfoOptions.PROXY_FILENAME)) params.setProxyFile(getOptionValue(ProxyInfoOptions.PROXY_FILENAME)); if (commandLineHasOption(ProxyInfoOptions.PRINT_TEXT)) params.addPrintOption(PrintOption.TEXT); if (commandLineHasOption(ProxyInfoOptions.PRINT_CHAIN)) params.addPrintOption(PrintOption.CHAIN); if (commandLineHasOption(ProxyInfoOptions.PRINT_ALL_OPTIONS)) params.addPrintOption(PrintOption.ALL_OPTIONS); if (commandLineHasOption(ProxyInfoOptions.PRINT_TYPE)) params.addPrintOption(PrintOption.TYPE); if (commandLineHasOption(ProxyInfoOptions.PRINT_SUBJECT)) params.addPrintOption(PrintOption.SUBJECT); if (commandLineHasOption(ProxyInfoOptions.PRINT_ISSUER)) params.addPrintOption(PrintOption.ISSUER); if (commandLineHasOption(ProxyInfoOptions.PRINT_IDENTITY)) params.addPrintOption(PrintOption.IDENTITY); if (commandLineHasOption(ProxyInfoOptions.PRINT_PROXY_PATH)) params.addPrintOption(PrintOption.PROXY_PATH); if (commandLineHasOption(ProxyInfoOptions.PRINT_KEYSIZE)) params.addPrintOption(PrintOption.KEYSIZE); if (commandLineHasOption(ProxyInfoOptions.PRINT_TIMELEFT)) params.addPrintOption(PrintOption.TIMELEFT); if (commandLineHasOption(ProxyInfoOptions.PRINT_VONAME)) params.addPrintOption(PrintOption.VONAME); if (commandLineHasOption(ProxyInfoOptions.PRINT_ACISSUER)) params.addPrintOption(PrintOption.ACISSUER); if (commandLineHasOption(ProxyInfoOptions.PRINT_ACSUBJECT)) params.addPrintOption(PrintOption.ACSUBJECT); if (commandLineHasOption(ProxyInfoOptions.PRINT_ACSERIAL)) params.addPrintOption(PrintOption.ACSERIAL); if (commandLineHasOption(ProxyInfoOptions.PRINT_ACTIMELEFT)) params.addPrintOption(PrintOption.ACTIMELEFT); if (commandLineHasOption(ProxyInfoOptions.PRINT_FQAN)) params.addPrintOption(PrintOption.FQAN); if (commandLineHasOption(ProxyInfoOptions.PRINT_KEYUSAGE)) params.addPrintOption(PrintOption.KEYUSAGE); if (commandLineHasOption(ProxyInfoOptions.PRINT_SERVER_URI)) params.addPrintOption(PrintOption.SERVER_URI); if (commandLineHasOption(ProxyInfoOptions.PROXY_TIME_VALIDITY)) { params.setValidTime(getOptionValue(ProxyInfoOptions.PROXY_TIME_VALIDITY)); params.addPrintOption(PrintOption.PROXY_TIME_VALIDITY); } if (commandLineHasOption(ProxyInfoOptions.PROXY_HOURS_VALIDITY)) { params .setValidHours(getOptionValue(ProxyInfoOptions.PROXY_HOURS_VALIDITY)); params.addPrintOption(PrintOption.PROXY_HOURS_VALIDITY); } if (commandLineHasOption(ProxyInfoOptions.PROXY_STRENGTH_VALIDITY)) { params .setKeyLength(getOptionValue(ProxyInfoOptions.PROXY_STRENGTH_VALIDITY)); params.addPrintOption(PrintOption.PROXY_STRENGTH_VALIDITY); } if (commandLineHasOption(ProxyInfoOptions.PROXY_EXISTS)) params.addPrintOption(PrintOption.PROXY_EXISTS); if (commandLineHasOption(ProxyInfoOptions.AC_EXISTS)) { params.setACVO(getOptionValue(ProxyInfoOptions.AC_EXISTS)); params.addPrintOption(PrintOption.AC_EXISTS); } return params; } @Override protected void execute() { ProxyInfoParams params = getProxyInfoParamsFromCommandLine(commandLine); try { proxyInfoBehaviour = new DefaultVOMSProxyInfoBehaviour(logger, listenerHelper); proxyInfoBehaviour.printProxyInfo(params); System.exit(0); } catch (Throwable t) { logger.error(t); System.exit(EXIT_ERROR_CODE); } } public static void main(String[] args) { new VomsProxyInfo(args); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/VomsProxyInit.java000066400000000000000000000227251477751234100300040ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.text.ParseException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import org.apache.commons.cli.CommandLine; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.clients.impl.DefaultVOMSCommandsParser; import org.italiangrid.voms.clients.impl.DefaultVOMSProxyInitBehaviour; import org.italiangrid.voms.clients.impl.ProxyInitListenerHelper; import org.italiangrid.voms.clients.impl.ProxyInitListenerHelper.WARNING_POLICY; import org.italiangrid.voms.clients.options.CLIOption; import org.italiangrid.voms.clients.options.CommonOptions; import org.italiangrid.voms.clients.options.ProxyInitOptions; import org.italiangrid.voms.clients.strategies.ProxyInitStrategy; import org.italiangrid.voms.clients.util.TimeUtils; import org.italiangrid.voms.util.VOMSFQANNamingScheme; import eu.emi.security.authn.x509.proxy.ProxyType; /** * * This class implements a command-line voms-proxy-init client. * * @author Andrea Ceccanti @author Daniele Andreotti * */ public class VomsProxyInit extends AbstractCLI { private static final String COMMAND_NAME = "voms-proxy-init"; private static final int[] SUPPORTED_KEY_SIZES = {512, 1024, 2048, 4096}; private static final int EXIT_ERROR_CODE = 1; public static void main(String[] args) { new VomsProxyInit(args); } /** The implementation of the VOMS proxy init behaviour **/ private ProxyInitStrategy proxyInitBehaviour; private ProxyInitListenerHelper listenerHelper; public VomsProxyInit(String[] args) { super(COMMAND_NAME); try { initOptions(); parseOptionsFromCommandLine(args); listenerHelper = new ProxyInitListenerHelper(logger); execute(); } catch (Throwable t) { if (logger != null) logger.error(t); else { System.err.println(t.getMessage()); t.printStackTrace(System.err); } System.exit(EXIT_ERROR_CODE); } } private ProxyInitStrategy getProxyInitBehaviour() { DefaultVOMSProxyInitBehaviour proxyInitBehaviour = new DefaultVOMSProxyInitBehaviour(new DefaultVOMSCommandsParser(), listenerHelper); return proxyInitBehaviour; } private int parseKeySize(String keySizeParam) { try { int keySize = Integer.parseInt(keySizeParam); if (Arrays.binarySearch(SUPPORTED_KEY_SIZES, keySize) < 0) throw new VOMSError("Unsupported key size:" + keySize); return keySize; } catch (NumberFormatException e) { throw new VOMSError( "Invalid input for key size parameter. Please provide a valid key size value.", e); } } private ProxyInitParams getProxyInitParamsFromCommandLine(CommandLine line) { ProxyInitParams params = new ProxyInitParams(); if (commandLineHasOption(ProxyInitOptions.KEY_SIZE)) { params.setKeySize(parseKeySize(getOptionValue(ProxyInitOptions.KEY_SIZE))); } if (commandLineHasOption(ProxyInitOptions.ENABLE_STDIN_PWD)) params.setReadPasswordFromStdin(true); if (commandLineHasOption(ProxyInitOptions.LIMITED_PROXY)) params.setLimited(true); if (commandLineHasOption(ProxyInitOptions.PATHLEN_CONSTRAINT)) params.setPathLenConstraint( Integer.parseInt(getOptionValue(ProxyInitOptions.PATHLEN_CONSTRAINT))); if (commandLineHasOption(ProxyInitOptions.CERT_LOCATION)) params.setCertFile(getOptionValue(ProxyInitOptions.CERT_LOCATION)); if (commandLineHasOption(ProxyInitOptions.KEY_LOCATION)) params.setKeyFile(getOptionValue(ProxyInitOptions.KEY_LOCATION)); if (commandLineHasOption(ProxyInitOptions.PROXY_LOCATION)) params.setGeneratedProxyFile(getOptionValue(ProxyInitOptions.PROXY_LOCATION)); if (commandLineHasOption(ProxyInitOptions.VALIDITY)) { int lifetimeInSeconds = parseLifeTimeInHoursAndMinutesString( getOptionValue(ProxyInitOptions.VALIDITY), ProxyInitOptions.VALIDITY); params.setAcLifetimeInSeconds(lifetimeInSeconds); params.setProxyLifetimeInSeconds(lifetimeInSeconds); } if (commandLineHasOption(ProxyInitOptions.AC_LIFETIME)) params.setAcLifetimeInSeconds(parseLifeTimeInHoursAndMinutesString( getOptionValue(ProxyInitOptions.AC_LIFETIME), ProxyInitOptions.AC_LIFETIME)); if (commandLineHasOption((ProxyInitOptions.PROXY_LIFETIME_IN_HOURS))) params.setProxyLifetimeInSeconds( parseLifetimeInHoursString(getOptionValue(ProxyInitOptions.PROXY_LIFETIME_IN_HOURS), ProxyInitOptions.PROXY_LIFETIME_IN_HOURS)); if (commandLineHasOption(ProxyInitOptions.VOMS_COMMAND)) params.setVomsCommands(getOptionValues(ProxyInitOptions.VOMS_COMMAND)); if (commandLineHasOption(ProxyInitOptions.VERIFY_CERT)) params.setValidateUserCredential(true); if (commandLineHasOption(ProxyInitOptions.PROXY_NOREGEN)) params.setNoRegen(true); if (commandLineHasOption(ProxyInitOptions.SKIP_AC_VERIFICATION)) params.setVerifyAC(false); if (commandLineHasOption(ProxyInitOptions.SKIP_INTEGRITY_CHECKS)) params.setEnforcingChainIntegrity(false); if (commandLineHasOption(ProxyInitOptions.FQANS_ORDERING)) params.setFqanOrder(fqansSanityChecks(getOptionValues(ProxyInitOptions.FQANS_ORDERING))); if (commandLineHasOption(ProxyInitOptions.LEGACY_PROXY)) params.setProxyType(ProxyType.LEGACY); if (commandLineHasOption(ProxyInitOptions.PROXY_VERSION)) params.setProxyType(proxyTypeFromVersion(getOptionValue(ProxyInitOptions.PROXY_VERSION))); if (commandLineHasOption(ProxyInitOptions.TARGET_HOSTNAME)) params.setTargets(Arrays.asList(getOptionValue(ProxyInitOptions.TARGET_HOSTNAME))); if (commandLineHasOption(ProxyInitOptions.VOMSES_LOCATION)) params.setVomsesLocations(getOptionValues(ProxyInitOptions.VOMSES_LOCATION)); if (commandLineHasOption(ProxyInitOptions.IGNORE_WARNINGS)) listenerHelper = new ProxyInitListenerHelper(logger, WARNING_POLICY.ignoreWarnings); if (commandLineHasOption(ProxyInitOptions.FAIL_ON_WARN)) listenerHelper = new ProxyInitListenerHelper(logger, WARNING_POLICY.failOnWarnings); if (commandLineHasOption(ProxyInitOptions.TIMEOUT)) params.setTimeoutInSeconds(parseConnectionTimeout(getOptionValue(ProxyInitOptions.TIMEOUT))); if (commandLineHasOption(ProxyInitOptions.TRUSTED_CERT_LOCATION)) params.setTrustAnchorsDir(getOptionValue(ProxyInitOptions.TRUSTED_CERT_LOCATION)); if (commandLineHasOption(ProxyInitOptions.VOMSDIR)) params.setVomsdir(getOptionValue(ProxyInitOptions.VOMSDIR)); if (commandLineHasOption(ProxyInitOptions.SKIP_HOSTNAME_CHECKS)) { params.setSkipHostnameChecks(true); } if (commandLineHasOption(ProxyInitOptions.ENABLE_LEGACY_PROTOCOL)) { params.setEnableLegacyProtocol(true); } return params; } private ProxyType proxyTypeFromVersion(String version) { try { int versionNumber = Integer.parseInt(version); if (versionNumber == 2) return ProxyType.LEGACY; else if (versionNumber == 3) return ProxyType.DRAFT_RFC; else if (versionNumber == 4) return ProxyType.RFC3820; throw new VOMSError( "Please specify a valid value for proxyversion: (2-> legacy, 3-> draft rfc, 4-> rfc)."); } catch (NumberFormatException e) { throw new VOMSError("Please specify a valid value for proxyversion."); } } private void initOptions() { List options = new ArrayList(); options.addAll(Arrays.asList(CommonOptions.values())); options.addAll(Arrays.asList(ProxyInitOptions.values())); initOptions(options); } private List fqansSanityChecks(List fqans) { for (String f : fqans) { VOMSFQANNamingScheme.checkSyntax(f); } return fqans; } private int parseLifetimeInHoursString(String proxyLifetimeProperty, CLIOption option) { try { return TimeUtils.parseLifetimeInHours(proxyLifetimeProperty); } catch (ParseException e) { throw new VOMSError("Invalid format for the time interval option '" + option.getLongOptionName() + "'. It should follow the hh pattern.", e); } } private int parseLifeTimeInHoursAndMinutesString(String acLifetimeProperty, CLIOption option) { try { return TimeUtils.parseLifetimeInHoursAndMinutes(acLifetimeProperty); } catch (ParseException e) { throw new VOMSError("Invalid format for the time interval option '" + option.getLongOptionName() + "'. It should follow the hh:mm pattern.", e); } } private int parseConnectionTimeout(String timeoutStringValue) { int timeoutInSeconds = 0; try { timeoutInSeconds = Integer.parseInt(timeoutStringValue); if (timeoutInSeconds < 0) throw new VOMSError( "Invalid value for the timeout option. It should be a positive integer."); } catch (NumberFormatException e) { throw new VOMSError("Invalid value for the timeout option. It should be a positive integer."); } return timeoutInSeconds; } @Override protected void execute() { ProxyInitParams params = getProxyInitParamsFromCommandLine(commandLine); try { proxyInitBehaviour = getProxyInitBehaviour(); proxyInitBehaviour.initProxy(params); if (listenerHelper.hadValidationErrors()) { System.exit(EXIT_ERROR_CODE); } } catch (Throwable t) { logger.error(t); System.exit(EXIT_ERROR_CODE); } } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/000077500000000000000000000000001477751234100252605ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/CustomVOMSESLookupStrategy.java000066400000000000000000000023571477751234100332560ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.io.File; import java.util.ArrayList; import java.util.List; import org.italiangrid.voms.request.impl.DefaultVOMSESLookupStrategy; public class CustomVOMSESLookupStrategy extends DefaultVOMSESLookupStrategy { String customVOMSESPath; public CustomVOMSESLookupStrategy(String vomsesPath) { this.customVOMSESPath = vomsesPath; } /* * (non-Javadoc) * * @see * org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy#lookupVomsesInfo * () */ @Override public List lookupVomsesInfo() { List searchedPaths = searchedPaths(); List vomsesPaths = new ArrayList(); for (String p : searchedPaths) { File f = new File(p); if (f.exists()) vomsesPaths.add(f); } return vomsesPaths; } /* * (non-Javadoc) * * @see * org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy#searchedPaths() */ @Override public List searchedPaths() { List searchedPaths = super.searchedPaths(); searchedPaths.add(customVOMSESPath); return searchedPaths; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/DefaultACResolver.java000066400000000000000000000114761477751234100314460ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import static java.util.Objects.isNull; import java.util.ArrayList; import java.util.Collections; import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.TimeUnit; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.clients.ProxyInitParams; import org.italiangrid.voms.clients.strategies.ACResolverStrategy; import org.italiangrid.voms.clients.strategies.VOMSCommandsParsingStrategy; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy; import org.italiangrid.voms.request.impl.DefaultVOMSACRequest; import org.italiangrid.voms.request.impl.DefaultVOMSACService; import org.italiangrid.voms.request.impl.DefaultVOMSESLookupStrategy; import org.italiangrid.voms.util.VOMSFQANNamingScheme; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; public class DefaultACResolver implements ACResolverStrategy { final VOMSCommandsParsingStrategy commandsParser; final VOMSRequestListener requestListener; final VOMSProtocolListener protocolListener; X509CertChainValidatorExt certChainValidator; public DefaultACResolver(VOMSCommandsParsingStrategy commandsParser, X509CertChainValidatorExt certChainValidator, VOMSRequestListener requestListener, VOMSProtocolListener protocolListener) { this.commandsParser = commandsParser; this.certChainValidator = certChainValidator; this.requestListener = requestListener; this.protocolListener = protocolListener; } protected VOMSESLookupStrategy getVOMSESLookupStrategyFromParams(ProxyInitParams params) { if (params.getVomsesLocations() != null && !params.getVomsesLocations().isEmpty()) return new BaseVOMSESLookupStrategy(params.getVomsesLocations()); else return new DefaultVOMSESLookupStrategy(); } protected List sortFQANsIfRequested(ProxyInitParams params, List unsortedFQANs) { if (params.getFqanOrder() != null && !params.getFqanOrder().isEmpty()) { Set fqans = new LinkedHashSet(); for (String fqan : params.getFqanOrder()) { if (VOMSFQANNamingScheme.isGroup(fqan)) fqans.add(fqan); if (VOMSFQANNamingScheme.isQualifiedRole(fqan) && unsortedFQANs.contains(fqan)) fqans.add(fqan); } fqans.addAll(unsortedFQANs); return new ArrayList(fqans); } return unsortedFQANs; } @Override public List getVOMSACs(ProxyInitParams params, X509Credential userCredential, VOMSServerInfoStore serverInfoStore) { List vomsCommands = params.getVomsCommands(); if (isNull(vomsCommands) || vomsCommands.isEmpty()) { return Collections.emptyList(); } Map> vomsCommandsMap = commandsParser.parseCommands(params.getVomsCommands()); List acs = new ArrayList(); for (Map.Entry> voCommands : vomsCommandsMap.entrySet()) { final String vo = voCommands.getKey(); final List fqans = voCommands.getValue(); VOMSACRequest request = new DefaultVOMSACRequest.Builder(vo).fqans(sortFQANsIfRequested(params, fqans)) .targets(params.getTargets()) .lifetime(params.getAcLifetimeInSeconds()) .build(); VOMSACService acService = new DefaultVOMSACService.Builder(certChainValidator).requestListener(requestListener) .serverInfoStore(serverInfoStore) .vomsesLookupStrategy(getVOMSESLookupStrategyFromParams(params)) .protocolListener(protocolListener) .connectTimeout((int) TimeUnit.SECONDS.toMillis(params.getTimeoutInSeconds())) .readTimeout((int) TimeUnit.SECONDS.toMillis(params.getTimeoutInSeconds())) .skipHostnameChecks(params.isSkipHostnameChecks()) .legacyProtocolEnabled(params.isEnableLegacyProtocol()) .build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate(userCredential, request); if (ac != null) { acs.add(ac); } } if (!vomsCommandsMap.keySet().isEmpty() && acs.isEmpty()) throw new VOMSError("User's request for VOMS attributes could not be fulfilled."); return acs; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/DefaultProxyDestroyBehaviour.java000066400000000000000000000035241477751234100337740ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.io.File; import org.italiangrid.voms.clients.ProxyDestroyBehaviour; import org.italiangrid.voms.clients.ProxyDestroyParams; import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder; import org.italiangrid.voms.credential.VOMSEnvironmentVariables; /** * * The class implementing the behaviour of the voms-proxy-destroy command. * * @author valerioventuri * */ public class DefaultProxyDestroyBehaviour implements ProxyDestroyBehaviour { /** * The {@link ProxyDestroyListenerAdapter}. * */ private ProxyDestroyListenerAdapter listener; /** * Constructor that takes a {@link ProxyDestroyListenerAdapter}. * * @param listener * The listener that will receive events related to proxy destroy * events */ public DefaultProxyDestroyBehaviour(ProxyDestroyListenerAdapter listener) { this.listener = listener; } /* * (non-Javadoc) * * @see * org.italiangrid.voms.clients.ProxyDestroyBehaviourInt#destroyProxy(org. * italiangrid.voms.clients.ProxyDestroyParams) */ @Override public void destroyProxy(ProxyDestroyParams params) { String proxyFilePath = VOMSProxyPathBuilder.buildProxyPath(); String envProxyPath = System .getenv(VOMSEnvironmentVariables.X509_USER_PROXY); if (envProxyPath != null) proxyFilePath = envProxyPath; if (params.getProxyFile() != null) proxyFilePath = params.getProxyFile(); File file = new File(proxyFilePath); if (!file.exists()) { listener.notifyProxyNotFound(); System.exit(1); } if (params.isDryRun()) { listener.warnProxyToRemove(proxyFilePath); System.exit(0); } file.delete(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/DefaultVOMSCommandsParser.java000066400000000000000000000043251477751234100330570ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.util.ArrayList; import java.util.Collections; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import org.italiangrid.voms.clients.strategies.VOMSCommandsParsingStrategy; /** * Default implementation of the {@link VOMSCommandsParsingStrategy} interface. * This class is responsible for parsing VOMS commands into a structured format. */ public class DefaultVOMSCommandsParser implements VOMSCommandsParsingStrategy { /** * The character used to separate VO names from FQANs in command strings. */ public static final String COMMAND_SEPARATOR = ":"; /** * The string representing a request for all available attributes. */ public static final String ALL_COMMAND_STRING = "all"; /** * Parses a list of VOMS commands and organizes them into a map. * * @param commands A list of strings representing VOMS commands, where each * command follows the format "vo[:fqan]". * @return A map where the keys are VO names and the values are lists of * requested FQANs. If "all" is specified, no FQANs are added. * Returns {@code null} if the input list is {@code null}, or an * empty map if the input list is empty. */ @Override public Map> parseCommands(List commands) { if (commands == null) return null; if (commands.isEmpty()) return Collections.emptyMap(); Map> commandsMap = new LinkedHashMap>(); for (String cmd : commands) { String[] cmdTokens = cmd.split(COMMAND_SEPARATOR); String vo = cmdTokens[0]; if (commandsMap.containsKey(vo)) { if (cmdTokens.length > 1 && !cmdTokens[1].equals(ALL_COMMAND_STRING)) commandsMap.get(vo).add(cmdTokens[1]); } else { List requestedFQANs = new ArrayList(); if (cmdTokens.length > 1 && !cmdTokens[1].equals("all")) requestedFQANs.add(cmdTokens[1]); commandsMap.put(vo, requestedFQANs); } } return commandsMap; } } DefaultVOMSProxyInfoBehaviour.java000066400000000000000000000357301477751234100336700ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAKey; import java.text.ParseException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.concurrent.TimeUnit; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACParser; import org.italiangrid.voms.asn1.VOMSACUtils; import org.italiangrid.voms.clients.ProxyInfoParams; import org.italiangrid.voms.clients.ProxyInfoParams.PrintOption; import org.italiangrid.voms.clients.strategies.ProxyInfoStrategy; import org.italiangrid.voms.clients.util.MessageLogger; import org.italiangrid.voms.clients.util.OpensslNameUtilities; import org.italiangrid.voms.clients.util.TimeUtils; import org.italiangrid.voms.clients.util.VOMSAttributesPrinter; import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder; import org.italiangrid.voms.credential.VOMSEnvironmentVariables; import eu.emi.security.authn.x509.helpers.proxy.ExtendedProxyType; import eu.emi.security.authn.x509.helpers.proxy.ProxyHelper; import eu.emi.security.authn.x509.impl.CertificateUtils; import eu.emi.security.authn.x509.impl.FormatMode; import eu.emi.security.authn.x509.impl.PEMCredential; import eu.emi.security.authn.x509.proxy.ProxyUtils; public class DefaultVOMSProxyInfoBehaviour implements ProxyInfoStrategy { private PEMCredential proxyCredential; private VOMSACParser acParser = null; private final String[] keyUsagesValues = { "Digital Signature", "Non Repudiation", "Key Encipherment", "Data Encipherment", "Key Agreement", "Key CertSign", "CRL Sign", "Encipher Only", "Decipher Only" }; ArrayList proxyKeyUsageList = new ArrayList(); private final MessageLogger logger; public DefaultVOMSProxyInfoBehaviour(MessageLogger logger, InitListenerAdapter listenerAdapter) { this.logger = logger; } @Override public void printProxyInfo(ProxyInfoParams params) { List attributes = new ArrayList(); X509Certificate[] proxyChain = null; String proxyFilePath = VOMSProxyPathBuilder.buildProxyPath(); String envProxyPath = System .getenv(VOMSEnvironmentVariables.X509_USER_PROXY); if (envProxyPath != null) proxyFilePath = envProxyPath; if (params.getProxyFile() != null) proxyFilePath = params.getProxyFile(); FileInputStream proxyInputStream = null; try { proxyInputStream = new FileInputStream(proxyFilePath); } catch (FileNotFoundException e) { throw new VOMSError("Proxy not found: " + e.getMessage(), e); } try { proxyCredential = new PEMCredential(proxyInputStream, (char[]) null); } catch (Exception e) { throw new VOMSError("Proxy not found: " + e.getMessage(), e); } File proxyFile = new File(proxyFilePath); proxyChain = proxyCredential.getCertificateChain(); acParser = VOMSValidators.newParser(); attributes = acParser.parse(proxyChain); resolveProxyKeyUsage(); if (params.containsOption(PrintOption.ALL_OPTIONS) && !params.containsOption(PrintOption.CHAIN)) { printProxyStandardInfo(proxyFile); printAC(attributes); logger.printMessage(""); } if (params.isEmpty()) printProxyStandardInfo(proxyFile); checkProxyBasicOptions(params, attributes, proxyFile, proxyChain); checkVOMSOptions(params, attributes, proxyChain, proxyFile); checkValidityOptions(params, proxyChain); } /* * Groups of options for checking the proxy validity */ private void checkValidityOptions(ProxyInfoParams params, X509Certificate[] proxyChain) { if (params.containsOption(PrintOption.PROXY_STRENGTH_VALIDITY) && !params.containsOption(PrintOption.ALL_OPTIONS)) { if (!getKeySize(proxyChain[0]).equals(params.getKeyLength())) throw new VOMSError("Proxy key size is not valid"); } if (params.containsOption(PrintOption.PROXY_EXISTS)) { try { try { proxyChain[0].checkValidity(); } catch (CertificateNotYetValidException e) { throw new VOMSError("Proxy not found: " + e.getMessage(), e); } } catch (CertificateExpiredException e) { throw new VOMSError( "The current proxy is not valid: " + e.getMessage(), e); } } if (params.containsOption(PrintOption.PROXY_TIME_VALIDITY)) { int period = 0; try { period = TimeUtils .parseLifetimeInHoursAndMinutes(params.getValidTime()); } catch (ParseException e) { throw new VOMSError("Wrong validity format, required 'hh:mm': " + e.getMessage(), e); } if (!checkTimeValidity( TimeUtils.getTimeLeft(proxyChain[0].getNotAfter()), period)) throw new VOMSError("Proxy not valid for the specified period"); } if (params.containsOption(PrintOption.PROXY_HOURS_VALIDITY)) { int period = 0; try { period = TimeUtils.parseLifetimeInHours(params.getValidHours()); } catch (ParseException e) { throw new VOMSError("Wrong validity format, required 'hh': " + e.getMessage(), e); } if (!checkTimeValidity( TimeUtils.getTimeLeft(proxyChain[0].getNotAfter()), period)) throw new VOMSError("Proxy not valid for the specified period"); } } private void printProxyChain(X509Certificate[] chain) { logger.printMessage("=== Proxy Chain Information ==="); for (X509Certificate c : chain) { logger.printMessage(CertificateUtils.format(c, FormatMode.FULL)); try { if (ProxyUtils.isProxy(c)) { List attrs = VOMSACUtils .getACsFromCertificate(c); if (!attrs.isEmpty()) logger.printMessage("VOMS extensions: yes."); else logger.printMessage("VOMS extensions: no."); } } catch (IOException e) { // Swallow exception } logger.printMessage(""); } } /* * Proxy basic options */ private void checkProxyBasicOptions(ProxyInfoParams params, List listVOMSAttributes, File proxyFilePath, X509Certificate[] proxyChain) { if (params.containsOption(PrintOption.TYPE) && !params.containsOption(PrintOption.ALL_OPTIONS)) { logger.printMessage(proxyTypeAsString(proxyChain[0])); } if (params.containsOption(PrintOption.SUBJECT) && !params.containsOption(PrintOption.ALL_OPTIONS)) { logger.printMessage(OpensslNameUtilities .getOpensslSubjectString(proxyChain[0].getSubjectX500Principal())); } if (params.containsOption(PrintOption.ISSUER) || params.containsOption(PrintOption.IDENTITY) && !params.containsOption(PrintOption.ALL_OPTIONS)) { logger.printMessage(OpensslNameUtilities .getOpensslSubjectString(proxyChain[0].getIssuerX500Principal())); } if (params.containsOption(PrintOption.PROXY_PATH) && !params.containsOption(PrintOption.ALL_OPTIONS)) { logger.printMessage(proxyFilePath.getAbsolutePath()); } if (params.containsOption(PrintOption.CHAIN)) { printProxyChain(proxyChain); logger.printMessage("=== Proxy Information ==="); printProxyStandardInfo(proxyFilePath); if (params.containsOption(PrintOption.ALL_OPTIONS)) { printAC(listVOMSAttributes); } logger.printMessage(""); } if (params.containsOption(PrintOption.TEXT)) { if (!params.containsOption(PrintOption.ALL_OPTIONS) && !params.containsOption(PrintOption.CHAIN)) { printProxyStandardInfo(proxyFilePath); logger.printMessage(""); } int chainLength = 1; if (params.containsOption(PrintOption.CHAIN)) chainLength = proxyChain.length; for (int i = chainLength - 1; i >= 0; i--) { logger.printMessage("Certificate:"); logger.printMessage(CertificateUtils.format(proxyChain[i], FormatMode.FULL)); logger.printMessage(""); } } if (params.containsOption(PrintOption.KEYSIZE) && !params.containsOption(PrintOption.ALL_OPTIONS)) { logger.printMessage(getKeySize(proxyChain[0])); } if (params.containsOption(PrintOption.KEYUSAGE) && !params.containsOption(PrintOption.ALL_OPTIONS)) { tabularFormatted("key usage", getProxyKeyUsages()); } if (params.containsOption(PrintOption.TIMELEFT) && !params.containsOption(PrintOption.ALL_OPTIONS)) { Date notAfter = proxyCredential.getCertificate().getNotAfter(); long notAfterinMSec = TimeUtils.getTimeLeft(notAfter); long notAfterInSec = TimeUnit.MILLISECONDS.toSeconds(notAfterinMSec); logger.printMessage(String.valueOf(notAfterInSec)); } } /* * Proxy VOMS options */ private void checkVOMSOptions(ProxyInfoParams params, List attributes, X509Certificate[] proxyChain, File proxyFilePath) { if (params.hasACOptions() && attributes.isEmpty()) throw new VOMSError("No VOMS attributes found!"); if (params.containsOption(PrintOption.ACSUBJECT) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(a .getHolder())); } if (params.containsOption(PrintOption.ACTIMELEFT) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) { long notAfterInMSec = TimeUtils .getTimeLeft(a.getVOMSAC().getNotAfter()); long notAfterInSec = TimeUnit.MILLISECONDS.toSeconds(notAfterInMSec); logger.printMessage(String.valueOf(notAfterInSec)); } } if (params.containsOption(PrintOption.ACISSUER) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) logger.printMessage(OpensslNameUtilities.getOpensslSubjectString(a .getAACertificates()[0].getSubjectX500Principal())); } if (params.containsOption(PrintOption.ACSERIAL) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) logger.printMessage(a.getVOMSAC().getSerialNumber().toString()); } if (params.containsOption(PrintOption.AC_EXISTS)) { boolean foundRequestedAC = false; for (VOMSAttribute a : attributes) { if (params.getACVO().equals(a.getVO())) { foundRequestedAC = true; break; } } if (!foundRequestedAC) throw new VOMSError("AC not found for VO " + params.getACVO()); } if (params.containsOption(PrintOption.VONAME) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) logger.printMessage(a.getVO()); } if (params.containsOption(PrintOption.FQAN) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) { for (String f : a.getFQANs()) logger.printMessage(f); } } if (params.containsOption(PrintOption.SERVER_URI) && !params.containsOption(PrintOption.ALL_OPTIONS)) { for (VOMSAttribute a : attributes) { logger.formatMessage("%s:%s\n", a.getHost(), a.getPort()); } } } /* * Extracts the list of KeyUsage from the proxy */ private void resolveProxyKeyUsage() { boolean[] keyUsages = proxyCredential.getCertificate().getKeyUsage(); if (keyUsages != null) { int index = 0; for (boolean key : keyUsages) { if (key) proxyKeyUsageList.add(keyUsagesValues[index]); index++; } } } /* * Returns a formatted list of KeyUsage */ private String getProxyKeyUsages() { StringBuilder usage = new StringBuilder(); Iterator it = proxyKeyUsageList.iterator(); if (it.hasNext()) usage.append(it.next()); while (it.hasNext()) { usage.append(", " + it.next()); } return usage.toString(); } private void printAC(List listVOMSAttributes) { for (VOMSAttribute a : listVOMSAttributes) { VOMSAttributesPrinter.printVOMSAttributes(logger, MessageLogger.MessageLevel.INFO, a); } } private void printProxyStandardInfo(File proxyFilePath) { String subject = OpensslNameUtilities .getOpensslSubjectString(proxyCredential.getCertificate() .getSubjectX500Principal()); String issuer = OpensslNameUtilities .getOpensslSubjectString(proxyCredential.getCertificate() .getIssuerX500Principal()); String holder = OpensslNameUtilities.getOpensslSubjectString(ProxyUtils .getOriginalUserDN(proxyCredential.getCertificateChain())); tabularFormatted("subject", subject); tabularFormatted("issuer", issuer); tabularFormatted("identity", holder); tabularFormatted("type", proxyTypeAsString(proxyCredential.getCertificate())); tabularFormatted("strength", getKeySize(proxyCredential.getCertificate())); tabularFormatted("path", proxyFilePath.getAbsolutePath()); tabularFormatted("timeleft", TimeUtils.getValidityAsString(proxyCredential .getCertificate().getNotAfter())); tabularFormatted("key usage", getProxyKeyUsages()); } private String proxyTypeAsString(X509Certificate proxyCert) { ExtendedProxyType pt = ProxyHelper.getProxyType(proxyCert); boolean limited; try { limited = ProxyHelper.isLimited(proxyCert); } catch (IOException e) { throw new VOMSError("Error checking proxy policy:" + e.getMessage(), e); } String typeString = null; switch (pt) { case LEGACY: typeString = String.format("%s legacy globus proxy", limited ? "limited" : "full"); break; case DRAFT_RFC: typeString = String.format("Proxy draft (pre-RFC) %s proxy", limited ? "limited" : "impersonation"); break; case RFC3820: typeString = String.format("RFC3820 compliant %s proxy", limited ? "limited" : "impersonation"); break; case NOT_A_PROXY: typeString = "EEC"; } return typeString; } private boolean checkTimeValidity(long certTimeLeft, int period) { long msPeriod = TimeUnit.SECONDS.toMillis(period); if (certTimeLeft < msPeriod) return false; else return true; } private String getKeySize(X509Certificate chain) { RSAKey rsaKey = (RSAKey) (chain.getPublicKey()); return (Integer.toString(rsaKey.getModulus().bitLength())); } private void tabularFormatted(String name, String value) { logger.printMessage(String.format("%-9s %s %s", name, ":", value)); } } DefaultVOMSProxyInitBehaviour.java000066400000000000000000000475041477751234100337020ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import static org.italiangrid.voms.request.impl.FakeVOMSACServiceProperties.FAKE; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.Calendar; import java.util.Collections; import java.util.Date; import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; import java.util.concurrent.TimeUnit; import org.bouncycastle.asn1.x509.AttributeCertificate; import eu.emi.security.authn.x509.helpers.PasswordSupplier; import org.italiangrid.voms.VOMSError; import org.italiangrid.voms.VOMSValidators; import org.italiangrid.voms.ac.VOMSACValidator; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.ac.impl.DefaultVOMSValidator; import org.italiangrid.voms.clients.ProxyInitParams; import org.italiangrid.voms.clients.strategies.ACResolverStrategy; import org.italiangrid.voms.clients.strategies.ProxyInitStrategy; import org.italiangrid.voms.clients.strategies.VOMSCommandsParsingStrategy; import org.italiangrid.voms.clients.util.PasswordFinders; import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.credential.LoadCredentialsStrategy; import org.italiangrid.voms.credential.VOMSEnvironmentVariables; import org.italiangrid.voms.credential.impl.DefaultLoadCredentialsStrategy; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSACService; import org.italiangrid.voms.request.VOMSESLookupStrategy; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy; import org.italiangrid.voms.request.impl.DefaultVOMSACRequest; import org.italiangrid.voms.request.impl.DefaultVOMSACService; import org.italiangrid.voms.request.impl.DefaultVOMSESLookupStrategy; import org.italiangrid.voms.request.impl.DefaultVOMSServerInfoStore; import org.italiangrid.voms.store.VOMSTrustStore; import org.italiangrid.voms.store.VOMSTrustStoreStatusListener; import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore; import org.italiangrid.voms.util.CertificateValidatorBuilder; import org.italiangrid.voms.util.CredentialsUtils; import org.italiangrid.voms.util.VOMSFQANNamingScheme; import eu.emi.security.authn.x509.StoreUpdateListener; import eu.emi.security.authn.x509.ValidationErrorListener; import eu.emi.security.authn.x509.ValidationResult; import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.X509Credential; import eu.emi.security.authn.x509.helpers.proxy.ExtendedProxyType; import eu.emi.security.authn.x509.helpers.proxy.ProxyHelper; import eu.emi.security.authn.x509.proxy.ProxyCertificate; import eu.emi.security.authn.x509.proxy.ProxyCertificateOptions; import eu.emi.security.authn.x509.proxy.ProxyChainInfo; import eu.emi.security.authn.x509.proxy.ProxyChainType; import eu.emi.security.authn.x509.proxy.ProxyGenerator; import eu.emi.security.authn.x509.proxy.ProxyPolicy; import eu.emi.security.authn.x509.proxy.ProxyType; import eu.emi.security.authn.x509.proxy.ProxyUtils; /** * The default VOMS proxy init behaviour. * * @author andreaceccanti * */ public class DefaultVOMSProxyInitBehaviour implements ProxyInitStrategy { private VOMSCommandsParsingStrategy commandsParser; private X509CertChainValidatorExt certChainValidator; private VOMSACValidator vomsValidator; private ValidationResultListener validationResultListener; private VOMSRequestListener requestListener; private ProxyCreationListener proxyCreationListener; private VOMSServerInfoStoreListener serverInfoStoreListener; private LoadCredentialsEventListener loadCredentialsEventListener; private ValidationErrorListener certChainValidationErrorListener; private VOMSTrustStoreStatusListener vomsTrustStoreListener; private StoreUpdateListener storeUpdateListener; private VOMSProtocolListener protocolListener; private ACResolverStrategy acResolver; public DefaultVOMSProxyInitBehaviour(VOMSCommandsParsingStrategy commandsParser, ValidationResultListener validationListener, VOMSRequestListener requestListener, ProxyCreationListener pxCreationListener, VOMSServerInfoStoreListener serverInfoStoreListener, LoadCredentialsEventListener loadCredEventListener, ValidationErrorListener certChainListener, VOMSTrustStoreStatusListener vomsTSListener, StoreUpdateListener trustStoreUpdateListener, VOMSProtocolListener protocolListener) { this.commandsParser = commandsParser; this.validationResultListener = validationListener; this.requestListener = requestListener; this.proxyCreationListener = pxCreationListener; this.serverInfoStoreListener = serverInfoStoreListener; this.loadCredentialsEventListener = loadCredEventListener; this.certChainValidationErrorListener = certChainListener; this.vomsTrustStoreListener = vomsTSListener; this.storeUpdateListener = trustStoreUpdateListener; this.protocolListener = protocolListener; } public DefaultVOMSProxyInitBehaviour(VOMSCommandsParsingStrategy commandsParser, InitListenerAdapter listenerAdapter) { this.commandsParser = commandsParser; this.validationResultListener = listenerAdapter; this.requestListener = listenerAdapter; this.proxyCreationListener = listenerAdapter; this.serverInfoStoreListener = listenerAdapter; this.loadCredentialsEventListener = listenerAdapter; this.certChainValidationErrorListener = listenerAdapter; this.vomsTrustStoreListener = listenerAdapter; this.storeUpdateListener = listenerAdapter; this.protocolListener = listenerAdapter; } protected void validateUserCredential(ProxyInitParams params, X509Credential cred) { ValidationResult result = certChainValidator.validate(cred.getCertificateChain()); if (!result.isValid()) throw new VOMSError("User credential is not valid!"); } private void init(ProxyInitParams params) { if (hasVomsCommands(params) || params.validateUserCredential()) { params.setValidateUserCredential(true); initCertChainValidator(params); if (params.verifyAC() && hasVomsCommands(params)) { initVOMSValidator(params); } } } protected void buildACResolver() { if (!Objects.isNull(FAKE.getSystemPropertyValue())) { acResolver = new FakeACResolver(requestListener); } if (Objects.isNull(acResolver)) { acResolver = new DefaultACResolver(commandsParser, certChainValidator, requestListener, protocolListener); } } protected boolean hasVomsCommands(ProxyInitParams params) { return !Objects.isNull(params.getVomsCommands()) && !params.getVomsCommands().isEmpty(); } public void initProxy(ProxyInitParams params) { init(params); VOMSServerInfoStore serverInfoStore = null; // Fail fast if VO is not configured correctly if (hasVomsCommands(params)) { serverInfoStore = initServerInfoStore(params); checkCommands(params, serverInfoStore); } X509Credential cred = lookupCredential(params); if (cred == null) { throw new VOMSError("No credentials found!"); } if (params.validateUserCredential()) { validateUserCredential(params, cred); } List acs = Collections.emptyList(); if (hasVomsCommands(params)) { initCertChainValidator(params); buildACResolver(); acs = acResolver.getVOMSACs(params, cred, serverInfoStore); } if (params.verifyAC() && !acs.isEmpty()) { verifyACs(params, acs); } createProxy(params, cred, acs); } private void checkCommands(ProxyInitParams params, VOMSServerInfoStore sis) { Map> vomsCommandsMap = commandsParser.parseCommands(params.getVomsCommands()); for (String voOrAlias : vomsCommandsMap.keySet()) { if (sis.getVOMSServerInfo(voOrAlias) .isEmpty()) { String msg = String.format( "VOMS server for VO %s is not known! " + "Check your vomses configuration.", voOrAlias); throw new VOMSError(msg); } } } private VOMSServerInfoStore initServerInfoStore(ProxyInitParams params) { VOMSServerInfoStore sis = null; if (params.getVomsCommands() != null && !params.getVomsCommands() .isEmpty()) { sis = new DefaultVOMSServerInfoStore.Builder() .lookupStrategy(getVOMSESLookupStrategyFromParams(params)) .storeListener(serverInfoStoreListener) .build(); } return sis; } private void directorySanityChecks(String dirPath, String preambleMessage) { File f = new File(dirPath); String errorTemplate = String.format("%s: '%s'", preambleMessage, dirPath); errorTemplate = errorTemplate + " (%s)"; if (!f.exists()) { Throwable t = new FileNotFoundException(String.format(errorTemplate, "file not found")); throw new VOMSError(t.getMessage(), t); } if (!f.isDirectory()) { throw new VOMSError(String.format(errorTemplate, "not a directory")); } if (!f.canRead()) throw new VOMSError(String.format(errorTemplate, "not readable")); } private void initCertChainValidator(ProxyInitParams params) { if (certChainValidator == null) { String trustAnchorsDir = DefaultVOMSValidator.DEFAULT_TRUST_ANCHORS_DIR; if (System.getenv(VOMSEnvironmentVariables.X509_CERT_DIR) != null) trustAnchorsDir = System.getenv(VOMSEnvironmentVariables.X509_CERT_DIR); if (params.getTrustAnchorsDir() != null) trustAnchorsDir = params.getTrustAnchorsDir(); directorySanityChecks(trustAnchorsDir, "Invalid trust anchors location"); CertificateValidatorBuilder builder = new CertificateValidatorBuilder(); certChainValidator = builder.trustAnchorsDir(trustAnchorsDir) .storeUpdateListener(storeUpdateListener) .lazyAnchorsLoading(true) .validationErrorListener(certChainValidationErrorListener) .build(); } } private VOMSACValidator initVOMSValidator(ProxyInitParams params) { if (vomsValidator != null) { return vomsValidator; } String vomsdir = DefaultVOMSTrustStore.DEFAULT_VOMS_DIR; if (System.getenv(VOMSEnvironmentVariables.X509_VOMS_DIR) != null) vomsdir = System.getenv(VOMSEnvironmentVariables.X509_VOMS_DIR); if (params.getVomsdir() != null) vomsdir = params.getVomsdir(); directorySanityChecks(vomsdir, "Invalid vomsdir location"); VOMSTrustStore trustStore = new DefaultVOMSTrustStore(Arrays.asList(vomsdir), vomsTrustStoreListener); vomsValidator = VOMSValidators.newValidator(trustStore, certChainValidator, validationResultListener); return vomsValidator; } private void verifyACs(ProxyInitParams params, List acs) { VOMSACValidator acValidator = initVOMSValidator(params); acValidator.validateACs(acs); } // Why we have to do this nonsense? private ProxyType extendedProxyTypeAsProxyType(ExtendedProxyType pt) { switch (pt) { case DRAFT_RFC: return ProxyType.DRAFT_RFC; case LEGACY: return ProxyType.LEGACY; case RFC3820: return ProxyType.RFC3820; default: return null; } } private void ensureProxyTypeIsCompatibleWithIssuingCredential(ProxyCertificateOptions options, X509Credential issuingCredential, List proxyCreationWarnings) { if (ProxyUtils.isProxy(issuingCredential.getCertificateChain())) { ProxyType issuingProxyType = extendedProxyTypeAsProxyType( ProxyHelper.getProxyType(issuingCredential.getCertificateChain()[0])); if (!issuingProxyType.equals(options.getType())) { proxyCreationWarnings.add("forced " + issuingProxyType.name() + " proxy type to be compatible with the type of the issuing proxy."); options.setType(issuingProxyType); } try { boolean issuingProxyIsLimited = ProxyHelper.isLimited(issuingCredential.getCertificateChain()[0]); if (issuingProxyIsLimited && !options.isLimited()) { proxyCreationWarnings.add( "forced the creation of a limited proxy to be compatible with the type of the issuing proxy."); limitProxy(options); } } catch (IOException e) { throw new VOMSError(e.getMessage(), e); } } } private void checkMixedProxyChain(X509Credential issuingCredential) { if (ProxyUtils.isProxy(issuingCredential.getCertificateChain())) { ProxyChainInfo ci; try { ci = new ProxyChainInfo(issuingCredential.getCertificateChain()); if (ci.getProxyType() .equals(ProxyChainType.MIXED)) throw new VOMSError( "Cannot generate a proxy certificate starting from a mixed type proxy chain."); } catch (CertificateException e) { throw new VOMSError(e.getMessage(), e); } } } private void ensureProxyLifetimeIsConsistentWithIssuingCredential(ProxyCertificateOptions options, X509Credential issuingCredential, List proxyCreationWarnings) { Calendar cal = Calendar.getInstance(); Date proxyStartTime = cal.getTime(); cal.add(Calendar.SECOND, options.getLifetime()); Date proxyEndTime = cal.getTime(); Date issuingCredentialEndTime = issuingCredential.getCertificate().getNotAfter(); options.setValidityBounds(proxyStartTime, proxyEndTime); if (proxyEndTime.after(issuingCredentialEndTime)) { proxyCreationWarnings.add("proxy lifetime limited to issuing " + "credential lifetime."); options.setValidityBounds(proxyStartTime, issuingCredentialEndTime); } } private void limitProxy(ProxyCertificateOptions proxyOptions) { proxyOptions.setLimited(true); if (proxyOptions.getType().equals(ProxyType.RFC3820) || proxyOptions.getType().equals(ProxyType.DRAFT_RFC)) proxyOptions.setPolicy(new ProxyPolicy(ProxyPolicy.LIMITED_PROXY_OID)); } private void createProxy(ProxyInitParams params, X509Credential credential, List acs) { List proxyCreationWarnings = new ArrayList(); String proxyFilePath = VOMSProxyPathBuilder.buildProxyPath(); String envProxyPath = System.getenv(VOMSEnvironmentVariables.X509_USER_PROXY); if (envProxyPath != null) proxyFilePath = envProxyPath; if (params.getGeneratedProxyFile() != null) proxyFilePath = params.getGeneratedProxyFile(); ProxyCertificateOptions proxyOptions = new ProxyCertificateOptions(credential.getCertificateChain()); proxyOptions.setProxyPathLimit(params.getPathLenConstraint()); proxyOptions.setLimited(params.isLimited()); proxyOptions.setLifetime(params.getProxyLifetimeInSeconds()); proxyOptions.setType(params.getProxyType()); proxyOptions.setKeyLength(params.getKeySize()); if (params.isEnforcingChainIntegrity()) { checkMixedProxyChain(credential); ensureProxyTypeIsCompatibleWithIssuingCredential(proxyOptions, credential, proxyCreationWarnings); ensureProxyLifetimeIsConsistentWithIssuingCredential(proxyOptions, credential, proxyCreationWarnings); } if (params.isLimited()) limitProxy(proxyOptions); try { if (acs != null && !acs.isEmpty()) { proxyOptions.setAttributeCertificates(acs.toArray(new AttributeCertificate[acs.size()])); } ProxyCertificate proxy = ProxyGenerator.generate(proxyOptions, credential.getKey()); CredentialsUtils.saveProxyCredentials(proxyFilePath, proxy.getCredential()); proxyCreationListener.proxyCreated(proxyFilePath, proxy, proxyCreationWarnings); } catch (Throwable t) { throw new VOMSError("Error creating proxy certificate: " + t.getMessage(), t); } } protected List sortFQANsIfRequested(ProxyInitParams params, List unsortedFQANs) { if (params.getFqanOrder() != null && !params.getFqanOrder() .isEmpty()) { Set fqans = new LinkedHashSet(); for (String fqan : params.getFqanOrder()) { if (VOMSFQANNamingScheme.isGroup(fqan)) fqans.add(fqan); if (VOMSFQANNamingScheme.isQualifiedRole(fqan) && unsortedFQANs.contains(fqan)) fqans.add(fqan); } fqans.addAll(unsortedFQANs); return new ArrayList(fqans); } return unsortedFQANs; } protected VOMSESLookupStrategy getVOMSESLookupStrategyFromParams(ProxyInitParams params) { if (params.getVomsesLocations() != null && !params.getVomsesLocations().isEmpty()) return new BaseVOMSESLookupStrategy(params.getVomsesLocations()); else return new DefaultVOMSESLookupStrategy(); } protected List getAttributeCertificates(ProxyInitParams params, X509Credential cred, VOMSServerInfoStore serverInfoStore) { List vomsCommands = params.getVomsCommands(); if (vomsCommands == null || vomsCommands.isEmpty()) return Collections.emptyList(); Map> vomsCommandsMap = commandsParser.parseCommands(params.getVomsCommands()); List acs = new ArrayList(); for (String vo : vomsCommandsMap.keySet()) { List fqans = vomsCommandsMap.get(vo); VOMSACRequest request = new DefaultVOMSACRequest.Builder(vo).fqans(sortFQANsIfRequested(params, fqans)) .targets(params.getTargets()) .lifetime(params.getAcLifetimeInSeconds()) .build(); VOMSACService acService = new DefaultVOMSACService.Builder(certChainValidator).requestListener(requestListener) .serverInfoStore(serverInfoStore) .vomsesLookupStrategy(getVOMSESLookupStrategyFromParams(params)) .protocolListener(protocolListener) .connectTimeout((int) TimeUnit.SECONDS.toMillis(params.getTimeoutInSeconds())) .readTimeout((int) TimeUnit.SECONDS.toMillis(params.getTimeoutInSeconds())) .skipHostnameChecks(params.isSkipHostnameChecks()) .build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate(cred, request); if (ac != null) { acs.add(ac); } } if (!vomsCommandsMap.keySet().isEmpty() && acs.isEmpty()) throw new VOMSError("User's request for VOMS attributes could not be fulfilled."); return acs; } private LoadCredentialsStrategy strategyFromParams(ProxyInitParams params) { if (params.isNoRegen()) { return new LoadProxyCredential(loadCredentialsEventListener, params.getCertFile()); } if (params.getCertFile() != null && params.getKeyFile() == null) return new LoadUserCredential(loadCredentialsEventListener, params.getCertFile()); if (params.getCertFile() != null && params.getKeyFile() != null) return new LoadUserCredential(loadCredentialsEventListener, params.getCertFile(), params.getKeyFile()); return new DefaultLoadCredentialsStrategy( System.getProperty(DefaultLoadCredentialsStrategy.HOME_PROPERTY), DefaultLoadCredentialsStrategy.TMPDIR_PROPERTY, loadCredentialsEventListener); } private X509Credential lookupCredential(ProxyInitParams params) { PasswordSupplier pf = null; if (params.isReadPasswordFromStdin()) pf = PasswordFinders.getNoPromptInputStreamPasswordFinder(System.in, System.out); else pf = PasswordFinders.getDefault(); LoadCredentialsStrategy loadCredStrategy = strategyFromParams(params); return loadCredStrategy.loadCredentials(pf); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/FakeACResolver.java000066400000000000000000000027221477751234100307220ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.util.Arrays; import java.util.Collections; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.clients.ProxyInitParams; import org.italiangrid.voms.clients.strategies.ACResolverStrategy; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSServerInfoStore; import org.italiangrid.voms.request.impl.DefaultVOMSACRequest; import org.italiangrid.voms.request.impl.FakeVOMSACService; import eu.emi.security.authn.x509.X509Credential; public class FakeACResolver implements ACResolverStrategy { final FakeVOMSACService acService; public FakeACResolver(VOMSRequestListener listener) { acService = FakeVOMSACService.newInstanceFromProperties(listener); } @Override public List getVOMSACs(ProxyInitParams params, X509Credential userCredential, VOMSServerInfoStore serverInfoStore) { VOMSACRequest request = new DefaultVOMSACRequest.Builder(acService.getAcParams().getVo()) .build(); AttributeCertificate ac = acService.getVOMSAttributeCertificate(userCredential, request); if (ac == null) { return Collections.emptyList(); } return Arrays.asList(ac); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/InitListenerAdapter.java000066400000000000000000000024421477751234100320370ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import org.italiangrid.voms.ac.ValidationResultListener; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.request.VOMSProtocolListener; import org.italiangrid.voms.request.VOMSRequestListener; import org.italiangrid.voms.request.VOMSServerInfoStoreListener; import org.italiangrid.voms.store.VOMSTrustStoreStatusListener; import eu.emi.security.authn.x509.StoreUpdateListener; import eu.emi.security.authn.x509.ValidationErrorListener; /** * An adapter for CANL and VOMS API event listeners. * * @author andreaceccanti * */ public interface InitListenerAdapter extends ValidationResultListener, ProxyCreationListener, VOMSRequestListener, VOMSServerInfoStoreListener, LoadCredentialsEventListener, ValidationErrorListener, VOMSTrustStoreStatusListener, VOMSProtocolListener, StoreUpdateListener { /** * Returns true if a validation error was raised by * {@link ValidationErrorListener} or {@link ValidationResultListener}. * * @return true if validation errors were raised, * false otherwise */ public boolean hadValidationErrors(); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/LoadProxyCredential.java000066400000000000000000000023101477751234100320330ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import eu.emi.security.authn.x509.helpers.PasswordSupplier; import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy; import eu.emi.security.authn.x509.X509Credential; public class LoadProxyCredential extends AbstractLoadCredentialsStrategy { final String proxyFile; public LoadProxyCredential(LoadCredentialsEventListener listener, String proxyFile) { super(listener); this.proxyFile = proxyFile; } public LoadProxyCredential(LoadCredentialsEventListener listener) { this(listener, null); } @Override public X509Credential loadCredentials(PasswordSupplier passwordFinder) { if (proxyFile == null) { String envProxyPath = System.getenv(X509_USER_PROXY); if (envProxyPath != null) return loadProxyCredential(envProxyPath); return loadProxyCredential(VOMSProxyPathBuilder.buildProxyPath()); } return loadProxyCredential(proxyFile); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/LoadUserCredential.java000066400000000000000000000022731477751234100316400ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import eu.emi.security.authn.x509.helpers.PasswordSupplier; import org.italiangrid.voms.credential.LoadCredentialsEventListener; import org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy; import eu.emi.security.authn.x509.X509Credential; public class LoadUserCredential extends AbstractLoadCredentialsStrategy { String certFile; String keyFile; String pkcs12File; public LoadUserCredential(LoadCredentialsEventListener listener, String certFile, String keyFile) { super(listener); this.certFile = certFile; this.keyFile = keyFile; } public LoadUserCredential(LoadCredentialsEventListener listener, String pkcs12File) { super(listener); this.pkcs12File = pkcs12File; } @Override public X509Credential loadCredentials(PasswordSupplier passwordFinder) { if (pkcs12File != null) return loadPKCS12Credential(pkcs12File, passwordFinder); if (certFile != null && keyFile != null) return loadPEMCredential(keyFile, certFile, passwordFinder); return null; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/ProxyCreationListener.java000066400000000000000000000014521477751234100324410ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.util.List; import eu.emi.security.authn.x509.proxy.ProxyCertificate; /** * A listener which informs of succesfull creation of a VOMS proxy certificate * * @author andreaceccanti * */ public interface ProxyCreationListener { /** * Informs of the succesfull creation of a VOMS proxy certificate * * @param proxyPath * the file where the proxy has been saved * @param proxy * the {@link ProxyCertificate} * @param warnings * a list of warnings related to this proxy creation */ public void proxyCreated(String proxyPath, ProxyCertificate proxy, List warnings); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/ProxyDestroyListenerAdapter.java000066400000000000000000000010071477751234100336230ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; /** * Interface for events of the voms-proxy-destroy command. * * @author valerioventuri * */ public interface ProxyDestroyListenerAdapter { /** * * */ public void notifyProxyNotFound(); /** * @param proxyFile * the name of the proxy that is about to be removed */ public void warnProxyToRemove(String proxyFile); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/ProxyDestroyListenerHelper.java000066400000000000000000000015551477751234100334720ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import org.italiangrid.voms.clients.util.MessageLogger; /** * * * @author valerioventuri * */ public class ProxyDestroyListenerHelper implements ProxyDestroyListenerAdapter { /** * Message logger. * */ private MessageLogger logger; /** * * Constructor that takes the message logger. * * @param logger * the message logger. */ public ProxyDestroyListenerHelper(MessageLogger logger) { this.logger = logger; } @Override public void notifyProxyNotFound() { logger.info("\nProxy file doesn't exist or has bad permissions\n"); } @Override public void warnProxyToRemove(String proxyFile) { logger.info("Would remove %s", proxyFile); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/ProxyInfoListenerHelper.java000066400000000000000000000011471477751234100327310ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import org.italiangrid.voms.clients.util.MessageLogger; /** * Helper to manage messages related to a voms-proxy-info execution * * * @author Daniele Andreotti * */ public class ProxyInfoListenerHelper extends ProxyInitListenerHelper { private MessageLogger logger; public ProxyInfoListenerHelper(MessageLogger logger) { super(logger); } public void notifyProxyNotFound() { logger.error("\nProxy file doesn't exist\n"); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/ProxyInitListenerHelper.java000066400000000000000000000205401477751234100327370ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.impl; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.List; import org.italiangrid.voms.ac.VOMSValidationResult; import org.italiangrid.voms.clients.options.ProxyInitOptions; import org.italiangrid.voms.clients.util.MessageLogger; import org.italiangrid.voms.clients.util.MessageLogger.MessageLevel; import org.italiangrid.voms.clients.util.VOMSAttributesPrinter; import org.italiangrid.voms.credential.FilePermissionError; import org.italiangrid.voms.error.VOMSValidationErrorMessage; import org.italiangrid.voms.request.VOMSACRequest; import org.italiangrid.voms.request.VOMSErrorMessage; import org.italiangrid.voms.request.VOMSResponse; import org.italiangrid.voms.request.VOMSServerInfo; import org.italiangrid.voms.request.VOMSWarningMessage; import org.italiangrid.voms.store.LSCInfo; import eu.emi.security.authn.x509.ValidationError; import eu.emi.security.authn.x509.impl.X500NameUtils; import eu.emi.security.authn.x509.proxy.ProxyCertificate; /** * Helper to manage messages related to a voms-proxy-init execution * * @author andreaceccanti * */ public class ProxyInitListenerHelper implements InitListenerAdapter { MessageLogger logger; public enum WARNING_POLICY { printWarnings, failOnWarnings, ignoreWarnings } WARNING_POLICY warningPolicy = WARNING_POLICY.printWarnings; private boolean hadValidationErrors = false; public ProxyInitListenerHelper(MessageLogger logger) { this.logger = logger; } public ProxyInitListenerHelper(MessageLogger logger, WARNING_POLICY warnPolicy) { this.logger = logger; this.warningPolicy = warnPolicy; } @Override public void notifyVOMSRequestFailure(VOMSACRequest request, VOMSServerInfo endpoint, Throwable error) { if (endpoint != null) logger.error("Error contacting %s:%d for VO %s: %s\n", endpoint.getURL() .getHost(), endpoint.getURL().getPort(), endpoint.getVoName(), error .getMessage()); else logger .error( "None of the contacted servers for %s were capable of returning a valid AC for the user.\n", request.getVoName()); } @Override public void notifyVOMSRequestStart(VOMSACRequest request, VOMSServerInfo si) { logger.info("Contacting %s:%d [%s] \"%s\"...\n", si.getURL().getHost(), si .getURL().getPort(), si.getVOMSServerDN(), si.getVoName()); } @Override public void notifyVOMSRequestSuccess(VOMSACRequest request, VOMSServerInfo endpoint) { logger.info("Remote VOMS server contacted succesfully.\n"); } @Override public void notifyValidationResult(VOMSValidationResult result) { if (!result.isValid()) { hadValidationErrors = true; logger .error( "\nWARNING: VOMS AC validation for VO %s failed for the following reasons:\n", result.getAttributes().getVO()); for (VOMSValidationErrorMessage m : result.getValidationErrors()) logger.error(" %s\n", m.getMessage()); } else { logger.trace("VOMS AC validation for VO %s succeded.\n", result .getAttributes().getVO()); VOMSAttributesPrinter.printVOMSAttributes(logger, MessageLevel.TRACE, result.getAttributes()); } } @Override public void proxyCreated(String proxyPath, ProxyCertificate cert, List warnings) { if (!warnings.isEmpty()) for (String w : warnings) logger.warning("WARNING: %s\n", w); logger.info("\nCreated proxy in %s.\n\n", proxyPath); logger.info("Your proxy is valid until %s\n", cert.getCredential() .getCertificateChain()[0].getNotAfter()); } @Override public boolean onValidationError(ValidationError error) { hadValidationErrors = true; logger.warning("Certificate validation error: %s\n", error.getMessage()); return false; } @Override public void notifyCertficateLookupEvent(String dir) { logger.trace("Looking for VOMS AA certificates in %s...\n", dir); } @Override public void notifyCertificateLoadEvent(X509Certificate cert, File file) { String certSubject = X500NameUtils.getReadableForm(cert .getSubjectX500Principal()); logger.trace("Loaded VOMS AA certificate with subject %s from file %s\n", certSubject, file.getAbsolutePath()); } @Override public void notifyLSCLoadEvent(LSCInfo info, File file) { logger.trace("Loaded LSC information from file %s: %s\n", file.getAbsolutePath(), info.toString()); } @Override public void notifyLSCLookupEvent(String dir) { logger.trace("Looking for LSC information in %s...\n", dir); } @Override public void notifyCredentialLookup(String... locations) { logger.trace("Looking for user credentials in %s...\n", Arrays.toString(locations)); } @Override public void notifyLoadCredentialSuccess(String... locations) { logger.trace("Credentials loaded successfully %s\n", Arrays.toString(locations)); } @Override public void notifyLoadCredentialFailure(Throwable error, String... locations) { MessageLevel level = MessageLevel.TRACE; if (error instanceof FileNotFoundException) level = MessageLevel.TRACE; else if (error instanceof FilePermissionError || error instanceof KeyStoreException || error instanceof IOException) level = MessageLevel.ERROR; logger.formatMessage(level, "Credentials couldn't be loaded %s: %s\n", Arrays.toString(locations), error.getMessage()); } @Override public void notifyErrorsInVOMSReponse(VOMSACRequest request, VOMSServerInfo si, VOMSErrorMessage[] errors) { logger.error("VOMS server %s:%d returned the following errors:\n", si .getURL().getHost(), si.getURL().getPort()); for (VOMSErrorMessage e : errors) logger.error("%s\n", e.getMessage()); } @Override public void notifyWarningsInVOMSResponse(VOMSACRequest request, VOMSServerInfo si, VOMSWarningMessage[] warnings) { if (!warningPolicy.equals(WARNING_POLICY.ignoreWarnings)) { for (VOMSWarningMessage e : warnings) logger.warning("%s\n", e.getMessage()); if (warningPolicy.equals(WARNING_POLICY.failOnWarnings)) { logger.trace("Exiting as requested by the --%s option...\n", ProxyInitOptions.FAIL_ON_WARN.getLongOptionName()); System.exit(1); } } } @Override public void notifyNoValidVOMSESError(List searchedPaths) { logger.info("No valid VOMSES information found locally while looking in: " + searchedPaths); } @Override public void notifyVOMSESlookup(String vomsesPath) { logger.trace("Looking for VOMSES information in %s...\n", vomsesPath); } @Override public void notifyVOMSESInformationLoaded(String vomsesPath, VOMSServerInfo info) { if (vomsesPath != null) logger.trace("Loaded vomses information '%s' from %s.\n", info, vomsesPath); else logger.trace("Loaded vomses information '%s'\n", info); } @Override public void loadingNotification(String location, String type, Severity level, Exception cause) { if (location.startsWith("file:")) location = location.substring(5, location.length()); if (level.equals(Severity.ERROR)) { logger .error("Error for %s %s: %s.\n", type, location, cause.getMessage()); } else if (level.equals(Severity.WARNING)) { logger.trace("Warning for %s %s: %s.\n", type, location, cause.getMessage()); } else if (level.equals(Severity.NOTIFICATION)) { logger.trace("Loading %s %s.\n", type, location); } } @Override public void notifyHTTPRequest(String url) { logger.trace("Sent HTTP request for %s\n", url); } @Override public void notifyLegacyRequest(String xmlLegacyRequest) { if (logger.isLevelEnabled(MessageLevel.TRACE)) { logger.trace("Sent VOMS legacy request:\n"); logger.trace(xmlLegacyRequest); } } @Override public void notifyReceivedResponse(VOMSResponse r) { if (logger.isLevelEnabled(MessageLevel.TRACE)) { logger.trace("Received VOMS response:\n"); logger.trace(r.getXMLAsString()); } } @Override public boolean hadValidationErrors() { return hadValidationErrors; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/impl/package-info.java000066400000000000000000000003141477751234100304450ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 /** * */ /** * @author andreaceccanti * */ package org.italiangrid.voms.clients.impl;voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/000077500000000000000000000000001477751234100260125ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/CLIOption.java000066400000000000000000000004531477751234100304570ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; public interface CLIOption { public Option getOption(); public String getLongOptionName(); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/CLIOptionsBundle.java000066400000000000000000000021461477751234100317750ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import java.util.MissingResourceException; import java.util.ResourceBundle; import org.italiangrid.voms.clients.options.VOMSCLIOptionBuilder.BundleKey; public enum CLIOptionsBundle { common, proxyInit, proxyInfo, proxyDestroy; private CLIOptionsBundle() { String bundleName = VOMSCLIOptionBuilder.class.getPackage().getName() + "." + this.name() + "Options"; bundle = ResourceBundle.getBundle(bundleName); if (bundle == null) throw new IllegalStateException( "Cannot load VOMS CLI options: options bundle not found: " + bundleName); } private ResourceBundle bundle; public ResourceBundle getBundle() { return bundle; } public String getStringFromBundle(String longOpt, BundleKey key) { String returnValue = null; try { returnValue = getBundle().getString(longOpt + "." + key.name()); } catch (MissingResourceException e) { // Swallow exception } return returnValue; } }voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/CommonOptions.java000066400000000000000000000012031477751234100314550ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; public enum CommonOptions implements CLIOption { HELP("help"), USAGE("usage"), VERSION("version"), DEBUG("debug"), CONF("conf"); private Option option; private CommonOptions(String longOpt) { option = VOMSCLIOptionBuilder.buildOption(longOpt, CLIOptionsBundle.common); } @Override public Option getOption() { return option; } @Override public String getLongOptionName() { return option.getLongOpt(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/ProxyDestroyOptions.java000066400000000000000000000041411477751234100327240ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; /** * Enumeration representing the command-line options for the proxy destruction command. This enum * defines various options that can be used when executing the proxy destroy command. * *

* Each option is associated with an {@link Option} object built using the * {@link VOMSCLIOptionBuilder} utility. *

* *

* Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. *

* * @author Istituto Nazionale di Fisica Nucleare * @version 1.0 */ public enum ProxyDestroyOptions implements CLIOption { /** Help option, displays usage information. */ HELP("help"), /** Usage option, provides details on how to use the command. */ USAGE("usage"), /** Version option, displays version information. */ VERSION("version"), /** Debug option, enables debug mode for detailed logs. */ DEBUG("debug"), /** Quiet option, suppresses non-essential output. */ QUIET("quiet"), /** File option, specifies a proxy file to be destroyed. */ FILE("file"), /** Dry-run option, simulates the command without executing it. */ DRY("dry"), /** Configuration file option, specifies a configuration file. */ CONF("conf"); /** The Apache Commons CLI {@link Option} representation of the command-line option. */ private Option option; /** * Constructs a ProxyDestroyOptions enum with the specified long option name. * * @param longOpt the long option name */ private ProxyDestroyOptions(String longOpt) { option = VOMSCLIOptionBuilder.buildOption(longOpt, CLIOptionsBundle.proxyInfo); } /** * Returns the associated Apache Commons CLI {@link Option} object. * * @return the CLI option */ @Override public Option getOption() { return option; } /** * Returns the long option name of this command-line option. * * @return the long option name */ @Override public String getLongOptionName() { return option.getLongOpt(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/ProxyInfoOptions.java000066400000000000000000000023501477751234100321660ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; public enum ProxyInfoOptions implements CLIOption { PROXY_FILENAME("file"), PROXY_EXISTS("exists"), AC_EXISTS("acexists"), OPTIONS_FILE( "conf"), PRINT_CHAIN("chain"), PRINT_SUBJECT("subject"), PRINT_ISSUER( "issuer"), PRINT_IDENTITY("identity"), PRINT_TYPE("type"), PRINT_TIMELEFT( "timeleft"), PRINT_KEYSIZE("strength"), PRINT_ALL_OPTIONS("all"), PRINT_TEXT( "text"), PRINT_PROXY_PATH("path"), PRINT_VONAME("vo"), PRINT_FQAN("fqan"), PRINT_ACSUBJECT( "acsubject"), PRINT_ACISSUER("acissuer"), PRINT_ACTIMELEFT("actimeleft"), PRINT_ACSERIAL( "serial"), PRINT_SERVER_URI("uri"), PRINT_KEYUSAGE("keyusage"), PROXY_TIME_VALIDITY( "valid"), PROXY_HOURS_VALIDITY("hours"), PROXY_STRENGTH_VALIDITY("bits"); private Option option; private ProxyInfoOptions(String longOpt) { option = VOMSCLIOptionBuilder.buildOption(longOpt, CLIOptionsBundle.proxyInfo); } @Override public Option getOption() { return option; } @Override public String getLongOptionName() { return option.getLongOpt(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/ProxyInitOptions.java000066400000000000000000000026751477751234100322100ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; public enum ProxyInitOptions implements CLIOption { AC_LIFETIME("vomslife"), VALIDITY("valid"), CERT_LOCATION("cert"), ENABLE_STDIN_PWD("pwstdin"), FAIL_ON_WARN("failonwarn"), FQANS_ORDERING("order"), IGNORE_WARNINGS("ignorewarn"), KEY_SIZE("bits"), KEY_LOCATION("key"), LEGACY_PROXY("old"), LIMITED_PROXY("limited"), OPTIONS_FILE("conf"), PATHLEN_CONSTRAINT("path_length"), PROXY_LOCATION("out"), PROXY_LIFETIME_IN_HOURS("hours"), PROXY_NOREGEN("noregen"), PROXY_VERSION("proxyver"), QUIET_MODE("quiet"), RFC_PROXY("rfc"), SKIP_AC_VERIFICATION("dont_verify_ac"), TARGET_HOSTNAME("target"), TIMEOUT("timeout"), TRUSTED_CERT_LOCATION("certdir"), VERIFY_CERT("verify"), VOMS_COMMAND("voms"), VOMSDIR("vomsdir"), VOMSES_LOCATION("vomses"), SKIP_INTEGRITY_CHECKS("skip_chain_integrity_checks"), SKIP_HOSTNAME_CHECKS("skip_hostname_checks"), ENABLE_LEGACY_PROTOCOL("enable_legacy_protocol"); private Option option; private ProxyInitOptions(String longOpt) { option = VOMSCLIOptionBuilder.buildOption(longOpt, CLIOptionsBundle.proxyInit); } @Override public Option getOption() { return option; } @Override public String getLongOptionName() { return option.getLongOpt(); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/options/VOMSCLIOptionBuilder.java000066400000000000000000000017171477751234100324770ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.options; import org.apache.commons.cli.Option; public class VOMSCLIOptionBuilder { enum BundleKey { opt, description, hasArg, argDescription } public static Option buildOption(String longOpt, CLIOptionsBundle b) { String shortOpt = b.getStringFromBundle(longOpt, BundleKey.opt); String description = b.getStringFromBundle(longOpt, BundleKey.description); boolean hasArg = false; if (b.getStringFromBundle(longOpt, BundleKey.hasArg) != null) hasArg = Boolean.parseBoolean(b.getStringFromBundle(longOpt, BundleKey.hasArg)); String argDescription = b.getStringFromBundle(longOpt, BundleKey.argDescription); Option o = new Option(shortOpt, longOpt, hasArg, description); o.setArgName(argDescription); return o; } private VOMSCLIOptionBuilder() { } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/package-info.java000066400000000000000000000003071477751234100275060ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 /** * */ /** * @author andreaceccanti * */ package org.italiangrid.voms.clients;voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies/000077500000000000000000000000001477751234100264715ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies/ACResolverStrategy.java000066400000000000000000000011111477751234100330560ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.strategies; import java.util.List; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.italiangrid.voms.clients.ProxyInitParams; import org.italiangrid.voms.request.VOMSServerInfoStore; import eu.emi.security.authn.x509.X509Credential; public interface ACResolverStrategy { List getVOMSACs(ProxyInitParams params, X509Credential userCredential, VOMSServerInfoStore serverInfoStore); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies/ProxyInfoStrategy.java000066400000000000000000000007621477751234100330210ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.strategies; import org.italiangrid.voms.clients.ProxyInfoParams; public interface ProxyInfoStrategy { /** * Query a VOMS proxy as described by the {@link ProxyInfoParams} object passed * as argument. * * @param options * the options to query the proxy */ public void printProxyInfo(ProxyInfoParams options); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies/ProxyInitStrategy.java000066400000000000000000000011021477751234100330160ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.strategies; import org.italiangrid.voms.clients.ProxyInitParams; /** * The VOMS proxy init CLI * * @author andreaceccanti * */ public interface ProxyInitStrategy { /** * Creates a VOMS proxy as described by the {@link ProxyInitParams} object * passed as argument. * * @param options * the options that will drive the proxy creation */ public void initProxy(ProxyInitParams options); } VOMSCommandsParsingStrategy.java000066400000000000000000000005151477751234100345730ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.strategies; import java.util.List; import java.util.Map; public interface VOMSCommandsParsingStrategy { public Map> parseCommands(List commands); } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/strategies/package-info.java000066400000000000000000000003221477751234100316550ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 /** * */ /** * @author andreaceccanti * */ package org.italiangrid.voms.clients.strategies;voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/000077500000000000000000000000001477751234100252745ustar00rootroot00000000000000voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/ConsolePasswordFinder.java000066400000000000000000000014061477751234100324150ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.Console; import eu.emi.security.authn.x509.helpers.PasswordSupplier; import org.italiangrid.voms.VOMSError; /** * * @author andreaceccanti * */ public class ConsolePasswordFinder implements PasswordSupplier { private String promptMessage; public ConsolePasswordFinder(String prompt) { this.promptMessage = prompt; } public char[] getPassword() { Console console = System.console(); if (console == null) throw new VOMSError( "Error obtaining password from console: no console found for this JVM!"); return console.readPassword(promptMessage); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/EffectiveUserIdProvider.java000066400000000000000000000043031477751234100326660ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import org.italiangrid.voms.VOMSError; /** * A utility class that determines the effective user id of user running the JVM * process. * * @author andreaceccanti * */ public class EffectiveUserIdProvider { private static final String EUID_ENV_VAR = "EUID"; private static final String EUID_SYSTEM_PROPERTY = "effectiveUserId"; private static final String EUID_COMMAND = "id -u"; private static String getEUIDStringFromEnv() { return System.getenv(EUID_ENV_VAR); } private static String getEUIDStringFromSystemProperty() { return System.getProperty(EUID_SYSTEM_PROPERTY); } private static String getEUIDStringFromIdCommand() { String euidString = null; ProcessBuilder pb = new ProcessBuilder(EUID_COMMAND.split(" ")); try { Process p = pb.start(); int exitStatus = p.waitFor(); if (exitStatus != 0) throw new VOMSError( "Cannot resolve the user effective id: error invoking the '" + EUID_COMMAND + "' os command!"); BufferedReader r = new BufferedReader(new InputStreamReader( p.getInputStream())); euidString = r.readLine(); if (euidString == null) throw new VOMSError( "Cannot resolve the user effective id: nothing was found in '" + EUID_COMMAND + "' standard output!"); return euidString; } catch (IOException e) { throw new VOMSError("Cannot resolve the user effective id: " + e.getMessage(), e); } catch (InterruptedException e) { return null; } } public static int getEUID() { int euid = -1; String euidString = getEUIDStringFromEnv(); if (euidString == null) euidString = getEUIDStringFromSystemProperty(); if (euidString == null) euidString = getEUIDStringFromIdCommand(); if (euidString != null) { euid = Integer.parseInt(euidString); return euid; } throw new VOMSError("Cannot resolve the user effective id!"); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/InputStreamPasswordFinder.java000066400000000000000000000023461477751234100332720ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.io.PrintStream; import eu.emi.security.authn.x509.helpers.PasswordSupplier; import org.italiangrid.voms.VOMSError; public class InputStreamPasswordFinder implements PasswordSupplier { InputStream is; PrintStream os; String promptMessage; public InputStreamPasswordFinder(String prompt, InputStream is, OutputStream os) { this.promptMessage = prompt; this.is = is; this.os = new PrintStream(os); } public char[] getPassword() { try { if (promptMessage != null) { os.print(promptMessage); os.flush(); } BufferedReader reader = new BufferedReader(new InputStreamReader(is)); String passwordLine = reader.readLine(); if (passwordLine != null) return passwordLine.toCharArray(); return null; } catch (IOException e) { throw new VOMSError("Error reading password from input stream: " + e.getMessage(), e); } } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/MessageLogger.java000066400000000000000000000100701477751234100306610ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.PrintStream; import java.util.EnumSet; public class MessageLogger { public enum MessageLevel { TRACE, INFO, WARNING, ERROR } public static final EnumSet DEFAULT = EnumSet.range( MessageLevel.INFO, MessageLevel.ERROR); public static final EnumSet QUIET = EnumSet.of( MessageLevel.ERROR, MessageLevel.WARNING); public static final EnumSet VERBOSE = EnumSet .allOf(MessageLevel.class); private final EnumSet levelFilter; private final MessageLevel defaultMessageLevel; private final PrintStream outputStream; private final PrintStream errorStream; public MessageLogger(PrintStream out, PrintStream err, EnumSet filter, MessageLevel defaultLevel) { outputStream = out; errorStream = err; levelFilter = filter; defaultMessageLevel = defaultLevel; } public MessageLogger() { this(System.out, System.err, DEFAULT, MessageLevel.INFO); } public MessageLogger(EnumSet filter) { this(System.out, System.err, filter, MessageLevel.INFO); } public final void formatMessage(MessageLevel level, String fmt, Object... args) { PrintStream s = streamFromLevel(level); if (levelFilter.contains(level)) { if (args == null || args.length == 0) s.println(fmt); else s.format(fmt, args); } } private PrintStream streamFromLevel(MessageLevel level) { if (level.equals(MessageLevel.ERROR) || level.equals(MessageLevel.WARNING)) return errorStream; return outputStream; } private void formatMessage(MessageLevel level, String msg, Throwable t) { if (msg != null) { if (t.getMessage() != null) formatMessage(level, "%s - %s\n", msg, t.getMessage()); else formatMessage(level, "%s - %s\n", msg, t.getClass().getName()); } else { if (t.getMessage() != null) formatMessage(level, "%s\n", t.getMessage()); else formatMessage(level, "%s\n", t.getClass().getName()); } if (levelFilter.contains(MessageLevel.TRACE)) t.printStackTrace(streamFromLevel(level)); } public final void printMessage(MessageLevel level, String msg) { formatMessage(level, "%s\n", msg); } public final void formatMessage(String fmt, Object... args) { formatMessage(defaultMessageLevel, fmt, args); } public final void printMessage(String msg) { printMessage(defaultMessageLevel, msg); } public final void trace(String fmt, Object... args) { formatMessage(MessageLevel.TRACE, fmt, args); } public final void error(String msg, Throwable t) { formatMessage(MessageLevel.ERROR, msg, t); } public final void warning(String msg, Throwable t) { formatMessage(MessageLevel.WARNING, msg, t); } public final void info(String msg, Throwable t) { formatMessage(MessageLevel.INFO, msg, t); } public final void trace(String msg, Throwable t) { formatMessage(MessageLevel.TRACE, msg, t); } public final void error(String fmt, Object... args) { formatMessage(MessageLevel.ERROR, fmt, args); } public final void warning(String fmt, Object... args) { formatMessage(MessageLevel.WARNING, fmt, args); } public final void info(String fmt, Object... args) { formatMessage(MessageLevel.INFO, fmt, args); } public final void error(Throwable t) { formatMessage(MessageLevel.ERROR, null, t); } public final void warning(Throwable t) { formatMessage(MessageLevel.WARNING, null, t); } public final void info(Throwable t) { formatMessage(MessageLevel.INFO, null, t); } public final void trace(Throwable t) { formatMessage(MessageLevel.TRACE, null, t); } public PrintStream getOutputStream() { return outputStream; } public PrintStream getErrorStream() { return errorStream; } public boolean isLevelEnabled(MessageLevel l) { return levelFilter.contains(l); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/OpensslNameUtilities.java000066400000000000000000000020601477751234100322550ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import javax.security.auth.x500.X500Principal; import eu.emi.security.authn.x509.impl.OpensslNameUtils; import eu.emi.security.authn.x509.impl.X500NameUtils; /** * Utils to deal with OpenSSL ugly DNs * * @author cecco * */ public class OpensslNameUtilities { private OpensslNameUtilities() { } /** * Formats principal in the ugly, extremely non-standard and widely hated * OpenSSL, slash-separated format (which everyone on the Grid uses, btw...). * * @param principal * the principal for which the DN should be serialized * @return a string representing the principal in the terrible OpenSSL * slash-separated format */ public static final String getOpensslSubjectString(X500Principal principal) { String rfcReadableString = X500NameUtils.getReadableForm(principal); return OpensslNameUtils.convertFromRfc2253(rfcReadableString, false); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/OptionsFileLoader.java000066400000000000000000000031571477751234100315270ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.nio.charset.Charset; import java.util.ArrayList; import java.util.List; import java.util.StringTokenizer; import org.apache.commons.io.IOUtils; /** * Util class for loading options from a file. * * @author valerioventuri * */ public class OptionsFileLoader { /** * Load options from a file * * @param optionFileName * the file containing the options * @return a list of options */ public static List loadOptions(String optionFileName) { List args = new ArrayList(); File optionFile = new File(optionFileName); StringWriter stringWriter = new StringWriter(); try { InputStream inputStream = new FileInputStream(optionFile); IOUtils.copy(inputStream, stringWriter, Charset.defaultCharset()); } catch (FileNotFoundException e) { System.err.println("Error reading options file: " + e.getMessage()); System.exit(1); } catch (IOException e) { System.err.println("Error reading options file: " + e.getMessage()); System.exit(1); } String string = stringWriter.toString(); StringTokenizer stringTokenizer = new StringTokenizer(string); while (stringTokenizer.hasMoreTokens()) { args.add(stringTokenizer.nextToken()); } return args; } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/PasswordFinders.java000066400000000000000000000021071477751234100312540ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.io.InputStream; import java.io.OutputStream; import eu.emi.security.authn.x509.helpers.PasswordSupplier; public class PasswordFinders { public static final String PROMPT_MESSAGE = "Enter GRID pass phrase for this identity:"; public static PasswordSupplier getDefault() { if (System.console() != null) return new ConsolePasswordFinder(PROMPT_MESSAGE); return new InputStreamPasswordFinder(PROMPT_MESSAGE, System.in, System.out); } public static PasswordSupplier getConsolePasswordFinder() { return new ConsolePasswordFinder(PROMPT_MESSAGE); } public static PasswordSupplier getInputStreamPasswordFinder(InputStream is, OutputStream os) { return new InputStreamPasswordFinder(PROMPT_MESSAGE, is, os); } public static PasswordSupplier getNoPromptInputStreamPasswordFinder( InputStream is, OutputStream os) { return new InputStreamPasswordFinder(null, is, os); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/TimeUtils.java000066400000000000000000000056461477751234100300710ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import java.text.ParseException; import java.util.Date; import java.util.concurrent.TimeUnit; import org.italiangrid.voms.VOMSError; public class TimeUtils { private static int getTimeIntervalInSeconds(int hours, int minutes) { if (hours < 0) throw new VOMSError("Number of hours must be a positive integer."); if (minutes < 0) throw new VOMSError("Number of minutes must be a positive integer."); if (minutes > 59) throw new VOMSError("Number of minutes must be in the range 0-59."); long timeIntervalInSeconds = TimeUnit.HOURS.toSeconds(hours) + TimeUnit.MINUTES.toSeconds(minutes); if (timeIntervalInSeconds > Integer.MAX_VALUE) { String msg = String.format( "The requested lifetime is too long. The maximum value is %d hours.", TimeUnit.SECONDS.toHours(Integer.MAX_VALUE)); throw new VOMSError(msg); } return (int) timeIntervalInSeconds; } public static final int parseLifetimeInHours(String lifetimeString) throws ParseException { int hours = Integer.parseInt(lifetimeString); return getTimeIntervalInSeconds(hours, 0); } public static final int parseLifetimeInHoursAndMinutes( String acLifetimeProperty) throws ParseException { if (!acLifetimeProperty.contains(":")) throw new VOMSError("Illegal format for lifetime property."); String[] tokens = acLifetimeProperty.split(":"); int hours = Integer.parseInt(tokens[0]); int minutes = Integer.parseInt(tokens[1]); return getTimeIntervalInSeconds(hours, minutes); } /* * Returns time in the custom format HH:mm:ss (e.g.: a value of more than 24 * hours is allowed for the field HH ) */ public static final String getFormattedTime(long timeleft) { String formattedTime = null; if (timeleft <= 0) formattedTime = String.format("%02d:%02d:%02d", 0, 0, 0); else { final long hours = TimeUnit.MILLISECONDS.toHours(timeleft); final long minutes = TimeUnit.MILLISECONDS.toMinutes(timeleft - TimeUnit.HOURS.toMillis(hours)); final long seconds = TimeUnit.MILLISECONDS.toSeconds(timeleft - TimeUnit.HOURS.toMillis(hours) - TimeUnit.MINUTES.toMillis(minutes)); formattedTime = String.format("%02d:%02d:%02d", hours, minutes, seconds); } return formattedTime; } public static final long getTimeLeft(Date end) { Date now = new Date(); final long expireTime = end.getTime(); final long currentTime = now.getTime(); long timeleft = (expireTime - currentTime); if (timeleft <= 0) timeleft = 0; return timeleft; } public static final String getValidityAsString(Date endDate) { final long timeDiff = getTimeLeft(endDate); return getFormattedTime(timeDiff); } private TimeUtils() { } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/UsageProvider.java000066400000000000000000000013561477751234100307230ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Options; /** * Helper for displying usage in command line. * * * @author valerioventuri * */ public class UsageProvider { /** * Displays usage. * * @param cmdLineSyntax * the string that will be displayed on top of the usage message * @param options * the command options */ public static void displayUsage(String cmdLineSyntax, Options options) { HelpFormatter helpFormatter = new HelpFormatter(); helpFormatter.printHelp(cmdLineSyntax, options); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/VOMSAttributesPrinter.java000066400000000000000000000026221477751234100323400ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.VOMSGenericAttribute; public class VOMSAttributesPrinter { public static void printVOMSAttributes(MessageLogger logger, MessageLogger.MessageLevel level, VOMSAttribute attributes) { String validityString = TimeUtils.getValidityAsString(attributes .getNotAfter()); logger.formatMessage(level, "=== VO %s extension information ===\n", attributes.getVO()); logger.formatMessage(level, "VO : %s\n", attributes.getVO()); logger.formatMessage(level, "subject : %s\n", OpensslNameUtilities.getOpensslSubjectString(attributes.getHolder())); logger.formatMessage(level, "issuer : %s\n", OpensslNameUtilities.getOpensslSubjectString(attributes.getIssuer())); for (String fqan : attributes.getFQANs()) logger.formatMessage(level, "attribute : %s\n", fqan); for (VOMSGenericAttribute ga : attributes.getGenericAttributes()) logger.formatMessage(level, "attribute : %s = %s (%s)\n", ga.getName(), ga.getValue(), ga.getContext()); logger.formatMessage(level, "timeleft : %s\n", validityString); logger.formatMessage(level, "uri : %s:%d\n", attributes.getHost(), attributes.getPort()); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/VOMSProxyPathBuilder.java000066400000000000000000000011071477751234100321100ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients.util; import org.italiangrid.voms.credential.ProxyNamingPolicy; import org.italiangrid.voms.credential.impl.DefaultProxyPathBuilder; public class VOMSProxyPathBuilder { private static final String TMP_PATH = "/tmp"; public static String buildProxyPath() { ProxyNamingPolicy pathBuilder = new DefaultProxyPathBuilder(); return pathBuilder.buildProxyFileName(TMP_PATH, EffectiveUserIdProvider.getEUID()); } } voms-clients-3.3.5/src/main/java/org/italiangrid/voms/clients/util/VersionProvider.java000066400000000000000000000034661477751234100313100ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 /** * */ package org.italiangrid.voms.clients.util; import org.bouncycastle.cert.AttributeCertificateHolder; import org.bouncycastle.x509.X509CertificatePair; import org.italiangrid.voms.VOMSAttribute; import org.italiangrid.voms.clients.strategies.ProxyInitStrategy; import eu.emi.security.authn.x509.X509CertChainValidatorExt; /** * Util class for displaying version information. * * @author valerioventuri * */ public class VersionProvider { /** * Display version information. * * @param command * a command string */ public static void displayVersionInfo(String command) { String version = ProxyInitStrategy.class.getPackage() .getImplementationVersion(); if (version == null) { version = "N/A"; } System.out.format("%s v. %s (%s)\n", command, version, getAPIVersionString()); } public static String getAPIVersionString() { StringBuilder version = new StringBuilder(); final String vomsAPIVersion = VOMSAttribute.class.getPackage() .getImplementationVersion(); final String canlVersion = X509CertChainValidatorExt.class.getPackage() .getImplementationVersion(); final String bcVersion = X509CertificatePair.class.getPackage() .getImplementationVersion(); final String bcMailVersion = AttributeCertificateHolder.class.getPackage() .getImplementationVersion(); version.append(String.format("voms-api-java/%s canl/%s", vomsAPIVersion, canlVersion)); if (bcVersion != null) { version.append(String.format(" bcprov/%s", bcVersion)); } if (bcMailVersion != null) { version.append(String.format(" bcpkix/%s", bcMailVersion)); } return version.toString(); } } voms-clients-3.3.5/src/main/resources/000077500000000000000000000000001477751234100177055ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/000077500000000000000000000000001477751234100204745ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/000077500000000000000000000000001477751234100227635ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/000077500000000000000000000000001477751234100237475ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/000077500000000000000000000000001477751234100254105ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/options/000077500000000000000000000000001477751234100271035ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/options/commonOptions.properties000066400000000000000000000006621477751234100340710ustar00rootroot00000000000000# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 ## The debug option debug.description = Enables extra debug output ## The help option help.description = Displays helps and exits ## The usage option usage.description = Displays helps and exits ## The version option version.description = Displays versionproxyDestroyOptions.properties000066400000000000000000000015631477751234100352560ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/options# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 ## The conf option conf.opt = c conf.description = Loads options from file conf.hasArg = true conf.argDescription = file ## The debug option debug.opt = d debug.description = Enables extra debug output ## The dry option dry.description = Only go in dryrun mode ## The file option file.opt = f file.description = Specifies proxy file name file.hasArg = true file.argDescription = proxyfile ## The help option help.opt = h help.description = Displays usage ## The quiet option quiet.opt = q quiet.description = Quiet mode, minimal output ## The usage option usage.opt = u usage.description = Displays usage information ## The version option version.opt = v version.description = Displays versionproxyInfoOptions.properties000066400000000000000000000051501477751234100345140ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/options# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 ## The acexists option acexists.description = Returns 0 if AC exists corresponding to voname, 1 otherwise acexists.hasArg = true acexists.argDescription = voname ## The acissuer option acissuer.description = Prints the DN of AC issuer (certificate signer) ## The acsubject option acsubject.description = Prints the distinguished name (DN) of AC subject ## The actimeleft option actimeleft.description = Prints time (in seconds) until AC expires ## The all option all.description = All proxy options in a human readable format ## The bits option bits.opt = b bits.description = [option to -exists] strength requirement for proxy to be valid bits.hasArg = true bits.argDescription = B ## The chain option chain.description = Prints information about the whol proxy chain (CA excluded) ## The conf option conf.description = Read options from conf.hasArg = true conf.argDescription = file ## The exists option exists.opt = e exists.description = Returns 0 if valid proxy exists, 1 otherwise ## The file option file.description = Non standard location of new proxy cert file.hasArg = true file.argDescription = proxyfile ## The fqan option fqan.description = Prints attribute in FQAN format ## The hours option hours.description = [option to -exists] time requirement for proxy to be valid (deprecated, use -valid instead) hours.hasArg = true hours.argDescription = H ## The identity option identity.description = Prints the DN of the identity represented by the proxy ## The issuer option issuer.description = Prints the DN of proxy issuer (certificate signer) ## The keyusage option keyusage.opt = k keyusage.description = Prints content of KeyUsage extension ## The path option path.opt = p path.description = Prints the pathname of proxy file ## The serial option serial.description = Prints AC serial number ## The strength option strength.description = Key size (in bits) ## The subject option subject.description = Prints Distinguished name (DN) of proxy subject ## The text option text.description = Prints all of the certificate ## The timeleft option timeleft.description = Prints time (in seconds) until proxy expires ## The type option type.description = Prints the Type of proxy (full or limited) ## The uri option uri.description = Prints server URI ## The valid option valid.description = [option to -exists] time requirement for proxy to be valid valid.hasArg = true valid.argDescription = H:M ## The vo option vo.description = Prints the vo nameproxyInitOptions.properties000066400000000000000000000122431477751234100345250ustar00rootroot00000000000000voms-clients-3.3.5/src/main/resources/org/italiangrid/voms/clients/options# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014. # SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 ## The bits option bits.opt = b bits.description = Number of bits in key {512|1024|2048|4096} bits.hasArg = true bits.argDescription = num-bits ## The cert option cert.description = Nonstandard location of user certificate. This option can be used to specify a pem or pkcs12 certificate. cert.hasArg = true cert.argDescription = certfile ## The certdir option certdir.description = Non standard location of trusted cert dir certdir.hasArg = true certdir.argDescription = certdir ## The conf option conf.description = Read options from conf.hasArg = true conf.argDescription = file ## The dont_verify_ac option dont_verify_ac.description = Skips AC verification ## The failonwarn option failonwarn.opt = f failonwarn.description = Treat warnings as errors ## The hours option hours.description = Sets the generated proxy validity to hours (default:12). Note that this option only sets the lifetime of the generated proxy. Use -valid to set lifetime for both the proxy and the AC. hours.hasArg = true hours.argDescription = hours ## The ignorewarn option ignorewarn.description = Ignore warnings ## The key option key.opt = k key.description = Non standard location of user key key.hasArg = true key.argDescription = keyfile ## The limited option limited.description = Creates a limited proxy ## The noregen option noregen.opt = n noregen.description = Use an existing proxy certificate to obtain VOMS attributes and to sign the new generated proxy ## The old option old.description = Creates a legacy, GT2 compliant proxy (synonymous with '-proxyver 2') ## The order option order.description = The fqan specified with this option is set as the primary FQAN if present in the list of attributes returned by the server. Use this option more than once if you want to set the order for more than one FQAN. order.hasArg = true order.argDescription = fqan ## The out option out.description = Non standard location of the generated proxy certificate out.hasArg = true out.argDescription = proxyfile ## The path_length option path_length.description = Allow a chain of at most L proxies to be generated and signed from the proxy created by voms-proxy-init path_length.hasArg = true path_length.argDescription = L ## The proxyver option proxyver.description = Sets the type of proxy generated by VOMS proxy init. 2 stands for legacy proxy,3 for draft proxy, 4 for rfc proxy. Use -old or -rfc instead of this option. proxyver.hasArg = true proxyver.argDescription 2|3|4 ## The pwstdin option pwstdin.description = Reads private key passphrase from standard input ## The quiet option quiet.opt = q quiet.description = Quiet mode, minimal output ## The rfc option rfc.opt = r rfc.description = Creates an RFC 3820 compliant proxy (synonymous with '-proxyver 4') ## The skip_chain_integrity_check option skip_chain_integrity_checks.description = Skips checks that ensure that well-behaved proxy chains are produced (e.g. chains without mixed type proxies) ## The skip_hostname_checks option skip_hostname_checks.description = Disables HTTPS hostname verification. skip_hostname_checks.hasArg = false ## The target option target.description = Targets the AC against a specific hostname. Multiple targets can be expressed using this option multiple times. target.hasArg = true target.argDescription = hostname ## The timeout option timeout.description = Sets a timeout for connection to the remote VOMS server. This timeout only limits the connection phase. timeout.hasArg = true timeout.argDescription = seconds ## The valid option valid.description = Sets generated proxy and AC validity to h hours and m minutes (defaults to 12:00). Note that the VOMS server could shorten the validity of the issued AC depending on the server configuration. valid.hasArg = true valid.argDescription = h:m ## The verify option verify.description = Verifies the validity of the user certificate. ## The voms option voms.description = Specifies the VO for which the AC is requested. <:fqan> is optional,and is used to ask for specific attributes (e.g: --voms atlas:/atlas/Role=pilot). This option can be used multiple times to request multiple FQANs for different VOs. The order in which the option appears on the command line influence the order of the issued attributes. voms.hasArg = true voms.argDescription = voms<:fqan> ## The vomsdir option vomsdir.description = Sets the path where lsc and other local VOMS trust anchors will be looked for. vomsdir.hasArg = true vomsdir.argDescription = ## The vomses option vomses.description = Specifies the name of a VOMSES file from which VOMS server contact information is parsed. vomses.hasArg = true vomses.argDescription = vomses file ## The vomslife option vomslife.description = Sets the validity of the requested VOMS attribute certificate to h hours and m minutes (defaults to the value of the '-valid' option) vomslife.hasArg = true vomslife.argDescription = h:m ## The enable_legacy_protocol option enable_legacy_protocol.description = Enables VOMS XML legacy protocol (disabled by default). enable_legacy_protocol.hasArg = falsevoms-clients-3.3.5/src/test/000077500000000000000000000000001477751234100157265ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/000077500000000000000000000000001477751234100166475ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/org/000077500000000000000000000000001477751234100174365ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/org/italiangrid/000077500000000000000000000000001477751234100217255ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/org/italiangrid/voms/000077500000000000000000000000001477751234100227115ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/org/italiangrid/voms/clients/000077500000000000000000000000001477751234100243525ustar00rootroot00000000000000voms-clients-3.3.5/src/test/java/org/italiangrid/voms/clients/DefaultProxyDestroyBehaviourTest.java000066400000000000000000000043731477751234100337310ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import static org.junit.Assert.*; import java.io.File; import java.io.IOException; import org.italiangrid.voms.clients.impl.DefaultProxyDestroyBehaviour; import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder; import org.junit.Test; public class DefaultProxyDestroyBehaviourTest { /** * The object under test. */ DefaultProxyDestroyBehaviour defaultProxyDestroyBehaviour = new DefaultProxyDestroyBehaviour( null); /** * Tests that destroyProxy called with an empty arguments delete the proxy * certificate file. * * @throws IOException * when it can not create the file to be destroyed */ @Test public void test() throws IOException { DefaultProxyDestroyBehaviour behaviour = new DefaultProxyDestroyBehaviour( null); /* * make sure a file exists in /tmp/x509_u. It does not have to actually * contains a proxy certificate as destroy delete it anyway. */ File file = new File(VOMSProxyPathBuilder.buildProxyPath()); file.createNewFile(); ProxyDestroyParams params = new ProxyDestroyParams(); behaviour.destroyProxy(params); /* * check that /tmp/x509_u exists no longer. */ assertFalse(file.exists()); } /** * Tests that destroyProxy called passing an alternative proxy location in the * parameters, delete the proxy certificate file. * * @throws IOException * when it can not create the file to be destroyed */ @Test public void anotherTest() throws IOException { DefaultProxyDestroyBehaviour behaviour = new DefaultProxyDestroyBehaviour( null); /* * create the file that destroys is going to delete. It does not have to * actually contains a proxy certificate as destroy delete it anyway. */ String fileName = "/tmp/destroy_me"; File file = new File(fileName); file.createNewFile(); ProxyDestroyParams params = new ProxyDestroyParams(); params.setProxyFile(fileName); behaviour.destroyProxy(params); /* * check that /tmp/x509_u exists no longer. */ assertFalse(file.exists()); } } voms-clients-3.3.5/src/test/java/org/italiangrid/voms/clients/TestSimpleDateFormat.java000066400000000000000000000024301477751234100312540ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; import java.util.concurrent.TimeUnit; import org.junit.Assert; import org.junit.Test; public class TestSimpleDateFormat { @Test public void test() throws ParseException { SimpleDateFormat sdf = new SimpleDateFormat("hh:mm"); String[] correctValues = { "16:00", // 16 hours "4:00", // 4 hours "4:12", // 4 hours and 12 minutes "4:3" // 4 hours and 3 minutes }; long[] lengthInSeconds = { TimeUnit.HOURS.toSeconds(16), TimeUnit.HOURS.toSeconds(4), TimeUnit.HOURS.toSeconds(4) + TimeUnit.MINUTES.toSeconds(12), TimeUnit.HOURS.toSeconds(4) + TimeUnit.MINUTES.toSeconds(3) }; for (int i = 0; i < correctValues.length; i++) { Calendar c = Calendar.getInstance(); Date d = sdf.parse(correctValues[i]); c.setTime(d); long calculatedInterval = TimeUnit.HOURS.toSeconds(c .get(Calendar.HOUR_OF_DAY)) + TimeUnit.MINUTES.toSeconds(c.get(Calendar.MINUTE)); Assert.assertTrue(lengthInSeconds[i] == calculatedInterval); } } } voms-clients-3.3.5/src/test/java/org/italiangrid/voms/clients/TestVOMSCommandsParser.java000066400000000000000000000110251477751234100314770ustar00rootroot00000000000000// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare // // SPDX-License-Identifier: Apache-2.0 package org.italiangrid.voms.clients; import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Map; import org.italiangrid.voms.clients.impl.DefaultVOMSCommandsParser; import org.junit.Assert; import org.junit.Test; public class TestVOMSCommandsParser { @Test public void testEmpyCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Collections . emptyList()); Assert.assertTrue(map.isEmpty()); } @Test public void testNullCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(null); Assert.assertNull(map); } @Test public void testSingleVOCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser .parseCommands(Arrays.asList("atlas")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 1); Assert.assertNotNull(map.get("atlas")); Assert.assertTrue(map.get("atlas").isEmpty()); } @Test public void testSingleFQANCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Arrays .asList("atlas:/atlas/Role=production")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 1); Assert.assertNotNull(map.get("atlas")); Assert.assertFalse(map.get("atlas").isEmpty()); Assert.assertTrue(map.get("atlas").size() == 1); Assert.assertEquals("/atlas/Role=production", map.get("atlas").get(0)); } @Test public void testMultipleFQANsCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Arrays.asList( "atlas:/atlas/Role=production", "atlas:/atlas/Role=admin")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 1); Assert.assertNotNull(map.get("atlas")); Assert.assertFalse(map.get("atlas").isEmpty()); Assert.assertTrue(map.get("atlas").size() == 2); Assert.assertEquals("/atlas/Role=production", map.get("atlas").get(0)); Assert.assertEquals("/atlas/Role=admin", map.get("atlas").get(1)); } @Test public void testMultipleFQANsWithRepeatedVOCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Arrays.asList( "atlas:/atlas/Role=production", "atlas:/atlas/Role=admin", "atlas")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 1); Assert.assertNotNull(map.get("atlas")); Assert.assertFalse(map.get("atlas").isEmpty()); Assert.assertTrue(map.get("atlas").size() == 2); Assert.assertEquals("/atlas/Role=production", map.get("atlas").get(0)); Assert.assertEquals("/atlas/Role=admin", map.get("atlas").get(1)); } @Test public void testMultipleVOsCommandList() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Arrays.asList( "atlas:/atlas/Role=production", "atlas:/atlas/Role=admin", "cms", "cms:/cms/camaghe")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 2); Assert.assertNotNull(map.get("atlas")); Assert.assertFalse(map.get("atlas").isEmpty()); Assert.assertNotNull(map.get("cms")); Assert.assertFalse(map.get("cms").isEmpty()); Assert.assertTrue(map.get("atlas").size() == 2); Assert.assertEquals("/atlas/Role=production", map.get("atlas").get(0)); Assert.assertEquals("/atlas/Role=admin", map.get("atlas").get(1)); Assert.assertTrue(map.get("cms").size() == 1); Assert.assertEquals("/cms/camaghe", map.get("cms").get(0)); } @Test public void testSupportForLegacyAllCommand() { DefaultVOMSCommandsParser parser = new DefaultVOMSCommandsParser(); Map> map = parser.parseCommands(Arrays .asList("atlas:all")); Assert.assertNotNull(map); Assert.assertFalse(map.isEmpty()); Assert.assertTrue(map.size() == 1); Assert.assertNotNull(map.get("atlas")); Assert.assertTrue(map.get("atlas").isEmpty()); } } voms-clients-3.3.5/voms-clients.spec000066400000000000000000000123521477751234100174620ustar00rootroot00000000000000# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare # # SPDX-License-Identifier: Apache-2.0 # Remember to define the base_version and version_pom macros %{!?base_version: %global base_version 0.0.0} %{!?version_pom: %global version_pom 0.0.0} %global orig_name voms-clients Name: voms-clients-java Version: %{base_version} Release: 1%{?dist} Summary: The Virtual Organisation Membership Service command line clients Group: System Environment/Libraries License: Apache-2.0 URL: https://github.com/italiangrid/voms-clients BuildArch: noarch BuildRequires: maven-openjdk17 BuildRequires: jpackage-utils Requires: java-17-openjdk-headless Requires(post): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/update-alternatives Provides: voms-clients = %{version} Provides: voms-clients3 = %{version} Conflicts: voms-clients <= 2.0.11-1 %description The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides the command line clients for VOMS, voms-proxy-init, voms-proxy-destroy and voms-proxy-info. %package javadoc Summary: Javadoc for the VOMS Java command line clients Group: Documentation BuildArch: noarch Requires: %{name} = %{version} %description javadoc Virtual Organization Membership Service (VOMS) Java command line clients Documentation. %prep %build mvn %{?mvn_settings} -U -Dmaven.test.skip=true -Dvoms-clients.libs=%{_sharedstatedir}/%{name}/lib clean generate-resources package %install rm -rf %{buildroot} mkdir -p %{buildroot}%{_javadir} mkdir -p %{buildroot}%{_javadocdir}/%{name}-%{version_pom} mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/lib tar -C %{buildroot}%{_prefix} -xvzf target/%{orig_name}.tar.gz --strip 1 mv %{buildroot}%{_javadir}/%{orig_name}/*.jar %{buildroot}%{_sharedstatedir}/%{name}/lib ln -s %{_sharedstatedir}/%{name}/lib/%{orig_name}-%{pom_version}.jar %{buildroot}%{_javadir}/%{orig_name}.jar ln -s %{_sharedstatedir}/%{name}/lib/%{orig_name}-%{pom_version}.jar %{buildroot}%{_javadir}/%{name}.jar # Rename to voms-proxy-*3 to avoid clashes with old C clients mv %{buildroot}%{_bindir}/voms-proxy-init %{buildroot}%{_bindir}/voms-proxy-init3 mv %{buildroot}%{_bindir}/voms-proxy-info %{buildroot}%{_bindir}/voms-proxy-info3 mv %{buildroot}%{_bindir}/voms-proxy-destroy %{buildroot}%{_bindir}/voms-proxy-destroy3 # Rename manpages mv %{buildroot}%{_mandir}/man1/voms-proxy-init.1 %{buildroot}%{_mandir}/man1/voms-proxy-init3.1 mv %{buildroot}%{_mandir}/man1/voms-proxy-info.1 %{buildroot}%{_mandir}/man1/voms-proxy-info3.1 mv %{buildroot}%{_mandir}/man1/voms-proxy-destroy.1 %{buildroot}%{_mandir}/man1/voms-proxy-destroy3.1 # Needed by alternatives. See http://fedoraproject.org/wiki/Packaging:Alternatives touch %{buildroot}%{_bindir}/voms-proxy-init touch %{buildroot}%{_bindir}/voms-proxy-info touch %{buildroot}%{_bindir}/voms-proxy-destroy %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %ghost %{_bindir}/voms-proxy-init %ghost %{_bindir}/voms-proxy-info %ghost %{_bindir}/voms-proxy-destroy %{_bindir}/voms-proxy-init3 %{_bindir}/voms-proxy-info3 %{_bindir}/voms-proxy-destroy3 %{_mandir}/man1/voms-proxy-init3.1.gz %{_mandir}/man1/voms-proxy-info3.1.gz %{_mandir}/man1/voms-proxy-destroy3.1.gz %{_mandir}/man5/vomses.5.gz %{_mandir}/man5/vomsdir.5.gz %{_javadir}/%{name}.jar %{_javadir}/%{orig_name}.jar %dir %{_sharedstatedir}/%{name}/lib %{_sharedstatedir}/%{name}/lib/*.jar %pre if [ $1 -eq 2 ] ; then ## Package upgrade, cleanup embedded dependencies if [ -d "%{_sharedstatedir}/%{name}/lib" ]; then rm -f %{_sharedstatedir}/%{name}/lib/*.jar fi ## Remove scripts if not managed with alternatives (pre v. 3.0.5) for c in voms-proxy-init voms-proxy-info voms-proxy-destroy; do if [[ -x %{_bindir}/$c && ! -L %{_bindir}/$c ]]; then rm -f %{_bindir}/$c fi done fi %preun if [ $1 -eq 0 ] ; then rm -f %{_sharedstatedir}/%{name}/lib/*.jar rm -rf %{_sharedstatedir}/%{name} fi %post %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-init \ voms-proxy-init %{_bindir}/voms-proxy-init3 90 \ --slave %{_mandir}/man1/voms-proxy-init.1.gz voms-proxy-init-man %{_mandir}/man1/voms-proxy-init3.1.gz %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-info \ voms-proxy-info %{_bindir}/voms-proxy-info3 90 \ --slave %{_mandir}/man1/voms-proxy-info.1.gz voms-proxy-info-man %{_mandir}/man1/voms-proxy-info3.1.gz %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-destroy \ voms-proxy-destroy %{_bindir}/voms-proxy-destroy3 90 \ --slave %{_mandir}/man1/voms-proxy-destroy.1.gz voms-proxy-destroy-man %{_mandir}/man1/voms-proxy-destroy3.1.gz %postun if [ $1 -eq 0 ] ; then %{_sbindir}/update-alternatives --remove voms-proxy-init %{_bindir}/voms-proxy-init3 %{_sbindir}/update-alternatives --remove voms-proxy-info %{_bindir}/voms-proxy-info3 %{_sbindir}/update-alternatives --remove voms-proxy-destroy %{_bindir}/voms-proxy-destroy3 fi %changelog