The Java CoG Kit 1.1 contains a totally new security library. Since the new library uses different API this version of CoG is not backwards compatible with previous versions.
First, why the new library?
- The old security library was based on a commercial SSL library
- The old security library was socket-oriented (it was difficult to write non-socket based security modules e.g. for ftp, mds, etc.)
- The old security library API was not designed to work with multiple security protocols, represent different types of credentials, etc.
What has changed:
- GSS abstractions are used through out the code instead of the old security API (e.g. before setCredential(org.globus.security.GlobusProxy) and now setCredential(org.ietf.jgss.GSSCredential))
- All the security classes in the org.globus.security package and all sub-packages (except org.globus.security.gridmap package) are now deprecated.
- grid-proxy-init
by default generates GSI-3 style proxies that are not compatible with older
GT and CoG versions. To generate the old style proxy add "-old" argument
to the command line.
To get default (user proxy) credentials:
Before:
Now (recommended):GlobusProxy cred = GlobusProxy.getDefaultUserProxy();
ExtendedGSSManager manager = (ExtendedGSSManager)ExtendedGSSManager.getInstance();
GSSCredential cred = manager.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
Please note that by default if you don't set the credentials explicitly on a library (or pass null in place of GSSCredential) the default user credentials (proxy) will automatically be used.
To save credentials:
Before:
Now (recommended - using GSS Extensions API):GlobusProxy cred = ...
FileOutputStream out = new FileOutputStream("file");
cred.save(out);
out.close();
To load user proxy from a file:ExtendedGSSCredential cred = ...
byte [] data = cred.export(ExtendedGSSCredential.IMPEXP_OPAQUE);
FileOutputStream out = new FileOutputStream("file");
out.write(data);
out.close();
Before
FileInputStream in = new FileInputStream("file");
GlobusProxy cred = GlobusProxy.load(in, null);
in.close();
Now (recommended - using GSS Extensions API):
To get remaining lifetime of the credential:File f = new File("file");
byte [] data = new byte[(int)f.length()];
FileInputStream in = new FileInputStream(f);
// read in the credential data
in.read(data);
in.close();ExtendedGSSManager manager = (ExtendedGSSManager)ExtendedGSSManager.getInstance();
GSSCredential cred =
manager.createCredential(data,
ExtendedGSSCredential.IMPEXP_OPAQUE,
GSSCredential.DEFAULT_LIFETIME,
null, // use default mechanism - GSI
GSSCredential.INITIATE_AND_ACCEPT);
Before:
Now (recommended):GlobusProxy cred = ...
int time = cred.getTimeLeft();
GSSCredential cred = ...
int time = cred.getRemainingLifetime();
To get the identity of the credential (in Globus format):
Before:
Now (recommended):GlobusProxy cred = ...
String identity = CertUtil.toGlobusID(cred.getSubject());
GSSCredential cred = ...
String identity = cred.getName().toString();
GlobusCredential/GSSCredential conversion:
To convert org.globus.gsi.GlobusCredential to GSSCredential instance (in cases where you need to work with GlobusCredential object directly) you must first wrap it in org.globus.gsi.gssapi.GlobusGSSCredentialImpl class:
It is also possible to retrieve the org.globus.gsi.GlobusCredential object from the GSSCredential instance if it is of the right type:GlobusCredential cred = ...
GSSCredential gssCred = new GlobusGSSCredentialImpl(cred, GSSCredential.INITIATE_AND_ACCEPT);
GSSCredential cred = ...
if (GSSCredential instanceof GlobusGSSCredentialImpl) {
GlobusCredential globusCred = ((GlobusGSSCredentialImpl)cred).getGlobusCredential();
...
}