DelegationUtil (Globus® Toolkit 4.0.7 Java API Docs for globus_wsrf_delegation_service

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.delegation
Class DelegationUtil

java.lang.Object
  org.globus.delegation.DelegationUtil

public class DelegationUtil
extends java.lang.Object

Field Summary
`private static org.globus.util.I18n`	`i18n`
`(package private) static org.apache.commons.logging.Log`	`logger`

Constructor Summary
`DelegationUtil()`

Method Summary
`static org.apache.axis.message.addressing.EndpointReferenceType`	`delegate(java.lang.String delegationServiceUrl, org.globus.gsi.GlobusCredential issuingCred, java.security.cert.X509Certificate certificate, boolean fullDelegation, ClientSecurityDescriptor desc)` Store the request token (delegated credential) on the delegation service.
`static org.apache.axis.message.addressing.EndpointReferenceType`	`delegate(java.lang.String delegationServiceUrl, org.globus.gsi.GlobusCredential issuingCred, java.security.cert.X509Certificate certificate, int lifetime, boolean fullDelegation, ClientSecurityDescriptor desc)` Store the request token (delegated credential) on the delegation service.
`static java.security.cert.X509Certificate[]`	`getCertificateChainRP(org.apache.axis.message.addressing.EndpointReferenceType epr, ClientSecurityDescriptor desc)` Retrieve certificate chain from resource property on Delegation Factory Service.
`static java.security.cert.X509Certificate[]`	`getCertificateChainRP(org.apache.axis.message.addressing.EndpointReferenceType epr, javax.xml.namespace.QName qName, java.lang.Class rpClass, ClientSecurityDescriptor desc)` Retrieve certificate chain from resource property on Delegation Factory Service.
`static DelegationResource`	`getDelegationResource(org.apache.axis.message.addressing.EndpointReferenceType epr)` Return the delegation resource referred to by EPR.
`private static org.apache.ws.security.message.token.PKIPathSecurity`	`getPKIToken(java.security.cert.X509Certificate[] certChain, boolean reverse)`
`static org.apache.ws.security.message.token.PKIPathSecurity`	`getServiceCertAsToken(java.lang.String servicePath, boolean useDefault)` Create a token containing service's public certificate (to expose as Resource Property)
`private static org.globus.gsi.GlobusCredential`	`getServiceCredential(java.lang.String servicePath, boolean useDefault)`
`static java.security.PrivateKey`	`getServicePrivateKey(java.lang.String servicePath, boolean useDefault)` Get private key of the service's credential
`static RequestSecurityTokenType`	`getTokenToDelegate(org.globus.gsi.GlobusCredential issuingCred, java.security.cert.X509Certificate certificate, int lifetime, boolean fullDelegation)` Create a new proxy with said lifetime, using the public key of certificate and signed by issuing credential.
`static RequestSecurityTokenType`	`getTokenToDelegate(java.security.cert.X509Certificate[] issuerCertificateChain, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, boolean fullDelegation)` Create a new proxy with said lifetime, signed by issuing credential.
`static void`	`refresh(org.globus.gsi.GlobusCredential issuingCred, java.security.cert.X509Certificate certToSign, int lifetime, boolean fullDelegation, ClientSecurityDescriptor desc, org.apache.axis.message.addressing.EndpointReferenceType epr)` Refresh credential referred to by EPR.
`static void`	`registerDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr, DelegationListener listener)` Register the listener object with deleagtion resource represented by EPR.
`static void`	`registerDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr, DelegationListener listener, javax.security.auth.Subject subject)`
`static void`	`removeDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr, java.lang.String listenerId)` Remove the listener object with said id on delegation resoruce represented by EPR.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

static org.apache.commons.logging.Log logger

i18n

private static org.globus.util.I18n i18n

Constructor Detail

DelegationUtil

public DelegationUtil()

Method Detail

getServiceCertAsToken

public static org.apache.ws.security.message.token.PKIPathSecurity getServiceCertAsToken(java.lang.String servicePath,
                                                                                         boolean useDefault)
                                                                                  throws DelegationException

Create a token containing service's public certificate (to expose as Resource Property)

Parameters:: servicePath - Service path name used to store properties in JNDI; useDefault - Indicates whether default credentials should be used if service is no configured with credential.
Returns:: A token with the certificate chain
Throws:: DelegationException

getServicePrivateKey

public static java.security.PrivateKey getServicePrivateKey(java.lang.String servicePath,
                                                            boolean useDefault)
                                                     throws DelegationException

Get private key of the service's credential

Parameters:: servicePath - Service path name used to store properties in JNDI; useDefault - Indicates whether default credentials should be used if service is no configured with credential.
Returns:: private key
Throws:: DelegationException

registerDelegationListener

public static void registerDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr,
                                              DelegationListener listener)
                                       throws DelegationException

Register the listener object with deleagtion resource represented by EPR. The delegation service must be running in same hosting environment.

Parameters:: epr - ERP of the delegated credential; listener - Listener object
Throws:: DelegationException

registerDelegationListener

public static void registerDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr,
                                              DelegationListener listener,
                                              javax.security.auth.Subject subject)
                                       throws DelegationException

Throws:: DelegationException

removeDelegationListener

public static void removeDelegationListener(org.apache.axis.message.addressing.EndpointReferenceType epr,
                                            java.lang.String listenerId)
                                     throws DelegationException

Remove the listener object with said id on delegation resoruce represented by EPR. The delegation service must be running in same hosting environment.

Parameters:: epr - ERP of the delagated credential; listenerId - Listener id
Throws:: DelegationException

getDelegationResource

public static DelegationResource getDelegationResource(org.apache.axis.message.addressing.EndpointReferenceType epr)
                                                throws DelegationException

Return the delegation resource referred to by EPR. The delegation service must be running in same hosting environment.

Parameters:: epr - ERP of the delagated credential
Throws:: DelegationException

getTokenToDelegate

public static RequestSecurityTokenType getTokenToDelegate(org.globus.gsi.GlobusCredential issuingCred,
                                                          java.security.cert.X509Certificate certificate,
                                                          int lifetime,
                                                          boolean fullDelegation)
                                                   throws DelegationException

Create a new proxy with said lifetime, using the public key of certificate and signed by issuing credential. Return the proxy as a security token.

Parameters:: issuingCred - Credential issuing the proxy; certificate - The public certificate of the new proxy; lifetime - Lifetime of the new proxy in seconds; fullDelegation - Indicates whether full delegation is required.
Returns:: RequestSecurityTokenType The new proxy as a security token.
Throws:: DelegationException
See Also:: getTokenToDelegate(X509Certificate[], PrivateKey, PublicKey, int, boolean)

getTokenToDelegate

public static RequestSecurityTokenType getTokenToDelegate(java.security.cert.X509Certificate[] issuerCertificateChain,
                                                          java.security.PrivateKey issuerKey,
                                                          java.security.PublicKey publicKey,
                                                          int lifetime,
                                                          boolean fullDelegation)
                                                   throws DelegationException

Create a new proxy with said lifetime, signed by issuing credential. Return the proxy as a security token.

Parameters:: issuerCertificateChain - First certificate in this chain is used as issuing certificate; issuerKey - New proxy will be signed with this key; publicKey - The public key of the new proxy; lifetime - Lifetime of the new proxy in seconds; fullDelegation - Indicates whether full delegation is required.
Returns:: RequestSecurityTokenType The new proxy as a security token.
Throws:: DelegationException

delegate

public static org.apache.axis.message.addressing.EndpointReferenceType delegate(java.lang.String delegationServiceUrl,
                                                                                org.globus.gsi.GlobusCredential issuingCred,
                                                                                java.security.cert.X509Certificate certificate,
                                                                                boolean fullDelegation,
                                                                                ClientSecurityDescriptor desc)
                                                                         throws DelegationException

Store the request token (delegated credential) on the delegation service. Lifetime defaults to lifetime of issuing credential.

Parameters:: delegationServiceUrl - Address of delegation service; issuingCred - Credential issuing the proxy; certificate - The public certificate of the new proxy; fullDelegation - Indicates whether full delegation is required.; desc - Client security descriptor with relevant security properties.
Throws:: DelegationException

delegate

public static org.apache.axis.message.addressing.EndpointReferenceType delegate(java.lang.String delegationServiceUrl,
                                                                                org.globus.gsi.GlobusCredential issuingCred,
                                                                                java.security.cert.X509Certificate certificate,
                                                                                int lifetime,
                                                                                boolean fullDelegation,
                                                                                ClientSecurityDescriptor desc)
                                                                         throws DelegationException

Store the request token (delegated credential) on the delegation service.

Parameters:: delegationServiceUrl - Address of delegation service; issuingCred - Credential issuing the proxy; certificate - The public certificate of the new proxy; lifetime - Lifetime of the new proxy in seconds; fullDelegation - Indicates whether full delegation is required.; desc - Client security descriptor with relevant security properties.
Throws:: DelegationException

refresh

public static void refresh(org.globus.gsi.GlobusCredential issuingCred,
                           java.security.cert.X509Certificate certToSign,
                           int lifetime,
                           boolean fullDelegation,
                           ClientSecurityDescriptor desc,
                           org.apache.axis.message.addressing.EndpointReferenceType epr)
                    throws DelegationException

Refresh credential referred to by EPR.

Parameters:: issuingCred - Credential issuing the proxy; certToSign - The public certificate of the new proxy; lifetime - Lifetime of the new proxy in seconds; fullDelegation - Indicates whether full delegation is required.; desc - Client security descriptor with relevant security properties.; epr - EPR referring to credential that needs to be replaced.
Throws:: DelegationException

getCertificateChainRP

public static java.security.cert.X509Certificate[] getCertificateChainRP(org.apache.axis.message.addressing.EndpointReferenceType epr,
                                                                         ClientSecurityDescriptor desc)
                                                                  throws DelegationException

Retrieve certificate chain from resource property on Delegation Factory Service.

Parameters:: epr - Endpoint reference to delegation factory service; desc - Client security descriptor with relevant security properties.
Returns:: X509Certificate[] Certificate chain contained in the token.
Throws:: DelegationException

getCertificateChainRP

public static java.security.cert.X509Certificate[] getCertificateChainRP(org.apache.axis.message.addressing.EndpointReferenceType epr,
                                                                         javax.xml.namespace.QName qName,
                                                                         java.lang.Class rpClass,
                                                                         ClientSecurityDescriptor desc)
                                                                  throws DelegationException

Retrieve certificate chain from resource property on Delegation Factory Service. The class it deserializes into should contain a BinarySecurity token.

Parameters:: epr - Endpoint reference to delegation factory service; qName - QName of the resource property; rpClass - Class to deserialize it as; desc - Client security descriptor with relevant security properties.
Returns:: X509Certificate[] Certificate chain contained in the token.
Throws:: DelegationException

getServiceCredential

private static org.globus.gsi.GlobusCredential getServiceCredential(java.lang.String servicePath,
                                                                    boolean useDefault)
                                                             throws DelegationException

Throws:: DelegationException

getPKIToken

private static org.apache.ws.security.message.token.PKIPathSecurity getPKIToken(java.security.cert.X509Certificate[] certChain,
                                                                                boolean reverse)
                                                                         throws DelegationException

Throws:: DelegationException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.delegation Class DelegationUtil

logger

i18n

DelegationUtil

getServiceCertAsToken

getServicePrivateKey

registerDelegationListener

registerDelegationListener

removeDelegationListener

getDelegationResource

getTokenToDelegate

getTokenToDelegate

delegate

delegate

refresh

getCertificateChainRP

getCertificateChainRP

getServiceCredential

getPKIToken

org.globus.delegation
Class DelegationUtil