Context attributes without files

Added by Hajnal Akos about 6 years ago

Dear Developers,

As far as I could understand, some of the context attributes (e.g., USERKEY, USERCERT, USERPROXY) are
required to be specifed as files (path in the local file system given).
(In most cases, these files are read when the context is added to the session, and then data kept in memory only
as byte[].)

Is it possible to set these attributes without using physical files? For example, can I give USERKEY, USERCERT, USERPROXY
as raw strings?

Thank you,
Akos Hajnal


Replies (4)

RE: Context attributes without files - Added by Reynaud Sylvain about 6 years ago

Hi Akos,

JSAGA does not have adaptors for generating a proxy with in-memory USERKEY and USERCERT objects.

However, its adaptors for globus, myproxy and voms support an attribute "UserProxyObject" that can be used instead of the attribute "UserProxy". The "UserProxyObject" attribute takes the proxy encoded in base 64.

Regards,
Sylvain

RE: Context attributes without files - Added by Hajnal Akos about 6 years ago

Dear Sylvain,

Is there an example available somewhere? Because simply replacing USERPROXY with UserProxyObject is not enough.

Use of UserProxyObject is supported in all the contexts where UserProxy needed, or only in MyProxy and VOMS (but not in Globus, for example)?

Thank you,
Akos Hajnal

PS.
Here is my naive trial to use UserProxyObject (some attributes are still missing):

import java.util.List;
import org.ogf.saga.context.Context;
import org.ogf.saga.context.ContextFactory;
import org.ogf.saga.namespace.NSDirectory;
import org.ogf.saga.namespace.NSFactory;
import org.ogf.saga.session.Session;
import org.ogf.saga.session.SessionFactory;
import org.ogf.saga.url.URL;
import org.ogf.saga.url.URLFactory;

public class UserProxyObject {

    public static void main(String[] args) {
        try {
            URL url = URLFactory.createURL("gsiftp://dpm.hpcc.sztaki.hu:2811");
            Session session = SessionFactory.createSession(false);
            Context ctx = ContextFactory.createContext("MyProxy");
            ctx.setAttribute(Context.SERVER, "myproxy.htcc.sztaki.hu");
            ctx.setAttribute(Context.USERVO, "test.vo.edges-grid.eu");
            //ctx.setAttribute(Context.USERPROXY, "D:/Temp/x509up_test"); // it works 
            ctx.setAttribute("UserProxyObject", "LS0tLS1CRUdJTiBDRVJU..."); // it does not, USERPROXY content in base64
            ctx.setAttribute(Context.CERTREPOSITORY, "D:/Temp/certificates/");
            session.addContext(ctx);
            NSDirectory dir = NSFactory.createNSDirectory(session, url);
            List <URL> dirContent = dir.list();
            dir.close();
            for (URL dirEntry: dirContent) {
                 if (dir.isEntry(dirEntry)) 
                     System.out.println(dirEntry.getPath());
            }
        } catch(Exception x) { x.printStackTrace(); }
    }
}

I get exception:

NoSuccess: IncorrectState: Missing attribute(s): ((*UserPass* LifeTime) | DelegationLifeTime | (<UserProxy> DelegationLifeTime) | _UserProxyObject:10800_ | <UserProxy:10800>)
    at fr.in2p3.jsaga.impl.session.SessionImpl.addContext(SessionImpl.java:67)
    at UserProxyObject.main(UserProxyObject.java:23)
Caused by: IncorrectState: Missing attribute(s): ((*UserPass* LifeTime) | DelegationLifeTime | (<UserProxy> DelegationLifeTime) | _UserProxyObject:10800_ | <UserProxy:10800>)
    at fr.in2p3.jsaga.impl.context.ContextImpl.createCredential(ContextImpl.java:277)
    at fr.in2p3.jsaga.impl.session.SessionImpl.addContext(SessionImpl.java:63)
    ... 1 more

RE: Context attributes without files - Added by Reynaud Sylvain about 6 years ago

Dear Akos,

We don't have any example for this. There is only one thing to know for being able to use it, and I forgot to tell it to you : the base 64 string must contain a serialized GSSCredential object.

// example code to get a GSSCredential object
File proxyFile = new File("C:\\Users\\sreynaud\\.jsaga\\tmp\\globus_cred.txt");
byte [] proxyBytes = new byte[(int) proxyFile.length()];
FileInputStream in = new FileInputStream(proxyFile);
in.read(proxyBytes);
in.close();
ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance();
GSSCredential cred = manager.createCredential(
                proxyBytes,
                ExtendedGSSCredential.IMPEXP_OPAQUE,
                GSSCredential.DEFAULT_LIFETIME,
                null, // use default mechanism: GSI
                GSSCredential.INITIATE_AND_ACCEPT);

// code to pass the GSSCredential object to JSAGA
ctx.setAttribute("UserProxyObject", fr.in2p3.jsaga.adaptor.security.impl.InMemoryProxySecurityCredential.toBase64(cred));

This code should work with all contexts where UserProxy is needed, but for "MyProxy" you will need to download the latest snapshot because there was a bug that I have just fixed.

Regards,
Sylvain

RE: Context attributes without files - Added by Hajnal Akos about 6 years ago

Dear Sylvain,

Your code above works fine, so in this way physical files for proxys can be avoided.

Thank you,
Akos Hajnal

(1-4/4)