Problems with generating proxy (JSAGA 0.9.17)

Added by Grabarczyk Tomasz over 5 years ago

Dear Developers

I am trying to switch form JSAGA 0.9.16 to 0.9.17, but I encountered some problems with voms proxy generation.

To generate voms proxy I use VOMSSecurityAdaptor:

VOMSSecurityAdaptor vomsAdaptor = new VOMSSecurityAdaptor();
vomsAdaptor.createSecurityCredential(GlobusSecurityAdaptor.USAGE_INIT_PEM, attributes, null);

With following attributes:

Context.CERTREPOSITORY
Context.USERCERT
Context.USERKEY
Context.SERVER
Context.USERVO
Context.USERPASS
Context.LIFETIME
VOMSContext.VOMSDIR 
VOMSContext.PROXYTYPE ("old")
GlobusContext.DELEGATION ("full")

And I receive exception:

Caused by: NoSuccess: org.italiangrid.voms.VOMSError: Error creating proxy certificate: BasicConstraints
    at fr.in2p3.jsaga.adaptor.security.VOMSSecurityAdaptor.createSecurityCredential(VOMSSecurityAdaptor.java:242)
    at pl.cyfronet.insilicolab.server.scripting.integration.proxy.ProxyHelper.createVomsProxy(ProxyHelper.java:366)
    ... 25 more
Caused by: org.italiangrid.voms.VOMSError: Error creating proxy certificate: BasicConstraints
    at fr.in2p3.jsaga.adaptor.security.JSAGAVOMSProxyInitBehaviour.createProxy(JSAGAVOMSProxyInitBehaviour.java:408)
    at fr.in2p3.jsaga.adaptor.security.JSAGAVOMSProxyInitBehaviour.initProxy(JSAGAVOMSProxyInitBehaviour.java:189)
    at fr.in2p3.jsaga.adaptor.security.VOMSSecurityAdaptor.createSecurityCredential(VOMSSecurityAdaptor.java:210)
    ... 26 more
Caused by: java.lang.NoSuchFieldError: BasicConstraints
    at org.globus.gsi.bc.BouncyCastleUtil.getCertificateType(BouncyCastleUtil.java:298)
    at org.globus.gsi.bc.BouncyCastleUtil.getCertificateType(BouncyCastleUtil.java:220)
    at org.globus.gsi.bc.BouncyCastleUtil.getIdentityCertificate(BouncyCastleUtil.java:516)
    at org.globus.gsi.bc.BouncyCastleUtil.getIdentity(BouncyCastleUtil.java:496)
    at org.globus.gsi.X509Credential.getIdentity(X509Credential.java:376)
    at org.globus.gsi.gssapi.GlobusGSSCredentialImpl.<init>(GlobusGSSCredentialImpl.java:71)
    at fr.in2p3.jsaga.adaptor.security.VOMSProxyListener.proxyCreated(VOMSProxyListener.java:43)
    at fr.in2p3.jsaga.adaptor.security.JSAGAVOMSProxyInitBehaviour.createProxy(JSAGAVOMSProxyInitBehaviour.java:404)

I am not sure what this exception means. Could you help me with this problem?

In case it helps, here is also the output I receive:

646  [14/01/09 08:54:22,278] ERROR VOMSProxyListener  - Looking for credential in : [ <userkey.pem path> , <usercert.pem path> ]
1685 [14/01/09 08:54:23,317] INFO  VOMSProxyListener  - Loaded credential : 
     -locations: [ <userkey.pem path> , <usercert.pem path> ]
4140 [14/01/09 08:54:25,772] INFO  VOMSProxyListener  - VOMS Request Success : 
    - req:[]
    - endpoint: VOMSServerInfo [alias=null, voName=vo.plgrid.pl, URL=voms://voms.cyf-kr.edu.pl:15004/C=PL/O=GRID/O=Cyfronet/CN=voms.cyf-kr.edu.pl, vomsServerDN=/C=PL/O=GRID/O=Cyfronet/CN=voms.cyf-kr.edu.pl]
4268 [14/01/09 08:54:25,900] INFO  VOMSProxyListener  - VOMSValidation results: true

(<usercert.pem path> and <userkey.pem path> denote paths to the certificate and key)

Thanks in advance for your support.

Regards,
Tomasz


Replies (1)

RE: Problems with generating proxy (JSAGA 0.9.17) - Added by Schwarz Lionel over 5 years ago

Hi Tomasz,
At first glance, I have no idea what this BC error means. The VOMS validation seems fine but there is an issue later on with your certificate in the BC layer.

Anyway, the most important thing I want to tell you is that JSAGA adaptors have not been designed to be used directly by users. Using adaptors in your code prevents the JSAGA engine to work properly. Why do you need to have access to the VOMSSecurityAdaptor object?

You have to use the SAGA API documented here:
http://software.in2p3.fr/jsaga-dev/saga-apidocs/index.html

Contact me if you need more information.

Regards
Lionel

(1-1/1)