SG Generating VOMS Proxy Using Java API

From EGEE-see WIki

Java implementation of VOMS-proxy-init

This short tutorial describes the process of generation of VOMS proxy certificate with calls to API in Java. Its aim is to give a short and comprehensible overview of what is needed to generate the VOMS proxy certificate using Java API. It takes a practical course in the form of a short explanations and examples of the whole process. This tutorial is based on Andrea Ceccanti implementation of voms-proxy-init java client. The main java library needed for this implementation is the package org.glite.security.voms and its sub-packages found in glite-security-voms.jar archive. Before we begin with the proxy generation we need to specify parameters for the proxy generation. This parameters are passed as System properties. In the following table are the system properties that we can specify:

Parameter	Value	Recommended value
X509_USER_CERT	Filename representing the user certificate .pem file	$(user.home)/.globus/usercert.pem
X509_USER_KEY	Filename representing the user key .pem file	$(user.home)/.globus/userkey.pem
PKCS12_USER_CERT	Filename representing the usercert .p12 file	$(user.home)/.globus/usercert.p12
PKCS12_USER_KEY_PASSWORD	The password for unlocing the PKCS12 user certificate	If ommited the privateKeyPassoword is used.
VOMSES_LOCATION	Directory where voms specification files are located (colon separated list of directories)	$GLITE_LOCATION/etc/vomses $(user.home)/.globus/vomses $(user.home)/.glite/vomses Are automatically added to the searchpath if they exist
VOMSDIR	Directory where voms certificates are located	If not specified /etc/grid-security/vomsdir is the default value
CADIR	Directory where CA certificates are located	If not specified /etc/grid-security/certificates is the default value Also it can be set to $(user.home)/.globus/certificates

Setting the mentioned variables is optional. If omitted the default values are used. In order for PKCS12 certificates to be used the X509 certificates should not be present. After we setup the parameters, the proxy generation begins with creation of org.glite.security.voms.contact.VomsProxyInit object providing a password for the opening of the user certificate. We call:

public static VOMSProxyInit instance(String privateKeyPassword)

After successful VOMSProxyInit object generation, we specify need to specify additional parameters for the proxy generation. In the following table are presented the available parameters and how to set them.

Parameter	Value	Method
Proxy output file	Standard location /tmp/x509up_u_$(user.name) or $(java.io.tmpdir)/x509up_u_$(user.name)	setProxyOutputFile(String)
Proxy type	VOMSProxyBuilder.GT2_PROXY or VOMSProxyBuilder.GT3_PROXY or VOMSProxyBuilder.GT4_PROXY	setProxyType(int)
Delegation type	GSIConstants.DELEGATION_NONE or GSIConstants.DELEGATION_LIMITED or GSIConstants.DELEGATION_FULL	setDelegationType( int )
VO/FQAN	HashMap with name value pairs where the name is the VO name, and the value is an object of type VOMSRequestOptions where we set the VO with the setVoName( String ) and the FQAN with the addFQAN( String )	After we specify wanted parameters (mainly proxy output and VO/FQAN) we call the getVomsProxy method from VOMSProxyInit object with the HashMap object that contains the VO/FQAN. The HashMap can contain several VO/FQAN definitions which will be used for obtaining the proxy in order they are provided.

The method getVomsProxy generates the proxy file as specified in the parameters.

The needed libraries for the VOMSProxyInit besides the glite-security-voms.jar are:

• bcprov.jar
• log4j.jar
• cog-jglobus.jar
• commons-lang.jar
• commons-cli.jar

There are conflicts with glite-security-voms.jar when using glite-security-utils.jar which should be located after glite-security-voms.jar in the classpath. The conflicting classes that are the ones contained in the package glite.security.voms in the glite-security-utils.jar that are of older version.

The needed archives are available here