[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: AW: AW: [geclipse-dev] CA certificate loading
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mathias,
for now here is way I deal with it, to know if a certificate dire is present and load the CA files (untested yet, just written....) :
public void initAuthentication() throws UserBadDataError, InternalProcessingError {
File caDir = new File("/etc/grid-security/certificates/");
try {
if( Security.getCertificateManager().getAllCertificates().isEmpty() )
if(caDir.exists())
loadCACertFromDir(caDir);
else
loadCECertFromURI(new URI("http://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/"));
} catch (URISyntaxException e) {
throw new InternalProcessingError(e);
}
IAuthenticationTokenDescription desc;
if(System.getenv().containsKey("X509_USER_PROXY")) {
File proxyFile = new File(System.getenv().get("X509_USER_PROXY"));
desc = new VomsProxyDescription( proxyFile );
} else desc = genDescriptionFromPreferences();
IAuthenticationToken proxy;
try {
proxy = AuthenticationTokenManager.getManager().createToken( desc );
if ( ! proxy.isValid() ) {
proxy.validate();
}
if ( ! proxy.isActive() ) {
proxy.setActive( true );
}
} catch (AuthenticationException e) {
throw new UserBadDataError(e);
}
AuthenticationTokenManager.getManager().setDefaultToken(proxy);
}
private void loadCACertFromDir(File caDir) throws InternalProcessingError {
try {
for(File caFile: caDir.listFiles()) {
if(caFile.isFile()) {
X509Certificate cert = X509Util.loadCertificate(new FileInputStream(caFile));
Security.getCertificateManager().addCertificate( cert, CertTrust.AlwaysTrusted );
}
}
} catch (CoreException e) {
throw new InternalProcessingError(e);
}
catch (IOException e) {
throw new InternalProcessingError(e);
}
}
How will look the new interface like?
guess:
Security.getCertificateManager().setCAdir( ...... path ...... );
cheers,
Romain
Stuempert, Mathias IWR a écrit :
> Hi Romain,
>
>> Is it possible to use the certificate directory that is already
> present on > the WN? Or should
>> we load the files from this directory in g-eclipse?
>
> In principle this should be possible with the outlined method. The
> certificate directory of a WN stores the certificates in the Globus
> format which is compatible with the g-Eclipse one. So changing the
> default certificate location for g-Eclipse to the WN default should
> work, in principle as I said :)
>
> I can add such a method in HEAD if you want to give it a try. I would
> then appreciate a quick feedback in order to be sure that this
> functionality is really working for you. If so we can include it in the
> next release, if not we can just remove it again.
>
> So if you give me a GO I will add things to HEAD.
>
> Cheers, Mathias
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkk9TOIACgkQbUN+hKKXqgsNWACgqoQ+qgtfp6iFECpGgQGy7206
tDcAni9CJC1B/WS5NAncIU5KSGtLq/nH
=PxNZ
-----END PGP SIGNATURE-----