Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: AW: AW: [geclipse-dev] CA certificate loading 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mathias,

for now here is way I deal with it, to know if a certificate dire is present and load the CA files (untested yet, just written....) :


	public void initAuthentication() throws UserBadDataError, InternalProcessingError {
		File caDir = new File("/etc/grid-security/certificates/");
		try {
			if(	Security.getCertificateManager().getAllCertificates().isEmpty() )
				if(caDir.exists())
					loadCACertFromDir(caDir);
				else 
					loadCECertFromURI(new URI("http://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/";));

		} catch (URISyntaxException e) {
			throw new InternalProcessingError(e);
		}

		IAuthenticationTokenDescription desc;

		if(System.getenv().containsKey("X509_USER_PROXY")) {
			File proxyFile = new File(System.getenv().get("X509_USER_PROXY"));
			desc = new VomsProxyDescription( proxyFile );
		} else	desc = genDescriptionFromPreferences();


		IAuthenticationToken proxy;
		try {
			proxy = AuthenticationTokenManager.getManager().createToken( desc );

			if ( ! proxy.isValid() ) {
				proxy.validate();
			}
			if ( ! proxy.isActive() ) {
				proxy.setActive( true );
			}

		} catch (AuthenticationException e) {
			throw new UserBadDataError(e);
		}

		AuthenticationTokenManager.getManager().setDefaultToken(proxy);
	}


	private void loadCACertFromDir(File caDir) throws InternalProcessingError {
		try {
			for(File caFile: caDir.listFiles()) {
				if(caFile.isFile()) {
					X509Certificate cert = X509Util.loadCertificate(new FileInputStream(caFile));

					Security.getCertificateManager().addCertificate( cert, CertTrust.AlwaysTrusted );

				}
			}
		} catch (CoreException e) {
			throw new InternalProcessingError(e);
		}
		catch (IOException e) {
			throw new InternalProcessingError(e);
		}

	}


How will look the new interface like?

guess:

Security.getCertificateManager().setCAdir( ...... path ...... );

cheers,
Romain



Stuempert, Mathias IWR a écrit :
> Hi Romain,
> 
>> Is it possible to use the certificate directory that is already
> present on > the WN? Or should
>> we load the files from this directory in g-eclipse?
> 
> In principle this should be possible with the outlined method. The
> certificate directory of a WN stores the certificates in the Globus
> format which is compatible with the g-Eclipse one. So changing the
> default certificate location for g-Eclipse to the WN default should
> work, in principle as I said :)
> 
> I can add such a method in HEAD if you want to give it a try. I would
> then appreciate a quick feedback in order to be sure that this
> functionality is really working for you. If so we can include it in the
> next release, if not we can just remove it again.
> 
> So if you give me a GO I will add things to HEAD.
> 
> Cheers, Mathias
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk9TOIACgkQbUN+hKKXqgsNWACgqoQ+qgtfp6iFECpGgQGy7206
tDcAni9CJC1B/WS5NAncIU5KSGtLq/nH
=PxNZ
-----END PGP SIGNATURE-----

Back to the top