eu.xtreemos.xosd.security.rca.client
Class RCAClient

java.lang.Object
  extended by eu.xtreemos.system.eventmachine.stage.AbstractStage
      extended by eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
          extended by eu.xtreemos.system.eventmachine.stage.Abstract2wayStage
              extended by eu.xtreemos.xosd.security.rca.client.RCAClient
All Implemented Interfaces:
eu.xtreemos.system.eventmachine.queue.IEventHandler, eu.xtreemos.system.eventmachine.stage.IStage

public class RCAClient
extends eu.xtreemos.system.eventmachine.stage.Abstract2wayStage

The service implementing the Resource Certification Authority client. This service runs on each node that is capable of providing services or resources to Virtual Organisations (VO). The service is the node's counterpart of the RCA server, providing a convenient way to store and access the local machine certificates, gather information on the resource (e.g. from the local ResourceMonitor service), and it also generates new public/private key pair, the former of which it then sends to the RCAServer for signing.

Author:
matej.artac@xlab.si

Nested Class Summary
 class RCAClient.RCAClientStorage
           
 
Field Summary
protected  RCAClientProcessor clientProcessor
           
protected  CRCAClientConfig config
           
protected  int keyLength
           
(package private) static org.apache.log4j.Logger logger
           
protected  ResourceDescriptorRecord myDescriptor
          The resource descriptor of the client's node.
 
Fields inherited from class eu.xtreemos.system.eventmachine.stage.Abstract2wayStage
context, counter, curContext, sink
 
Fields inherited from class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
queue
 
Fields inherited from class eu.xtreemos.system.eventmachine.stage.AbstractStage
handlerChain, handlerGroup, handlerThreads, name, running, serviceListeners
 
Constructor Summary
RCAClient()
           
 
Method Summary
 java.lang.Integer applyForRegistration()
          Obtain or reuse own resource details, and send them to RCA derver for resource registration application.
 java.lang.Boolean createDummyCertificate(ResourceID dummyResId, java.lang.String outputPath)
           
protected  java.lang.String getAttributeCertVOPath()
           
protected  java.lang.String getAttributes(java.security.cert.X509Certificate attribCert)
          Describe the attributes in the attribute in a human-readable form.
protected  java.lang.String getAttributes(org.bouncycastle.x509.X509V2AttributeCertificate attribCert)
          Describe the attributes in the attribute in a human-readable form.
 java.lang.String getHandledEventType()
           
 RCASignedResponse getMachineAttributeCertificate(java.lang.String vo)
          Retrieve the machine's attribute certificate.
 java.lang.String getMachineCertificateDetails()
          Opens the certificate currently stored locally and signed by RCA, and returns a string containing the details on the certificate.
 java.security.cert.X509Certificate getMachineIdentityCertificate()
          Retrieve the node's machine identity certificate.
 void handleEvent(java.lang.Object event)
           
 void init()
           
 java.lang.Integer initData()
          A maintenance call for initialising the RCA client.
protected  java.lang.String listServices(java.lang.String servicesDelimited)
           
 java.lang.Boolean processAttributeVOCertificate(RCASignedResponse certResponse)
           
 java.lang.Integer processInitalisationForApplication(java.lang.Integer value)
          Continue the execution from the applyForRegistration() call.
 java.lang.Boolean processInitialisationForAttribCert(java.lang.Integer val)
           
 java.lang.Boolean processInitialisationForRqNewCert(java.lang.Integer retval)
          Continue the execution from the requestNewCertificate().
 java.lang.Integer processMyDescriptor(java.util.ArrayList<ResourceDescriptorRecord> descrs)
           
 java.lang.Integer processMyDescriptorFailure(java.lang.Exception ex)
           
 java.lang.Integer processMyServices(java.util.ArrayList<java.lang.String> stages)
           
 java.lang.Integer processMyServicesFailure(java.lang.Exception ex)
           
 java.lang.Boolean processRequestCertificate(RCASignedResponse response)
          The callback that resumes the execution from requestNewCertificate() after the RCAServer's requestCertificate returns a value.
 java.lang.Boolean processRequestDummyCertificate(RCASignedResponse response)
           
 java.lang.Integer pushVOAttributeCertificate(RCASignedResponse certResponse)
          Lets the RCA Server service push one or more machine's VO attribute certificates that can be installed and used on the local node.
protected  org.bouncycastle.x509.X509V2AttributeCertificate readAttributeCert()
           
protected  java.security.cert.X509Certificate readAttributeCertExt()
           
protected  java.security.cert.X509Certificate readIdentityCert()
           
protected  java.security.cert.X509Certificate readVOAttributeCertExt(java.lang.String vo)
           
 java.lang.Integer removeVOAttributeCertificate(java.lang.String vo)
          Lets the RCA Server remove an attribute VO certificate, notifying the client about removal from the VO.
 java.lang.Boolean requestAttributeCertificate(java.lang.String vo)
          Requests the resource's attribute certificate providing credentials for the given VO from the RCA server.
 java.lang.Boolean requestNewCertificate()
          The method generates a new public and private key pair, then sends the public key for certification to the RCA server and obtains the signed attribute certificate.
 
Methods inherited from class eu.xtreemos.system.eventmachine.stage.Abstract2wayStage
getContext, removeContext, SendException, SendException, SendException, SendReply, SendReply, SendReply, setSink
 
Methods inherited from class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
dequeue, getSource
 
Methods inherited from class eu.xtreemos.system.eventmachine.stage.AbstractStage
addHandler, addHandler, addServiceListener, getName, getShortName, getThreadCount, notifyServiceInitialised, notifyServiceStarted, notifyServiceStopped, processEvent, removeHandler, removeServiceListener, setThreadCount, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

static org.apache.log4j.Logger logger

keyLength

protected int keyLength

config

protected CRCAClientConfig config

myDescriptor

protected ResourceDescriptorRecord myDescriptor
The resource descriptor of the client's node. Should be initialised during the start-up or during the first registration request at the very latest.


clientProcessor

protected RCAClientProcessor clientProcessor
Constructor Detail

RCAClient

public RCAClient()
Method Detail

getAttributes

protected java.lang.String getAttributes(java.security.cert.X509Certificate attribCert)
Describe the attributes in the attribute in a human-readable form. The attributes are in the extensions of the certificate.

Parameters:
attribCert - The certificate with the attributes in its extensions.
Returns:
A string containing the enumeration of the known attributes present in the certificate and their values.

getAttributes

protected java.lang.String getAttributes(org.bouncycastle.x509.X509V2AttributeCertificate attribCert)
Describe the attributes in the attribute in a human-readable form. The attributes are stored in the attribute certificate.

Parameters:
attribCert - The attribute certificate do describe.
Returns:
A string containing the enumeration of the known attributes present in the certificate and their values.

listServices

protected java.lang.String listServices(java.lang.String servicesDelimited)

getMachineCertificateDetails

public java.lang.String getMachineCertificateDetails()
                                              throws java.lang.Exception
Opens the certificate currently stored locally and signed by RCA, and returns a string containing the details on the certificate.

Returns:
The details on the currently stored and used certificate.
Throws:
java.lang.Exception - Thrown when the certificate reading produces an error, or the certificate files are in an invalid format.

getMachineIdentityCertificate

public java.security.cert.X509Certificate getMachineIdentityCertificate()
                                                                 throws java.lang.Exception
Retrieve the node's machine identity certificate.

Returns:
The certificate currently stored on the node and used by the machine to represent its identity.
Throws:
java.lang.Exception

getMachineAttributeCertificate

public RCASignedResponse getMachineAttributeCertificate(java.lang.String vo)
                                                 throws java.lang.Exception
Retrieve the machine's attribute certificate. The caller can select whether the attribute certificate to be retrieved is a general (non-VO) attribute certificate, or an attribute certificate related to the VO.

Parameters:
vo - The ID of the VO the call is to retrieve the attribute certificate of. Use null or an empty string to obtain the non-VO certificate.
Returns:
The storage of attribute certificates. It contains only one of the attribute certificates, depending on which one is currently installed on the node. If both types are installed, then the method selects the one that expires later. Returns null if the certificate is not available.
Throws:
java.lang.Exception

requestNewCertificate

public java.lang.Boolean requestNewCertificate()
                                        throws java.lang.Exception
The method generates a new public and private key pair, then sends the public key for certification to the RCA server and obtains the signed attribute certificate. It stores the certificates into the local truststore.

Returns:
True if the request was successful, or false otherwise.
Throws:
java.lang.Exception

processInitialisationForRqNewCert

public java.lang.Boolean processInitialisationForRqNewCert(java.lang.Integer retval)
                                                    throws java.lang.Exception
Continue the execution from the requestNewCertificate().

Parameters:
retval -
Returns:
Throws:
java.lang.Exception

processRequestCertificate

public java.lang.Boolean processRequestCertificate(RCASignedResponse response)
                                            throws java.lang.Exception
The callback that resumes the execution from requestNewCertificate() after the RCAServer's requestCertificate returns a value. The method stores the results into the trust store.

Parameters:
response - The result of the service call.
Returns:
True if the registration succeeds, and false otherwise.
Throws:
java.lang.Exception

createDummyCertificate

public java.lang.Boolean createDummyCertificate(ResourceID dummyResId,
                                                java.lang.String outputPath)
                                         throws java.lang.Exception
Throws:
java.lang.Exception

processRequestDummyCertificate

public java.lang.Boolean processRequestDummyCertificate(RCASignedResponse response)
                                                 throws java.lang.Exception
Throws:
java.lang.Exception

requestAttributeCertificate

public java.lang.Boolean requestAttributeCertificate(java.lang.String vo)
                                              throws java.lang.Exception
Requests the resource's attribute certificate providing credentials for the given VO from the RCA server. It also installs the new certificate if the request succeeds.

Parameters:
vo - The VO to request the machine's attribute certificate for.
Returns:
True if the request succeeded by obtaining the certificate from the RCA server, and installing it.
Throws:
java.lang.Exception

processInitialisationForAttribCert

public java.lang.Boolean processInitialisationForAttribCert(java.lang.Integer val)
                                                     throws java.lang.Exception
Throws:
java.lang.Exception

processAttributeVOCertificate

public java.lang.Boolean processAttributeVOCertificate(RCASignedResponse certResponse)
                                                throws java.io.FileNotFoundException,
                                                       java.io.IOException,
                                                       BadAttributeCertificateException
Throws:
java.io.FileNotFoundException
java.io.IOException
BadAttributeCertificateException

getHandledEventType

public java.lang.String getHandledEventType()
Specified by:
getHandledEventType in class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage

handleEvent

public void handleEvent(java.lang.Object event)
                 throws java.lang.Exception
Specified by:
handleEvent in interface eu.xtreemos.system.eventmachine.queue.IEventHandler
Specified by:
handleEvent in class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
Throws:
java.lang.Exception

applyForRegistration

public java.lang.Integer applyForRegistration()
                                       throws java.lang.Exception
Obtain or reuse own resource details, and send them to RCA derver for resource registration application.

Returns:
0 if the call was successful.
Throws:
java.lang.Exception

processInitalisationForApplication

public java.lang.Integer processInitalisationForApplication(java.lang.Integer value)
Continue the execution from the applyForRegistration() call. Here we assume the initialisation has been done, and proceed with the application for registration.

Parameters:
value -
Returns:

initData

public java.lang.Integer initData()
A maintenance call for initialising the RCA client. The RCA client needs to find out of the resource descriptor of the node running the RCA client. Please call this method once before using RCAClient.

Returns:
0 if the call was successful.

processMyDescriptor

public java.lang.Integer processMyDescriptor(java.util.ArrayList<ResourceDescriptorRecord> descrs)

processMyDescriptorFailure

public java.lang.Integer processMyDescriptorFailure(java.lang.Exception ex)

processMyServices

public java.lang.Integer processMyServices(java.util.ArrayList<java.lang.String> stages)

processMyServicesFailure

public java.lang.Integer processMyServicesFailure(java.lang.Exception ex)

pushVOAttributeCertificate

public java.lang.Integer pushVOAttributeCertificate(RCASignedResponse certResponse)
                                             throws java.lang.Exception
Lets the RCA Server service push one or more machine's VO attribute certificates that can be installed and used on the local node.

Parameters:
certResponse - The object containing the pushed certificate(s).
Returns:
0 if the call was successful.
Throws:
java.lang.Exception

removeVOAttributeCertificate

public java.lang.Integer removeVOAttributeCertificate(java.lang.String vo)
                                               throws java.lang.Exception
Lets the RCA Server remove an attribute VO certificate, notifying the client about removal from the VO.

Parameters:
vo - The name of a VO that the resource has been removed from.
Returns:
0 if the call was successful.
Throws:
java.lang.Exception

readIdentityCert

protected java.security.cert.X509Certificate readIdentityCert()
                                                       throws java.io.IOException
Throws:
java.io.IOException

readAttributeCertExt

protected java.security.cert.X509Certificate readAttributeCertExt()
                                                           throws java.io.IOException
Throws:
java.io.IOException

readAttributeCert

protected org.bouncycastle.x509.X509V2AttributeCertificate readAttributeCert()
                                                                      throws java.io.IOException
Throws:
java.io.IOException

readVOAttributeCertExt

protected java.security.cert.X509Certificate readVOAttributeCertExt(java.lang.String vo)
                                                             throws java.io.IOException
Throws:
java.io.IOException

getAttributeCertVOPath

protected java.lang.String getAttributeCertVOPath()

init

public void init()
Specified by:
init in interface eu.xtreemos.system.eventmachine.stage.IStage
Overrides:
init in class eu.xtreemos.system.eventmachine.stage.AbstractStage