Bug 5888 – Support for other types of KeyStores in GridProxyInit

Bug 5888 - Support for other types of KeyStores in GridProxyInit

Summary:

Support for other types of KeyStores in GridProxyInit

Status:	NEW

Product:	CoG jglobus
Component:	utils
Version:	unspecified
Platform:	All All

Importance:	P3 contribution
Target Milestone:	---
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-02-28 08:39 by Bruno Harbulot
Modified:	2008-02-28 12:19 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Bruno Harbulot 2008-02-28 08:39:10

Hello,

Currently, GridProxyInit can obtain keys and certificates from PEM files and
PKCS#11 devices.
I've written a patch to add support for other types of KeyStores, in particular
PKCS#12 files directly (which should be more convenient for many users who
don't want to convert their p12 file exported from a browser) and Apple OSX
Keychain (which allow Mac users to use the certificate from the Keychain
directly).

I'd like to contribute it to the CoG-jGlobus project.

Best wishes,

Bruno.

------- Comment #1 From Bruno Harbulot 2008-02-28 09:02:31 -------

(Since this bugzilla doesn't allow attaching patches, I've just sent the patch
by e-mail to the assignee.)

Some of the classes are under uk.ac.manchester, but we'd be happy to see them
integrated in org.globus. Please note, that some of the class names are
hard-coded in the code, as it was the case before the patch, so you would need
to update a couple of lines in org.globus.tools.proxy.GridProxyInit (only in
the KEYSTORE_MODELS array).

------- Comment #2 From Bruno Harbulot 2008-02-28 12:19:06 -------

By the way, I forgot to mention that the 'alias' selection doesn't work on the
Apple Keychain KeyStore: whatever you specify, it will always take the first
(and only) private key it finds, so if you have more than one private key
(associated to an X509 certificate) in your Keychain, it might not pick the one
you expect.
This is due to the Apple KeychainStore behaviour (provided by Apple in their
JVM). I reported it to Apple about 6 months ago, but I've had no news since.
Anyway, this should be useful to most Mac users who store only one certificate
in their Keychain.
The 'alias' selection should work with PKCS#12 files, although I haven't
extensively tried it. Again, by default (if the alias text-field is left
empty), it takes the first private key it finds in the p12 file.