> There is a service side scenario on that page and I am pasting it below.
> This is how you would get credentials and the update to the credentials on
> refresh at the service end.
ah, okay, so:
> static void registerDelegationListener(EndpointReferenceType epr,
> DelegationRefreshListener listener)This method provides the same
> functionality as the previous one, except that the subject object is picked
> up from the property org.globus.wsrf.security.Constants.PEER_SUBJECT in the
> current message context.
so is this basically the same as:
...
import javax.security.auth.Subject;
import java.security.cert.X509Certificate;
...
ResourceContext ctx;
ctx=ResourceContext.getResourceContext();
Subject sub;
sub=(Subject)ctx.getProperty(Constants.PEER_SUBJECT);
Set set=sub.getPublicCredentials();
Iterator iter=set.iterator();
int setno=0;
while(iter.hasNext()) {
setno++;
X509Certificate cert[]=(X509Certificate[])objCert;
int i;
for(i=0;i<cert.length;i++) {
byte[] b;
System.out.println("cert["+i+"]="+cert[i]);
b=cert[i].getEncoded();
FileOutputStream fo=new
FileOutputStream("set"+setno+"-cert"+i);
fo.write(b);
fo.close();
}
}
yes?
this method will create a bunch of DER encoded X509Certificates.
but still, to quote my last email:
however, accessing the X509Certificates is only half the work. another
thing that's unclear to me is the creation of a job-proxy. what does a
client have to tell a service, so that the service automatically creates
a X509_USER_{CERT,PROXY,KEY}? how is this implemented in the service?
is it up to the DelegationListener to create the X509_USER{files}? does it
have enough information at all, like job-cert and job-private-key, or should
it create this information itself (can be done easily with e.g. a perl-script,
but anyway...)?
kind regards,
H.Rosmanith
