jpl.mipl.mdms.pwdclient
Class PWDClient

java.lang.Object
  jpl.mipl.mdms.pwdclient.PWDClient

public class PWDClient
extends Object

Pure Java implementation of MDMS Password Server BaseClient.

MDMS Password Server BaseClient interfaces with Password Server to request and get a password securely. The Password Server client is written using Java GSSAPI (Generic Security Services) and JAAS (Java Authentication and Authorization Service). More information on GSSAPI and JAAS is available at http://java.sun.com/products/jaas/ .

Usage:

// import statement
import jpl.mipl.mdms.pwdclient.PWDClient;

// username is defined as the MIPL Kerberos username (i.e. rap)
// servername is defined as the MIPL Database servername (i.e. miplDev)
PWDClient p = new PWDClient("username", "servername");
try {
String password = p.getPassword();
} catch (Exception e) {
System.err.println(e.getMessage);
}

Environment Variables:

To use the above code fragment, you must set the following environmental variables:
NOTE: The MIPL select system will set these variables for you.

• PWDSERVER - This variable points to the directory that contains the pwdinterface and pwdclient.conf MDMS PWDServer configuration files.
• KRB5_CONFIG - This variable points to the krb5.conf Kerberos configuration file.

Version:

$Id: PWDClient.java,v 1.33 2006/07/25 00:14:50 ntt Exp $

Author:

N. Toole, {Nicholas.Toole@jpl.nasa.gov}

Field Summary

static String	CHARACTER_SET
static String	COMMENT_START
static String	DEF_KRB5_CONFIG
static String	KRB5_CONFIG_ENV
static String	KRB5_OID
static String	KRB5_PRINCIPAL_OID
protected String	LOG_CONFIG_PROP
protected String	PATTERN_END
protected String	PATTERN_KDC
protected String	PATTERN_REALM
protected String	PLUGIN_CLASS_DEFAULT
protected String	PLUGIN_CLASS_PROP
static String	PWD_CLIENT_FILENAME
static String	PWD_INTERFACE_FILENAME
static char	PWD_REQUEST_TOKEN
static String	PWD_SERVER_ENV
static int	PWDPACKETLEN
static String	SERVER_HOST
static String	SERVER_NAME
static String	SERVER_PORT
static String	SERVER_REALM

Constructor Summary

PWDClient(String username, String server)
Two argument constructer for PWDClient class.

PWDClient(String usrName, String dbSrvName, String pwdSrvName, String pwdSrvHost, int pwdSrvPort, String krbRealm, String krbKdc, String krbPwd, String confFile)
Nine argument constructer for PWDClient class.

Method Summary

protected static int	byteArrayToInt(byte[] bytes) Converts byte-array to big-endian integer.
void	configure(String pwdSrvName, String pwdSrvHost, int pwdSrvPort, String krbRealm, String krbKdc, String krbPwd, String confFile) Configuration of parameters required for authentication and communication with MDMS Password Server.
String	getErrMsg() Deprecated.
String	getHost() Accessor Method to get the hostname of the MDMS PWDServer.
String	getKDC() Accessor Method to get the KDC hostname for the Kerberos realm.
String	getPassword() Gets the password from the MDMS Password Server.
int	getPort() Accessor Method to get the port of the MDMS PWDServer.
String	getPWDServer() Accessor Method to get the name of the MDMS PWDServer.
String	getRealm() Accessor Method to get the Kerberos realm.
String	getServer() Accessor method to get the server name of the MDMS database server.
String	getUser() Accessor Method to get the username.
protected static byte[]	intToByteArray(int integer) Converts big-endian integer to byte array.
boolean	isError() Deprecated.
static void	main(String[] args) main method for testing
void	setCacheFile(String cacheFile) Deprecated.
void	setHost(String host) Mutator method to change the hostname of the MDMS PWDServer
void	setKDC(String kdc) Mutator method to change the hostname of the Key Distribution Center (KDC) for the Kerberos realm.
void	setPort(int port) Mutator method to change the port of the MDMS PWDServer
void	setPWDServer(String pwdServer) Mutator method to change the name of the MDMS PWDServer
void	setRealm(String realm) Mutator method to change the Kerberos realm
void	setServer(String server) Mutator method to change the server name of the MDMS database server.
void	setUser(String username) Mutator method to change the username

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PWD_INTERFACE_FILENAME

public static final String PWD_INTERFACE_FILENAME

See Also:

Constant Field Values

PWD_CLIENT_FILENAME

public static final String PWD_CLIENT_FILENAME

See Also:

Constant Field Values

SERVER_NAME

public static final String SERVER_NAME

See Also:

Constant Field Values

SERVER_REALM

public static final String SERVER_REALM

See Also:

Constant Field Values

SERVER_HOST

public static final String SERVER_HOST

See Also:

Constant Field Values

SERVER_PORT

public static final String SERVER_PORT

See Also:

Constant Field Values

COMMENT_START

public static final String COMMENT_START

See Also:

Constant Field Values

DEF_KRB5_CONFIG

public static final String DEF_KRB5_CONFIG

See Also:

Constant Field Values

KRB5_CONFIG_ENV

public static final String KRB5_CONFIG_ENV

See Also:

Constant Field Values

KRB5_OID

public static final String KRB5_OID

See Also:

Constant Field Values

KRB5_PRINCIPAL_OID

public static final String KRB5_PRINCIPAL_OID

See Also:

Constant Field Values

PWD_SERVER_ENV

public static final String PWD_SERVER_ENV

See Also:

Constant Field Values

PWD_REQUEST_TOKEN

public static final char PWD_REQUEST_TOKEN

See Also:

Constant Field Values

PWDPACKETLEN

public static final int PWDPACKETLEN

See Also:

Constant Field Values

CHARACTER_SET

public static final String CHARACTER_SET

See Also:

Constant Field Values

PATTERN_REALM

protected final String PATTERN_REALM

See Also:

Constant Field Values

PATTERN_KDC

protected final String PATTERN_KDC

See Also:

Constant Field Values

PATTERN_END

protected final String PATTERN_END

See Also:

Constant Field Values

LOG_CONFIG_PROP

protected final String LOG_CONFIG_PROP

See Also:

Constant Field Values

PLUGIN_CLASS_PROP

protected final String PLUGIN_CLASS_PROP

See Also:

Constant Field Values

PLUGIN_CLASS_DEFAULT

protected final String PLUGIN_CLASS_DEFAULT

See Also:

Constant Field Values

Constructor Detail

PWDClient

public PWDClient(String username,
                 String server)

Two argument constructer for PWDClient class. This constructor expects the following system environment variables to be set: PWDSERVER which points to the directory that contains the pwdinterface and pwdclient.conf files, KRB5_CONFIG which point to the krb5.conf file. The MIPL select system will set these variables. This constructor takes two String arguments: 1) A MIPL Kerberos username, 2) The MIPL Database servername (i.e. miplDev or MIPS1). Note: environment variables are read in the getPassword() method

Parameters:

username - A MIPL username (i.e. Kerberos account username)

server - The name of the MDMS database server you're connecting to

PWDClient

public PWDClient(String usrName,
                 String dbSrvName,
                 String pwdSrvName,
                 String pwdSrvHost,
                 int pwdSrvPort,
                 String krbRealm,
                 String krbKdc,
                 String krbPwd,
                 String confFile)

Nine argument constructer for PWDClient class. This constructor is provided for maximum portability and does not require environment

Parameters:

usrName - A MIPL username (i.e. Kerberos account username)

dbSrvName - Name of the MDMS database server you're connecting to variables to be set.

pwdSrvName - The name of the MDMS Password Server (ie. DEVPwdSrv)

pwdSrvHost - The hostname of the MDMS Password Server

pwdSrvPort - The port in which the MDMS Password Server is listening

krbRealm - The Kerberos realm of the MDMS Password Server

krbKdc - The KDC hostname for the Kerberos realm

krbPwd - The password for Kerberos authentication

confFile - The location of the PWDClient configuration file

Method Detail

configure

public void configure(String pwdSrvName,
                      String pwdSrvHost,
                      int pwdSrvPort,
                      String krbRealm,
                      String krbKdc,
                      String krbPwd,
                      String confFile)

Configuration of parameters required for authentication and communication with MDMS Password Server. Use this method if the two argument constructor was used but PWDSERVER and KRB5_CONFIG env. variables are not set.

Parameters:

pwdSrvName - The name of the MDMS Password Server

pwdSrvHost - The hostname where the password server is running

pwdSrvPort - The port the password server is listening to

krbRealm - The Kerberos realm of the password server

krbKdc - The KDC hostname for the Kerberos realm

krbPwd - The password for Kerberos authentication

confFile - The location of the PWDClient configuration file

getPassword

public String getPassword()
                   throws Exception

Gets the password from the MDMS Password Server. This method wll request a Kerberos ticket or read from a Kerberos cache file. If valid credentials are obtained, the password will be requested from the password server. If the two argument constructor is used, an exception will be thrown when:

• A Kerberos cache file is not found
• A Kerberos cache file is found, but Kerberos TGT is expired
• The PWDSERVER environment variable is not set
• The KRB5_CONFIG environment variable is set to an incorrect configuration file (i.e. pointing to the wrong realm)
• The MDMS PWDServer is down
• Password Server doesn't contain an entry for supplied username and servername
• Realm mismatch between Kerberos TGT and PWDServer

If the nine argument constructor is used, an exception will be thrown when:

• A Kerberos ticket cannot be obtained (i.e. wrong password and/or username)
• PWDClient configuration file is missing and/or incorrect
• The MDMS PWDServer is down
• Password Server doesn't contain an entry for supplied username and servername
• Realm mismatch between Kerberos TGT and PWDServer

Returns:

string containing the password

Throws:

PatternSyntaxException - if parse error occurred

IOException - if I/O error occurred

PrivilegedActionException - if authorization error occurred

LoginException - if authentication error occurred

GSSException - if kerberos GSS error occurred

Exception - if other error occurred

getRealm

public String getRealm()

Accessor Method to get the Kerberos realm.

Returns:

string containing the Kerberos realm

setRealm

public void setRealm(String realm)

Mutator method to change the Kerberos realm

Parameters:

realm - Sets the Kerberos realm to parameter input

getKDC

public String getKDC()

Accessor Method to get the KDC hostname for the Kerberos realm.

Returns:

String containing the KDC hostname for the Kerberos realm.

setKDC

public void setKDC(String kdc)

Mutator method to change the hostname of the Key Distribution Center (KDC) for the Kerberos realm. The KDC is the central Kerberos service that kinit interfaces with.

Parameters:

kdc - Sets the hostname of the KDC for the Kerberos realm

getHost

public String getHost()

Accessor Method to get the hostname of the MDMS PWDServer.

Returns:

string containing the hostname of the PWDServer

setHost

public void setHost(String host)

Mutator method to change the hostname of the MDMS PWDServer

Parameters:

host - Sets the PWDServer host to parameter input

getPort

public int getPort()

Accessor Method to get the port of the MDMS PWDServer.

Returns:

int containing the port of the MDMS PWDServer

setPort

public void setPort(int port)

Mutator method to change the port of the MDMS PWDServer

Parameters:

port - Sets the PWDServer port to parameter input

getPWDServer

public String getPWDServer()

Accessor Method to get the name of the MDMS PWDServer.

Returns:

String containing the name of the MDMS PWDServer.

setPWDServer

public void setPWDServer(String pwdServer)

Mutator method to change the name of the MDMS PWDServer

Parameters:

pwdServer - Sets the name of the MDMS PWDServer

getUser

public String getUser()

Accessor Method to get the username.

Returns:

string containing the username

setUser

public void setUser(String username)

Mutator method to change the username

Parameters:

username - Sets the _dbUsrName to username input

setCacheFile

public void setCacheFile(String cacheFile)

Deprecated.

Mutator method to change the default Kerberos cachefile

Parameters:

cacheFile - Sets the system property for Kerberos cachefile to cacheFile

getServer

public String getServer()

Accessor method to get the server name of the MDMS database server.

Returns:

string containing the server name of the database server.

setServer

public void setServer(String server)

Mutator method to change the server name of the MDMS database server.

Parameters:

server - Sets the server to the parameter input

getErrMsg

public String getErrMsg()

Deprecated.

Accessor method to get the error message.

Returns:

string containing the error message

isError

public boolean isError()

Deprecated.

(Deprecated) Utility method to check if an error occurred when getting the password. The getPassword() method will throw exceptions if errors occur.

Returns:

boolean value T or F depending upon if an error occurred.

intToByteArray

protected static byte[] intToByteArray(int integer)

Converts big-endian integer to byte array.

Parameters:

integer - Interger value (4-bytes)

Returns:

Byte array of length 4 created from parameter

byteArrayToInt

protected static int byteArrayToInt(byte[] bytes)

Converts byte-array to big-endian integer.

Parameters:

Byte - array of length 4bytes

Returns:

Integer (4-bytes) created from byte-array parameter

main

public static void main(String[] args)
                 throws Exception

main method for testing

Parameters:

args - Command line arguments.

Throws:

Exception - general exception.