[Swift-commit] cog r3769

swift at ci.uchicago.edu swift at ci.uchicago.edu
Mon Sep 2 03:30:05 CDT 2013 

------------------------------------------------------------------------
r3769 | hategan | 2013-09-02 03:27:46 -0500 (Mon, 02 Sep 2013) | 1 line

only use auto CA if no standard proxy is present (expired or not)
------------------------------------------------------------------------
Index: modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/ServiceManager.java
===================================================================
--- modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/ServiceManager.java	(revision 3768)
+++ modules/provider-coaster/src/org/globus/cog/abstraction/impl/execution/coaster/ServiceManager.java	(working copy)
@@ -54,6 +54,7 @@
 import org.globus.cog.karajan.workflow.service.channels.KarajanChannel;
 import org.globus.cog.karajan.workflow.service.commands.Command;
 import org.globus.cog.karajan.workflow.service.commands.Command.Callback;
+import org.globus.common.CoGProperties;
 import org.ietf.jgss.GSSCredential;
 
 public class ServiceManager implements StatusListener {
@@ -222,11 +223,27 @@
     }
 
     private void setupGSIProxy() throws IOException, GeneralSecurityException {
-        AutoCA.Info result = AutoCA.getInstance().createProxy();
-        System.setProperty("X509_USER_PROXY", result.proxyPath);
-        System.setProperty("X509_CERT_DIR", result.caCertPath);
+        if (!checkStandardProxy()) {
+            /*
+             *  only do the automatic CA if a standard proxy file does not exist
+             *  to allow using things like GridFTP from the coaster service through
+             *  delegation (which won't work with the auto-generated proxy).
+             */
+            logger.info("No standard proxy found. Using AutoCA.");
+            AutoCA.Info result = AutoCA.getInstance().createProxy();
+            System.setProperty("X509_USER_PROXY", result.proxyPath);
+            System.setProperty("X509_CERT_DIR", result.caCertPath);
+        }
+        else {
+            logger.info("Standard proxy file found. Disabling AutoCA.");
+        }
     }
 
+    private boolean checkStandardProxy() {
+        File proxy = new File(CoGProperties.getDefault().getProxyFile());
+        return proxy.exists();
+    }
+
     private void setSecurityContext(Task t, SecurityContext sc, String provider)
             throws InvalidProviderException, ProviderMethodException {
         t.getService(0).setSecurityContext(AbstractionFactory.getSecurityContext(provider, t.getService(0).getServiceContact()));

More information about the Swift-commit mailing list