diff --git a/gridftp/src/test/java/org/globus/ftp/test/SimpleTarTransfer.java b/gridftp/src/test/java/org/globus/ftp/test/SimpleTarTransfer.java index 74f769d4..e90fc955 100644 --- a/gridftp/src/test/java/org/globus/ftp/test/SimpleTarTransfer.java +++ b/gridftp/src/test/java/org/globus/ftp/test/SimpleTarTransfer.java @@ -1,83 +1,83 @@ -package org.globus.ftp.test; - -import org.globus.ftp.GridFTPClient; -import org.globus.ftp.Session; -import org.globus.gsi.gssapi.auth.IdentityAuthorization; -import org.globus.util.ConfigUtil; -import org.gridforum.jgss.ExtendedGSSCredential; -import org.gridforum.jgss.ExtendedGSSManager; -import org.ietf.jgss.GSSCredential; -import org.ietf.jgss.GSSException; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; - -public class SimpleTarTransfer { - - public static void main(String[] args) throws Exception { - String tarAlias = "tar"; - String host = "localhost";//args[0]; - int port = 60000;//new Integer(args[1]).intValue(); - String sourceParentDir = "/tmp";// args[2]; - String sourceDir = "tartest";//args[3]; - String destFile = "/tmp/target.tar"; - - GSSCredential cred = getDefaultCredential(); - String tarCommand = createDownloadTarSiteCommand(sourceParentDir, sourceDir, tarAlias); - GridFTPClient client = createClient(host, port, cred, tarCommand); - downloadTarToFile(client, sourceDir, destFile); - } - - static GridFTPClient createClient(String host, int port, GSSCredential cred, String tarCommand) throws Exception { - GridFTPClient client = null; - client = new GridFTPClient(host, port); - client.setAuthorization(new IdentityAuthorization("/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu/CN=Vijay Anand")); - client.authenticate(cred); - client.setType(Session.TYPE_IMAGE); - try { - client.site(tarCommand); - } catch (Exception e) { - throw new Exception("popen driver not supported", e); - } - client.setPassive(); - client.setLocalActive(); - return client; - } - - static String createDownloadTarSiteCommand(String sourceParentDir, String sourceDir, String tarAlias) { - StringBuffer sb = new StringBuffer(); - sb.append("SETDISKSTACK popen:argv=#"); - sb.append(tarAlias); - sb.append("#cf#-#-C#"); - sb.append(sourceParentDir); - sb.append("#"); - sb.append(sourceDir); - return sb.toString(); - } - - static void downloadTarToFile(GridFTPClient client, String sourceDir, String destFile) throws Exception { - try { - client.get(sourceDir, new File(destFile)); - } finally { - if (client != null) { - client.close(true); - } - } - } - - static GSSCredential getDefaultCredential() throws IOException, GSSException { - File proxyFile = new File(ConfigUtil.discoverProxyLocation()); - byte[] proxyBytes = new byte[(int) proxyFile.length()]; - FileInputStream in = new FileInputStream(proxyFile); - try { - in.read(proxyBytes); - } finally { - in.close(); - } - ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance(); - return manager.createCredential(proxyBytes, ExtendedGSSCredential.IMPEXP_OPAQUE, - GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.INITIATE_AND_ACCEPT); - } - -} +package org.globus.ftp.test; + +import org.globus.ftp.GridFTPClient; +import org.globus.ftp.Session; +import org.globus.gsi.gssapi.auth.IdentityAuthorization; +import org.globus.util.ConfigUtil; +import org.gridforum.jgss.ExtendedGSSCredential; +import org.gridforum.jgss.ExtendedGSSManager; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSException; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; + +public class SimpleTarTransfer { + + public static void main(String[] args) throws Exception { + String tarAlias = "tar"; + String host = "localhost";//args[0]; + int port = 60000;//new Integer(args[1]).intValue(); + String sourceParentDir = "/tmp";// args[2]; + String sourceDir = "tartest";//args[3]; + String destFile = "/tmp/target.tar"; + + GSSCredential cred = getDefaultCredential(); + String tarCommand = createDownloadTarSiteCommand(sourceParentDir, sourceDir, tarAlias); + GridFTPClient client = createClient(host, port, cred, tarCommand); + downloadTarToFile(client, sourceDir, destFile); + } + + static GridFTPClient createClient(String host, int port, GSSCredential cred, String tarCommand) throws Exception { + GridFTPClient client = null; + client = new GridFTPClient(host, port); + client.setAuthorization(new IdentityAuthorization("/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu/CN=Vijay Anand")); + client.authenticate(cred); + client.setType(Session.TYPE_IMAGE); + try { + client.site(tarCommand); + } catch (Exception e) { + throw new Exception("popen driver not supported", e); + } + client.setPassive(); + client.setLocalActive(); + return client; + } + + static String createDownloadTarSiteCommand(String sourceParentDir, String sourceDir, String tarAlias) { + StringBuffer sb = new StringBuffer(); + sb.append("SETDISKSTACK popen:argv=#"); + sb.append(tarAlias); + sb.append("#cf#-#-C#"); + sb.append(sourceParentDir); + sb.append("#"); + sb.append(sourceDir); + return sb.toString(); + } + + static void downloadTarToFile(GridFTPClient client, String sourceDir, String destFile) throws Exception { + try { + client.get(sourceDir, new File(destFile)); + } finally { + if (client != null) { + client.close(true); + } + } + } + + static GSSCredential getDefaultCredential() throws IOException, GSSException { + File proxyFile = new File(ConfigUtil.discoverProxyLocation()); + byte[] proxyBytes = new byte[(int) proxyFile.length()]; + FileInputStream in = new FileInputStream(proxyFile); + try { + in.read(proxyBytes); + } finally { + in.close(); + } + ExtendedGSSManager manager = (ExtendedGSSManager) ExtendedGSSManager.getInstance(); + return manager.createCredential(proxyBytes, ExtendedGSSCredential.IMPEXP_OPAQUE, + GSSCredential.DEFAULT_LIFETIME, null, GSSCredential.INITIATE_AND_ACCEPT); + } + +} diff --git a/ssl-proxies-tomcat/pom.xml b/ssl-proxies-tomcat/pom.xml index 064809bf..6a5122e6 100644 --- a/ssl-proxies-tomcat/pom.xml +++ b/ssl-proxies-tomcat/pom.xml @@ -10,6 +10,24 @@ tomcat7 + + true + + + + org.apache.tomcat + tomcat-catalina + 7.0.32 + + + org.apache.tomcat + tomcat-coyote + 7.0.32 + + + + + tomcat6 @@ -18,7 +36,7 @@ 1.1.1 - jglobus-tomcat7.patch + jglobus-tomcat6.patch 5 @@ -34,24 +52,6 @@ - - - org.apache.tomcat - tomcat-catalina - 7.0.32 - - - org.apache.tomcat - tomcat-coyote - 7.0.32 - - - - - tomcat6 - - true - org.apache.tomcat diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java index 1741218f..96fed75a 100644 --- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java +++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java @@ -1,6 +1,7 @@ package org.globus.gsi.tomcat; +import org.apache.tomcat.util.net.AbstractEndpoint; import org.apache.tomcat.util.net.ServerSocketFactory; import org.apache.tomcat.util.net.jsse.JSSEImplementation; @@ -14,8 +15,8 @@ public String getImplementationName() { return "GlobusSSLImplementation"; } - public ServerSocketFactory getServerSocketFactory() { - return new GlobusSSLSocketFactory(); + public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { + return new GlobusSSLSocketFactory(endpoint); } } diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java index 71114ac8..3718fa3a 100644 --- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java +++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java @@ -15,6 +15,7 @@ package org.globus.gsi.tomcat; +import org.apache.tomcat.util.net.AbstractEndpoint; import org.apache.tomcat.util.net.jsse.JSSESocketFactory; import org.globus.gsi.X509ProxyCertPathParameters; import org.globus.gsi.jsse.GlobusSSLHelper; @@ -45,8 +46,17 @@ public class GlobusSSLSocketFactory extends JSSESocketFactory { static { Security.addProvider(new GlobusProvider()); } - - + + protected Object crlLocation; + protected Object signingPolicyLocation; + protected Object rejectLimitedProxyEntry; + + public GlobusSSLSocketFactory(AbstractEndpoint endpoint) { + super(endpoint); + crlLocation = endpoint.getAttribute("crlLocation"); + signingPolicyLocation = endpoint.getAttribute("signingPolicyLocation"); + rejectLimitedProxyEntry = endpoint.getAttribute("rejectLimitedProxy"); + } /** * Create a Globus trust manager which supports proxy certificates. This requires that the CRL store, and @@ -62,20 +72,20 @@ public class GlobusSSLSocketFactory extends JSSESocketFactory { protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) throws Exception { KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider); + CertStore crlStore = null; - Object crlLocation = attributes.get("crlLocation"); if (crlLocation != null) { - crlStore = GlobusSSLHelper.findCRLStore((String) attributes.get("crlLocation")); + crlStore = GlobusSSLHelper.findCRLStore((String) crlLocation); } - Object signingPolicyLocation = attributes.get("signingPolicyLocation"); + ResourceSigningPolicyStore policyStore = null; if (signingPolicyLocation != null) { - policyStore = Stores.getSigningPolicyStore((String) attributes.get("signingPolicyLocation")); + policyStore = Stores.getSigningPolicyStore((String) signingPolicyLocation); } - Object rejectLimitedProxyEntry = attributes.get("rejectLimitedProxy"); boolean rejectLimitedProxy = rejectLimitedProxyEntry != null && - Boolean.parseBoolean(attributes.get("rejectLimitedProxy").toString()); + Boolean.parseBoolean((String) rejectLimitedProxyEntry); + X509ProxyCertPathParameters parameters = new X509ProxyCertPathParameters(trustStore, crlStore, policyStore, rejectLimitedProxy); TrustManager trustManager = new PKITrustManager(new X509ProxyCertPathValidator(), parameters); diff --git a/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat5.patch b/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat5.patch index bb74c33a..8084f412 100644 --- a/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat5.patch +++ b/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat5.patch @@ -1,16 +1,41 @@ -diff -ur JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java ---- JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java 2013-03-27 03:48:51.000000000 +0100 -+++ JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java 2013-03-27 07:02:21.107259131 +0100 -@@ -15,7 +15,7 @@ +diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java +index 96fed75..1741218 100644 +--- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java ++++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java +@@ -1,7 +1,6 @@ + package org.globus.gsi.tomcat; + + +-import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.ServerSocketFactory; + import org.apache.tomcat.util.net.jsse.JSSEImplementation; + +@@ -15,8 +14,8 @@ public class GlobusSSLImplementation extends JSSEImplementation { + return "GlobusSSLImplementation"; + } + +- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { +- return new GlobusSSLSocketFactory(endpoint); ++ public ServerSocketFactory getServerSocketFactory() { ++ return new GlobusSSLSocketFactory(); + } + + } +diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java +index 3718fa3..74ef715 100644 +--- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java ++++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java +@@ -15,8 +15,7 @@ package org.globus.gsi.tomcat; +-import org.apache.tomcat.util.net.AbstractEndpoint; -import org.apache.tomcat.util.net.jsse.JSSESocketFactory; +import org.apache.tomcat.util.net.jsse.JSSE14SocketFactory; import org.globus.gsi.X509ProxyCertPathParameters; import org.globus.gsi.jsse.GlobusSSLHelper; import org.globus.gsi.provider.GlobusProvider; -@@ -40,49 +40,13 @@ +@@ -41,58 +40,12 @@ import java.security.cert.CertStore; * @version 1.0 * @since 1.0 */ @@ -20,8 +45,17 @@ diff -ur JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/Glo static { Security.addProvider(new GlobusProvider()); } - - + +- protected Object crlLocation; +- protected Object signingPolicyLocation; +- protected Object rejectLimitedProxyEntry; +- +- public GlobusSSLSocketFactory(AbstractEndpoint endpoint) { +- super(endpoint); +- crlLocation = endpoint.getAttribute("crlLocation"); +- signingPolicyLocation = endpoint.getAttribute("signingPolicyLocation"); +- rejectLimitedProxyEntry = endpoint.getAttribute("rejectLimitedProxy"); +- } - - /** - * Create a Globus trust manager which supports proxy certificates. This requires that the CRL store, and @@ -37,20 +71,20 @@ diff -ur JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/Glo - protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) - throws Exception { - KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider); +- - CertStore crlStore = null; -- Object crlLocation = attributes.get("crlLocation"); - if (crlLocation != null) { -- crlStore = GlobusSSLHelper.findCRLStore((String) attributes.get("crlLocation")); +- crlStore = GlobusSSLHelper.findCRLStore((String) crlLocation); - } -- Object signingPolicyLocation = attributes.get("signingPolicyLocation"); +- - ResourceSigningPolicyStore policyStore = null; - if (signingPolicyLocation != null) { -- policyStore = Stores.getSigningPolicyStore((String) attributes.get("signingPolicyLocation")); +- policyStore = Stores.getSigningPolicyStore((String) signingPolicyLocation); - } -- Object rejectLimitedProxyEntry = attributes.get("rejectLimitedProxy"); - - boolean rejectLimitedProxy = rejectLimitedProxyEntry != null && -- Boolean.parseBoolean(attributes.get("rejectLimitedProxy").toString()); +- Boolean.parseBoolean((String) rejectLimitedProxyEntry); +- - X509ProxyCertPathParameters parameters = new X509ProxyCertPathParameters(trustStore, crlStore, policyStore, - rejectLimitedProxy); - TrustManager trustManager = new PKITrustManager(new X509ProxyCertPathValidator(), parameters); diff --git a/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat6.patch b/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat6.patch new file mode 100644 index 00000000..cbc1acdd --- /dev/null +++ b/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat6.patch @@ -0,0 +1,72 @@ +diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java +index 96fed75..1741218 100644 +--- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java ++++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java +@@ -1,7 +1,6 @@ + package org.globus.gsi.tomcat; + + +-import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.ServerSocketFactory; + import org.apache.tomcat.util.net.jsse.JSSEImplementation; + +@@ -15,8 +14,8 @@ public class GlobusSSLImplementation extends JSSEImplementation { + return "GlobusSSLImplementation"; + } + +- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { +- return new GlobusSSLSocketFactory(endpoint); ++ public ServerSocketFactory getServerSocketFactory() { ++ return new GlobusSSLSocketFactory(); + } + + } +diff --git a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java +index 3718fa3..49cd674 100644 +--- a/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java ++++ b/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java +@@ -15,7 +15,6 @@ + + package org.globus.gsi.tomcat; + +-import org.apache.tomcat.util.net.AbstractEndpoint; + import org.apache.tomcat.util.net.jsse.JSSESocketFactory; + import org.globus.gsi.X509ProxyCertPathParameters; + import org.globus.gsi.jsse.GlobusSSLHelper; +@@ -47,17 +46,6 @@ public class GlobusSSLSocketFactory extends JSSESocketFactory { + Security.addProvider(new GlobusProvider()); + } + +- protected Object crlLocation; +- protected Object signingPolicyLocation; +- protected Object rejectLimitedProxyEntry; +- +- public GlobusSSLSocketFactory(AbstractEndpoint endpoint) { +- super(endpoint); +- crlLocation = endpoint.getAttribute("crlLocation"); +- signingPolicyLocation = endpoint.getAttribute("signingPolicyLocation"); +- rejectLimitedProxyEntry = endpoint.getAttribute("rejectLimitedProxy"); +- } +- + /** + * Create a Globus trust manager which supports proxy certificates. This requires that the CRL store, and + * signing policy store be configured. +@@ -74,15 +62,18 @@ public class GlobusSSLSocketFactory extends JSSESocketFactory { + KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider); + + CertStore crlStore = null; ++ Object crlLocation = attributes.get("crlLocation"); + if (crlLocation != null) { + crlStore = GlobusSSLHelper.findCRLStore((String) crlLocation); + } + ++ Object signingPolicyLocation = attributes.get("signingPolicyLocation"); + ResourceSigningPolicyStore policyStore = null; + if (signingPolicyLocation != null) { + policyStore = Stores.getSigningPolicyStore((String) signingPolicyLocation); + } + ++ Object rejectLimitedProxyEntry = attributes.get("rejectLimitedProxy"); + boolean rejectLimitedProxy = rejectLimitedProxyEntry != null && + Boolean.parseBoolean((String) rejectLimitedProxyEntry); + diff --git a/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat7.patch b/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat7.patch deleted file mode 100644 index ba9c7b9a..00000000 --- a/ssl-proxies-tomcat/src/main/patches/jglobus-tomcat7.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -ur JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java ---- JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java 2013-03-27 03:48:51.000000000 +0100 -+++ JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLImplementation.java 2013-03-27 06:44:47.749339699 +0100 -@@ -1,6 +1,7 @@ - package org.globus.gsi.tomcat; - - -+import org.apache.tomcat.util.net.AbstractEndpoint; - import org.apache.tomcat.util.net.ServerSocketFactory; - import org.apache.tomcat.util.net.jsse.JSSEImplementation; - -@@ -14,8 +15,8 @@ - return "GlobusSSLImplementation"; - } - -- public ServerSocketFactory getServerSocketFactory() { -- return new GlobusSSLSocketFactory(); -+ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { -+ return new GlobusSSLSocketFactory(endpoint); - } - - } -diff -ur JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java ---- JGlobus.orig/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java 2013-03-27 03:48:51.000000000 +0100 -+++ JGlobus/ssl-proxies-tomcat/src/main/java/org/globus/gsi/tomcat/GlobusSSLSocketFactory.java 2013-03-27 06:55:52.588080175 +0100 -@@ -15,6 +15,7 @@ - - package org.globus.gsi.tomcat; - -+import org.apache.tomcat.util.net.AbstractEndpoint; - import org.apache.tomcat.util.net.jsse.JSSESocketFactory; - import org.globus.gsi.X509ProxyCertPathParameters; - import org.globus.gsi.jsse.GlobusSSLHelper; -@@ -45,8 +46,17 @@ - static { - Security.addProvider(new GlobusProvider()); - } -- -- -+ -+ protected Object crlLocation; -+ protected Object signingPolicyLocation; -+ protected Object rejectLimitedProxyEntry; -+ -+ public GlobusSSLSocketFactory(AbstractEndpoint endpoint) { -+ super(endpoint); -+ crlLocation = endpoint.getAttribute("crlLocation"); -+ signingPolicyLocation = endpoint.getAttribute("signingPolicyLocation"); -+ rejectLimitedProxyEntry = endpoint.getAttribute("rejectLimitedProxy"); -+ } - - /** - * Create a Globus trust manager which supports proxy certificates. This requires that the CRL store, and -@@ -62,20 +72,20 @@ - protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) - throws Exception { - KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider); -+ - CertStore crlStore = null; -- Object crlLocation = attributes.get("crlLocation"); - if (crlLocation != null) { -- crlStore = GlobusSSLHelper.findCRLStore((String) attributes.get("crlLocation")); -+ crlStore = GlobusSSLHelper.findCRLStore((String) crlLocation); - } -- Object signingPolicyLocation = attributes.get("signingPolicyLocation"); -+ - ResourceSigningPolicyStore policyStore = null; - if (signingPolicyLocation != null) { -- policyStore = Stores.getSigningPolicyStore((String) attributes.get("signingPolicyLocation")); -+ policyStore = Stores.getSigningPolicyStore((String) signingPolicyLocation); - } -- Object rejectLimitedProxyEntry = attributes.get("rejectLimitedProxy"); - - boolean rejectLimitedProxy = rejectLimitedProxyEntry != null && -- Boolean.parseBoolean(attributes.get("rejectLimitedProxy").toString()); -+ Boolean.parseBoolean((String) rejectLimitedProxyEntry); -+ - X509ProxyCertPathParameters parameters = new X509ProxyCertPathParameters(trustStore, crlStore, policyStore, - rejectLimitedProxy); - TrustManager trustManager = new PKITrustManager(new X509ProxyCertPathValidator(), parameters);