In general no extra configuration is required to use Java CoG Kit.
However, in certain cases additional configuration might be required.
The Java CoG Kit configuration file is placed in $HOME/.globus/cog.properties
on Unix/Linux machines or %USERPROFILE%\.globus\cog.properties on Windows machines.
-
Trusted certificates location
Trusted certificates can be configured as described below
and are loaded in the specified order:
-
Property cacerts in configuration file cog.properties file can
be used to set the trusted certificates. The value of the property
is a list of comma-separated CA certificates or directories of
certificates. Example:
cacert = /home/gawor/MyCaCert.pem, /etc/grid-security/certificates/
If a directory is specified in the list, all certificate files within
that directory with .0 extension will be loaded.
-
The system property X509_CERT_DIR can be used to configured trusted
certificates. It is used if the cog.properties file is not found or
the cacert property is not set
-
Trusted certificates can be placed in ${user.home}/.globus/certificates
directory. If system property is not set, this location is checked.
-
The certificates can be placed in /etc/grid-security/certificates directory.
This directory is checked on Unix/Linux machines if certificates are not
found as described in previous steps.
If one of the above directories with certificates is found, all the
certificates in that directory will be loaded and used. If no directory
is found, JGlobus will not work.
-
Signing policy location
Signing policies are read in from the same directory as trusted
certificates. All files with the .signing_policy extension in the same
directory as trusted certificates are loaded for processing.
By default signing policies are required and enforced.
Signing policy enforcement can be disabled by setting a system
property java.security.gsi.signing.policy to "no" or "false".
Details on signing policy grammar support is outlined
here.
-
User certificate location
User certificate can be configured as described below and an
attempt is made to find the file in the order specified:
- Location of the file can be specified as value of property
usercert in configuration file cog.properties
- Location of the user certificate can be set as value of
environment variable X509_USER_CERT. This property is used if
cog.properties file is not configured or the usercert property
is not specified in the file.
- The certificate can be placed in default location
${user.home}/.globus/usercert.pem. If none of the above configuration
is found, the library defaults to this location.
-
User private key location
User private key can be configured as described below and an
attempt is made to find the file in the order specified:
- Location of the file can be specified as value of property
userkey in configuration file cog.properties
- Location of the user private key can be set as value of
environment variable X509_USER_KEY. This property is used if
cog.properties file is not configured or the userkey property
is not specified in the file.
- The private key can be placed in default location
${user.home}/.globus/userkey.pem. If none of the above configuration
is found, the library defaults to this location.
-
-
Proxy certificate location
Proxy file can be configured as described below and an attempt
is made to find the file in the order specified:
- Location of the file can be specified as value of property proxy
in configuration file cog.properties
- Location of the proxy can be set as value of environment
variable X509_USER_PROXY. This property is used if cog.properties
file is not configured or the proxy property is not specified in the file.
- If the above configuration is not used, then the library looks for proxy
in default location using the following rules:
- If a UID system property is set, and running on a Unix/Linux
machine it returns /tmp/x509up_u${UID}.
- If on any other machine than Unix/Linux,it returns
${tempdir}/x509up_u${UID}, where tempdir is a platform-specific
temporary directory as indicated by the java.io.tmpdir
system property.
- If a UID system property is not set, the username will be used
instead of the UID. That is, it returns ${tempdir}/x509up_u_${username}
-
Public IP address
Sometimes, especially on machines with DHCP enabled, the local IP
address of the machine might be incorrectly detected by Java or the
wrong non-public IP address might be used if behind a NAT router or
on VPN. To configure the public IP address used by Java CoG Kit, add
the following line to the configuration file:
ip=<current ip>
This has the same effect as setting the GLOBUS_HOSTNAME environment
property or Java system property.
-
TCP port range
Sometimes it is necessary to restrict the listening port numbers
that Java CoG Toolkit will use. To set the port range in the
configuration file, just add the following line:
tcp.port.range=<min>,<max>
This has the same effect as setting the GLOBUS_TCP_PORT_RANGE
environment property or Java system property.