Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.novell.zos.jdl
Class CredentialManager

java.lang.Object
  extended by com.novell.zos.jdl.CredentialManager

public class CredentialManager
extends java.lang.Object

Interface into the CredentialManager.

This class is only available in a joblet context. Also, only users in the administrator group or the system user are allowed access to these methods

From this class you can add, get, update and delete credentials that are stored in an encrypted store on the PSO server.

You can access the credentials stored on the PSO server with the following code: 

 credMgr = CredentialManager()
 print "Adding a new secret"
 credMgr.addCredential("credentialName", "credentialType", "username", "secret", True)
 secret = credMgr.getCredential("credentialName").secret
 print "Stored password: %s" % secret

Accessing stored certificates is similar: 

 credMgr.addCertificateFromUrl("testCert", "testGroup", "https://your.server.com", True)
 localFilename = credMgr.getCertificate('testCert')
 print "file returned: %s " % localFilename

Constructor Summary
CredentialManager()
          Initialize a new CredentialManager instance
 
Method Summary
 void addCertificate(java.lang.String name, java.lang.String group, java.lang.String file)
          Add a certificate to the cert store.
 void addCertificate(java.lang.String name, java.lang.String group, java.lang.String file, boolean overwrite)
          Add a certificate to the cert store.
 void addCertificateFromUrl(java.lang.String name, java.lang.String group, java.lang.String url)
          Add a certificate, gathered from the specified https server, to the credential store, without overwriting any existing certificate.
 void addCertificateFromUrl(java.lang.String name, java.lang.String group, java.lang.String url, boolean overwrite)
          Add a certificate, gathered from the specified https server, to the credential store.
 Credential addCredential(Credential credential)
          Add a new credential entry with the specified Credential.
 Credential addCredential(Credential credential, boolean overwrite)
          Add a new or update an existing credential entry with the specified Credential.
 Credential addCredential(java.lang.String name, java.lang.String type, java.lang.String user, java.lang.String secret)
          Add a new credential with the specified characteristics.
 Credential addCredential(java.lang.String name, java.lang.String type, java.lang.String user, java.lang.String pass, boolean overwrite)
          Add a new or update an existing credential with the specified characteristics.
 void addSecurityItem(java.lang.String name, java.lang.String group, java.lang.String file, boolean overwrite)
           
 void deleteCertificate(java.lang.String name)
          Delete a certificate from the credential store.
 void deleteCredential(java.lang.String name)
          Delete the credential with the specified name.
 org.python.core.PyString getCertificate(java.lang.String name)
          Get the certificate, as a pem encoded file, with the given name.
 org.python.core.PyList getCertificateGroups()
          Get a list of the currently known certificate groups
 Credential getCredential(java.lang.String name)
          Get a credential with the specified name
 org.python.core.PyList getCredentials(java.lang.String type)
          Get a list of all the credentials with the specified type
 org.python.core.PyList getCredentialTypes()
          Get a list of the known credential types stored in the CredentialManager
 org.python.core.PyString getSecurityItemFile(java.lang.String[] groups, java.lang.String filename)
          Create a file containing all of the security items in the specified groups.
 org.python.core.PyString getTrustStore(java.lang.String[] groups)
          Create a jks trust store containing all of the certificates in the specified groups.
 org.python.core.PyString getTrustStore(java.lang.String[] groups, java.lang.String filename, java.lang.String desiredPassword)
          Create a jks trust store containing all of the certificates in the specified groups.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CredentialManager

public CredentialManager()
Initialize a new CredentialManager instance

Method Detail

getCredential

public Credential getCredential(java.lang.String name)
Get a credential with the specified name

Parameters:
name - The name of the credential to retrieve
Returns:
The Credential object with the specified name. If no credential exists for the specified name, an exception will be thrown.

getCredentials

public org.python.core.PyList getCredentials(java.lang.String type)
Get a list of all the credentials with the specified type

Parameters:
type - the type of credential to return
Returns:
a list whose members are of type Credential whose type field equals the string specified. If there are no credentials of the specified type, an empty list is returned

addCredential

public Credential addCredential(java.lang.String name,
                                java.lang.String type,
                                java.lang.String user,
                                java.lang.String secret)
Add a new credential with the specified characteristics. If a credential with the same name has already been added, an exception will be thrown

Parameters:
name - The name (or id) of the new credential
type - The desired type of credential. This can be any string, but can be used to group similar credentials (e.g. amazon-ec2 credentials)
user - The user string
secret - the unencrypted secret
Returns:
a Credential object representative of the object just stored

addCredential

public Credential addCredential(java.lang.String name,
                                java.lang.String type,
                                java.lang.String user,
                                java.lang.String pass,
                                boolean overwrite)
Add a new or update an existing credential with the specified characteristics. If a credential with the same name has already been added and overwrite is false, an exception will be thrown

Parameters:
name - The name (or id) of the new credential
type - The desired type of credential. This can be any string, but can be used to group similar credentials (e.g. amazon-ec2 credentials)
user - The user string
secret - the unencrypted secret
overwrite - specify whether or not to update any existing credential with the same name.
Returns:
a Credential object representative of the object just stored

addCredential

public Credential addCredential(Credential credential)
Add a new credential entry with the specified Credential. If a credential with the same name has already been added, an exception will be thrown

Parameters:
credential - The credential object to persist to the credential store
Returns:
a Credential object representative of the object just stored

addCredential

public Credential addCredential(Credential credential,
                                boolean overwrite)
Add a new or update an existing credential entry with the specified Credential. If a credential with the same name has already been added and overwrite is false, an exception will be thrown

Parameters:
credential - The credential object to persist to the credential store
overwrite - specify whether or not to update any existing credential with the same name.
Returns:
a Credential object representative of the object just stored

deleteCredential

public void deleteCredential(java.lang.String name)
Delete the credential with the specified name. This call will succeed if no credential with specified name exists

Parameters:
name - the name of the credential to be deleted

getCredentialTypes

public org.python.core.PyList getCredentialTypes()
Get a list of the known credential types stored in the CredentialManager

Returns:
a list whose members are strings. If there are no credentials stored, an empty list is returned

getTrustStore

public org.python.core.PyString getTrustStore(java.lang.String[] groups)
Create a jks trust store containing all of the certificates in the specified groups. The jks store will be named trustStore.jks and the store's password will be password

Parameters:
groups - the name(s) of the group(s) to include in the generated jks store.
Returns:
The filename of the jks store relative to the joblet's working directory

getTrustStore

public org.python.core.PyString getTrustStore(java.lang.String[] groups,
                                              java.lang.String filename,
                                              java.lang.String desiredPassword)
Create a jks trust store containing all of the certificates in the specified groups. The jks store will be named filename and the store's password will be desiredPassword

Parameters:
groups - the name(s) of the group(s) to include in the generated jks store.
filename - the desired filename of the jks store
desiredPassword - the password used to secure the jks store
Returns:
The filename of the jks store relative to the joblet's working directory

getSecurityItemFile

public org.python.core.PyString getSecurityItemFile(java.lang.String[] groups,
                                                    java.lang.String filename)
Create a file containing all of the security items in the specified groups. The file will be named filename

Parameters:
groups - the name(s) of the group(s) to include in the generated file
filename - the desired filename of the security item file
Returns:
The filename of the security item file relative to the joblet's working directory

addCertificate

public void addCertificate(java.lang.String name,
                           java.lang.String group,
                           java.lang.String file)
Add a certificate to the cert store.

Parameters:
name - the identifying name of the certificate
group - an optional group for the certificate
file - the local file containing the certificate. If the file is not a valid certificate file an exception will be thrown

addCertificate

public void addCertificate(java.lang.String name,
                           java.lang.String group,
                           java.lang.String file,
                           boolean overwrite)
Add a certificate to the cert store.

Parameters:
name - the identifying name of the certificate
group - an optional group for the certificate
file - the local file containing the certificate. If the file is not a valid certificate file an exception will be thrown
overwrite - specify whether or not to overwrite any existing certificate with the specified name. If false and a certificate is already associated with the specified name, an exception will be thrown

addCertificateFromUrl

public void addCertificateFromUrl(java.lang.String name,
                                  java.lang.String group,
                                  java.lang.String url)
Add a certificate, gathered from the specified https server, to the credential store, without overwriting any existing certificate. An exception will be thrown if a certificate is already associated with the specified name.

Parameters:
name - the identifying name of the certificate
group - an optional group for the certificate
url - the url of the server from which to gather the certificate. The string https://, if not present in url, is added. Port 443 is assumed unless specified in url (e.g. https://yourServer:8443)

addCertificateFromUrl

public void addCertificateFromUrl(java.lang.String name,
                                  java.lang.String group,
                                  java.lang.String url,
                                  boolean overwrite)
Add a certificate, gathered from the specified https server, to the credential store.

Parameters:
name - the identifying name of the certificate
group - an optional group for the certificate
url - the url of the server from which to gather the certificate. The string https://, if not present in url, is added. Port 443 is assumed unless specified in url (e.g. https://yourServer:8443)
overwrite - specify whether or not to overwrite any existing certificate with the specified name. If false and a certificate is already associated with the specified name, an exception will be thrown

addSecurityItem

public void addSecurityItem(java.lang.String name,
                            java.lang.String group,
                            java.lang.String file,
                            boolean overwrite)

getCertificateGroups

public org.python.core.PyList getCertificateGroups()
Get a list of the currently known certificate groups

Returns:
a list containing the string names of the known certificate groups. If no certificates are known, an empty list is returned

getCertificate

public org.python.core.PyString getCertificate(java.lang.String name)
Get the certificate, as a pem encoded file, with the given name.

Parameters:
name - The name of the certificate to retrieve
Returns:
The name of the file containing the pem encoded certificate. This file is relative to the joblet's working directory. If no certificate with the given name exists, None is returned;

deleteCertificate

public void deleteCertificate(java.lang.String name)
Delete a certificate from the credential store. This command completes successfully if no stored certificate matches the specified name, this command

Parameters:
name - the name of the certificate to delete
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 2011 Novell, Inc. All rights reserved.