Package dev.galasa.zossecurity
Interface IZosSecurity
public interface IZosSecurity
The ZosSecurityManager provides access to the manage userids/profiles/classes
on RACF.
You can allocated/manage/free userids, CICS Class Sets, Profiles, Keyrings and Certificates.
To gain access to the ZosSecurityManager include a field of type IZosSecurity in your Galasa class.
-
Method Summary
Modifier and TypeMethodDescriptionAllocate a full CICS Security Class Set on the run image.Allocate a new userid on the run image.createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) Import a certificate into RACF.createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) Import a certificate into RACF.createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) Import a certificate into RACF.createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) Import a certificate into RACF.createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) Import a certificate into RACF.createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) Import a certificate into RACF.createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) Import a certificate into RACF.createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) Import a certificate into RACF.createIdMap(IZosUserid userid, String label, String distributedID, String registry) Create a new Id Map for a userid.createIdMap(String userid, String label, String distributedID, String registry) Create a new Id Map for a userid.createKerberosClientPrincipal(IZosKerberosPrincipal servicePrincipal, IZosUserid clientUserid) Create a Kerberos client principal.createKerberosInitiator(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc) createKerberosPrincipal(IZosUserid serviceUserid, String realm) Create a Kerberos principal, generally to be used as a service principal increateKerberosClientPrincipal(IZosKerberosPrincipal, IZosUserid)createKeyring(IZosUserid userid, String label) Create a new Keyring for a userid on the run image.createKeyring(String userid, String label) Create a new Keyring for a userid on the run image.createProfile(String className, String name, RACFAccessType uacc) Create a new profile on the run image.createProfile(String className, String name, RACFAccessType uacc, boolean refresh) Create a new profile on the specified image/sysplex.createProfile(String image, String className, String name, RACFAccessType uacc) Create a new profile on the specified image/sysplex.createProfile(String image, String className, String name, RACFAccessType uacc, boolean refresh) Create a new profile on the specified image/sysplex.createProfile(String image, String className, String name, Map<String, String> args, RACFAccessType uacc, boolean refresh) Create a new profile on the specified image/sysplex.createProfile(String className, String name, Map<String, String> args, RACFAccessType uacc) voiddeleteCertificate(IZosCertificate certificate) Delete the certificate.voiddeleteIdMap(IZosIdMap idmap) Delete the idmap.voiddeleteKeyring(IZosKeyring keyring) Delete the keyring.voiddeleteProfile(IZosProfile profile) Delete the profile.voiddeleteProfile(IZosProfile profile, boolean refresh) Delete the profile.voidfreeCertificate(IZosCertificate certificate) Free this certificate.voidfreeCicsClassSet(IZosCicsClassSet classSet) Free a CICS Security Class Set.voidFree the id map.voidfreeKeyring(IZosKeyring keyring) Free the keyring.voidfreePrincipal(IZosKerberosPrincipal principal) Free a Kerberos Principal created for this testvoidfreeProfile(IZosProfile profile) Free the profile.voidfreeUserid(IZosUserid resource) Manually free an allocated userid.generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm) Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm, boolean certificateAuthority) Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword) Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword, boolean certificateAuthority) Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.Get the default KDC for an imageGet the default Kerberos realm for an imageGet the primary run useridvoidReset the run user to defaultretrieveKerberosToken(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc) Retrieve a kerberos token from a Kerberos Domain Controller on the host or ip address passed in as kdc, for the clientPrincipal and serverPrincipal passedvoidsetOutputReporting(boolean enabled) voidsetResourceReporting(boolean enabled) voidsetRunUserid(IZosUserid user) Set the run userid
-
Method Details
-
allocateUserid
Allocate a new userid on the run image. Will be clean with a password set, but no passphrase- Returns:
- A userid
- Throws:
ZosSecurityManagerException
-
getRunUserid
Get the primary run userid- Returns:
- Throws:
ZosSecurityManagerException
-
freeUserid
Manually free an allocated userid. This will be automatically performed at the end of a run.- Parameters:
resource- - The userid- Throws:
ZosSecurityManagerException
-
allocateCicsClassSet
Allocate a full CICS Security Class Set on the run image. Will be clean, ie no profiles defined- Returns:
- The allocated set.
- Throws:
ZosSecurityManagerException
-
freeCicsClassSet
Free a CICS Security Class Set. This will be automatically performed at the end of a run.- Parameters:
classSet- - The set to be freed- Throws:
ZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String className, String name, RACFAccessType uacc) throws ZosSecurityManagerException Create a new profile on the run image.- Parameters:
className- - The class to create the profile inname- - The name of the profilesuacc- - The uacc to assign, or null- Returns:
- The profile
- Throws:
ZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String className, String name, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerException Create a new profile on the specified image/sysplex.- Parameters:
className-name- - The name of the profilesuacc- - The uacc to assign, or nullrefresh- - issue SETROPTS REFRESH- Returns:
- The profile
- Throws:
ZosSecurityManagerExceptionZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String image, String className, String name, RACFAccessType uacc) throws ZosSecurityManagerException Create a new profile on the specified image/sysplex.- Parameters:
image- - The image/sysplexclassName-name- - The name of the profilesuacc- - The uacc to assign, or null- Returns:
- The profile
- Throws:
ZosSecurityManagerExceptionZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String className, String name, Map<String, String> args, RACFAccessType uacc) throws ZosSecurityManagerException- Parameters:
className-name-args-uacc-- Returns:
- Throws:
ZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String image, String className, String name, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerException Create a new profile on the specified image/sysplex.- Parameters:
image- - The image/sysplexclassName-name- - The name of the profilesuacc- - The uacc to assign, or nullrefresh- - issue SETROPTS REFRESH- Returns:
- The profile
- Throws:
ZosSecurityManagerExceptionZosSecurityManagerException
-
createProfile
IZosProfile createProfile(String image, String className, String name, Map<String, String> args, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerExceptionCreate a new profile on the specified image/sysplex.- Parameters:
image- - The image/sysplexclassName- - The name of the classname- - The name of the profilesargs- - Map of additional arguments which will be added as KEY(VALUE)uacc- - The uacc to assign, or nullrefresh- - issue SETROPTS REFRESH- Returns:
- The profile
- Throws:
ZosSecurityManagerExceptionZosSecurityManagerException
-
freeProfile
Free the profile. This will be performed automatically at the end of the run.- Parameters:
profile- - The profile to free- Throws:
ZosSecurityManagerException
-
deleteProfile
Delete the profile. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.- Parameters:
profile- - The profile to be deleted- Throws:
ZosSecurityManagerException
-
deleteProfile
Delete the profile. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.- Parameters:
profile- - The profile to be deletedrefresh- - issue SETROPTS REFRESH- Throws:
ZosSecurityManagerException
-
createKeyring
Create a new Keyring for a userid on the run image.- Parameters:
userid- - The userid the keyring is to be attached tolabel- - The label to use- Returns:
- The keyring
- Throws:
ZosSecurityManagerException
-
createKeyring
Create a new Keyring for a userid on the run image.- Parameters:
userid- - The userid the keyring is to be attached tolabel- - The label to use- Returns:
- The keyring
- Throws:
ZosSecurityManagerException
-
freeKeyring
Free the keyring. This will be performed automatically at the end of the run- Parameters:
keyring- - The keyring to be freed- Throws:
ZosSecurityManagerException
-
deleteKeyring
Delete the keyring. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.- Parameters:
keyring-- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
- Parameters:
userid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONE- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
userid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONE- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
image- - The image/syspexuserid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONE- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
image- - The image/syspexuserid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONE- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
userid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONEtrust- - The trust level of the certificate, null means the parameter is not supplied on the RACF command- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
userid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONEtrust- - The trust level of the certificate, null means the parameter is not supplied on the RACF command- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
image- - The image/syspexuserid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONEtrust- - The trust level of the certificate, null means the parameter is not supplied on the RACF command- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
createCertificate
IZosCertificate createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException Import a certificate into RACF.The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.
NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.
- Parameters:
image- - The image/syspexuserid- - The userid the certificate is to be attached to.label- - The label to use in RACFkeyStore- - The KeyStore, will be converted to PKCS12password- - The password of the keystore AND the private key of the certificatetype- - The certificate type, null will default to NONEtrust- - The trust level of the certificate, null means the parameter is not supplied on the RACF command- Returns:
- THe Certificate
- Throws:
ZosSecurityManagerException
-
freeCertificate
Free this certificate. This will be performed automatically at the end of the run- Parameters:
certificate- The certificate to free- Throws:
ZosSecurityManagerException
-
deleteCertificate
Delete the certificate. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.- Parameters:
certificate- The certificate to delete- Throws:
ZosSecurityManagerException
-
generateSelfSignedCertificate
KeyStore generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm) throws ZosSecurityManagerException Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.- Parameters:
alias- - The alias to usedistinguishedName- - The full Distinguished NamekeySize- - The size of the key to usedurationDays- - The duration in DayskeyAlgorithm- - The algoritm to use for the key, can be null, defaults to RSAsignatureAlgoritm- - The algoritm to use for the signature, can be null, defaults to SHA1withRSA- Returns:
- A new keystore with the certificate in.
- Throws:
ZosSecurityManagerException
-
generateSelfSignedCertificate
KeyStore generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm, boolean certificateAuthority) throws ZosSecurityManagerException Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.- Parameters:
alias- - The alias to usedistinguishedName- - The full Distinguished NamekeySize- - The size of the key to usedurationDays- - The duration in DayskeyAlgorithm- - The algoritm to use for the key, can be null, defaults to RSAsignatureAlgoritm- - The algoritm to use for the signature, can be null, defaults to SHA1withRSAcertificateAuthority- - The certificate is to be a certificate authority- Returns:
- A new keystore with the certificate in.
- Throws:
ZosSecurityManagerException
-
generateSignedCertificate
KeyStore generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword) throws ZosSecurityManagerException Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.- Parameters:
alias- - The alias to usedistinguishedName- - The full Distinguished NamekeySize- - The size of the key to usedurationDays- - The duration in DayssigningKeyStore- -The keystore containing the signing certificatesigningLabel- - The label of the signing certificatesigningPassword- - The signing keystore password- Returns:
- A new keystore with the certificate in.
- Throws:
ZosSecurityManagerException
-
generateSignedCertificate
KeyStore generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword, boolean certificateAuthority) throws ZosSecurityManagerException Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.- Parameters:
alias- - The alias to usedistinguishedName- - The full Distinguished NamekeySize- - The size of the key to usedurationDays- - The duration in DayssigningKeyStore- -The keystore containing the signing certificatesigningLabel- - The label of the signing certificatesigningPassword- - The signing keystore passwordcertificateAuthority- - The certificate is to be a certificate authority- Returns:
- A new keystore with the certificate in.
- Throws:
ZosSecurityManagerException
-
createIdMap
IZosIdMap createIdMap(String userid, String label, String distributedID, String registry) throws ZosSecurityManagerException Create a new Id Map for a userid.- Parameters:
userid- - The userid the id map is to be attached tolabel- - The label to usedistributedID- - The distributed id to setregistry- - the registry to set- Returns:
- The keyring
- Throws:
ZosSecurityManagerException
-
createIdMap
IZosIdMap createIdMap(IZosUserid userid, String label, String distributedID, String registry) throws ZosSecurityManagerException Create a new Id Map for a userid.- Parameters:
userid- - The userid the id map is to be attached tolabel- - The label to usedistributedID- - The distributed id to setregistry- - the registry to set- Returns:
- The keyring
- Throws:
ZosSecurityManagerException
-
freeIdMap
Free the id map. This will be performed automatically at the end of the run- Parameters:
idmap- - The idmap to be freed- Throws:
ZosSecurityManagerException
-
deleteIdMap
Delete the idmap. Unless you specifically want the id map deleted, best let the Resource Manager to clean this resource, so your run will perform faster.- Parameters:
idmap-- Throws:
ZosSecurityManagerException
-
createKerberosClientPrincipal
IZosKerberosPrincipal createKerberosClientPrincipal(IZosKerberosPrincipal servicePrincipal, IZosUserid clientUserid) throws ZosSecurityManagerException Create a Kerberos client principal. This will create the kerbname and the required association with the passed in service principal (seecreateKerberosPrincipal(IZosUserid, String)fr the passed userid.- Parameters:
servicePrincipal- - service principal with which to associate this clientclientUserid- - zOS Userid for this principal- Returns:
- Throws:
ZosSecurityManagerException
-
createKerberosPrincipal
IZosKerberosPrincipal createKerberosPrincipal(IZosUserid serviceUserid, String realm) throws ZosSecurityManagerException Create a Kerberos principal, generally to be used as a service principal increateKerberosClientPrincipal(IZosKerberosPrincipal, IZosUserid)- Parameters:
serviceUserid- - zOS Userid for this principalrealm- - realm to use, seegetDefaultKerberosRealm()- Returns:
- Throws:
ZosSecurityManagerException
-
freePrincipal
Free a Kerberos Principal created for this test- Parameters:
principal-- Throws:
ZosSecurityManagerException
-
getDefaultKerberosRealm
Get the default Kerberos realm for an image- Returns:
- Throws:
ZosSecurityManagerException
-
getDefaultKerberosDomainController
Get the default KDC for an image- Returns:
- Throws:
ZosSecurityManagerException
-
retrieveKerberosToken
KerberosToken retrieveKerberosToken(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc) throws ZosSecurityManagerException Retrieve a kerberos token from a Kerberos Domain Controller on the host or ip address passed in as kdc, for the clientPrincipal and serverPrincipal passed- Parameters:
servicePrincipal-clientPrincipal-kdc-- Returns:
- Throws:
ZosSecurityManagerException
-
createKerberosInitiator
KerberosInitiator createKerberosInitiator(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc) - Parameters:
servicePrincipal-clientPrincipal-kdc-- Returns:
-
setRunUserid
Set the run userid- Parameters:
user-- Throws:
ZosSecurityManagerException
-
resetRunUserid
void resetRunUserid()Reset the run user to default -
setResourceReporting
void setResourceReporting(boolean enabled) -
setOutputReporting
void setOutputReporting(boolean enabled) -
getZosImage
- Throws:
ZosSecurityManagerException
-