Package dev.galasa.zossecurity

Interface IZosSecurity

public interface IZosSecurity
The ZosSecurityManager provides access to the manage userids/profiles/classes on RACF.

You can allocated/manage/free userids, CICS Class Sets, Profiles, Keyrings and Certificates.

To gain access to the ZosSecurityManager include a field of type IZosSecurity in your Galasa class.

Author:
Michael Baylis

  • Method Details

    • allocateUserid

      IZosUserid allocateUserid() throws ZosSecurityManagerException
      Allocate a new userid on the run image. Will be clean with a password set, but no passphrase
      Returns:
      A userid
      Throws:
      ZosSecurityManagerException

    • getRunUserid

      IZosUserid getRunUserid() throws ZosSecurityManagerException
      Get the primary run userid
      Returns:
      Throws:
      ZosSecurityManagerException

    • freeUserid

      void freeUserid(IZosUserid resource) throws ZosSecurityManagerException
      Manually free an allocated userid. This will be automatically performed at the end of a run.
      Parameters:
      resource - - The userid
      Throws:
      ZosSecurityManagerException

    • allocateCicsClassSet

      IZosCicsClassSet allocateCicsClassSet() throws ZosSecurityManagerException
      Allocate a full CICS Security Class Set on the run image. Will be clean, ie no profiles defined
      Returns:
      The allocated set.
      Throws:
      ZosSecurityManagerException

    • freeCicsClassSet

      void freeCicsClassSet(IZosCicsClassSet classSet) throws ZosSecurityManagerException
      Free a CICS Security Class Set. This will be automatically performed at the end of a run.
      Parameters:
      classSet - - The set to be freed
      Throws:
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String className, String name, RACFAccessType uacc) throws ZosSecurityManagerException
      Create a new profile on the run image.
      Parameters:
      className - - The class to create the profile in
      name - - The name of the profiles
      uacc - - The uacc to assign, or null
      Returns:
      The profile
      Throws:
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String className, String name, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerException
      Create a new profile on the specified image/sysplex.
      Parameters:
      className -
      image - - The image/sysplex
      name - - The name of the profiles
      uacc - - The uacc to assign, or null
      refresh - - issue SETROPTS REFRESH
      Returns:
      The profile
      Throws:
      ZosSecurityManagerException
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String image, String className, String name, RACFAccessType uacc) throws ZosSecurityManagerException
      Create a new profile on the specified image/sysplex.
      Parameters:
      image - - The image/sysplex
      className -
      name - - The name of the profiles
      uacc - - The uacc to assign, or null
      Returns:
      The profile
      Throws:
      ZosSecurityManagerException
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String className, String name, Map<String,String> args, RACFAccessType uacc) throws ZosSecurityManagerException
      Parameters:
      className -
      name -
      args -
      uacc -
      Returns:
      Throws:
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String image, String className, String name, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerException
      Create a new profile on the specified image/sysplex.
      Parameters:
      image - - The image/sysplex
      className -
      name - - The name of the profiles
      uacc - - The uacc to assign, or null
      refresh - - issue SETROPTS REFRESH
      Returns:
      The profile
      Throws:
      ZosSecurityManagerException
      ZosSecurityManagerException

    • createProfile

      IZosProfile createProfile(String image, String className, String name, Map<String,String> args, RACFAccessType uacc, boolean refresh) throws ZosSecurityManagerException
      Create a new profile on the specified image/sysplex.
      Parameters:
      image - - The image/sysplex
      className - - The name of the class
      name - - The name of the profiles
      args - - Map of additional arguments which will be added as KEY(VALUE)
      uacc - - The uacc to assign, or null
      refresh - - issue SETROPTS REFRESH
      Returns:
      The profile
      Throws:
      ZosSecurityManagerException
      ZosSecurityManagerException

    • freeProfile

      void freeProfile(IZosProfile profile) throws ZosSecurityManagerException
      Free the profile. This will be performed automatically at the end of the run.
      Parameters:
      profile - - The profile to free
      Throws:
      ZosSecurityManagerException

    • deleteProfile

      void deleteProfile(IZosProfile profile) throws ZosSecurityManagerException
      Delete the profile. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.
      Parameters:
      profile - - The profile to be deleted
      Throws:
      ZosSecurityManagerException

    • deleteProfile

      void deleteProfile(IZosProfile profile, boolean refresh) throws ZosSecurityManagerException
      Delete the profile. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.
      Parameters:
      profile - - The profile to be deleted
      refresh - - issue SETROPTS REFRESH
      Throws:
      ZosSecurityManagerException

    • createKeyring

      IZosKeyring createKeyring(IZosUserid userid, String label) throws ZosSecurityManagerException
      Create a new Keyring for a userid on the run image.
      Parameters:
      userid - - The userid the keyring is to be attached to
      label - - The label to use
      Returns:
      The keyring
      Throws:
      ZosSecurityManagerException

    • createKeyring

      IZosKeyring createKeyring(String userid, String label) throws ZosSecurityManagerException
      Create a new Keyring for a userid on the run image.
      Parameters:
      userid - - The userid the keyring is to be attached to
      label - - The label to use
      Returns:
      The keyring
      Throws:
      ZosSecurityManagerException

    • freeKeyring

      void freeKeyring(IZosKeyring keyring) throws ZosSecurityManagerException
      Free the keyring. This will be performed automatically at the end of the run
      Parameters:
      keyring - - The keyring to be freed
      Throws:
      ZosSecurityManagerException

    • deleteKeyring

      void deleteKeyring(IZosKeyring keyring) throws ZosSecurityManagerException
      Delete the keyring. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.
      Parameters:
      keyring -
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      Parameters:
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      image - - The image/syspex
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      image - - The image/syspex
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      trust - - The trust level of the certificate, null means the parameter is not supplied on the RACF command
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      trust - - The trust level of the certificate, null means the parameter is not supplied on the RACF command
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String image, IZosUserid userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      image - - The image/syspex
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      trust - - The trust level of the certificate, null means the parameter is not supplied on the RACF command
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • createCertificate

      IZosCertificate createCertificate(String image, String userid, String label, KeyStore keyStore, String password, RACFCertificateType type, RACFCertificateTrust trust) throws ZosSecurityManagerException
      Import a certificate into RACF.

      The keystore must contain only one certificate and password needs to be the same for the keystore and the private key.

      NOTE: The "special" userid that runs the RACF commands MUST have read access to the test run's userid's datasets.

      Parameters:
      image - - The image/syspex
      userid - - The userid the certificate is to be attached to.
      label - - The label to use in RACF
      keyStore - - The KeyStore, will be converted to PKCS12
      password - - The password of the keystore AND the private key of the certificate
      type - - The certificate type, null will default to NONE
      trust - - The trust level of the certificate, null means the parameter is not supplied on the RACF command
      Returns:
      THe Certificate
      Throws:
      ZosSecurityManagerException

    • freeCertificate

      void freeCertificate(IZosCertificate certificate) throws ZosSecurityManagerException
      Free this certificate. This will be performed automatically at the end of the run
      Parameters:
      certificate - The certificate to free
      Throws:
      ZosSecurityManagerException

    • deleteCertificate

      void deleteCertificate(IZosCertificate certificate) throws ZosSecurityManagerException
      Delete the certificate. Unless you specifically want the profile deleted, best let the Resource Manager to clean this resource, so you run will perform faster.
      Parameters:
      certificate - The certificate to delete
      Throws:
      ZosSecurityManagerException

    • generateSelfSignedCertificate

      KeyStore generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm) throws ZosSecurityManagerException
      Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.
      Parameters:
      alias - - The alias to use
      distinguishedName - - The full Distinguished Name
      keySize - - The size of the key to use
      durationDays - - The duration in Days
      keyAlgorithm - - The algoritm to use for the key, can be null, defaults to RSA
      signatureAlgoritm - - The algoritm to use for the signature, can be null, defaults to SHA1withRSA
      Returns:
      A new keystore with the certificate in.
      Throws:
      ZosSecurityManagerException

    • generateSelfSignedCertificate

      KeyStore generateSelfSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, String keyAlgorithm, String signatureAlgoritm, boolean certificateAuthority) throws ZosSecurityManagerException
      Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.
      Parameters:
      alias - - The alias to use
      distinguishedName - - The full Distinguished Name
      keySize - - The size of the key to use
      durationDays - - The duration in Days
      keyAlgorithm - - The algoritm to use for the key, can be null, defaults to RSA
      signatureAlgoritm - - The algoritm to use for the signature, can be null, defaults to SHA1withRSA
      certificateAuthority - - The certificate is to be a certificate authority
      Returns:
      A new keystore with the certificate in.
      Throws:
      ZosSecurityManagerException

    • generateSignedCertificate

      KeyStore generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword) throws ZosSecurityManagerException
      Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.
      Parameters:
      alias - - The alias to use
      distinguishedName - - The full Distinguished Name
      keySize - - The size of the key to use
      durationDays - - The duration in Days
      signingKeyStore - -The keystore containing the signing certificate
      signingLabel - - The label of the signing certificate
      signingPassword - - The signing keystore password
      Returns:
      A new keystore with the certificate in.
      Throws:
      ZosSecurityManagerException

    • generateSignedCertificate

      KeyStore generateSignedCertificate(String alias, String distinguishedName, int keySize, int durationDays, KeyStore signingKeyStore, String signingLabel, String signingPassword, boolean certificateAuthority) throws ZosSecurityManagerException
      Generate a new Self-Signed Certificate with private/public key and return it in a PKCS12 keystore for use in RACF.
      Parameters:
      alias - - The alias to use
      distinguishedName - - The full Distinguished Name
      keySize - - The size of the key to use
      durationDays - - The duration in Days
      signingKeyStore - -The keystore containing the signing certificate
      signingLabel - - The label of the signing certificate
      signingPassword - - The signing keystore password
      certificateAuthority - - The certificate is to be a certificate authority
      Returns:
      A new keystore with the certificate in.
      Throws:
      ZosSecurityManagerException

    • createIdMap

      IZosIdMap createIdMap(String userid, String label, String distributedID, String registry) throws ZosSecurityManagerException
      Create a new Id Map for a userid.
      Parameters:
      userid - - The userid the id map is to be attached to
      label - - The label to use
      distributedID - - The distributed id to set
      registry - - the registry to set
      Returns:
      The keyring
      Throws:
      ZosSecurityManagerException

    • createIdMap

      IZosIdMap createIdMap(IZosUserid userid, String label, String distributedID, String registry) throws ZosSecurityManagerException
      Create a new Id Map for a userid.
      Parameters:
      userid - - The userid the id map is to be attached to
      label - - The label to use
      distributedID - - The distributed id to set
      registry - - the registry to set
      Returns:
      The keyring
      Throws:
      ZosSecurityManagerException

    • freeIdMap

      void freeIdMap(IZosIdMap idmap) throws ZosSecurityManagerException
      Free the id map. This will be performed automatically at the end of the run
      Parameters:
      idmap - - The idmap to be freed
      Throws:
      ZosSecurityManagerException

    • deleteIdMap

      void deleteIdMap(IZosIdMap idmap) throws ZosSecurityManagerException
      Delete the idmap. Unless you specifically want the id map deleted, best let the Resource Manager to clean this resource, so your run will perform faster.
      Parameters:
      idmap -
      Throws:
      ZosSecurityManagerException

    • createKerberosClientPrincipal

      IZosKerberosPrincipal createKerberosClientPrincipal(IZosKerberosPrincipal servicePrincipal, IZosUserid clientUserid) throws ZosSecurityManagerException
      Create a Kerberos client principal. This will create the kerbname and the required association with the passed in service principal (see
      invalid @link 
      #createKerberosPrincipal(IZosUserid, IZosImage, String)
      fr the passed userid.
      Parameters:
      servicePrincipal - - service principal with which to associate this client
      clientUserid - - zOS Userid for this principal
      Returns:
      Throws:
      ZosSecurityManagerException

    • createKerberosPrincipal

      IZosKerberosPrincipal createKerberosPrincipal(IZosUserid serviceUserid, String realm) throws ZosSecurityManagerException
      Create a Kerberos principal, generally to be used as a service principal in createKerberosClientPrincipal(IZosKerberosPrincipal, IZosUserid)
      Parameters:
      serviceUserid - - zOS Userid for this principal
      realm - - realm to use, see
      invalid @link 
      #getDefaultKerberosRealm(IZosImage)
      Returns:
      Throws:
      ZosSecurityManagerException

    • freePrincipal

      void freePrincipal(IZosKerberosPrincipal principal) throws ZosSecurityManagerException
      Free a Kerberos Principal created for this test
      Parameters:
      principal -
      Throws:
      ZosSecurityManagerException

    • getDefaultKerberosRealm

      String getDefaultKerberosRealm() throws ZosSecurityManagerException
      Get the default Kerberos realm for an image
      Returns:
      Throws:
      ZosSecurityManagerException

    • getDefaultKerberosDomainController

      String getDefaultKerberosDomainController() throws ZosSecurityManagerException
      Get the default KDC for an image
      Returns:
      Throws:
      ZosSecurityManagerException

    • retrieveKerberosToken

      KerberosToken retrieveKerberosToken(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc) throws ZosSecurityManagerException
      Retrieve a kerberos token from a Kerberos Domain Controller on the host or ip address passed in as kdc, for the clientPrincipal and serverPrincipal passed
      Parameters:
      servicePrincipal -
      clientPrincipal -
      kdc -
      Returns:
      Throws:
      ZosSecurityManagerException

    • createKerberosInitiator

      KerberosInitiator createKerberosInitiator(IZosKerberosPrincipal servicePrincipal, IZosKerberosPrincipal clientPrincipal, String kdc)
      Parameters:
      servicePrincipal -
      clientPrincipal -
      kdc -
      Returns:

    • setRunUserid

      void setRunUserid(IZosUserid user) throws ZosSecurityManagerException
      Set the run userid
      Parameters:
      user -
      Throws:
      ZosSecurityManagerException

    • resetRunUserid

      void resetRunUserid()
      Reset the run user to default

    • setResourceReporting

      void setResourceReporting(boolean enabled)

    • setOutputReporting

      void setOutputReporting(boolean enabled)

    • getZosImage

      IZosImage getZosImage() throws ZosSecurityManagerException
      Throws:
      ZosSecurityManagerException