jGridstart is a graphical user interface in Java that helps grid end-users to request, obtain, install and renew grid certificates in a friendly way.
Grid certificate authorities (who issue certificates) can use it to provide a friendly interface to their services. It is currently tailored for the DutchGrid certificate authority. While it is possible to use it for your own certificate authority (see below), it would be possible to make this a little smoother; if enough interest is expressed I'll look into that.
For more information, please visit http://jgridstart.nikhef.nl/
Source code layout
The source is split into several modules.
mvn-parent - Maven parent project with common configuration
nl.nikhef.jgridstart.osutils) - General utilities for interfacing with the operating system. Java is not very good in providing complete integration with the underlying operating system, like file permissions and process spawning.
nl.nikhef.browsers) - Interfacing web browsers installed on the user's system (Linux, Windows, Mac OS X). Discovery of default and installed browsers, opening web pages and installing PKCS#12 files.
nl.nikhef.xhtmlrenderer.swing) - Templates and enhancements for the Flying Saucer XHTMLRenderer.
nl.nikhef.jgridstart) - Main jGridstart application.
jgridstart-small - Creation of a minified jar using ProGuard.
jgridstart-wrapper - Wrapper around jgridstart-small that contains the minified jar as well as bouncycastle. When it is run, it unpacks them to a temporary directory and executes it locally. This is to avoid all kinds of problems when using bouncycastle and java web start together.
jgridstart-jws - Java Web Start package.
jgridstart-tests - Bundle of combined tests of all packages, with dependencies. This is useful for running the tests at different places. Contains a test runner class
nl.nikhef.AllTests(needs work on diagnostics output).
testrunner - GUI for running unit tests on user's computer to analyse problems. Currently unusable, needs to be adapted.
testca - A simple online certificate authority for testing jGridstart. This is used to provide a way to test the user-interaction with an online certificate authority. jGridstart's
nl.nikhef.jgridstart.ca.TestCAis the corresponding CA provider. Please see
testca/README.mdfor more information.
Compiling & developing
To build the jGridstart application, invoke Maven:
This wil compile all modules (except testrunner and jgridstart-tests, as they
are not completely finished not required to use jGridstart), run tests, and
create packages. The end result would usually be
jgridstart-wrapper/target/jgridstart-wrapper-x.y.jar. This jar is
self-contained and can be run directly from the command-line using
java -jar jgridstart-wrapper/target/jgridstart-wrapper-[0-9.]*.jar
To use Java Web Start for running jGridstart directly from a website, the
jgridstart-jws/target/jnlp contains everything required to do so.
Since JNLP files contain an absolute base URL, one needs to set these using
deploy.sh in the same directory.
During development it may be useful to run jGridstart without packaging it.
jgridstart-main contains a shellscript
jgridstart.sh (and batch file
jgridstart.bat for Windows) to do that. Giving it the command-line argument
-screenshots <some_dir> will run jGridstart in an automated mode, taking
screenshots at various places.
To use this in the Eclipse integrated development environment (with
m2eclipse), I'd suggest to create a new workspace, and then select
Import... and choose
Existing Maven projects.... Select the folder
Root Directory, and import all modules as
jGridstart for Certificate Authorities
Adapting jGridstart for a new certificate authority requires:
Modification of the configuration
jgridstart/src/main/resources/resources/conf/global.properties. See comments in the file. Note that when run as a java web start application, properties can be overridden in the jnlp file (optionally prefixed with
jnlp.to avoid a security warning).
Selection of a CA interface (module jgridstart)
nl.nikhef.jgridstart.capackage contains the interface CA, which provides an interface between jGridstart and the CA. The specific implementation used is specified in the global configuration file. You probably need to write one tailored to your CA interface. Please see DutchGridCA, TestCA and LocalCA for examples. Please send us your implementation so we can add it to jGridstart.
Customization of the request wizard (module jgridstart)
nl.nikhef.jgridstart.gui) contains the user-interface logic for requesting/renew certificates. The contents of the wizard's pages are present in the files
requestwizard-xx.html. Currently, one would need to rewrite RequestWizard for your specific request process. In the future this should become more easily customizable.
Specification of organisations for which one can signup
jgridstart/src/main/resources/conf/cert_signup.conf, see comments. At the moment one also needs to update
nl.nikhef.jgridstart) and specify how to create a full DN from user information. This is scheduled for improvement as well.
Signing of the resulting JAR
This is required for running jGridstart as a java web start application. By default a temporary generated key is used. For production you may want to use a commercial code-signing certificate.
The jGridstart source code is fully open source under the Apache 2.0 License.