CMS 3D CMS Logo

X509.py
Go to the documentation of this file.
1 #!/usr/bin/env python3
2 import os, os.path
3 from getpass import getpass
4 
5 class SSLOptions:
6  """Captures standard SSL X509 client parametres.
7 
8 Grab standard grid certificate environment into easier to access
9 fields: ``ca_path``, ``key_file``, ``cert_file`` and ``key_pass``.
10 
11 Typically ``ca_path`` will be taken from $X509_CERT_DIR environment
12 variable, and ``key_file`` and ``cert_file`` from either
13 $X509_USER_PROXY or $X509_USER_CERT and $X509_USER_KEY environment
14 variables.
15 
16 If the key file looks like it's a private key rather than a proxy,
17 i.e. key and cert files are different paths, the class constructor
18 will prompt the user for the key password. That password should be
19 offered to lower level HTTP library as the key password so it will
20 not prompt again. Note that the standard python ssl library cannot
21 take password as an argument, only the curl one can. In other words
22 you should probably use the curl library if you use this class and
23 it's possible the user supplies real key/cert rather than proxy.
24 
25 If the environment variables are not set, the following defaults
26 are checked for existence:
27 
28 * $X509_CERT_DIR: /etc/grid-security/certificates
29 * $X509_USER_KEY: $HOME/.globus/userkey.pem
30 * $X509_USER_CERT: $HOME/.globus/usercert.pem
31 
32 If neither the standard environment variables nor the default path
33 locations exist, the constructor throws an exception."""
34  def __init__(self, proxy_only = False):
35  """Initialise the SSL X509 options. If `proxy_only`, will never
36 prompt for password even if key and cert files are separate, on
37 the assumption this will only ever be used with proxies."""
38  self.key_file = None
39  self.cert_file = None
40  self.ca_path = None
41  self.key_pass = None
42 
43  path = os.getenv("X509_CERT_DIR", None)
44  if path and os.path.exists(path):
45  self.ca_path = path
46 
47  if not self.ca_path:
48  path = "/etc/grid-security/certificates"
49  if os.path.exists(path):
50  self.ca_path = path
51 
52  path = os.getenv("X509_USER_PROXY", None)
53  if path and os.path.exists(path):
54  self.key_file = self.cert_file = path
55 
56  if not self.key_file:
57  path = os.getenv("X509_USER_KEY", None)
58  if path and os.path.exists(path):
59  self.key_file = path
60 
61  if not self.cert_file:
62  path = os.getenv("X509_USER_CERT", None)
63  if path and os.path.exists(path):
64  self.cert_file = path
65 
66  if not self.key_file:
67  path = os.getenv("HOME") + "/.globus/userkey.pem"
68  if os.path.exists(path):
69  self.key_file = path
70 
71  if not self.cert_file:
72  path = os.getenv("HOME") + "/.globus/usercert.pem"
73  if os.path.exists(path):
74  self.cert_file = path
75 
76  if not self.ca_path or not os.path.exists(self.ca_path):
77  raise RuntimeError("no certificate directory found")
78 
79  if not self.key_file or not os.path.exists(self.key_file):
80  raise RuntimeError("no certificate private key file found")
81 
82  if not self.cert_file or not os.path.exists(self.cert_file):
83  raise RuntimeError("no certificate public key file found")
84 
85  if not proxy_only and self.key_file != self.cert_file:
86  self.key_pass = getpass("Password for %s: " % self.key_file)
87 
X509.SSLOptions
Definition: X509.py:5
X509.SSLOptions.key_pass
key_pass
Definition: X509.py:41
cond::getpass
std::string getpass(const std::string &prompt, bool show_asterisk=true)
Definition: Utilities.cc:34
X509.SSLOptions.ca_path
ca_path
Definition: X509.py:40
X509.SSLOptions.__init__
def __init__(self, proxy_only=False)
Definition: X509.py:34
X509.SSLOptions.key_file
key_file
Definition: X509.py:38
X509.SSLOptions.cert_file
cert_file
Definition: X509.py:39