DQMServices
Components
python
X509.py
Go to the documentation of this file.
1
#!/usr/bin/env python3
2
import
os, os.path
3
from
getpass
import
getpass
4
5
class
SSLOptions
:
6
"""Captures standard SSL X509 client parametres.
7
8
Grab standard grid certificate environment into easier to access
9
fields: ``ca_path``, ``key_file``, ``cert_file`` and ``key_pass``.
10
11
Typically ``ca_path`` will be taken from $X509_CERT_DIR environment
12
variable, and ``key_file`` and ``cert_file`` from either
13
$X509_USER_PROXY or $X509_USER_CERT and $X509_USER_KEY environment
14
variables.
15
16
If the key file looks like it's a private key rather than a proxy,
17
i.e. key and cert files are different paths, the class constructor
18
will prompt the user for the key password. That password should be
19
offered to lower level HTTP library as the key password so it will
20
not prompt again. Note that the standard python ssl library cannot
21
take password as an argument, only the curl one can. In other words
22
you should probably use the curl library if you use this class and
23
it's possible the user supplies real key/cert rather than proxy.
24
25
If the environment variables are not set, the following defaults
26
are checked for existence:
27
28
* $X509_CERT_DIR: /etc/grid-security/certificates
29
* $X509_USER_KEY: $HOME/.globus/userkey.pem
30
* $X509_USER_CERT: $HOME/.globus/usercert.pem
31
32
If neither the standard environment variables nor the default path
33
locations exist, the constructor throws an exception."""
34
def
__init__
(self, proxy_only = False):
35
"""Initialise the SSL X509 options. If `proxy_only`, will never
36
prompt for password even if key and cert files are separate, on
37
the assumption this will only ever be used with proxies."""
38
self.
key_file
=
None
39
self.
cert_file
=
None
40
self.
ca_path
=
None
41
self.
key_pass
=
None
42
43
path = os.getenv(
"X509_CERT_DIR"
,
None
)
44
if
path
and
os.path.exists(path):
45
self.
ca_path
= path
46
47
if
not
self.
ca_path
:
48
path =
"/etc/grid-security/certificates"
49
if
os.path.exists(path):
50
self.
ca_path
= path
51
52
path = os.getenv(
"X509_USER_PROXY"
,
None
)
53
if
path
and
os.path.exists(path):
54
self.
key_file
= self.
cert_file
= path
55
56
if
not
self.
key_file
:
57
path = os.getenv(
"X509_USER_KEY"
,
None
)
58
if
path
and
os.path.exists(path):
59
self.
key_file
= path
60
61
if
not
self.
cert_file
:
62
path = os.getenv(
"X509_USER_CERT"
,
None
)
63
if
path
and
os.path.exists(path):
64
self.
cert_file
= path
65
66
if
not
self.
key_file
:
67
path = os.getenv(
"HOME"
) +
"/.globus/userkey.pem"
68
if
os.path.exists(path):
69
self.
key_file
= path
70
71
if
not
self.
cert_file
:
72
path = os.getenv(
"HOME"
) +
"/.globus/usercert.pem"
73
if
os.path.exists(path):
74
self.
cert_file
= path
75
76
if
not
self.
ca_path
or
not
os.path.exists(self.
ca_path
):
77
raise
RuntimeError(
"no certificate directory found"
)
78
79
if
not
self.
key_file
or
not
os.path.exists(self.
key_file
):
80
raise
RuntimeError(
"no certificate private key file found"
)
81
82
if
not
self.
cert_file
or
not
os.path.exists(self.
cert_file
):
83
raise
RuntimeError(
"no certificate public key file found"
)
84
85
if
not
proxy_only
and
self.
key_file
!= self.
cert_file
:
86
self.
key_pass
=
getpass
(
"Password for %s: "
% self.
key_file
)
87
X509.SSLOptions
Definition:
X509.py:5
X509.SSLOptions.key_pass
key_pass
Definition:
X509.py:41
cond::getpass
std::string getpass(const std::string &prompt, bool show_asterisk=true)
Definition:
Utilities.cc:34
X509.SSLOptions.ca_path
ca_path
Definition:
X509.py:40
X509.SSLOptions.__init__
def __init__(self, proxy_only=False)
Definition:
X509.py:34
X509.SSLOptions.key_file
key_file
Definition:
X509.py:38
X509.SSLOptions.cert_file
cert_file
Definition:
X509.py:39
Generated for CMSSW Reference Manual by
1.8.16