|
|
|
Public Member Functions | |
| def | __init__ |
Public Attributes | |
| ca_path | |
| cert_file | |
| key_file | |
| key_pass | |
Captures standard SSL X509 client parametres. Grab standard grid certificate environment into easier to access fields: ``ca_path``, ``key_file``, ``cert_file`` and ``key_pass``. Typically ``ca_path`` will be taken from $X509_CERT_DIR environment variable, and ``key_file`` and ``cert_file`` from either $X509_USER_PROXY or $X509_USER_CERT and $X509_USER_KEY environment variables. If the key file looks like it's a private key rather than a proxy, i.e. key and cert files are different paths, the class constructor will prompt the user for the key password. That password should be offered to lower level HTTP library as the key password so it will not prompt again. Note that the standard python ssl library cannot take password as an argument, only the curl one can. In other words you should probably use the curl library if you use this class and it's possible the user supplies real key/cert rather than proxy. If the environment variables are not set, the following defaults are checked for existence: * $X509_CERT_DIR: /etc/grid-security/certificates * $X509_USER_KEY: $HOME/.globus/userkey.pem * $X509_USER_CERT: $HOME/.globus/usercert.pem If neither the standard environment variables nor the default path locations exist, the constructor throws an exception.
| def X509::SSLOptions::__init__ | ( | self, | |
proxy_only = False |
|||
| ) |
Initialise the SSL X509 options. If `proxy_only`, will never prompt for password even if key and cert files are separate, on the assumption this will only ever be used with proxies.
Definition at line 34 of file X509.py.
00035 : 00036 """Initialise the SSL X509 options. If `proxy_only`, will never 00037 prompt for password even if key and cert files are separate, on 00038 the assumption this will only ever be used with proxies.""" 00039 self.key_file = None 00040 self.cert_file = None 00041 self.ca_path = None 00042 self.key_pass = None 00043 00044 path = os.getenv("X509_CERT_DIR", None) 00045 if path and os.path.exists(path): 00046 self.ca_path = path 00047 00048 if not self.ca_path: 00049 path = "/etc/grid-security/certificates" 00050 if os.path.exists(path): 00051 self.ca_path = path 00052 00053 path = os.getenv("X509_USER_PROXY", None) 00054 if path and os.path.exists(path): 00055 self.key_file = self.cert_file = path 00056 00057 if not self.key_file: 00058 path = os.getenv("X509_USER_KEY", None) 00059 if path and os.path.exists(path): 00060 self.key_file = path 00061 00062 if not self.cert_file: 00063 path = os.getenv("X509_USER_CERT", None) 00064 if path and os.path.exists(path): 00065 self.cert_file = path 00066 00067 if not self.key_file: 00068 path = os.getenv("HOME") + "/.globus/userkey.pem" 00069 if os.path.exists(path): 00070 self.key_file = path 00071 00072 if not self.cert_file: 00073 path = os.getenv("HOME") + "/.globus/usercert.pem" 00074 if os.path.exists(path): 00075 self.cert_file = path 00076 00077 if not self.ca_path or not os.path.exists(self.ca_path): 00078 raise RuntimeError("no certificate directory found") 00079 00080 if not self.key_file or not os.path.exists(self.key_file): 00081 raise RuntimeError("no certificate private key file found") 00082 00083 if not self.cert_file or not os.path.exists(self.cert_file): 00084 raise RuntimeError("no certificate public key file found") 00085 00086 if not proxy_only and self.key_file != self.cert_file: 00087 self.key_pass = getpass("Password for %s: " % self.key_file) 00088
1.7.3