Go to the documentation of this file.00001
00002 import os, os.path
00003 from getpass import getpass
00004
00005 class SSLOptions:
00006 """Captures standard SSL X509 client parametres.
00007
00008 Grab standard grid certificate environment into easier to access
00009 fields: ``ca_path``, ``key_file``, ``cert_file`` and ``key_pass``.
00010
00011 Typically ``ca_path`` will be taken from $X509_CERT_DIR environment
00012 variable, and ``key_file`` and ``cert_file`` from either
00013 $X509_USER_PROXY or $X509_USER_CERT and $X509_USER_KEY environment
00014 variables.
00015
00016 If the key file looks like it's a private key rather than a proxy,
00017 i.e. key and cert files are different paths, the class constructor
00018 will prompt the user for the key password. That password should be
00019 offered to lower level HTTP library as the key password so it will
00020 not prompt again. Note that the standard python ssl library cannot
00021 take password as an argument, only the curl one can. In other words
00022 you should probably use the curl library if you use this class and
00023 it's possible the user supplies real key/cert rather than proxy.
00024
00025 If the environment variables are not set, the following defaults
00026 are checked for existence:
00027
00028 * $X509_CERT_DIR: /etc/grid-security/certificates
00029 * $X509_USER_KEY: $HOME/.globus/userkey.pem
00030 * $X509_USER_CERT: $HOME/.globus/usercert.pem
00031
00032 If neither the standard environment variables nor the default path
00033 locations exist, the constructor throws an exception."""
00034 def __init__(self, proxy_only = False):
00035 """Initialise the SSL X509 options. If `proxy_only`, will never
00036 prompt for password even if key and cert files are separate, on
00037 the assumption this will only ever be used with proxies."""
00038 self.key_file = None
00039 self.cert_file = None
00040 self.ca_path = None
00041 self.key_pass = None
00042
00043 path = os.getenv("X509_CERT_DIR", None)
00044 if path and os.path.exists(path):
00045 self.ca_path = path
00046
00047 if not self.ca_path:
00048 path = "/etc/grid-security/certificates"
00049 if os.path.exists(path):
00050 self.ca_path = path
00051
00052 path = os.getenv("X509_USER_PROXY", None)
00053 if path and os.path.exists(path):
00054 self.key_file = self.cert_file = path
00055
00056 if not self.key_file:
00057 path = os.getenv("X509_USER_KEY", None)
00058 if path and os.path.exists(path):
00059 self.key_file = path
00060
00061 if not self.cert_file:
00062 path = os.getenv("X509_USER_CERT", None)
00063 if path and os.path.exists(path):
00064 self.cert_file = path
00065
00066 if not self.key_file:
00067 path = os.getenv("HOME") + "/.globus/userkey.pem"
00068 if os.path.exists(path):
00069 self.key_file = path
00070
00071 if not self.cert_file:
00072 path = os.getenv("HOME") + "/.globus/usercert.pem"
00073 if os.path.exists(path):
00074 self.cert_file = path
00075
00076 if not self.ca_path or not os.path.exists(self.ca_path):
00077 raise RuntimeError("no certificate directory found")
00078
00079 if not self.key_file or not os.path.exists(self.key_file):
00080 raise RuntimeError("no certificate private key file found")
00081
00082 if not self.cert_file or not os.path.exists(self.cert_file):
00083 raise RuntimeError("no certificate public key file found")
00084
00085 if not proxy_only and self.key_file != self.cert_file:
00086 self.key_pass = getpass("Password for %s: " % self.key_file)
00087
1.7.3