test
CMS 3D CMS Logo

 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Pages
List of all members | Public Member Functions | Public Attributes
X509.SSLOptions Class Reference

Public Member Functions

def __init__
 

Public Attributes

 ca_path
 
 cert_file
 
 key_file
 
 key_pass
 

Detailed Description

Captures standard SSL X509 client parametres.

Grab standard grid certificate environment into easier to access
fields: ``ca_path``, ``key_file``, ``cert_file`` and ``key_pass``.

Typically ``ca_path`` will be taken from $X509_CERT_DIR environment
variable, and ``key_file`` and ``cert_file`` from either
$X509_USER_PROXY or $X509_USER_CERT and $X509_USER_KEY environment
variables.

If the key file looks like it's a private key rather than a proxy,
i.e. key and cert files are different paths, the class constructor
will prompt the user for the key password. That password should be
offered to lower level HTTP library as the key password so it will
not prompt again. Note that the standard python ssl library cannot
take password as an argument, only the curl one can. In other words
you should probably use the curl library if you use this class and
it's possible the user supplies real key/cert rather than proxy.

If the environment variables are not set, the following defaults
are checked for existence:

* $X509_CERT_DIR: /etc/grid-security/certificates
* $X509_USER_KEY: $HOME/.globus/userkey.pem
* $X509_USER_CERT: $HOME/.globus/usercert.pem

If neither the standard environment variables nor the default path
locations exist, the constructor throws an exception.

Definition at line 5 of file X509.py.

Constructor & Destructor Documentation

def X509.SSLOptions.__init__ (   self,
  proxy_only = False 
)
Initialise the SSL X509 options. If `proxy_only`, will never
prompt for password even if key and cert files are separate, on
the assumption this will only ever be used with proxies.

Definition at line 34 of file X509.py.

34 
35  def __init__(self, proxy_only = False):
36  """Initialise the SSL X509 options. If `proxy_only`, will never
37 prompt for password even if key and cert files are separate, on
38 the assumption this will only ever be used with proxies."""
39  self.key_file = None
40  self.cert_file = None
41  self.ca_path = None
42  self.key_pass = None
43 
44  path = os.getenv("X509_CERT_DIR", None)
45  if path and os.path.exists(path):
46  self.ca_path = path
47 
48  if not self.ca_path:
49  path = "/etc/grid-security/certificates"
50  if os.path.exists(path):
51  self.ca_path = path
52 
53  path = os.getenv("X509_USER_PROXY", None)
54  if path and os.path.exists(path):
55  self.key_file = self.cert_file = path
56 
57  if not self.key_file:
58  path = os.getenv("X509_USER_KEY", None)
59  if path and os.path.exists(path):
60  self.key_file = path
61 
62  if not self.cert_file:
63  path = os.getenv("X509_USER_CERT", None)
64  if path and os.path.exists(path):
65  self.cert_file = path
66 
67  if not self.key_file:
68  path = os.getenv("HOME") + "/.globus/userkey.pem"
69  if os.path.exists(path):
70  self.key_file = path
71 
72  if not self.cert_file:
73  path = os.getenv("HOME") + "/.globus/usercert.pem"
74  if os.path.exists(path):
75  self.cert_file = path
76 
77  if not self.ca_path or not os.path.exists(self.ca_path):
78  raise RuntimeError("no certificate directory found")
79 
80  if not self.key_file or not os.path.exists(self.key_file):
81  raise RuntimeError("no certificate private key file found")
82 
83  if not self.cert_file or not os.path.exists(self.cert_file):
84  raise RuntimeError("no certificate public key file found")
85 
86  if not proxy_only and self.key_file != self.cert_file:
87  self.key_pass = getpass("Password for %s: " % self.key_file)
88 
def __init__
Definition: X509.py:34

Member Data Documentation

X509.SSLOptions.ca_path

Definition at line 40 of file X509.py.

X509.SSLOptions.cert_file

Definition at line 39 of file X509.py.

X509.SSLOptions.key_file

Definition at line 38 of file X509.py.

X509.SSLOptions.key_pass

Definition at line 41 of file X509.py.