def configure_cilogon(self, conf_file_name, conf_link_name, **kwargs):
        self.logger.debug("ENTER: IO.configure_cilogon()")

        conf_file = file(conf_file_name, "w")
        try:
            conf_file.write(
                    "$GSI_AUTHZ_CONF \"%s\"\n" % self.conf.get_authz_config_file())
            conf_file.write("$GRIDMAP \"%s\"\n" %(
                self.conf.get_security_gridmap()))
            os.symlink(conf_file_name, conf_link_name)
        finally:
            conf_file.close()
            
        conf_file = file(self.conf.get_authz_config_file(), "w")
        try:
            cadir = self.conf.get_security_trusted_certificate_directory()
            idp = self.conf.get_security_cilogon_identity_provider()

            ca = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-basic.pem")
            signing_policy = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-basic.signing_policy")
            cahash = security.get_certificate_hash_from_data(ca)
            security.install_ca(cadir, ca, signing_policy)
            # read from installed conf instead?
            # the | prefix makes it optional, only one callout must succeed
            conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " +
                    "globus_gridmap_eppn_callout ENV:")
            conf_file.write(
                    "GLOBUS_MYPROXY_CA_CERT=%s " %
                    (os.path.join(cadir, cahash + ".0")))
            conf_file.write(
                    "GLOBUS_MYPROXY_AUTHORIZED_DN=" +
                    "\"/DC=org/DC=cilogon/C=US/O=%s\"\n" % (idp))
                    
            ca = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-silver.pem")
            signing_policy = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-silver.signing_policy")
            cahash = security.get_certificate_hash_from_data(ca)
            security.install_ca(cadir, ca, signing_policy)
            # read from installed conf instead?
            # the | prefix makes it optional, only one callout must succeed
            conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " +
                    "globus_gridmap_eppn_callout ENV:")
            conf_file.write(
                    "GLOBUS_MYPROXY_CA_CERT=%s " %
                    (os.path.join(cadir, cahash + ".0")))
            conf_file.write(
                    "GLOBUS_MYPROXY_AUTHORIZED_DN=" +
                    "\"/DC=org/DC=cilogon/C=US/O=%s\"\n" % (idp))

        finally:
            conf_file.close()

        self.logger.debug("EXIT: IO.configure_cilogon()")
    def configure_cilogon(self, conf_file_name, conf_link_name, **kwargs):
        self.logger.debug("ENTER: IO.configure_cilogon()")

        conf_file = open(conf_file_name, "w")
        try:
            conf_file.write(
                    "$GSI_AUTHZ_CONF \"%s\"\n" % self.conf.get_authz_config_file())
            conf_file.write("$GRIDMAP \"%s\"\n" %(
                self.conf.get_security_gridmap()))
            os.symlink(conf_file_name, conf_link_name)
        finally:
            conf_file.close()
            
        conf_file = open(self.conf.get_authz_config_file(), "w")
        try:
            cadir = self.conf.get_security_trusted_certificate_directory()
            idp = self.conf.get_security_cilogon_identity_provider()
            dn_prefix = self.conf.get_security_cilogon_dn_prefix()
            ca = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-basic.pem")
            signing_policy = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-basic.signing_policy").decode('utf8')
            cahash = security.get_certificate_hash_from_data(ca)
            security.install_ca(cadir, ca, signing_policy)
            # read from installed conf instead?
            # the | prefix makes it optional, only one callout must succeed
            conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " +
                    "globus_gridmap_eppn_callout ENV:")
            conf_file.write(
                    "GLOBUS_MYPROXY_CA_CERT=%s " %
                    (os.path.join(cadir, cahash + ".0")))
            conf_file.write(
                    "GLOBUS_MYPROXY_AUTHORIZED_DN=" +
                    "\"%s/O=%s\"\n" % (dn_prefix, idp))
                    
            ca = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-silver.pem")
            signing_policy = pkgutil.get_data(
                    "globus.connect.security",
                    "cilogon-silver.signing_policy").decode('utf8')
            cahash = security.get_certificate_hash_from_data(ca)
            security.install_ca(cadir, ca, signing_policy)
            # read from installed conf instead?
            # the | prefix makes it optional, only one callout must succeed
            conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " +
                    "globus_gridmap_eppn_callout ENV:")
            conf_file.write(
                    "GLOBUS_MYPROXY_CA_CERT=%s " %
                    (os.path.join(cadir, cahash + ".0")))
            conf_file.write(
                    "GLOBUS_MYPROXY_AUTHORIZED_DN=" +
                    "\"%s/O=%s\"\n" % (dn_prefix, idp))

        finally:
            conf_file.close()

        self.logger.debug("EXIT: IO.configure_cilogon()")
Example #3
0
    def __setup_x509_dirs(self):
        if self.certfile is None:
            old_umask = os.umask(0133)
            self.certfile = tempfile.NamedTemporaryFile()
            anoncert = pkgutil.get_data(
                    'globus.connect.security',
                    'anoncert.pem')
            anonkey = pkgutil.get_data(
                    'globus.connect.security',
                    'anonkey.pem')
            try:
                self.certfile.write(anoncert)
                self.certfile.flush()
            finally:
                pass

            self.pipe_env['X509_USER_CERT'] = self.certfile.name
            if self.debug:
                print "Wrote anoncert to " + self.certfile.name
            os.umask(old_umask)

        if self.keyfile is None:
            old_umask = os.umask(0177)
            self.keyfile = tempfile.NamedTemporaryFile()
            try:
                self.keyfile.write(anonkey)
                self.keyfile.flush()
            finally:
                pass
            os.umask(old_umask)
            if self.debug:
                print "Wrote anonkey to " + self.certfile.name
            self.pipe_env['X509_USER_KEY'] = self.keyfile.name

        if self.cadir is None:
            self.cadir = tempfile.mkdtemp()

            security.install_ca(cadir = self.cadir)
            atexit.register(self.cleanup_cadir)

            if self.debug:
                print "Wrote relay trusted cert to " + self.cadir

            self.pipe_env['X509_CERT_DIR'] = self.cadir
            self.pipe_env['X509_USER_PROXY'] = ''
Example #4
0
    def __setup_x509_dirs(self):
        if self.certfile is None:
            old_umask = os.umask(0133)
            self.certfile = tempfile.NamedTemporaryFile()
            anoncert = pkgutil.get_data('globus.connect.security',
                                        'anoncert.pem')
            anonkey = pkgutil.get_data('globus.connect.security',
                                       'anonkey.pem')
            try:
                self.certfile.write(anoncert)
                self.certfile.flush()
            finally:
                pass

            self.pipe_env['X509_USER_CERT'] = self.certfile.name
            if self.debug:
                print "Wrote anoncert to " + self.certfile.name
            os.umask(old_umask)

        if self.keyfile is None:
            old_umask = os.umask(0177)
            self.keyfile = tempfile.NamedTemporaryFile()
            try:
                self.keyfile.write(anonkey)
                self.keyfile.flush()
            finally:
                pass
            os.umask(old_umask)
            if self.debug:
                print "Wrote anonkey to " + self.certfile.name
            self.pipe_env['X509_USER_KEY'] = self.keyfile.name

        if self.cadir is None:
            self.cadir = tempfile.mkdtemp()

            security.install_ca(cadir=self.cadir)
            atexit.register(self.cleanup_cadir)

            if self.debug:
                print "Wrote relay trusted cert to " + self.cadir

            self.pipe_env['X509_CERT_DIR'] = self.cadir
            self.pipe_env['X509_USER_PROXY'] = ''