def configure_cilogon(self, conf_file_name, conf_link_name, **kwargs): self.logger.debug("ENTER: IO.configure_cilogon()") conf_file = file(conf_file_name, "w") try: conf_file.write( "$GSI_AUTHZ_CONF \"%s\"\n" % self.conf.get_authz_config_file()) conf_file.write("$GRIDMAP \"%s\"\n" %( self.conf.get_security_gridmap())) os.symlink(conf_file_name, conf_link_name) finally: conf_file.close() conf_file = file(self.conf.get_authz_config_file(), "w") try: cadir = self.conf.get_security_trusted_certificate_directory() idp = self.conf.get_security_cilogon_identity_provider() ca = pkgutil.get_data( "globus.connect.security", "cilogon-basic.pem") signing_policy = pkgutil.get_data( "globus.connect.security", "cilogon-basic.signing_policy") cahash = security.get_certificate_hash_from_data(ca) security.install_ca(cadir, ca, signing_policy) # read from installed conf instead? # the | prefix makes it optional, only one callout must succeed conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " + "globus_gridmap_eppn_callout ENV:") conf_file.write( "GLOBUS_MYPROXY_CA_CERT=%s " % (os.path.join(cadir, cahash + ".0"))) conf_file.write( "GLOBUS_MYPROXY_AUTHORIZED_DN=" + "\"/DC=org/DC=cilogon/C=US/O=%s\"\n" % (idp)) ca = pkgutil.get_data( "globus.connect.security", "cilogon-silver.pem") signing_policy = pkgutil.get_data( "globus.connect.security", "cilogon-silver.signing_policy") cahash = security.get_certificate_hash_from_data(ca) security.install_ca(cadir, ca, signing_policy) # read from installed conf instead? # the | prefix makes it optional, only one callout must succeed conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " + "globus_gridmap_eppn_callout ENV:") conf_file.write( "GLOBUS_MYPROXY_CA_CERT=%s " % (os.path.join(cadir, cahash + ".0"))) conf_file.write( "GLOBUS_MYPROXY_AUTHORIZED_DN=" + "\"/DC=org/DC=cilogon/C=US/O=%s\"\n" % (idp)) finally: conf_file.close() self.logger.debug("EXIT: IO.configure_cilogon()")
def configure_cilogon(self, conf_file_name, conf_link_name, **kwargs): self.logger.debug("ENTER: IO.configure_cilogon()") conf_file = open(conf_file_name, "w") try: conf_file.write( "$GSI_AUTHZ_CONF \"%s\"\n" % self.conf.get_authz_config_file()) conf_file.write("$GRIDMAP \"%s\"\n" %( self.conf.get_security_gridmap())) os.symlink(conf_file_name, conf_link_name) finally: conf_file.close() conf_file = open(self.conf.get_authz_config_file(), "w") try: cadir = self.conf.get_security_trusted_certificate_directory() idp = self.conf.get_security_cilogon_identity_provider() dn_prefix = self.conf.get_security_cilogon_dn_prefix() ca = pkgutil.get_data( "globus.connect.security", "cilogon-basic.pem") signing_policy = pkgutil.get_data( "globus.connect.security", "cilogon-basic.signing_policy").decode('utf8') cahash = security.get_certificate_hash_from_data(ca) security.install_ca(cadir, ca, signing_policy) # read from installed conf instead? # the | prefix makes it optional, only one callout must succeed conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " + "globus_gridmap_eppn_callout ENV:") conf_file.write( "GLOBUS_MYPROXY_CA_CERT=%s " % (os.path.join(cadir, cahash + ".0"))) conf_file.write( "GLOBUS_MYPROXY_AUTHORIZED_DN=" + "\"%s/O=%s\"\n" % (dn_prefix, idp)) ca = pkgutil.get_data( "globus.connect.security", "cilogon-silver.pem") signing_policy = pkgutil.get_data( "globus.connect.security", "cilogon-silver.signing_policy").decode('utf8') cahash = security.get_certificate_hash_from_data(ca) security.install_ca(cadir, ca, signing_policy) # read from installed conf instead? # the | prefix makes it optional, only one callout must succeed conf_file.write("|globus_mapping libglobus_gridmap_eppn_callout " + "globus_gridmap_eppn_callout ENV:") conf_file.write( "GLOBUS_MYPROXY_CA_CERT=%s " % (os.path.join(cadir, cahash + ".0"))) conf_file.write( "GLOBUS_MYPROXY_AUTHORIZED_DN=" + "\"%s/O=%s\"\n" % (dn_prefix, idp)) finally: conf_file.close() self.logger.debug("EXIT: IO.configure_cilogon()")
def __setup_x509_dirs(self): if self.certfile is None: old_umask = os.umask(0133) self.certfile = tempfile.NamedTemporaryFile() anoncert = pkgutil.get_data( 'globus.connect.security', 'anoncert.pem') anonkey = pkgutil.get_data( 'globus.connect.security', 'anonkey.pem') try: self.certfile.write(anoncert) self.certfile.flush() finally: pass self.pipe_env['X509_USER_CERT'] = self.certfile.name if self.debug: print "Wrote anoncert to " + self.certfile.name os.umask(old_umask) if self.keyfile is None: old_umask = os.umask(0177) self.keyfile = tempfile.NamedTemporaryFile() try: self.keyfile.write(anonkey) self.keyfile.flush() finally: pass os.umask(old_umask) if self.debug: print "Wrote anonkey to " + self.certfile.name self.pipe_env['X509_USER_KEY'] = self.keyfile.name if self.cadir is None: self.cadir = tempfile.mkdtemp() security.install_ca(cadir = self.cadir) atexit.register(self.cleanup_cadir) if self.debug: print "Wrote relay trusted cert to " + self.cadir self.pipe_env['X509_CERT_DIR'] = self.cadir self.pipe_env['X509_USER_PROXY'] = ''
def __setup_x509_dirs(self): if self.certfile is None: old_umask = os.umask(0133) self.certfile = tempfile.NamedTemporaryFile() anoncert = pkgutil.get_data('globus.connect.security', 'anoncert.pem') anonkey = pkgutil.get_data('globus.connect.security', 'anonkey.pem') try: self.certfile.write(anoncert) self.certfile.flush() finally: pass self.pipe_env['X509_USER_CERT'] = self.certfile.name if self.debug: print "Wrote anoncert to " + self.certfile.name os.umask(old_umask) if self.keyfile is None: old_umask = os.umask(0177) self.keyfile = tempfile.NamedTemporaryFile() try: self.keyfile.write(anonkey) self.keyfile.flush() finally: pass os.umask(old_umask) if self.debug: print "Wrote anonkey to " + self.certfile.name self.pipe_env['X509_USER_KEY'] = self.keyfile.name if self.cadir is None: self.cadir = tempfile.mkdtemp() security.install_ca(cadir=self.cadir) atexit.register(self.cleanup_cadir) if self.debug: print "Wrote relay trusted cert to " + self.cadir self.pipe_env['X509_CERT_DIR'] = self.cadir self.pipe_env['X509_USER_PROXY'] = ''