예제 #1
0
파일: main.py 프로젝트: grith/slick.gui
def certificate_expirytime(tray):
    cert = Certificate(path.join(store_dir, 'usercert.pem'))
    time = cert.get_times()[1]
    d1 = datetime.datetime.strptime(str(time), "%b %d %H:%M:%S %Y %Z")
    d2 = datetime.datetime.now()
    tray.statusIcon.set_tooltip(str(d1 - d2))
    gobject.timeout_add(300000, certificate_expirytime, tray)
예제 #2
0
파일: client.py 프로젝트: stevencox/grayson
    def put(self,
            username,
            passphrase,
            certFile,
            keyFile,
            passphraseCallback,
            ownerCertFile=None,
            ownerKeyFile=None,
            ownerPassphraseCallback=None,
            lifetime=None,
            retrievers=None,
            force=True,
            credowner=None,
            credname=None,
            creddesc=None):
        """Upload credentials to the server

        @raise MyProxyClientGetError:
        @raise MyProxyClientRetrieveError:

        @type username: string
        @param username: username selected for new credential
        @type passphrase: string
        @param passphrase: pass-phrase for new credential.  This is the pass
        phrase which protects the uploaded proxy.
        @type certFile: string
        @param certFile: user's X.509 certificate in PEM format
        @type keyFile: string
        @param keyFile: equivalent private key file in PEM format
        @type ownerCertFile: string
        @param ownerCertFile: certificate used for client authentication with
        the MyProxy server SSL connection.  This ID will be set as the owner
        of the stored credentials.  Only the owner can later remove
        credentials with myproxy-destroy or the destroy method.  If not set,
        this argument defaults to $GLOBUS_LOCATION/etc/hostcert.pem or if this
        is not set, certFile
        @type ownerKeyFile: string
        @param ownerKeyFile: corresponding private key file.  See explanation
        for ownerCertFile
        @type ownerPassphraseCallback: function
        @param ownerPassphraseCallback: passphrase callback for unlocking the private
        key. e.g. lambda x: 'secret'
        @type retrievers: string
        @param retrievers: Set to '*' for anonymous
        @type Force: bool
        @param force: set to True to overwrite any existing creds with the
        same username.  If, force=False a check is made with a call to info.
        If creds already exist exit without proceeding
        """

        lifetime = lifetime or self.proxyCertMaxLifetime

        # Inputs must be string type otherwise server will reject the request
        if isinstance(username, unicode):
            username = str(username)

        if isinstance(passphrase, unicode):
            passphrase = str(passphrase)

        globusLoc = os.environ.get('GLOBUS_LOCATION')
        if not ownerCertFile or not ownerKeyFile:
            if globusLoc:
                ownerCertFile = os.path.join(globusLoc,
                                         *MyProxyClient._hostCertSubDirPath)
                ownerKeyFile = os.path.join(globusLoc,
                                         *MyProxyClient._hostKeySubDirPath)
            else:
                # Default so that the owner is the same as the ID of the
                # credentials to be uploaded.
                ownerCertFile = certFile
                ownerKeyFile = keyFile

        ownerPassphrase = passphraseCallback()


        if not force:
            # Check credentials don't already exist
            if self.info(username,
                         ownerCertFile=ownerCertFile,
                         ownerKeyFile=ownerKeyFile,
                         ownerPassphrase=ownerPassphrase)[0]:
                raise MyProxyClientError(
                        "Credentials already exist for user: %s" % username)

        # Set up SSL connection
        conn = self._initConnection(ownerCertFile=ownerCertFile,
                                    ownerKeyFile=ownerKeyFile,
                                    ownerPassphrase=ownerPassphrase)

        conn.connect((self.hostname, self.port))

        # send globus compatibility stuff
        conn.write('0')

        # send put command - ensure conversion from unicode before writing
        cmd = MyProxyClient.putCmd % (username, passphrase, lifetime)
        if retrievers:
            cmd += "\nRETRIEVER=%s" % retrievers
        if credowner:
            cmd += "\nCRED_OWNER=%s" % credowner
        if credname:
            cmd += "\nCRED_NAME=%s" % credname
        if creddesc:
            cmd += "\nCRED_DESC=%s" % creddesc
        conn.write(str(cmd))

        # process server response
        dat = conn.recv(8192)
            
        respCode, errorTxt = self._deserializeResponse(dat)
        if respCode:
            raise MyProxyClientGetError(errorTxt)

        # Certificate request from MyProxy (DER format)
        dat = conn.recv(8192)

        from arcs.gsi import CertificateRequest, Certificate, ProxyCertificate
        req = CertificateRequest(dat)
        if isinstance(certFile, Certificate):
            usercert = certFile
        else:
            usercert = Certificate(certFile, keyFile,
                                   callback=passphraseCallback)
        proxy = ProxyCertificate(usercert, proxykey=req.get_pubkey())
        proxy.sign()
        conn.send(chr(2) + proxy.as_der() + usercert.as_der())

        resp = conn.recv(8192)

        # process server response
        respCode, errorTxt = self._deserializeResponse(resp)
        if respCode:
            raise MyProxyClientRetrieveError(errorTxt)