def certificate_expirytime(tray): cert = Certificate(path.join(store_dir, 'usercert.pem')) time = cert.get_times()[1] d1 = datetime.datetime.strptime(str(time), "%b %d %H:%M:%S %Y %Z") d2 = datetime.datetime.now() tray.statusIcon.set_tooltip(str(d1 - d2)) gobject.timeout_add(300000, certificate_expirytime, tray)
def put(self, username, passphrase, certFile, keyFile, passphraseCallback, ownerCertFile=None, ownerKeyFile=None, ownerPassphraseCallback=None, lifetime=None, retrievers=None, force=True, credowner=None, credname=None, creddesc=None): """Upload credentials to the server @raise MyProxyClientGetError: @raise MyProxyClientRetrieveError: @type username: string @param username: username selected for new credential @type passphrase: string @param passphrase: pass-phrase for new credential. This is the pass phrase which protects the uploaded proxy. @type certFile: string @param certFile: user's X.509 certificate in PEM format @type keyFile: string @param keyFile: equivalent private key file in PEM format @type ownerCertFile: string @param ownerCertFile: certificate used for client authentication with the MyProxy server SSL connection. This ID will be set as the owner of the stored credentials. Only the owner can later remove credentials with myproxy-destroy or the destroy method. If not set, this argument defaults to $GLOBUS_LOCATION/etc/hostcert.pem or if this is not set, certFile @type ownerKeyFile: string @param ownerKeyFile: corresponding private key file. See explanation for ownerCertFile @type ownerPassphraseCallback: function @param ownerPassphraseCallback: passphrase callback for unlocking the private key. e.g. lambda x: 'secret' @type retrievers: string @param retrievers: Set to '*' for anonymous @type Force: bool @param force: set to True to overwrite any existing creds with the same username. If, force=False a check is made with a call to info. If creds already exist exit without proceeding """ lifetime = lifetime or self.proxyCertMaxLifetime # Inputs must be string type otherwise server will reject the request if isinstance(username, unicode): username = str(username) if isinstance(passphrase, unicode): passphrase = str(passphrase) globusLoc = os.environ.get('GLOBUS_LOCATION') if not ownerCertFile or not ownerKeyFile: if globusLoc: ownerCertFile = os.path.join(globusLoc, *MyProxyClient._hostCertSubDirPath) ownerKeyFile = os.path.join(globusLoc, *MyProxyClient._hostKeySubDirPath) else: # Default so that the owner is the same as the ID of the # credentials to be uploaded. ownerCertFile = certFile ownerKeyFile = keyFile ownerPassphrase = passphraseCallback() if not force: # Check credentials don't already exist if self.info(username, ownerCertFile=ownerCertFile, ownerKeyFile=ownerKeyFile, ownerPassphrase=ownerPassphrase)[0]: raise MyProxyClientError( "Credentials already exist for user: %s" % username) # Set up SSL connection conn = self._initConnection(ownerCertFile=ownerCertFile, ownerKeyFile=ownerKeyFile, ownerPassphrase=ownerPassphrase) conn.connect((self.hostname, self.port)) # send globus compatibility stuff conn.write('0') # send put command - ensure conversion from unicode before writing cmd = MyProxyClient.putCmd % (username, passphrase, lifetime) if retrievers: cmd += "\nRETRIEVER=%s" % retrievers if credowner: cmd += "\nCRED_OWNER=%s" % credowner if credname: cmd += "\nCRED_NAME=%s" % credname if creddesc: cmd += "\nCRED_DESC=%s" % creddesc conn.write(str(cmd)) # process server response dat = conn.recv(8192) respCode, errorTxt = self._deserializeResponse(dat) if respCode: raise MyProxyClientGetError(errorTxt) # Certificate request from MyProxy (DER format) dat = conn.recv(8192) from arcs.gsi import CertificateRequest, Certificate, ProxyCertificate req = CertificateRequest(dat) if isinstance(certFile, Certificate): usercert = certFile else: usercert = Certificate(certFile, keyFile, callback=passphraseCallback) proxy = ProxyCertificate(usercert, proxykey=req.get_pubkey()) proxy.sign() conn.send(chr(2) + proxy.as_der() + usercert.as_der()) resp = conn.recv(8192) # process server response respCode, errorTxt = self._deserializeResponse(resp) if respCode: raise MyProxyClientRetrieveError(errorTxt)