def certificate_expirytime(tray):
cert = Certificate(path.join(store_dir, 'usercert.pem'))
time = cert.get_times()[1]
d1 = datetime.datetime.strptime(str(time), "%b %d %H:%M:%S %Y %Z")
d2 = datetime.datetime.now()
tray.statusIcon.set_tooltip(str(d1 - d2))
gobject.timeout_add(300000, certificate_expirytime, tray)
def put(self,
username,
passphrase,
certFile,
keyFile,
passphraseCallback,
ownerCertFile=None,
ownerKeyFile=None,
ownerPassphraseCallback=None,
lifetime=None,
retrievers=None,
force=True,
credowner=None,
credname=None,
creddesc=None):
"""Upload credentials to the server
@raise MyProxyClientGetError:
@raise MyProxyClientRetrieveError:
@type username: string
@param username: username selected for new credential
@type passphrase: string
@param passphrase: pass-phrase for new credential. This is the pass
phrase which protects the uploaded proxy.
@type certFile: string
@param certFile: user's X.509 certificate in PEM format
@type keyFile: string
@param keyFile: equivalent private key file in PEM format
@type ownerCertFile: string
@param ownerCertFile: certificate used for client authentication with
the MyProxy server SSL connection. This ID will be set as the owner
of the stored credentials. Only the owner can later remove
credentials with myproxy-destroy or the destroy method. If not set,
this argument defaults to $GLOBUS_LOCATION/etc/hostcert.pem or if this
is not set, certFile
@type ownerKeyFile: string
@param ownerKeyFile: corresponding private key file. See explanation
for ownerCertFile
@type ownerPassphraseCallback: function
@param ownerPassphraseCallback: passphrase callback for unlocking the private
key. e.g. lambda x: 'secret'
@type retrievers: string
@param retrievers: Set to '*' for anonymous
@type Force: bool
@param force: set to True to overwrite any existing creds with the
same username. If, force=False a check is made with a call to info.
If creds already exist exit without proceeding
"""
lifetime = lifetime or self.proxyCertMaxLifetime
# Inputs must be string type otherwise server will reject the request
if isinstance(username, unicode):
username = str(username)
if isinstance(passphrase, unicode):
passphrase = str(passphrase)
globusLoc = os.environ.get('GLOBUS_LOCATION')
if not ownerCertFile or not ownerKeyFile:
if globusLoc:
ownerCertFile = os.path.join(globusLoc,
*MyProxyClient._hostCertSubDirPath)
ownerKeyFile = os.path.join(globusLoc,
*MyProxyClient._hostKeySubDirPath)
else:
# Default so that the owner is the same as the ID of the
# credentials to be uploaded.
ownerCertFile = certFile
ownerKeyFile = keyFile
ownerPassphrase = passphraseCallback()
if not force:
# Check credentials don't already exist
if self.info(username,
ownerCertFile=ownerCertFile,
ownerKeyFile=ownerKeyFile,
ownerPassphrase=ownerPassphrase)[0]:
raise MyProxyClientError(
"Credentials already exist for user: %s" % username)
# Set up SSL connection
conn = self._initConnection(ownerCertFile=ownerCertFile,
ownerKeyFile=ownerKeyFile,
ownerPassphrase=ownerPassphrase)
conn.connect((self.hostname, self.port))
# send globus compatibility stuff
conn.write('0')
# send put command - ensure conversion from unicode before writing
cmd = MyProxyClient.putCmd % (username, passphrase, lifetime)
if retrievers:
cmd += "\nRETRIEVER=%s" % retrievers
if credowner:
cmd += "\nCRED_OWNER=%s" % credowner
if credname:
cmd += "\nCRED_NAME=%s" % credname
if creddesc:
cmd += "\nCRED_DESC=%s" % creddesc
conn.write(str(cmd))
# process server response
dat = conn.recv(8192)
respCode, errorTxt = self._deserializeResponse(dat)
if respCode:
raise MyProxyClientGetError(errorTxt)
# Certificate request from MyProxy (DER format)
dat = conn.recv(8192)
from arcs.gsi import CertificateRequest, Certificate, ProxyCertificate
req = CertificateRequest(dat)
if isinstance(certFile, Certificate):
usercert = certFile
else:
usercert = Certificate(certFile, keyFile,
callback=passphraseCallback)
proxy = ProxyCertificate(usercert, proxykey=req.get_pubkey())
proxy.sign()
conn.send(chr(2) + proxy.as_der() + usercert.as_der())
resp = conn.recv(8192)
# process server response
respCode, errorTxt = self._deserializeResponse(resp)
if respCode:
raise MyProxyClientRetrieveError(errorTxt)
