def create_cert(self, cn):
"""
Creates a new certificate with the specified CN.
Returns a tuple (DN, cert, key)
"""
(cert_fd, cert_path) = tempfile.mkstemp(dir=self.tmpdir)
(key_fd, key_path) = tempfile.mkstemp(dir=self.tmpdir)
cert_file = os.fdopen(cert_fd)
key_file = os.fdopen(key_fd)
try:
dn = autoca.createCert(cn, self.webdir, self.cadir, cert_path,
key_path, self.log, allow_overwrite=True)
cert = cert_file.read()
key = key_file.read()
return (dn, cert, key)
finally:
# best-effort cleanup
cert_file.close()
key_file.close()
os.remove(cert_path)
os.remove(key_path)
def create_cert(self, cn):
"""
Creates a new certificate with the specified CN.
Returns a tuple (DN, cert, key)
"""
(cert_fd, cert_path) = tempfile.mkstemp(dir=self.tmpdir)
(key_fd, key_path) = tempfile.mkstemp(dir=self.tmpdir)
cert_file = os.fdopen(cert_fd)
key_file = os.fdopen(key_fd)
try:
dn = autoca.createCert(cn,
self.webdir,
self.cadir,
cert_path,
key_path,
self.log,
allow_overwrite=True)
cert = cert_file.read()
key = key_file.read()
return (dn, cert, key)
finally:
# best-effort cleanup
cert_file.close()
key_file.close()
os.remove(cert_path)
os.remove(key_path)
def generate_cert(o):
nimbus_home = get_nimbus_home()
webdir = os.path.join(nimbus_home, 'web/')
if not os.path.exists(webdir):
raise CLIError(
'ENIMBUSHOME',
"web dir doesn't exist. is this a valid Nimbus install? (%s)" %
webdir)
configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
config = SafeConfigParser()
if not config.read(configpath):
raise CLIError(
'ENIMBUSHOME',
"Failed to read config from '%s'. Has Nimbus been configured?" %
configpath)
try:
cadir = config.get('nimbussetup', 'ca.dir')
cadir = os.path.join(nimbus_home, cadir)
except ConfigParser.NoOptionError:
raise CLIError('ENIMBUSHOME',
"Config file '%s' does not contain ca.dir" % configpath)
dir = o.dest
keypath = os.path.join(dir, "userkey.pem")
certpath = os.path.join(dir, "usercert.pem")
if os.path.exists(keypath):
raise CLIError('EPATH',
"The destination key path exists: '%s'" % keypath)
if os.path.exists(certpath):
raise CLIError('EPATH',
"The destination cert path exists: '%s'" % certpath)
if not os.access(dir, os.W_OK):
raise CLIError('EPATH',
"The destination directory is not writable: '%s'" % dir)
cn = o.cn
if not cn:
cn = o.emailaddr
# check for ilegal characters in emailaddr
bad_chars = "+"
for c in bad_chars:
if c in cn:
raise CLIError(
'ECMDLINE',
"The character %s is not allowed in the common name" % (c))
# XXX
log = logging.getLogger()
dn = autoca.createCert(cn, webdir, cadir, certpath, keypath, log)
return (certpath, keypath)
def generate_cert(o):
nimbus_home = get_nimbus_home()
webdir = os.path.join(nimbus_home, 'web/')
if not os.path.exists(webdir):
raise CLIError('ENIMBUSHOME',
"web dir doesn't exist. is this a valid Nimbus install? (%s)"
% webdir)
configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
config = SafeConfigParser()
if not config.read(configpath):
raise CLIError('ENIMBUSHOME',
"Failed to read config from '%s'. Has Nimbus been configured?"
% configpath)
try:
cadir = config.get('nimbussetup', 'ca.dir')
cadir = os.path.join(nimbus_home, cadir)
except ConfigParser.NoOptionError:
raise CLIError('ENIMBUSHOME',
"Config file '%s' does not contain ca.dir" %
configpath)
dir = o.dest
keypath = os.path.join(dir, "userkey.pem")
certpath = os.path.join(dir, "usercert.pem")
if os.path.exists(keypath):
raise CLIError('EPATH',
"The destination key path exists: '%s'" % keypath)
if os.path.exists(certpath):
raise CLIError('EPATH',
"The destination cert path exists: '%s'" % certpath)
if not os.access(dir, os.W_OK):
raise CLIError('EPATH',
"The destination directory is not writable: '%s'" % dir)
cn = o.cn
if not cn:
cn = o.emailaddr
# check for illegal characters in emailaddr
bad_chars = "+"
for c in bad_chars:
if c in cn:
raise CLIError('ECMDLINE', "The character %s is not allowed in the common name" % (c))
# XXX
log = logging.getLogger()
dn = autoca.createCert(cn, webdir, cadir, certpath, keypath, log)
return (certpath, keypath)
def _main():
nimbus_home = get_nimbus_home()
webdir = os.path.join(nimbus_home, 'web/')
if not os.path.exists(webdir):
raise IncompatibleEnvironment(
"web dir doesn't exist. is this a valid Nimbus install? (%s)"
% webdir)
configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
config = ConfigParser.SafeConfigParser()
if not config.read(configpath):
raise IncompatibleEnvironment(
"Failed to read config from '%s'. Has Nimbus been configured?"
% configpath)
try:
cadir = config.get('nimbussetup', 'ca.dir')
except NoOptionError:
raise IncompatibleEnvironment("Config file '%s' does not contain ca.dir" %
configpath)
parser = get_opt_parser()
(opts, args) = parser.parse_args()
if opts.dir:
dir = os.path.abspath(opts.dir)
if not os.path.isdir(dir):
raise InvalidInput("The specified directory does not exist (%s)" %
dir)
else:
dir = os.path.expanduser("~/.globus/")
if not os.path.exists(dir):
try:
os.mkdir(dir)
except:
raise IncompatibleEnvironment("Destination directory was not "+
"specified. Creating the default ~/.globus directory "+
"failed: %s" % dir)
keypath = os.path.join(dir, "userkey.pem")
certpath = os.path.join(dir, "usercert.pem")
if os.path.exists(keypath):
raise IncompatibleEnvironment(
"The destination key path exists: '%s'" % keypath)
if os.path.exists(certpath):
raise IncompatibleEnvironment(
"The destination cert path exists: '%s'" % certpath)
if not os.access(dir, os.W_OK):
raise IncompatibleEnvironment(
"The destination directory is not writable: '%s'" % dir)
print "\nThe new certificate and key will be placed in: %s" % dir
cn = opts.cn
if not cn:
print "\nPlease enter the Common Name for the new certificate."
print "This could be the user's full name or username."
cn = raw_input("Name: ")
cn = cn.strip()
if not cn:
raise InvalidInput("You must specify a valid Common Name")
log = logging.getLogger()
dn = autoca.createCert(cn, webdir, cadir, certpath, keypath, log)
print "Success! The DN of the new certificate is:\n\n \"%s\"\n"%dn
