def esgf_logon(self, userid, hostname, username, password):
result = {'status': "Running"}
registry = app.conf['PYRAMID_REGISTRY']
settings = registry.settings
try:
# need temp folder for outputs
if not os.path.isdir(settings.get('phoenix.workdir')):
os.makedirs(settings.get('phoenix.workdir'), mode=0700)
outdir = tempfile.mkdtemp(prefix='phoenix-',
dir=settings.get('phoenix.workdir'))
# use myproxy logon to get credentials
credentials = logon(username=username,
password=password,
hostname=hostname,
outdir=outdir)
# store credentials
save_credentials(registry, userid, filename=credentials)
# remove tempfolder
shutil.rmtree(outdir)
except Exception as err:
LOGGER.exception("esgf logon failed.")
result['status'] = 'Failed'
result['message'] = err.message
else:
result['status'] = 'Success'
return result
def esgf_logon(self, userid, hostname, username, password):
result = {'status': "Running"}
registry = app.conf['PYRAMID_REGISTRY']
settings = registry.settings
try:
# need temp folder for outputs
if not os.path.isdir(settings.get('phoenix.workdir')):
os.makedirs(settings.get('phoenix.workdir'), mode=0o700)
outdir = tempfile.mkdtemp(prefix='phoenix-', dir=settings.get('phoenix.workdir'))
# use myproxy logon to get credentials
credentials = logon(username=username, password=password, hostname=hostname,
outdir=outdir)
# store credentials
save_credentials(registry, userid, filename=credentials)
# remove tempfolder
shutil.rmtree(outdir)
except Exception as err:
LOGGER.exception("esgf logon failed.")
result['status'] = 'Failed'
result['message'] = err.message
else:
result['status'] = 'Success'
return result
def get_certificate(self):
"""
Generates a new private key and certificate request, submits the request to be
signed by the SLCS CA and prints the resulting key/certificate pair.
Uses automatic refreshing of tokens if they have expired.
"""
token = self.get_token()
if not token:
return False
# Generate a new key pair
key_pair = crypto.PKey()
key_pair.generate_key(crypto.TYPE_RSA, 2048)
private_key = crypto.dump_privatekey(crypto.FILETYPE_PEM,
key_pair).decode("utf-8")
# Generates a certificate request using the key pair
cert_request = crypto.X509Req()
cert_request.set_pubkey(key_pair)
cert_request.sign(key_pair, "md5")
cert_request = crypto.dump_certificate_request(crypto.FILETYPE_ASN1,
cert_request)
# Build th oauth session object
client = OAuth2Session(
self.client_id,
token=token,
auto_refresh_url=self.refresh_url,
auto_refresh_kwargs={
'client_id': self.client_id,
'client_secret': self.client_secret,
},
# Update the token with the new token if it is refreshed
token_updater=self.save_token,
)
response = client.post(
self.certificate_url,
data={'certificate_request': b64encode(cert_request)},
verify=False)
# Store credentials
save_credentials(self.request.registry,
self.userid,
file=StringIO(response.text))
return True
def get_certificate(self):
"""
Generates a new private key and certificate request, submits the request to be
signed by the SLCS CA and prints the resulting key/certificate pair.
Uses automatic refreshing of tokens if they have expired.
"""
token = self.get_token()
if not token:
return False
# Generate a new key pair
key_pair = crypto.PKey()
key_pair.generate_key(crypto.TYPE_RSA, 2048)
crypto.dump_privatekey(crypto.FILETYPE_PEM, key_pair).decode("utf-8")
# Generates a certificate request using the key pair
cert_request = crypto.X509Req()
cert_request.set_pubkey(key_pair)
cert_request.sign(key_pair, "md5")
cert_request = crypto.dump_certificate_request(crypto.FILETYPE_ASN1, cert_request)
# Build th oauth session object
client = OAuth2Session(
self.client_id,
token=token,
auto_refresh_url=self.refresh_url,
auto_refresh_kwargs={
'client_id': self.client_id,
'client_secret': self.client_secret,
},
# Update the token with the new token if it is refreshed
token_updater=self.save_token,
)
response = client.post(
self.certificate_url,
data={'certificate_request': b64encode(cert_request)},
verify=False
)
# Store credentials
save_credentials(self.request.registry, self.userid, file=StringIO(response.text))
return True