def getIssuerCert(self):
if self.__issuerCert:
return self.__issuerCert
proxyChain = X509Chain.X509Chain()
result = proxyChain.loadChainFromFile(self.__piParams.certLoc)
if not result['OK']:
gLogger.error("Could not load the proxy: %s" % result['Message'])
sys.exit(1)
result = proxyChain.getIssuerCert()
if not result['OK']:
gLogger.error("Could not load the proxy: %s" % result['Message'])
sys.exit(1)
self.__issuerCert = result['Value']
return self.__issuerCert
def generateCAFile(location=None):
"""
Generate/find a single CA file with all the PEMs
:param str location: we can specify a specific CS location
where it's written a directory where to find the CAs and CRLs
:return: directory where the file cas.pem which contains all certificates is found/created
"""
caDir = Locations.getCAsLocation()
if not caDir:
return S_ERROR('No CAs dir found')
# look in what's normally /etc/grid-security/certificates
if os.path.isfile(os.path.join(os.path.dirname(caDir), "cas.pem")):
return S_OK(os.path.join(os.path.dirname(caDir), "cas.pem"))
# look in what's normally /opt/dirac/etc/grid-security
diracCADirPEM = os.path.join(
os.path.dirname(
Locations.getHostCertificateAndKeyLocation(location)[0]),
"cas.pem")
if os.path.isfile(diracCADirPEM):
return S_OK(diracCADirPEM)
# Now we create it in tmpdir
fn = tempfile.mkstemp(prefix="cas.", suffix=".pem")[1]
try:
with open(fn, "w") as fd:
for caFile in os.listdir(caDir):
caFile = os.path.join(caDir, caFile)
chain = X509Chain.X509Chain()
result = chain.loadChainFromFile(caFile)
if not result['OK']:
continue
expired = chain.hasExpired()
if not expired['OK'] or expired['Value']:
continue
fd.write(chain.dumpAllToString()['Value'])
gLogger.info("CAs used from: %s" % str(fn))
return S_OK(fn)
except IOError as err:
gLogger.warn(err)
return S_ERROR("Could not find/generate CAs")
def __generateProxy( self ):
self.log.info( "Generating proxy..." )
certLoc = Locations.getHostCertificateAndKeyLocation()
if not certLoc:
self.log.error( "Can not find certificate!" )
return False
chain = X509Chain.X509Chain()
result = chain.loadChainFromFile( certLoc[0] )
if not result[ 'OK' ]:
self.log.error( "Can not load certificate file", "%s : %s" % ( certLoc[0], result[ 'Message' ] ) )
return False
result = chain.loadKeyFromFile( certLoc[1] )
if not result[ 'OK' ]:
self.log.error( "Can not load key file", "%s : %s" % ( certLoc[1], result[ 'Message' ] ) )
return False
result = chain.generateProxyToFile( self.proxyLocation, 3600 )
if not result[ 'OK' ]:
self.log.error( "Could not generate proxy file", result[ 'Message' ] )
return False
self.log.info( "Proxy generated" )
return True
def generateCAFile(location=None):
"""
Generate a single CA file with all the PEMs
:param str location: we can specify a specific location in CS
:return: file cas.pem which contains all certificates
"""
caDir = Locations.getCAsLocation()
for fn in (
os.path.join(os.path.dirname(caDir), "cas.pem"),
os.path.join(
os.path.dirname(
Locations.getHostCertificateAndKeyLocation(location)[0]),
"cas.pem"), False):
if not fn:
fn = tempfile.mkstemp(prefix="cas.", suffix=".pem")[1]
try:
with open(fn, "w") as fd:
for caFile in os.listdir(caDir):
caFile = os.path.join(caDir, caFile)
chain = X509Chain.X509Chain()
result = chain.loadChainFromFile(caFile)
if not result['OK']:
continue
expired = chain.hasExpired()
if not expired['OK'] or expired['Value']:
continue
fd.write(chain.dumpAllToString()['Value'])
gLogger.info("CAs used from: %s" % str(fn))
return S_OK(fn)
except IOError as err:
gLogger.warn(err)
return S_ERROR(caDir)