Add x509 authentization type, update documentation.

CESNET · Sep 4, 2015 · e3312e7 · e3312e7
1 parent 8f3eace
commit e3312e7
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 3 deletions.
diff --git a/pOCCI/occi_curl.py b/pOCCI/occi_curl.py
@@ -75,6 +75,13 @@ def occi_curl(base_url = None, url = '/-/', authtype = None, ignoressl = None, u
     if authtype == "basic":
         curl.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
         curl.setopt(pycurl.USERPWD, "%s:%s" % (user, passwd))
+    elif authtype == "x509":
+        if 'cert' in occi_config and occi_config['cert']:
+            curl.setopt(pycurl.SSLCERT, occi_config['cert'])
+        if 'key' in occi_config and occi_config['key']:
+            curl.setopt(pycurl.SSLKEY, occi_config['key'])
+        if 'passphrase' in occi_config and occi_config['passphrase']:
+            curl.setopt(pycurl.SSLCERTPASSWD, occi_config['passphrase'])
 
     # Verbose mode
     curl.setopt(pycurl.VERBOSE, curlverbose)

diff --git a/pOCCI/pOCCI.1 b/pOCCI/pOCCI.1
@@ -26,7 +26,11 @@ Usage message.
 \fB-a\fR, \fP--auth-type\fR \fIAUTH-TYPE\fR
 Authentication type to used. Default if \fBbasic\fR.
 
-Available values: \fBbasic\fR
+Available values: \fBbasic\fR, \fBx509\fR.
+
+.TP
+\fB-c\fR, \fP--cert\fR \fIFILE\fR
+SSL user certificate file, if \fBx509\fR autentization is used.
 
 .TP
 \fB-e\fR, \fP--endpoint\fR, \fP--url\fR \fIURL\fR
@@ -36,6 +40,10 @@ OCCI server endpoint. For example: \fIhttps://example.com:11443\fR.
 \fB-f\fR, \fP--format\fR \fIFORMAT\fR
 Output format (\fBplain\fR, \fBjson\fR).
 
+.TP
+\fB-k\fR, \fP--key\fR \fIFILE\fR
+SSL user key file, if \fBx509\fR autentization is used.
+
 .TP
 \fB-l\fR, \fP--list\fR
 List all OCCI compliance tests.
@@ -50,6 +58,10 @@ Possible values: \fBtext/plain\fR, \fBtext/occi\fR.
 \fB-p\fR, \fP--password\fR \fIPASSWORD\fR
 User password, if \fBbasic\fR autentization is used.
 
+.TP
+\fP--passphrse\fR \fIPASSPHRASE\fR
+Passphrase for SSL user key, if \fBx509\fR autentization is used. Default is no passphrase.
+
 .TP
 \fB-t\fR, \fP--tests\fR \fITEST1,...\fR
 List of OCCI compliance tests to perform. Separated by commas.
@@ -86,6 +98,24 @@ Error from OCCI testsuite framework.
 \fB~/.pOCCI.cfg\fR, \fB/etc/pOCCI.cfg\fR
 pOCCI configuration file.
 
+Available options and default values:
+ * \fBurl\fR
+ * \fBauthtype\fR = 'basic'
+ * \fBcapath\fR
+ * \fBcachain\fR
+ * \fBignoressl\fR = False
+ * \fBuser\fR
+ * \fBpasswd\fR
+ * \fBcert\fR
+ * \fBkey\fR
+ * \fBpassphrase\fR
+ * \fBcurlverbose\fR = False
+ * \fBconnectiontimeout\fR = 60
+ * \fBtimeout\fR = 120
+ * \fBmimetype\fR = 'text/plain'
+ * \fBoutputformat\fR = 'json'
+ * \fBtests.category\fR = 'Category:compute;class=kind;scheme="http://schemas.ogf.org/occi/infrastructure#"'
+
 
 .SH EXAMPLES
 

diff --git a/pOCCI/pOCCI.py b/pOCCI/pOCCI.py
@@ -44,11 +44,14 @@ def usage(name = __file__):
 OPTIONS:\n\
   -h, --help ................ usage message\n\
   -a, --auth-type AUTH ...... authentization type\n\
+  -c, --cert FILE ........... SSL certificate file\n\
   -e, --endpoint, --url URL . OCCI server endpoint\n\
   -f, --format FORMAT ....... output format (plain, json)\n\
+  -k, --key FILE ............ SSL key file\n\
   -l, --list ................ list all test\n\
   -m, --mime-type MIME-TYPE . render format\n\
   -p, --password PWD ........ password for basic auth-type\n\
+  --passphrase PASS ......... SSL key passphrase\n\
   -t, --tests <TEST1,...> ... list of tests\n\
   -u, --user USER ........... user name for basic auth-type\n\
   -v, --verbose ............. verbose mode\n\
@@ -68,7 +71,7 @@ def main(argv=sys.argv[1:]):
         sys.exit(2)
 
     try:
-        opts, args = getopt.getopt(argv,"ha:e:f:lm:p:t:u:vV",["help", "auth-type=", "endpoint=", "format=", "list", "mime-type=", "password=", "tests=", "url=", "user=", "verbose", "version"])
+        opts, args = getopt.getopt(argv,"ha:c:e:f:k:lm:p:t:u:vV",["help", "auth-type=", "cert=", "endpoint=", "format=", "key=", "list", "mime-type=", "passphrase=", "password=", "tests=", "url=", "user=", "verbose", "version"])
     except getopt.GetoptError:
         usage()
         sys.exit(2)
@@ -78,15 +81,21 @@ def main(argv=sys.argv[1:]):
             sys.exit()
         elif opt in ("-a", "--auth-type"):
             occi_config["authtype"] = arg
+        elif opt in ("-c", "--cert"):
+            occi_config["cert"] = arg
         elif opt in ("-e", "--endpoint", "--url"):
             occi_config["url"] = arg
         elif opt in ("-f", "--format"):
             occi_config['outputformat'] = arg
+        elif opt in ("-k", "--key"):
+            occi_config["key"] = arg
         elif opt in ("-l", "--list"):
             print '\n'.join(sorted(tests_definitions.keys()));
             sys.exit();
         elif opt in ("-m", "--mime-type"):
             occi_config['mimetype'] = arg
+        elif opt in ("--passphrase"):
+            occi_config["passphrase"] = arg
         elif opt in ("-p", "--password"):
             occi_config["passwd"] = arg
         elif opt in ("-t", "--tests"):
@@ -108,7 +117,11 @@ def main(argv=sys.argv[1:]):
 
     if occi_config['authtype'] == 'basic':
         if 'user' not in occi_config or not occi_config['user'] or 'passwd' not in occi_config or not occi_config['passwd']:
-            print 'User and password is required for "basic" authentication type'
+            print 'User and password is required for "basic" authentization type.'
+            sys.exit(2)
+    elif occi_config['authtype'] == 'x509':
+        if 'cert' not in occi_config or not occi_config['cert'] or 'key' not in occi_config or not occi_config['key']:
+            print 'SSL certificate and key is required for "x509" authentization type.'
             sys.exit(2)
 
     occi_init()