Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100755 147 lines (125 sloc) 4.866 kb
27f326d David LaBissoniere Added nimbus-new-cert program.
labisso authored
1 #!/usr/bin/env python
2
3 """
4 Creates a new user certificate and key using the embedded Nimbus CA.
5
6 In general you should avoid using this facility for a production environment.
7 You should use a real Certificate Authority. This script is provided to help
8 you get up and running on Nimbus, with test credentials.
9 """
10
11 import os
12 import sys
13 import traceback
14 import ConfigParser
15 import optparse
16 import readline
17 import logging
18
19 from nimbusweb.setup import autoca
20 from nimbusweb.setup.setuperrors import *
21
22 def get_opt_parser():
23 """Prepares an option parser and returns it."""
99dee6e David LaBissoniere nimbus-new-cert compatibility with Python 2.4
labisso authored
24
25 parser = optparse.OptionParser(description=__doc__)
27f326d David LaBissoniere Added nimbus-new-cert program.
labisso authored
26 parser.add_option("--common-name", "--cn", "-c", dest="cn",
27 help="Name for new certificate", metavar="NAME")
28 parser.add_option("--dir", "-d", dest="dir",
99dee6e David LaBissoniere nimbus-new-cert compatibility with Python 2.4
labisso authored
29 help="Destination directory (defaults to ~/.globus)", metavar="DIR")
27f326d David LaBissoniere Added nimbus-new-cert program.
labisso authored
30 return parser
31
32 def get_nimbus_home():
33 """Determines home directory of Nimbus install we are using.
34
35 First looks for a NIMBUS_HOME enviroment variable, else assumes that
36 the home directory is the parent directory of the directory with this
37 script.
38 """
39 nimbus_home = os.getenv("NIMBUS_HOME")
40 if not nimbus_home:
41 script_dir = os.path.dirname(__file__)
42 nimbus_home = os.path.dirname(script_dir)
43 if not os.path.exists(nimbus_home):
44 raise IncompatibleEnvironment("NIMBUS_HOME must refer to a valid path")
45 return nimbus_home
46
47 def _main():
48 nimbus_home = get_nimbus_home()
49 webdir = os.path.join(nimbus_home, 'web/')
50 if not os.path.exists(webdir):
51 raise IncompatibleEnvironment(
52 "web dir doesn't exist. is this a valid Nimbus install? (%s)"
53 % webdir)
54 configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
55 config = ConfigParser.SafeConfigParser()
56 if not config.read(configpath):
57 raise IncompatibleEnvironment(
58 "Failed to read config from '%s'. Has Nimbus been configured?"
59 % configpath)
60 try:
61 cadir = config.get('nimbussetup', 'ca.dir')
62 except NoOptionError:
63 raise IncompatibleEnvironment("Config file '%s' does not contain ca.dir" %
64 configpath)
65
66 parser = get_opt_parser()
67 (opts, args) = parser.parse_args()
68
69 if opts.dir:
70 dir = os.path.abspath(opts.dir)
71 if not os.path.isdir(dir):
72 raise InvalidInput("The specified directory does not exist (%s)" %
73 dir)
74 else:
75 dir = os.path.expanduser("~/.globus/")
76 if not os.path.exists(dir):
77 try:
78 os.mkdir(dir)
79 except:
80 raise IncompatibleEnvironment("Destination directory was not "+
81 "specified. Creating the default ~/.globus directory "+
82 "failed: %s" % dir)
83 keypath = os.path.join(dir, "userkey.pem")
84 certpath = os.path.join(dir, "usercert.pem")
85
86 if os.path.exists(keypath):
87 raise IncompatibleEnvironment(
88 "The destination key path exists: '%s'" % keypath)
89 if os.path.exists(certpath):
90 raise IncompatibleEnvironment(
91 "The destination cert path exists: '%s'" % certpath)
92 if not os.access(dir, os.W_OK):
93 raise IncompatibleEnvironment(
94 "The destination directory is not writable: '%s'" % dir)
95
96 print "\nThe new certificate and key will be placed in: %s" % dir
97
98 cn = opts.cn
99 if not cn:
100 print "\nPlease enter the Common Name for the new certificate."
101 print "This could be the user's full name or username."
102 cn = raw_input("Name: ")
103 cn = cn.strip()
104 if not cn:
105 raise InvalidInput("You must specify a valid Common Name")
106
107 log = logging.getLogger()
108 dn = autoca.createCert(cn, webdir, cadir, certpath, keypath, log)
109
110 print "Success! The DN of the new certificate is:\n\n \"%s\"\n"%dn
111
112 def main():
113 try:
114 _main()
115 except InvalidInput, e:
116 msg = "\nProblem with input: %s" % e.msg
117 print >>sys.stderr, msg
118 return 1
119
120 except InvalidConfig, e:
121 msg = "\nProblem with configuration: %s" % e.msg
122 print >>sys.stderr, msg
123 return 2
124
125 except IncompatibleEnvironment, e:
126 msg = "\nProblem with environment: %s" % e.msg
127 print >>sys.stderr, msg
128
129 return 0
130
131 if __name__ == "__main__":
132 try:
133 sys.exit(main())
134 except SystemExit, KeyboardInterrupt:
135 raise
136 except:
137 info = sys.exc_info()
138 try:
139 name = info[0].__name__
140 except AttributeError:
141 name = info[0]
142 err = "\nUnexpected error! Please report all of the following info:\n\n"
143 err += "%s: %s" % (name, info[1])
144 print >>sys.stderr, err
145 traceback.print_tb(info[2])
146 sys.exit(97)
Something went wrong with that request. Please try again.