This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
/
nimbus-new-cert.py
executable file
·146 lines (125 loc) · 4.75 KB
/
nimbus-new-cert.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/usr/bin/env python
"""
Creates a new user certificate and key using the embedded Nimbus CA.
In general you should avoid using this facility for a production environment.
You should use a real Certificate Authority. This script is provided to help
you get up and running on Nimbus, with test credentials.
"""
import os
import sys
import traceback
import ConfigParser
import optparse
import readline
import logging
from nimbusweb.setup import autoca
from nimbusweb.setup.setuperrors import *
def get_opt_parser():
"""Prepares an option parser and returns it."""
parser = optparse.OptionParser(description=__doc__)
parser.add_option("--common-name", "--cn", "-c", dest="cn",
help="Name for new certificate", metavar="NAME")
parser.add_option("--dir", "-d", dest="dir",
help="Destination directory (defaults to ~/.globus)", metavar="DIR")
return parser
def get_nimbus_home():
"""Determines home directory of Nimbus install we are using.
First looks for a NIMBUS_HOME enviroment variable, else assumes that
the home directory is the parent directory of the directory with this
script.
"""
nimbus_home = os.getenv("NIMBUS_HOME")
if not nimbus_home:
script_dir = os.path.dirname(__file__)
nimbus_home = os.path.dirname(script_dir)
if not os.path.exists(nimbus_home):
raise IncompatibleEnvironment("NIMBUS_HOME must refer to a valid path")
return nimbus_home
def _main():
nimbus_home = get_nimbus_home()
webdir = os.path.join(nimbus_home, 'web/')
if not os.path.exists(webdir):
raise IncompatibleEnvironment(
"web dir doesn't exist. is this a valid Nimbus install? (%s)"
% webdir)
configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
config = ConfigParser.SafeConfigParser()
if not config.read(configpath):
raise IncompatibleEnvironment(
"Failed to read config from '%s'. Has Nimbus been configured?"
% configpath)
try:
cadir = config.get('nimbussetup', 'ca.dir')
except NoOptionError:
raise IncompatibleEnvironment("Config file '%s' does not contain ca.dir" %
configpath)
parser = get_opt_parser()
(opts, args) = parser.parse_args()
if opts.dir:
dir = os.path.abspath(opts.dir)
if not os.path.isdir(dir):
raise InvalidInput("The specified directory does not exist (%s)" %
dir)
else:
dir = os.path.expanduser("~/.globus/")
if not os.path.exists(dir):
try:
os.mkdir(dir)
except:
raise IncompatibleEnvironment("Destination directory was not "+
"specified. Creating the default ~/.globus directory "+
"failed: %s" % dir)
keypath = os.path.join(dir, "userkey.pem")
certpath = os.path.join(dir, "usercert.pem")
if os.path.exists(keypath):
raise IncompatibleEnvironment(
"The destination key path exists: '%s'" % keypath)
if os.path.exists(certpath):
raise IncompatibleEnvironment(
"The destination cert path exists: '%s'" % certpath)
if not os.access(dir, os.W_OK):
raise IncompatibleEnvironment(
"The destination directory is not writable: '%s'" % dir)
print "\nThe new certificate and key will be placed in: %s" % dir
cn = opts.cn
if not cn:
print "\nPlease enter the Common Name for the new certificate."
print "This could be the user's full name or username."
cn = raw_input("Name: ")
cn = cn.strip()
if not cn:
raise InvalidInput("You must specify a valid Common Name")
log = logging.getLogger()
dn = autoca.createCert(cn, webdir, cadir, certpath, keypath, log)
print "Success! The DN of the new certificate is:\n\n \"%s\"\n"%dn
def main():
try:
_main()
except InvalidInput, e:
msg = "\nProblem with input: %s" % e.msg
print >>sys.stderr, msg
return 1
except InvalidConfig, e:
msg = "\nProblem with configuration: %s" % e.msg
print >>sys.stderr, msg
return 2
except IncompatibleEnvironment, e:
msg = "\nProblem with environment: %s" % e.msg
print >>sys.stderr, msg
return 0
if __name__ == "__main__":
try:
sys.exit(main())
except SystemExit, KeyboardInterrupt:
raise
except:
info = sys.exc_info()
try:
name = info[0].__name__
except AttributeError:
name = info[0]
err = "\nUnexpected error! Please report all of the following info:\n\n"
err += "%s: %s" % (name, info[1])
print >>sys.stderr, err
traceback.print_tb(info[2])
sys.exit(97)