1 | #!/bin/bash |
---|
2 | # |
---|
3 | # Client script for web service interface to MyProxy logon based on openssl and |
---|
4 | # curl |
---|
5 | # |
---|
6 | # @author P J Kershaw 25/05/2010 |
---|
7 | # |
---|
8 | # @copyright: (C) 2010 STFC |
---|
9 | # |
---|
10 | # @license: BSD - See top-level LICENCE file for licence details |
---|
11 | # |
---|
12 | # $Id$ |
---|
13 | cmdname=$(basename $0) |
---|
14 | cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$cmdname" -- "$@"` |
---|
15 | |
---|
16 | usage="Usage: $cmdname [-U MyProxy Web Service URI][-l username] ...\n |
---|
17 | \n |
---|
18 | Options\n |
---|
19 | -h | --help\t\t\t\tDisplays usage\n |
---|
20 | -U | --uri\t\t<uri>\t\tMyProxy web service URI\n |
---|
21 | -l | --username\t<username>\tUsername for the delegated proxy (defaults to \$LOGNAME)\n |
---|
22 | -S | --stdin_pass\t\t\tpass password from stdin rather prompt from tty\n |
---|
23 | -o | --out\t\t<filepath>\tLocation of delegated proxy (default to stdout)\n |
---|
24 | " |
---|
25 | |
---|
26 | if [ $? != 0 ] ; then |
---|
27 | echo -e $usage >&2 ; |
---|
28 | exit 1 ; |
---|
29 | fi |
---|
30 | |
---|
31 | eval set -- "$cmdline_opt" |
---|
32 | |
---|
33 | while true ; do |
---|
34 | case "$1" in |
---|
35 | -h|--help) echo -e $usage ; exit 0 ;; |
---|
36 | -U|--uri) uri=$2 ; shift 2 ;; |
---|
37 | -l|--username) username=$2 ; shift 2 ;; |
---|
38 | -S|--stdin_pass) stdin_pass=True ; shift 1 ;; |
---|
39 | -o|--out) outfilepath=$2 ; shift 2 ;; |
---|
40 | --) shift ; break ;; |
---|
41 | *) echo "Error parsing command line" ; exit 1 ;; |
---|
42 | esac |
---|
43 | done |
---|
44 | |
---|
45 | if [ -z $uri ]; then |
---|
46 | echo -e Give the URI for the MyProxy web service logon request; |
---|
47 | echo -e $usage >&2 ; |
---|
48 | exit 1; |
---|
49 | fi |
---|
50 | |
---|
51 | # Default to LOGNAME if not set on command line |
---|
52 | if [ -z $username ]; then |
---|
53 | username=${LOGNAME} |
---|
54 | fi |
---|
55 | |
---|
56 | # Read password |
---|
57 | if [ $stdin_pass ]; then |
---|
58 | read password; |
---|
59 | else |
---|
60 | stty -echo |
---|
61 | read -p "Enter MyProxy pass phrase: " password; echo |
---|
62 | stty echo |
---|
63 | fi |
---|
64 | |
---|
65 | # Set-up trust root |
---|
66 | if [ ${X509_CERT_DIR} ]; then |
---|
67 | cadir=${X509_CERT_DIR} |
---|
68 | elif [ "$username" = "root" ]; then |
---|
69 | cadir=/etc/grid-security/certificates |
---|
70 | else |
---|
71 | cadir=${HOME}/.globus/certificates |
---|
72 | fi |
---|
73 | |
---|
74 | # Set output file path |
---|
75 | if [ -z $outfilepath ]; then |
---|
76 | if [ ${X509_USER_PROXY} ]; then |
---|
77 | outfilepath=${X509_USER_PROXY} |
---|
78 | else |
---|
79 | # Default to stdout |
---|
80 | outfilepath=/dev/stdout |
---|
81 | fi |
---|
82 | fi |
---|
83 | |
---|
84 | # Make a temporary file location for the certificate request |
---|
85 | certreqfilepath="/tmp/$UID-$RANDOM.csr" |
---|
86 | |
---|
87 | # Generate key pair and request. The key file is written to the 'key' var |
---|
88 | key=$(openssl req -new -newkey rsa:2048 -nodes -keyout /dev/stdout -subj /CN=dummy -out $certreqfilepath 2> /dev/null) |
---|
89 | |
---|
90 | # Post request to MyProxy web service passing username/password for HTTP Basic |
---|
91 | # auth based authentication. |
---|
92 | response=$(curl $uri -u $username:$password --data-urlencode "certificate_request=$(cat $certreqfilepath)" --capath $cadir -w " %{http_code}" -s -S) |
---|
93 | responsemsg=$(echo "$response"|sed '$s/ *\([^ ]* *\)$//') |
---|
94 | responsecode=$(echo $response|awk '{print $NF}') |
---|
95 | if [ "$responsecode" != "200" ]; then |
---|
96 | echo "$responsemsg" >&2 |
---|
97 | exit 1 |
---|
98 | fi |
---|
99 | |
---|
100 | # Simple sanity check on response |
---|
101 | if [[ $responsemsg != -----BEGIN\ CERTIFICATE-----* ]]; then |
---|
102 | echo "Expecting certificate in response; got:" |
---|
103 | echo "$responsemsg" >&2 |
---|
104 | exit 1 |
---|
105 | fi |
---|
106 | |
---|
107 | # Output certificate |
---|
108 | echo "$responsemsg" > $outfilepath |
---|
109 | |
---|
110 | # Add key |
---|
111 | echo "$key" >> $outfilepath |
---|