source: TI12-security/trunk/MyProxyWebService/myproxy/server/test/myproxy-ws-logon.sh @ 6945

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyWebService/myproxy/server/test/myproxy-ws-logon.sh@6945
Revision 6945, 3.0 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 5: MyProxy? Logon HTTPS Interface

  • working unit tests with shell script clients called from the unit tests
  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# Client script for web service interface to MyProxy logon based on openssl and
4# curl
5#
6# @author P J Kershaw 25/05/2010
7#
8# @copyright: (C) 2010 STFC
9#
10# @license: BSD - See top-level LICENCE file for licence details
11#
12# $Id$
13cmdname=$(basename $0)
14cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$cmdname" -- "$@"`
15
16usage="Usage: $cmdname [-U MyProxy Web Service URI][-l username] ...\n
17\n
18   Options\n
19       -h | --help\t\t\t\tDisplays usage\n
20       -U | --uri\t\t<uri>\t\tMyProxy web service URI\n
21       -l | --username\t<username>\tUsername for the delegated proxy (defaults to \$LOGNAME)\n
22       -S | --stdin_pass\t\t\tpass password from stdin rather prompt from tty\n
23       -o | --out\t\t<filepath>\tLocation of delegated proxy (default to stdout)\n
24"
25
26if [ $? != 0 ] ; then
27    echo -e $usage >&2 ;
28    exit 1 ;
29fi
30
31eval set -- "$cmdline_opt"
32
33while true ; do
34    case "$1" in
35        -h|--help) echo -e $usage ; exit 0 ;;
36        -U|--uri) uri=$2 ; shift 2 ;;
37        -l|--username) username=$2 ; shift 2 ;;
38        -S|--stdin_pass) stdin_pass=True ; shift 1 ;;
39        -o|--out) outfilepath=$2 ; shift 2 ;;
40        --) shift ; break ;;
41        *) echo "Error parsing command line" ; exit 1 ;;
42    esac
43done
44
45if [ -z $uri ]; then
46    echo -e Give the URI for the MyProxy web service logon request;
47    echo -e $usage >&2 ;
48    exit 1;
49fi
50
51# Default to LOGNAME if not set on command line
52if [ -z $username ]; then
53    username=${LOGNAME}
54fi
55
56# Read password
57if [ $stdin_pass ]; then
58    read password;
59else
60    stty -echo
61    read -p "Enter MyProxy pass phrase: " password; echo
62    stty echo
63fi
64
65# Set-up trust root
66if [ ${X509_CERT_DIR} ]; then
67    cadir=${X509_CERT_DIR}
68elif [ "$username" = "root" ]; then
69    cadir=/etc/grid-security/certificates
70else
71    cadir=${HOME}/.globus/certificates
72fi
73
74# Set output file path
75if [ -z $outfilepath ]; then
76    if [ ${X509_USER_PROXY} ]; then
77        outfilepath=${X509_USER_PROXY}
78    else
79        # Default to stdout
80        outfilepath=/dev/stdout
81    fi
82fi
83
84# Make a temporary file location for the certificate request
85certreqfilepath="/tmp/$UID-$RANDOM.csr"
86
87# Generate key pair and request.  The key file is written to the 'key' var
88key=$(openssl req -new -newkey rsa:2048 -nodes -keyout /dev/stdout -subj /CN=dummy -out $certreqfilepath 2> /dev/null)
89
90# Post request to MyProxy web service passing username/password for HTTP Basic
91# auth based authentication. 
92response=$(curl $uri --sslv3 -u $username:$password --data-urlencode "certificate_request=$(cat $certreqfilepath)" --capath $cadir -w " %{http_code}" -s -S)
93responsemsg=$(echo "$response"|sed '$s/ *\([^ ]* *\)$//')
94responsecode=$(echo $response|awk '{print $NF}')
95if [ "$responsecode" != "200" ]; then
96    echo "$responsemsg" >&2
97    exit 1
98fi
99
100# Simple sanity check on response
101if [[ $responsemsg != -----BEGIN\ CERTIFICATE-----* ]]; then
102    echo "Expecting certificate in response; got:"
103    echo "$responsemsg" >&2
104    exit 1
105fi
106
107# Output certificate
108echo "$responsemsg" > $outfilepath
109
110# Add key
111echo "$key" >> $outfilepath
Note: See TracBrowser for help on using the repository browser.