source: TI12-security/trunk/MyProxyWebService/myproxy/test/myproxy-ws-logon-wget.sh @ 7765

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyWebService/myproxy/test/myproxy-ws-logon-wget.sh@7765
Revision 7765, 3.4 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 20: Check for MyProxy? Logon bash script bug

  • Re-organising package structure: unit tests move to the top-level and new package client also for the top-level.
  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# Client script for web service interface to MyProxy logon based on openssl and
4# curl
5#
6# @author P J Kershaw 25/05/2010
7#
8# @copyright: (C) 2010 STFC
9#
10# @license: BSD - See top-level LICENCE file for licence details
11#
12# $Id$
13cmdname=$(basename $0)
14cmdline_opt=`getopt -o hU:l:So: --long help,uri:,username:,stdin_pass,out:: -n "$cmdname" -- "$@"`
15
16usage="Usage: $cmdname [-U MyProxy Web Service URI][-l username] ...\n
17\n
18   Options\n
19       -h | --help\t\t\t\tDisplays usage\n
20       -U | --uri\t\t<uri>\t\tMyProxy web service URI\n
21       -l | --username\t<username>\tUsername for the delegated proxy (defaults to \$LOGNAME)\n
22       -S | --stdin_pass\t\t\tpass password from stdin rather prompt from tty\n
23       -o | --out\t\t<filepath>\tLocation of delegated proxy (default to stdout)\n
24"
25
26if [ $? != 0 ] ; then
27    echo -e $usage >&2 ;
28    exit 1 ;
29fi
30
31eval set -- "$cmdline_opt"
32
33while true ; do
34    case "$1" in
35        -h|--help) echo -e $usage ; exit 0 ;;
36        -U|--uri) uri=$2 ; shift 2 ;;
37        -l|--username) username=$2 ; shift 2 ;;
38        -S|--stdin_pass) stdin_pass=True ; shift 1 ;;
39        -o|--out) outfilepath=$2 ; shift 2 ;;
40        --) shift ; break ;;
41        *) echo "Error parsing command line" ; exit 1 ;;
42    esac
43done
44
45if [ -z $uri ]; then
46    echo -e Give the URI for the MyProxy web service logon request;
47    echo -e $usage >&2 ;
48    exit 1;
49fi
50
51# Default to LOGNAME if not set on command line
52if [ -z $username ]; then
53    username=${LOGNAME}
54fi
55
56# Read password
57if [ $stdin_pass ]; then
58    read password;
59else
60    stty -echo
61    read -p "Enter MyProxy pass phrase: " password; echo
62    stty echo
63fi
64
65# Set-up trust root
66if [ ${X509_CERT_DIR} ]; then
67    cadir=${X509_CERT_DIR}
68elif [ "$username" = "root" ]; then
69    cadir=/etc/grid-security/certificates
70else
71    cadir=${HOME}/.globus/certificates
72fi
73
74# Set output file path
75if [ -z $outfilepath ]; then
76    if [ ${X509_USER_PROXY} ]; then
77        outfilepath=${X509_USER_PROXY}
78    else
79        # Default to stdout
80        outfilepath=/dev/stdout
81    fi
82fi
83
84# Make a temporary file location for the certificate request
85certreqfilepath="/tmp/$UID-$RANDOM.csr"
86
87# Generate key pair and request.  The key file is written to the 'key' var
88key=$(openssl req -new -newkey rsa:2048 -nodes -keyout /dev/stdout -subj /CN=dummy -out $certreqfilepath 2> /dev/null)
89
90# URL Encode certificate request - allow for '+' symbol in the base64 charset -
91# needs to be hex equivalent
92
93# Post request to MyProxy web service passing username/password for HTTP Basic
94# auth based authentication. 
95encoded_certreq=$(cat $certreqfilepath|sed s/+/%2B/g)
96
97response=$(wget --secure-protocol SSLv3 --ca-directory=$cadir \
98--http-user=$username --http-password=$password \
99--post-data "certificate_request=$encoded_certreq" \
100-t 1 --auth-no-challenge $uri -O - 2>&1)
101
102# Pull out the response code from the output
103wget_statcode_line="HTTP request sent, awaiting response..."
104responsecode=$(echo "$response"|grep "$wget_statcode_line"|awk '{print $6}')
105if [ "$responsecode" != "200" ]; then
106    echo "$responsemsg" >&2
107    exit 1
108fi
109
110# Extract the certificate
111cert=$(echo "$response" | openssl x509)
112# Simple sanity check on extracted cert
113if [[ $cert != -----BEGIN\ CERTIFICATE-----* ]]; then
114    echo "Expecting certificate in response; got:"
115    echo "$cert" >&2
116    exit 1
117fi
118
119# Output certificate
120echo "$cert" > $outfilepath
121
122# Add key
123echo "$key" >> $outfilepath
Note: See TracBrowser for help on using the repository browser.