source: TI12-security/trunk/MyProxyWebService/myproxy/ws/client/myproxy-ws-get-trustroots.sh @ 7768

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyWebService/myproxy/ws/client/myproxy-ws-get-trustroots.sh@7768
Revision 7768, 2.6 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 20: Check for MyProxy? Logon bash script bug

  • Move packages to new ws top-level package
  • Property keywords set to Id
  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# Client script for web service interface to MyProxy get-trustroots based on
4# curl and base64 commands.  Get trust roots retrieves the CA certificate
5# issuer(s) of the MyProxy server's SSL certificate
6#
7# @author P J Kershaw 07/06/2010
8#
9# @copyright: (C) 2010 STFC
10#
11# @license: BSD - See top-level LICENCE file for licence details
12#
13# $Id$
14cmdname=$(basename $0)
15cmdline_opt=`getopt -o hU:b --long help,uri:,bootstrap -n "$cmdname" -- "$@"`
16
17usage="Usage: $cmdname [-U MyProxy Web Service URI][-b]\n
18\n
19   Options\n
20       -h | --help\t\t\t\tDisplays usage\n
21       -U | --uri\t\t<uri>\t\tMyProxy web service URI\n
22       -b | --bootstrap\t\tbootstrap trust in the MyProxy Server\n
23"
24
25if [ $? != 0 ] ; then
26    echo -e $usage >&2 ;
27    exit 1 ;
28fi
29
30eval set -- "$cmdline_opt"
31
32while true ; do
33    case "$1" in
34        -h|--help) echo -e $usage ; exit 0 ;;
35        -U|--uri) uri=$2 ; shift 2 ;;
36        -b|--bootstrap) bootstrap=1 ; shift 1 ;;
37         --) shift ; break ;;
38        *) echo "Error parsing command line" ; exit 1 ;;
39    esac
40done
41
42if [ -z $uri ]; then
43    echo -e Give the URI for the MyProxy web service get trust roots request;
44    echo -e $usage >&2 ;
45    exit 1;
46fi
47
48# Set-up destination trust root directory
49if [ ${X509_CERT_DIR} ]; then
50    cadir=${X509_CERT_DIR}
51   
52elif [ "$LOGNAME" = "root" ]; then
53    cadir=/etc/grid-security/certificates
54   
55    # Check path exists and if not make it
56    if [ ! -d "/etc/grid-security" ]; then
57        mkdir /etc/grid-security
58    fi
59       
60    if [ ! -d "/etc/grid-security/certificates" ]; then
61        mkdir /etc/grid-security/certificates
62    fi
63else
64    cadir=${HOME}/.globus/certificates
65   
66    # Check path exists and if not make it
67    if [ ! -d "${HOME}/.globus" ]; then
68        mkdir ${HOME}/.globus
69    fi
70   
71    if [ ! -d "${HOME}/.globus/certificates" ]; then
72        mkdir ${HOME}/.globus/certificates
73    fi
74fi
75
76# Set peer authentication based on bootstrap command line setting
77if [ -z $bootstrap ]; then
78    ca_arg="--capath $cadir"
79else
80    echo Bootstrapping MyProxy server root of trust.
81    ca_arg="--insecure"
82fi
83
84# Post request to MyProxy web service
85response=$(curl $uri --sslv3 $ca_arg -w " %{http_code}" -s -S)
86responsemsg=$(echo "$response"|sed '$s/ *\([^ ]* *\)$//')
87responsecode=$(echo $response|awk '{print $NF}')
88if [ "$responsecode" != "200" ]; then
89    echo "$responsemsg" >&2
90    exit 1
91fi
92
93# Process response
94entries=$(echo $responsemsg|awk '{print $0}')
95for i in $entries; do
96    filename=${i%%=*}
97    filecontent="$(echo ${i#*=}|sed -e "s/.\{65\}/&\n/g"|openssl enc -d -base64)"
98    echo "$filecontent" > $cadir/$filename
99done
100
101echo Trust roots have been installed in $cadir.
Note: See TracBrowser for help on using the repository browser.