source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/openssl.py @ 2148

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/openssl.py@2148
Revision 2148, 5.7 KB checked in by pjkersha, 14 years ago (diff)

python/ndg.security.server/ndg/security/server/ca/server-config.tac:

  • added check to ensure CA pass-phrase is set and if not prompt for from command line.
  • do a get call for 'clntCertFile' dict key so that it can be optional

python/ndg.security.server/ndg/security/server/ca/init.py:

  • use $HOME/.globus/simpleCA/grid-ca-ssl.conf as the default SSL config file
  • key access methods raise KeyError? on exception
  • PassPhrase? -> passphrase

python/ndg.security.server/ndg/security/server/MyProxy.py:

  • certReqDNParam attribute is no longer needed - use openSSLConfig.reqDN instead.

python/conf/simpleCAProperties.xml,
python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml:
explanation about default openSSLConfigFilePath setting

python/ndg.security.common/ndg/security/common/wsSecurity.py: check X.509 cert text
on 64th char for newline not 65th.

python/ndg.security.common/ndg/security/common/openssl.py: fix to error reading file
exception message.

Line 
1"""OpenSSL utilities module - contains OpenSSLConfig class for
2parsing OpenSSL configuration files
3
4NERC Data Grid Project
5
6@author P J Kershaw 08/02/07
7
8@copyright (C) 2007 CCLRC & NERC
9
10@license This software may be distributed under the terms of the Q Public
11License, version 1.0 or later.
12"""
13reposID = '$Id:$'
14
15import re, os
16
17#_____________________________________________________________________________       
18class OpenSSLConfigError(Exception):
19    """Exceptions related to OpenSSLConfig class"""   
20
21
22#_____________________________________________________________________________       
23class OpenSSLConfig(object):
24    """Wrapper to OpenSSL Configuration file to allow extraction of
25    required distinguished name used for making certificate requests
26   
27    @cvar __reqDnRE: regular expression pattern for locating required
28    distinguished name from the config file
29   
30    @cvar _certReqDNParamName: permissable keys for Distinguished Name
31    (not including CN which gets set separately).  This is used in __setReqDN
32    to check input"""
33   
34    __reqDnRE = '\[\s*req_distinguished_name\s*\].*\['
35   
36    _certReqDNParamName = ('O', 'OU', '0.organizationName',
37                            '0.organizationalUnitName')
38
39   
40    def __init__(self, filePath=None):
41        """Initial OpenSSL configuration optionally setting a file path to
42        read from
43       
44        @param filePath: path to OpenSSL configuration file"""
45       
46        # Content of file
47        self.__fileTxt = None
48        self.__reqDN = None
49        self.__setFilePath(filePath)
50
51           
52    def __setFilePath(self, filePath):
53        """Set property method
54        @param filePath: path for OpenSSL configuration file"""
55        if filePath is not None:
56            if not isinstance(filePath, basestring):
57                raise OpenSSLConfigError, \
58                    "Input OpenSSL config file path must be a string"
59
60            try:
61                if not os.access(filePath, os.R_OK):
62                    raise OpenSSLConfigError, "not found or no read access"
63                                         
64            except Exception, e:
65                raise OpenSSLConfigError, \
66                    "OpenSSL config file path is not valid: \"%s\": %s" % \
67                    (filePath, str(e))
68                   
69        self.__filePath = filePath
70                   
71
72
73    def __getFilePath(self):
74        """Get property method
75        @param filePath: file path for OpenSSL configuration file"""
76        return self.__filePath
77
78    filePath = property(fget=__getFilePath,
79                        fset=__setFilePath,
80                        doc="file path for configuration file")
81   
82    def __getFileTxt(self):
83        """Get content of file in call to getReqDN
84        @rtype: string
85        @return: content of file"""
86        return self.__fileTxt
87   
88    def __setFileTxt(self, input):
89        """Set content of file
90        @type input: string
91        @param input: content of  file."""
92        if input is not None and not isinstance(input, basestring):
93            raise AttributeError, "File text must be string or None type"
94       
95        self.__fileTxt = input
96   
97   
98    fileTxt = property(fset=__setFileTxt,
99                       fget=__getFileTxt,
100                       doc="Content of SSL file")
101
102
103    def __getReqDN(self):
104        """Get property method
105        @rtype reqDN: dict
106        @return reqDN: Distinguished Name for certificate request"""
107        return self.__reqDN
108
109    def __setReqDN(self, reqDN):
110        """Set property method
111        @type reqDN: dict
112        @param reqDN: Distinguished Name for certificate request"""
113        if not isinstance(reqDN, dict):
114            raise AttributeError, "Distinguished Name must be dict type"
115       
116        invalidKw = [k for k in dict \
117                     if k not in self.__class__._certReqDNParamName]
118        if invalidKw:
119            raise AttributeError, \
120    "Invalid certificate request keyword(s): %s.  Valid keywords are: %s" % \
121    (', '.join(invalidKw), ', '.join(self.__class__._certReqDNParamName))
122
123        self.__reqDN = reqDN
124
125
126    reqDN = property(fget=__getReqDN,
127                     fset=__setReqDN,
128                     doc="Distinguished Name for certificate request")
129   
130       
131    def read(self):
132        """Read OpenSSL configuration file and parse certificate request
133        Distinguished Name settings"""
134
135        try:
136            self.__fileTxt = open(self.__filePath).read()
137        except Exception, e:
138            raise OpenSSLConfigError, \
139                "Error reading OpenSSL config file \"%s\": %s" % \
140                                                    (self.__filePath, str(e))
141        self._parseReqDN()
142
143
144    def _parseReqDN(self):
145        """Parse Required DN parameters from the configuration file returning
146        them in a dictionary
147       
148        @return Distinguished Name OU and O defaults in a dictionary"""
149       
150        # Nb. Match over line boundaries
151        try:
152            reqDnTxt = re.findall(self.__reqDnRE, self.__fileTxt, re.S)[0]
153
154            # Separate lines
155            reqDnLines = reqDnTxt.split(os.linesep)
156           
157            # Match the '*_default' entries and make a dictionary
158            #
159            # Make sure comment lies are omitted - P J Kershaw 22/07/05
160            self.__reqDN = dict([re.split('_default\s*=\s*', line) \
161                                 for line in reqDnLines \
162                                 if re.match('[^#].*_default\s*=', line)]) 
163        except Exception, e:
164            raise OpenSSLConfigError, \
165                "Error parsing content of OpenSSL config file \"%s\: %s" % \
166                                                    (self.__filePath, str(e))
Note: See TracBrowser for help on using the repository browser.