Context Navigation

← Previous Change
Next Change →

Changeset 4624 for TI12-security

Timestamp:

12/12/08 16:13:31 (11 years ago)

Author:

pjkersha

Message:

#941: refactored to use ini file instead of XML for config.

Location:

TI12-security/trunk/python/MyProxyClient

Files:

: 1 deleted
: 6 edited

myproxy.py (modified) (52 diffs)
setup.py (modified) (1 diff)
test/README (modified) (4 diffs)
test/myProxyClient.cfg (modified) (1 diff)
test/myProxyClientTest.cfg (modified) (1 diff)
test/myProxyProperties.xml (deleted)
test/test_myproxyclient.py (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/python/MyProxyClient/myproxy.py

-                      r4615
+                      r4624
 """MyProxy Client interface
+NERC Data Grid Project
+Developed for the NERC DataGrid Project: http://ndg.nerc.ac.uk/
 Major re-write of an original class.   This updated version implements methods
 …
 certain rights."""
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = '$Id: MyProxy.py 3196 2008-01-10 14:45:59Z pjkersha $'
+__revision__ = '$Id$'
+import logging
+log = logging.getLogger(__name__)
 import sys, os
 import socket
 …
     import cElementTree as ElementTree
+from ndg.security.common.openssl import OpenSSLConfig, OpenSSLConfigError
+class MyProxyClientError(Exception):
+    """Catch all exception class"""
+class GetError(Exception):
+    """Exceptions arising from get request to server"""
+class RetrieveError(Exception):
+    """Error recovering a response from MyProxy"""
+from openssl import OpenSSLConfig, OpenSSLConfigError
+from ConfigParser import SafeConfigParser
+class CaseSensitiveConfigParser(SafeConfigParser):
+    '''Subclass the SafeConfigParser - to preserve the original string case of
+    config section names
+    '''
+    def optionxform(self, optionstr):
+        '''Extend SafeConfigParser.optionxform to preserve case of option names
+        '''
+        return optionstr
 class _HostCheck(SSL.Checker.Checker):
 …
             # Try match against DN set from MYPROXY_SERVER_DN / config
             # file setting
+            peerCertDN = '/' + \
+                    peerCert.get_subject().as_text().replace(', ', '/')
+            peerCertDN = '/'+peerCert.get_subject().as_text().replace(', ','/')
+            # If they match drop the exception and return all OK instead
             if peerCertDN != self.myProxyServerDN:
+                # They match - drop the exception and return all OK instead
+                raise e
+                raise
         return True
+class MyProxyClientError(Exception):
+    """Base exception class for MyProxyClient exceptions"""
+class MyProxyClientConfigError(MyProxyClientError):
+    """Error with configuration"""
+class MyProxyClientGetError(MyProxyClientError):
+    """Exceptions arising from get request to server"""
+class MyProxyClientRetrieveError(MyProxyClientError):
+    """Error recovering a response from MyProxy"""
 …
     http://grid.ncsa.uiuc.edu/myproxy/protocol/
     @type __getCmd: string
     @cvar __getCmd: get command string
     @type __infoCmd: string
     @cvar __infoCmd: info command string
     @type __destroyCmd: string
     @cvar __destroyCmd: destroy command string
     @type __changePassphrase: string
     @cvar __changePassphrase: command string to change cred pass-phrase
     @type __storeCmd: string
     @cvar __storeCmd: store command string
+    @type getCmd: string
+    @cvar getCmd: get command string
+    @type infoCmd: string
+    @cvar infoCmd: info command string
+    @type destroyCmd: string
+    @cvar destroyCmd: destroy command string
+    @type changePassphraseCmd: string
+    @cvar changePassphraseCmd: command string to change cred pass-phrase
+    @type storeCmd: string
+    @cvar storeCmd: store command string
     @type _hostCertSubDirPath: string
 …
     @cvar _hostKeySubDirPath: sub-directory path to host key (as tuple)
     @type __validKeys: tuple
     @cvar __validKeys: sets permissable element names for MyProxy XML config
+    @type propertyDefaults: tuple
+    @cvar propertyDefaults: sets permissable element names for MyProxy config
     file
     """
     __getCmd="""VERSION=MYPROXYv2
+    getCmd="""VERSION=MYPROXYv2
 COMMAND=0
 USERNAME=%s
 …
 LIFETIME=%d"""
     __infoCmd="""VERSION=MYPROXYv2
+    infoCmd="""VERSION=MYPROXYv2
 COMMAND=2
 USERNAME=%s
 …
 LIFETIME=0"""
     __destroyCmd="""VERSION=MYPROXYv2
+    destroyCmd="""VERSION=MYPROXYv2
 COMMAND=3
 USERNAME=%s
 …
 LIFETIME=0"""
     __changePassphraseCmd="""VERSION=MYPROXYv2
+    changePassphraseCmd="""VERSION=MYPROXYv2
  COMMAND=4
  USERNAME=%s
 …
  LIFETIME=0"""
     __storeCmd="""VERSION=MYPROXYv2
+    storeCmd="""VERSION=MYPROXYv2
 COMMAND=5
 USERNAME=%s
 …
     # valid configuration property keywords
     __validKeys = ('hostname',
                    'port',
                    'serverDN',
                    'serverCNprefix',
                    'gridSecurityDir',
                    'openSSLConfFilePath',
                    'tmpDir',
                    'proxyCertMaxLifetime',
                    'proxyCertLifetime',
                    'caCertFile')
+    propertyDefaults = {
+       'hostname':              'localhost',
+       'port':                  7512,
+       'serverDN':              '',
+       'serverCNPrefix':        'host/',
+       'openSSLConfFilePath':   '',
+       'proxyCertMaxLifetime':  43200,
+       'proxyCertLifetime':     43200,
+       'caCertFilePathList':    []
+    }
     # Work out default location of proxy file if it exists.  This is set if a
 …
     @classmethod
     def writeProxyFile(cls, proxyCert, proxyPriKey, userX509Cert, filePath=None):
+    def writeProxyFile(cls,proxyCert,proxyPriKey,userX509Cert,filePath=None):
         """Write out proxy cert to file in the same way as myproxy-logon -
         proxy cert, private key, user cert.  Nb. output from logon can be
 …
         if filePath is None:
             MyProxyClientError, \
                 "Error setting proxy file path - invalid platform?"
+            MyProxyClientConfigError("Error setting proxy file path - invalid "
+                                     "platform?")
         outStr = proxyCert + proxyPriKey + userX509Cert
         open(MyProxyClient.defProxyFile, 'w').write(outStr)
         try:
             # Make sure permssions are set correctly
+            # Make sure permissions are set correctly
             os.chmod(MyProxyClient.defProxyFile, 0600)
         except Exception:
+        except Exception, e:
             # Don't leave the file lying around if couldn't change it's
             # permissions
             os.unlink(MyProxyClient.defProxyFile)
             raise MyProxyClientError, \
                 'Unable to set 0600 permissions for proxy file "%s": %s' % \
                 (MyProxyClient.defProxyFile, e)
+            log.error('Unable to set 0600 permissions for proxy file "%s": %s'%
+                      (MyProxyClient.defProxyFile, e))
+            raise
     @classmethod
 …
         if filePath is None:
             filePath = MyProxyClient.defProxyFile
+        if filePath is None:
+            MyProxyClientConfigError("Error setting proxy file path - invalid "
+                                     "platform?")
         proxy = open(MyProxyClient.defProxyFile).read()
 …
     def __init__(self, propFilePath=None, **prop):
+    def __init__(self, cfgFilePath=None, **prop):
         """Make any initial settings for client connections to MyProxy
         Settings are held in a dictionary which can be set from **prop,
         a call to setProperties() or by passing settings in an XML file
+        given by propFilePath
+        @param propFilePath:   set properties via a configuration file
+        @param **prop:         set properties via keywords - see __validKeys
+        class variable for a list of these
+        """
+        # Check for parameter names set from input
+        #self.certReqDNparam = None
+        # settings dictionary
+        self.__prop = {}
+        # Server host name - take from environment variable if available
+        if 'MYPROXY_SERVER' in os.environ:
+            self.__prop['hostname'] = os.environ['MYPROXY_SERVER']
+        # ... and port number
+        if 'MYPROXY_SERVER_PORT' in os.environ:
+            self.__prop['port'] = int(os.environ['MYPROXY_SERVER_PORT'])
+        else:
+            # Usual default is ...
+            self.__prop['port'] = 7512
+        self.__prop['proxyCertLifetime'] = 43200
+        self.__prop['proxyCertMaxLifetime'] = 43200
+        given by cfgFilePath
+        @param cfgFilePath:   set properties via a configuration file
+        @param **prop:         set properties via keywords - see
+        propertyDefaults class variable for a list of these
+        """
         # Configuration file used to get default subject when generating a
         # new proxy certificate request
+        self.__openSSLConf = OpenSSLConfig()
+        # Properties set via input keywords
+        self.setProperties(**prop)
+        self._openSSLConfig = OpenSSLConfig()
+        # Default settings.  Nb. '_' - override property methods in order to
+        # set defaults
+        for opt, val in MyProxyClient.propertyDefaults.items():
+            setattr(self, '_'+opt, val)
+        # Server host name - take from environment variable if available
+        if 'MYPROXY_SERVER' in os.environ:
+            self.hostname = os.environ['MYPROXY_SERVER']
+        # ... and port number
+        if 'MYPROXY_SERVER_PORT' in os.environ:
+            self.port = int(os.environ['MYPROXY_SERVER_PORT'])
+        # keyword settings
+        for opt, val in prop.items():
+            setattr(self, opt, val)
         # If properties file is set any parameters settings in file will
         # override those set by input keyword
+        if propFilePath is not None:
+            self.readProperties(propFilePath)
+    #_________________________________________________________________________
+    def setProperties(self, **prop):
+        """Update existing properties from an input dictionary
+        Check input keys are valid names"""
+        invalidKeys = [key for key in prop if key not in self.__validKeys]
+        if invalidKeys:
+            raise MyProxyClientError, 'Invalid property name(s) set: "%s"' % \
+                                    '", "'.join(invalidKeys)
+        self.__prop.update(prop)
+        # Update openssl conf file path
+        #
+        # Check 'prop' to see if they've been in THIS update
+        # Check 'self.__prop' to ensure both are present in
+        # order to construct a file path
+        if 'openSSLConfFilePath' in prop:
+            self.__openSSLConf.filePath = self.__prop['openSSLConfFilePath']
+            self.__openSSLConf.read()
+    #_________________________________________________________________________
+    def readProperties(self, propFilePath=None, propElem=None):
+        """Read XML properties from a file or cElementTree node
+        propFilePath|propertiesElem
+        @type propFilePath: string
+        @param propFilePath: set to read from the specified file
+        @type propElem: ElementTree node
+        @param propElem: set to read beginning from a cElementTree node
+        """
+        if propFilePath is not None:
+            try:
+                tree = ElementTree.parse(propFilePath)
+                propElem = tree.getroot()
+            except IOError, e:
+                raise MyProxyClientError, \
+                                "Error parsing properties file \"%s\": %s" % \
+                                (e.filename, e.strerror)
+            except Exception, e:
+                raise MyProxyClientError, \
+                                "Error parsing properties file: %s" % str(e)
+        if propElem is None:
+            raise MyProxyClientError, \
+                    "Root element for parsing properties file is not defined"
+        # Get properties as a data dictionary
+        prop = {}
+        try:
+            for elem in propElem:
+                # Check for string type to avoid exceptions from isdigit and
+                # expandvars
+                if isinstance(elem.text, basestring):
+                    if elem.text.isdigit():
+                        prop[elem.tag] = int(elem.text)
+                    else:
+                        prop[elem.tag] = os.path.expandvars(elem.text)
+                else:
+                    prop[elem.tag] = elem.text
+        except Exception, e:
+            raise SessionManagerError, \
+                "Error parsing tag \"%s\" in properties file" % elem.tag
+        self.setProperties(**prop)
+    #_________________________________________________________________________
+    def __getOpenSSLConfig(self):
+        if cfgFilePath is not None:
+            self.parseConfig(cfg=cfgFilePath)
+    def parseConfig(self, cfg, section='DEFAULT'):
+        '''Extract parameters from _cfg config object'''
+        if isinstance(cfg, basestring):
+            cfgFilePath = os.path.expandvars(cfg)
+            self._cfg = CaseSensitiveConfigParser()
+            self._cfg.read(cfgFilePath)
+        else:
+            cfgFilePath = None
+            self._cfg = cfg
+        for key, val in self._cfg.items(section):
+            setattr(self, key, val)
+    # Get/Set Property methods
+    def _getHostname(self):
+        return self._hostname
+    def _setHostname(self, val):
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for hostname "
+                                 "attribute")
+        self._hostname = val
+    hostname = property(fget=_getHostname,
+                        fset=_setHostname,
+                        doc="hostname of MyProxy server")
+    def _getPort(self):
+        return self._port
+    def _setPort(self, val):
+        if isinstance(val, basestring):
+            self._port = int(val)
+        elif isinstance(val, int):
+            self._port = val
+        else:
+            raise AttributeError("Expecting int type for port attribute")
+    port = property(fget=_getPort,
+                    fset=_setPort,
+                    doc="Port number for MyProxy server")
+    def _getServerDN(self):
+        return self._serverDN
+    def _setServerDN(self, val):
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for serverDN "
+                                 "attribute")
+        self._serverDN = val
+    serverDN = property(fget=_getServerDN,
+                        fset=_setServerDN,
+                        doc="Distinguished Name for MyProxy Server "
+                            "Certificate")
+    def _getServerCNPrefix(self):
+        return self._serverCNPrefix
+    def _setServerCNPrefix(self, val):
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for serverCNPrefix "
+                                 "attribute")
+        self._serverCNPrefix = val
+    serverCNPrefix = property(fget=_getServerCNPrefix,
+                              fset=_setServerCNPrefix,
+                              doc="Prefix if any for Server Certificate DN "
+                                  "Common Name e.g. 'host/'")
+    def _getOpenSSLConfFilePath(self):
+        return self._openSSLConfFilePath
+    def _setOpenSSLConfFilePath(self, val):
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for "
+                                 "openSSLConfFilePath attribute")
+        self._openSSLConfFilePath = os.path.expandvars(val)
+        self._openSSLConfig.filePath = self._openSSLConfFilePath
+        self._openSSLConfig.read()
+    openSSLConfFilePath = property(fget=_getOpenSSLConfFilePath,
+                                   fset=_setOpenSSLConfFilePath,
+                                   doc="file path for OpenSSL config file")
+    def _getProxyCertMaxLifetime(self):
+        return self._proxyCertMaxLifetime
+    def _setProxyCertMaxLifetime(self, val):
+        if isinstance(val, basestring):
+            self._proxyCertMaxLifetime = int(val)
+        elif isinstance(val, int):
+            self._proxyCertMaxLifetime = val
+        else:
+            raise AttributeError("Expecting int type for proxyCertMaxLifetime "
+                                 "attribute")
+    proxyCertMaxLifetime = property(fget=_getProxyCertMaxLifetime,
+                                    fset=_setProxyCertMaxLifetime,
+                                    doc="Default max. lifetime allowed for "
+                                        "Proxy Certificate retrieved - used "
+                                        "by store method")
+    def _getProxyCertLifetime(self):
+        return self._proxyCertLifetime
+    def _setProxyCertLifetime(self, val):
+        if isinstance(val, basestring):
+            self._proxyCertLifetime = int(val)
+        elif isinstance(val, int):
+            self._proxyCertLifetime = val
+        else:
+            raise AttributeError("Expecting int type for proxyCertLifetime "
+                                 "attribute")
+    proxyCertLifetime = property(fget=_getProxyCertLifetime,
+                                 fset=_setProxyCertLifetime,
+                                 doc="Default proxy cert. lifetime used in "
+                                     "logon request")
+    def _getCACertFilePath(self):
+        return self._caCertFilePath
+    def _setCACertFilePath(self, val):
+        '''@type val: basestring
+        @param val: file path for CA certificate to be used to verify
+        MyProxy server certificate'''
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for caCertFilePath "
+                                 "attribute")
+        self._caCertFilePath = os.path.expandvars(val)
+    caCertFilePath = property(fget=_getCACertFilePath,
+                              fset=_setCACertFilePath,
+                              doc="CA certificate file path - MyProxy server "
+                                  "certificate must validate against it and/"
+                                  "or any present in caCertDir")
+    def _getCACertDir(self):
+        return self._caCertDir
+    def _setCACertDir(self, val):
+        '''Specify a directory containing PEM encoded CA certs. used for
+        validation of MyProxy server certificate.
+        @type val: basestring
+        @param val: directory path'''
+        if not isinstance(val, basestring):
+            raise AttributeError("Expecting string type for caCertDir "
+                                 "attribute")
+        self._caCertDir = os.path.expandvars(val)
+    caCertFileDir = property(fget=_getCACertDir,
+                             fset=_setCACertDir,
+                             doc="directory containing PEM encoded CA "
+                                 "certs. used along with caCertFilePath "
+                                 "setting to validate MyProxy server "
+                                 "certificate")
+    def _getOpenSSLConfig(self):
         "Get OpenSSLConfig object property method"
         return self.__openSSLConfig
     openSSLConfig = property(fget=__getOpenSSLConfig,
+        return self._openSSLConfig
+    openSSLConfig = property(fget=_getOpenSSLConfig,
                              doc="OpenSSLConfig object")
+    #_________________________________________________________________________
     def _initConnection(self,
                         ownerCertFile=None,
 …
         server side identity checks
+        @type ownerCertFile: basestring
         @param ownerCertFile: client certificate and owner of credential
         to be acted on.  Can be a proxy cert + proxy's signing cert.  Cert
         and private key are not necessary for getDelegation / logon calls
+        @type ownerKeyFile: basestring
         @param ownerKeyFile: client private key file
+        @type ownerPassphrase: basestring
         @param ownerPassphrase: pass-phrase protecting private key if set -
         not needed in the case of a proxy private key
 …
         context = SSL.Context(protocol='sslv3')
+        if 'caCertFile' in self.__prop:
+            context.load_verify_locations(cafile=self.__prop['caCertFile'])
+        if self.caCertFilePath or self.caCertDir:
+            context.load_verify_locations(cafile=self.caCertFilePath,
+                                          capath=self.caCertDir)
             # Stop if peer's certificate can't be verified
 …
             try:
                 context.load_cert_chain(ownerCertFile,
                                 keyfile=ownerKeyFile,
                                 callback=lambda *ar, **kw: ownerPassphrase)
+                                    keyfile=ownerKeyFile,
+                                    callback=lambda *ar, **kw: ownerPassphrase)
             except Exception, e:
                 raise MyProxyClientError, \
             "Error loading CA cert., cert. and key for SSL connection: %s" % e
+                raise MyProxyClientError("Error loading CA cert., cert. and "
+                                         "key for SSL connection: %s" % e)
             # Verify peer's certificate
 …
         # 'serverDN'
         # host/<hostname> one
         hostCheck = _HostCheck(host=self.__prop['hostname'],
                                myProxyServerDN=self.__prop.get('serverDN'),
                                cnHostPfx=self.__prop.get('serverCNprefix'))
+        hostCheck = _HostCheck(host=self.hostname,
+                               myProxyServerDN=self.serverDN,
+                               cnHostPfx=self.serverCNPrefix)
         conn.set_post_connection_check_callback(hostCheck)
 …
-    #_________________________________________________________________________
     def _createCertReq(self, CN, nBitsForKey=1024, messageDigest="md5"):
         """
         Create a certificate request.
+        @type CN: basestring
         @param CN: Common Name for certificate - effectively the same as the
         username for the MyProxy credential
+        @type nBitsForKey: int
         @param nBitsForKey: number of bits for private key generation -
         default is 1024
+        @param messageDigest: message disgest type - default is MD5
+        @return tuple of certificate request PEM text and private key PEM text
+        @type messageDigest: basestring
+        @param messageDigest: message digest type - default is MD5
+        @rtype: tuple
+        @return certificate request PEM text and private key PEM text
         """
 …
         req.set_pubkey(pubKey)
         defaultReqDN = self.__openSSLConf.reqDN
+        defaultReqDN = self._openSSLConfig.reqDN
         # Set DN
 …
-    #_________________________________________________________________________
     def _deserializeResponse(self, msg, *fieldNames):
         """
 …
-    #_________________________________________________________________________
     def _deserializeCerts(self, inputDat):
         """Unpack certificates returned from a get delegation call to the
 …
-    #_________________________________________________________________________
     def info(self,
              username,
 …
         given username
+        Exceptions:  GetError, RetrieveError
+        @raise MyProxyClientGetError:
+        @raise MyProxyClientRetrieveError:
         @type username: string
 …
             if globusLoc:
                 ownerCertFile = os.path.join(globusLoc,
                                          *MyProxyClient._hostCertSubDirPath)
+                                            *MyProxyClient._hostCertSubDirPath)
                 ownerKeyFile = os.path.join(globusLoc,
                                          *MyProxyClient._hostKeySubDirPath)
+                                            *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
             "No client authentication cert. and private key file were given"
+                raise MyProxyClientError(
+            "No client authentication cert. and private key file were given")
         # Set-up SSL connection
 …
                                     ownerPassphrase=ownerPassphrase)
         conn.connect((self.__prop['hostname'], self.__prop['port']))
+        conn.connect((self.hostname, self.port))
         # send globus compatibility stuff
 …
         # send info command - ensure conversion from unicode before writing
         cmd = MyProxyClient.__infoCmd % username
+        cmd = MyProxyClient.infoCmd % username
         conn.write(str(cmd))
 …
         # Pass in the names of fields to return in the dictionary 'field'
         respCode, errorTxt, field = self._deserializeResponse(dat,
                                                          'CRED_START_TIME',
                                                          'CRED_END_TIME',
                                                          'CRED_OWNER')
+                                                             'CRED_START_TIME',
+                                                             'CRED_END_TIME',
+                                                             'CRED_OWNER')
         return not bool(respCode), errorTxt, field
-    #_________________________________________________________________________
     def changePassphrase(self,
                          username,
 …
         """change pass-phrase protecting the credentials for a given username
+        Exceptions:  GetError, RetrieveError
+        @raise MyProxyClientGetError:
+        @raise MyProxyClientRetrieveError:
         @param username: username of credential
 …
                                          *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
             "No client authentication cert. and private key file were given"
+                raise MyProxyClientError(
+            "No client authentication cert. and private key file were given")
         # Set-up SSL connection
 …
                                     ownerPassphrase=ownerPassphrase)
         conn.connect((self.__prop['hostname'], self.__prop['port']))
+        conn.connect((self.hostname, self.port))
         # send globus compatibility stuff
 …
         # send command - ensure conversion from unicode before writing
         cmd = MyProxyClient.__changePassphraseCmd % (username,
                                                      passphrase,
                                                      newPassphrase)
+        cmd = MyProxyClient.changePassphraseCmd % (username,
+                                                   passphrase,
+                                                   newPassphrase)
         conn.write(str(cmd))
 …
         respCode, errorTxt = self._deserializeResponse(dat)
         if respCode:
+            raise GetError, errorTxt
+    #_________________________________________________________________________
+            raise MyProxyClientGetError(errorTxt)
     def destroy(self,
                 username,
 …
         """destroy credentials from the server for a given username
+        Exceptions:  GetError, RetrieveError
+        @raise MyProxyClientGetError:
+        @raise MyProxyClientRetrieveError:
         @param username: username selected for credential
 …
                                          *MyProxyClient._hostKeySubDirPath)
             else:
                 raise MyProxyClientError, \
             "No client authentication cert. and private key file were given"
+                raise MyProxyClientError(
+            "No client authentication cert. and private key file were given")
         # Set-up SSL connection
 …
                                     ownerPassphrase=ownerPassphrase)
         conn.connect((self.__prop['hostname'], self.__prop['port']))
+        conn.connect((self.hostname, self.port))
         # send globus compatibility stuff
 …
         # send destroy command - ensure conversion from unicode before writing
         cmd = MyProxyClient.__destroyCmd % username
+        cmd = MyProxyClient.destroyCmd % username
         conn.write(str(cmd))
 …
         respCode, errorTxt = self._deserializeResponse(dat)
         if respCode:
+            raise GetError, errorTxt
+    #_________________________________________________________________________
+            raise MyProxyClientGetError(errorTxt)
     def store(self,
               username,
 …
         """Upload credentials to the server
         @raise GetError:
         @raise RetrieveError:
+        @raise MyProxyClientGetError:
+        @raise MyProxyClientRetrieveError:
         @type username: string
 …
         """
         lifetime = lifetime or self.__prop['proxyCertMaxLifetime']
+        lifetime = lifetime or self.proxyCertMaxLifetime
         # Inputs must be string type otherwise server will reject the request
 …
                          ownerKeyFile=ownerKeyFile,
                          ownerPassphrase=ownerPassphrase)[0]:
                 raise MyProxyClientError, \
                         "Credentials already exist for user: %s" % username
+                raise MyProxyClientError(
+                        "Credentials already exist for user: %s" % username)
         # Set up SSL connection
 …
                                     ownerPassphrase=ownerPassphrase)
         conn.connect((self.__prop['hostname'], self.__prop['port']))
+        conn.connect((self.hostname, self.port))
         # send globus compatibility stuff
 …
         # send store command - ensure conversion from unicode before writing
         cmd = MyProxyClient.__storeCmd % (username, lifetime)
+        cmd = MyProxyClient.storeCmd % (username, lifetime)
         conn.write(str(cmd))
 …
         respCode, errorTxt = self._deserializeResponse(dat)
         if respCode:
             raise GetError, errorTxt
+            raise MyProxyClientGetError(errorTxt)
         # Send certificate and private key
 …
         respCode, errorTxt = self._deserializeResponse(resp)
         if respCode:
+            raise RetrieveError, errorTxt
+    #_________________________________________________________________________
+            raise MyProxyClientRetrieveError(errorTxt)
     def logon(self, username, passphrase, lifetime=None):
         """Retrieve a proxy credential from a MyProxy server
         Exceptions:  GetError, RetrieveError
+        Exceptions:  MyProxyClientGetError, MyProxyClientRetrieveError
         @type username: basestring
 …
         """
         lifetime = lifetime or self.__prop['proxyCertLifetime']
+        lifetime = lifetime or self.proxyCertLifetime
         # Generate certificate request here - any errors will be thrown
 …
         # Set-up SSL connection
         conn = self._initConnection()
         conn.connect((self.__prop['hostname'], self.__prop['port']))
+        conn.connect((self.hostname, self.port))
         # send globus compatibility stuff
 …
         # send get command - ensure conversion from unicode before writing
         cmd = MyProxyClient.__getCmd % (username, passphrase, lifetime)
+        cmd = MyProxyClient.getCmd % (username, passphrase, lifetime)
         conn.write(str(cmd))
 …
         respCode, errorTxt = self._deserializeResponse(dat)
         if respCode:
             raise GetError, errorTxt
+            raise MyProxyClientGetError(errorTxt)
         # Send certificate request
 …
         respCode, errorTxt = self._deserializeResponse(resp)
         if respCode:
             raise RetrieveError, errorTxt
+            raise MyProxyClientRetrieveError(errorTxt)
         # deserialize certs from received cert data
         pemCerts = self._deserializeCerts(dat)
         if len(pemCerts) != nCerts:
             RetrieveError, "%d certs expected, %d received" % \
                                                     (nCerts, len(pemCerts))
+            MyProxyClientRetrieveError("%d certs expected, %d received" %
+                                                    (nCerts, len(pemCerts)))
         # Return certs and private key
 …
         """Retrieve proxy cert for user - same as logon"""
         return self.logon(*arg, **kw)
-#_____________________________________________________________________________
-def main():
-    import traceback
-    import pdb;pdb.set_trace()
-    try:
-        CmdLineClient()
-    except Exception, e:
-        print "Error: ", e
-        print traceback.print_exc()
-        sys.exit(1)
-#  help="check whether a credential exists")
+#
-#  help="destroy credential")
+#
-#  help="change pass-phrase protecting credential")
-import optparse
-import getpass
-class CmdLineClientError(Exception):
-    """Errors related to CmdLineClient class"""
-class CmdLineClient(object):
-    """Command line interface to MyProxyClient class.  Where possible it
-    supports the same options as the Globus myproxy-* client commands"""
-    run = {
-        'info': 'runInfo',
-        'logon': 'runLogon',
-        'get-delegation': 'runGetDelegation',
-        'destroy': 'runDestroy',
-        'change-pass': 'runChangePassphrase',
-        'store': 'runStore'
+    }
-    initOpts = {
-        'info': '_addInfoOpts',
-        'logon': '_addLogonOpts',
-        'get-delegation': '_addGetDelegationOpts',
-        'destroy': '_addDestroyOpts',
-        'change-pass': '_addChangePassphraseOpts',
-        'store': '_addStoreOpts'
+    }
-    cmdUsage = {
-        'info': "usage: %prog info arg1 arg2",
-        'logon': "usage: %prog logon arg1 arg2",
-        'get-delegation': "usage: %prog get-delegation arg1 arg2",
-        'destroy': "usage: %prog destroy arg1 arg2",
-        'change-pass': "usage: %prog change-pass arg1 arg2",
-        'store': "usage: %prog store arg1 arg2"
+    }
-    # Keep '%prog' in a separate string otherwise it confuses the % operator
-    usage = "usage: %prog" + " [%s] arg1 arg2" % '|'.join(run.keys())
-    version = "%prog 0.8.7"
-    def __init__(self):
-        """Parse the command line and run the appropriate command"""
-        self.parser = optparse.OptionParser(usage=self.__class__.usage,
-                                            version=self.__class__.version)
-        # Get command - expected to be 1st arg
-        if len(sys.argv) > 1:
-            cmd = sys.argv[1]
-            if cmd not in self.__class__.run:
-                self.parser.error('"%s" command option not recognised' % cmd)
-        else:
-            self.parser.error('No command option set')
-        # Ammend usage string for specific command
-        self.parser.set_usage(self.__class__.cmdUsage[cmd])
-        # Add options based on the command set
-        self._addGenericOpts()
-        getattr(self, self.initOpts[cmd])()
-        # Omit command options as parser won't understand it
-        (self.opts, args) = self.parser.parse_args(args=sys.argv[2:])
-        # Process generic options
-        # Not all commands require username option - for those that do, check
-        # to see if it was set or omitted
-        if hasattr(self.opts, 'username') and not self.opts.username:
-            if sys.platform == 'win32':
-                self.opts.username = os.environ["USERNAME"]
-            else:
-                import pwd
-                self.opts.username = pwd.getpwuid(os.geteuid())[0]
-        self.myProxy = MyProxyClient(hostname=self.opts.host,
-                                     port=self.opts.port)#,
-#                                     O='NDG',
-#                                     OU='BADC')
-        # Run the command
-        getattr(self, self.run[cmd])()
-    def _addGenericOpts(self):
-        """Generic options applying to all commands"""
-        self.parser.add_option("-s",
-                          "--pshost",
-                          dest="host",
-                          default=os.environ.get('MYPROXY_SERVER'),
-                          help="The hostname of the MyProxy server to contact")
-        defPort = int(os.environ.get('MYPROXY_SERVER_PORT') or '7512')
-        self.parser.add_option("-p",
-                          "--psport",
-                          dest="port",
-                          default=defPort,
-                          type="int",
-                          help="The port of the MyProxy server to contact")
-    def _addInfoOpts(self):
-        """Add command line options for info"""
-        self.parser.add_option("-l",
-                          "--username",
-                          dest="username",
-                          help="Username for the delegated proxy")
-        self.parser.add_option("-C",
-                          "--owner-certfile",
-                          dest="ownerCertFile",
-                          help=\
-"""Certificate for owner of credentials to be queried.  If omitted, it
-defaults to $GLOBUS_LOCATION/etc/hostcert.pem.""")
-        self.parser.add_option("-Y",
-                          "--owner-keyfile",
-                          dest="ownerKeyFile",
-                          default=None,
-                          help=\
-"""Private key for owner of credentials to be stored.  If omitted, it defaults
-to $GLOBUS_LOCATION/etc/hostkey.pem.""")
-        self.parser.add_option("-w",
-                          "--owner-keyfile-passphrase",
-                          dest="ownerPassphrase",
-                          default=None,
-                          help=\
-                          "Pass-phrase for Private key used for SSL client")
-    def _addLogonOpts(self):
-        """Add command line options for logon"""
-        self.parser.add_option("-l",
-                               "--username",
-                               dest="username",
-                               help="Username for the delegated proxy")
-        self.parser.add_option("-t",
-                               "--proxy_lifetime",
-                               dest="lifetime",
-                               default=43200, # = 12 hours in seconds
-                               type="int",
-                               help=\
-            "Lifetime of proxies delegated by the server (default 12 hours)")
-        self.parser.add_option("-o",
-                               "--out",
-                               dest="outfile",
-                               help="Location of delegated proxy")
-    def _addGetDelegationOpts(self):
-        """Add command line options for Get Delegation"""
-        self._addLogonOpts()
-    def _addDestroyOpts(self):
-        """Add command line options for destroy"""
-        self.parser.add_option("-l",
-                               "--username",
-                               dest="username",
-                               help=\
-                       "Username corresponding to credentials to be removed")
-    def _addChangePassphraseOpts(self):
-        """Add command line options for change pass-phrase"""
-        self.parser.add_option("-l",
-                          "--username",
-                          dest="username",
-                          help="Username for the target proxy")
-    def _addStoreOpts(self):
-        """Add command line options for store"""
-        self.parser.add_option("-l",
-                               "--username",
-                               dest="username",
-                               help=\
-                       "Username corresponding to credentials to be stored")
-        self.parser.add_option("-c",
-                          "--certfile",
-                          dest="certFile",
-                          default=None,
-                          help="Certificate to be stored")
-        self.parser.add_option("-y",
-                          "--keyfile",
-                          dest="keyFile",
-                          default=None,
-                          help="Private key to be stored")
-        self.parser.add_option("-C",
-                          "--owner-certfile",
-                          dest="ownerCertFile",
-                          help=\
-"""Cert. for owner of credentials to be stored.  If omitted, it defaults to
-$GLOBUS_LOCATION/etc/hostcert.pem.  If this is not readable, the cert. to be
-stored is set as the owner.""")
-        self.parser.add_option("-Y",
-                          "--owner-keyfile",
-                          dest="ownerKeyFile",
-                          default=None,
-                          help=\
-"""Private key for owner of credentials to be stored.  If omitted, it defaults
-to $GLOBUS_LOCATION/etc/hostcert.pem.""")
-        self.parser.add_option("-w",
-                          "--owner-keyfile-passphrase",
-                          dest="ownerPassphrase",
-                          default=None,
-                          help=\
-                          "Pass-phrase for Private key used for SSL client")
-        self.parser.add_option("-t",
-                               "--proxy_lifetime",
-                               dest="lifetime",
-                               default=43200, # = 12 hours in seconds
-                               type="int",
-                               help=\
-            "Lifetime of proxies delegated by the server (default 12 hours)")
-    def runGetDelegation(self):
-        """Call MyProxyClient.getDelegation"""
-        self.runLogon()
-    def runLogon(self):
-        """Call MyProxyClient.logon"""
-        outfile = self.opts.outfile or MyProxyClient.defProxyFile
-        # Get MyProxy password
-        passphrase = getpass.getpass()
-        # Retrieve proxy cert
-        creds = self.myProxy.logon(self.opts.username,
-                                   passphrase,
-                                   lifetime=self.opts.lifetime)
-        MyProxyClient.writeProxyFile(*creds)
-        print "A proxy has been received for user %s in %s." % \
-            (self.opts.username, outfile)
-    def runChangePassphrase(self):
-        """Call MyProxyClient.changePassphrase"""
-        # Get MyProxy password
-        passphrase = getpass.getpass(\
-                     prompt='Enter (current) MyProxy pass phrase: ')
-        newPassphrase = getpass.getpass(\
-                                 prompt='Enter new MyProxy pass phrase: ')
-        if newPassphrase != getpass.getpass(\
-                     prompt='Verifying - Enter new MyProxy pass phrase: '):
-            raise Exception, "Pass-phrases entered don't match"
-        self.myProxy.changePassphrase(username,
-                             passphrase,
-                             newPassphrase,
-                             self.opts.certFile,
-                             self.opts.keyFile,
-                             ownerPassphrase=open('../tmp2').read().strip())
-    def runInfo(self):
-        """Call MyProxyClient.info"""
-        if not self.opts.ownerCertFile or not self.opts.ownerKeyFile:
-#            self.opts.ownerCertFile = MyProxyClient.defProxyFile
-            # Look for proxy file stored from previous call to logon/
-            # get-delegation
-            try:
-                creds = MyProxyClient.readProxyFile()
-                # Copy proxy and user certificates
-                self.opts.ownerCertFile = './proxy-cert.pem'
-                self.opts.ownerKeyFile = './proxy-key.pem'
-                open(self.opts.ownerCertFile, 'w').write(creds[0] + ''.join(creds[2:]))
-                open(self.opts.ownerKeyFile, 'w').write(creds[1])
-            except IOError:
-                # No such file - try proceeding regardless
-                pass
-        credExists, errorTxt, fields = self.myProxy.info(self.opts.username,
-                             ownerCertFile=self.opts.ownerCertFile,
-                             ownerKeyFile=self.opts.ownerKeyFile,
-                             ownerPassphrase=self.opts.ownerPassphrase)
-        if errorTxt:
-            raise CmdLineClientError, "User %s: %s" % (self.opts.username,
-                                                       errorTxt)
-        elif credExists:
-            print "username: %s" % self.opts.username
-            print "owner: %s" % fields['CRED_OWNER']
-            print "  time left: %d" % \
-                    (fields['CRED_END_TIME'] - fields['CRED_START_TIME'])
-        else:
-            ownerCert = ''#X509.load_cert(self.opts.ownerCertFile)
-            ownerCertDN = ''#'/' + \
-                #ownerCert.get_subject().as_text().replace(', ', '/')
-            print "no credentials found for user %s, owner \"%s\"" % \
-                (self.opts.username, ownerCertDN)
-    def runDestroy(self):
-        """Call MyProxyClient.destroy"""
-        self.myProxy.destroy(self.opts.username,
-                            ownerCertFile=self.opts.certFile,
-                            ownerKeyFile=self.opts.keyFile,
-                            ownerPassphrase=open('../tmp2').read().strip())
-    def runStore(self):
-        self.myProxy.store(self.opts.username,
-                          self.opts.certFile,
-                          self.opts.keyFile,
-                          ownerCertFile=self.opts.certFile,
-                          ownerKeyFile=self.opts.keyFile,
-                          ownerPassphrase=open('./tmp').read().strip(),
-                          lifetime=self.opts.lifetime)
-if __name__ == "__main__":
-    main()

TI12-security/trunk/python/MyProxyClient/setup.py

-                      r4615
+                      r4624
     maintainer_email =          'Philip.Kershaw@stfc.ac.uk',
     url =                   'http://proj.badc.rl.ac.uk/ndg/wiki/Security',
+    install_requires =      ['ndg_security_client', 'ndg_security_server'],
+    dependency_links =      ["http://ndg.nerc.ac.uk/dist"],
+    install_requires =      ['M2Crypto'],
     license =               __license__,
     zip_safe = True

TI12-security/trunk/python/MyProxyClient/test/README

-                      r3192
+                      r4624
 ========================
 To set-up this test, A MyProxy server process must be running to test against.
+MyProxy is installed as part of the NDG Security installation.  See the
 installation guide for details:
+See http://grid.ncsa.uiuc.edu/myproxy/ for guidance on obtaining and installing
+it.
+http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw
+To run these tests:
 ) Start myproxy-server on it's host machine e.g. as root run,
 …
 ) Run the tests with the command:
 $ python ./MyProxyClientTest.py
+$ python ./test_myproxyclient.py
 ) To run individual tests give the test method name:
 $ python ./MyProxyClientTest.py MyProxyClientTestCase.test1Store
+$ python ./test_myproxyclient.py MyProxyClientTestCase.test1Store
  * Note that some tests are dependent on the output of previous tests.
 …
    check the existence of the credential after the test run test3Info:
    $ python ./MyProxyClientTest.py MyProxyClientTestCase.test3Info
+   $ python ./test_myproxyclient.py MyProxyClientTestCase.test3Info
    or use MyProxy client commands on the MyProxy host: myproxy-info,
 …
  * See the installation guide for MyProxy trouble shooting information.
+P J Kershaw 12/12/08

TI12-security/trunk/python/MyProxyClient/test/myProxyClient.cfg

-                      r4621
+                      r4624
+#
+# MyProxyClient configuration file
+#
+# NERC Data Grid Project
+#
+# P J Kershaw 12/12/08
+#
+# Copyright (C) 2008 STFC & NERC
+#
+# This software may be distributed under the terms of the Q Public License,
+# version 1.0 or later.
+[DEFAULT]
 # Delete this element and take setting from MYPROXY_SERVER environment
 # variable if required

TI12-security/trunk/python/MyProxyClient/test/myProxyClientTest.cfg

-                      r4621
+                      r4624
+#
+# MyProxyClient Unit Tests configuration file
+#
 # NERC Data Grid Project
+#
 # P J Kershaw 13/12/06
+#
 # Copyright (C) 2006 STFC & NERC
+# Copyright (C) 2008 STFC & NERC
+#
 # This software may be distributed under the terms of the Q Public License,
 # version 1.0 or later.
 [setUp]
+propFilePath: $MYPROXYCLIENT_UNITTEST_DIR/myProxyProperties.xml
+cfgFilePath: $MYPROXYCLIENT_UNITTEST_DIR/myProxyClient.cfg
 # If a pass-phrase entry is commented out it will be prompted for from the

TI12-security/trunk/python/MyProxyClient/test/test_myproxyclient.py

-                      r4621
+                      r4624
 import traceback
+from ConfigParser import SafeConfigParser
+from ndg.security.common.myproxy import MyProxyClient
+from myproxy import CaseSensitiveConfigParser, MyProxyClient
 xpdVars = os.path.expandvars
 jnPath = os.path.join
 mkPath = lambda file: jnPath(os.environ['NDGSEC_MYPROXY_UNITTEST_DIR'], file)
+mkPath = lambda file: jnPath(os.environ['MYPROXYCLIENT_UNITTEST_DIR'], file)
 class MyProxyClientTestCase(unittest.TestCase):
 …
             pdb.set_trace()
         if 'NDGSEC_MYPROXY_UNITTEST_DIR' not in os.environ:
             os.environ['NDGSEC_MYPROXY_UNITTEST_DIR'] = \
+        if 'MYPROXYCLIENT_UNITTEST_DIR' not in os.environ:
+            os.environ['MYPROXYCLIENT_UNITTEST_DIR'] = \
                 os.path.abspath(os.path.dirname(__file__))
         configParser = SafeConfigParser()
         configFilePath = jnPath(os.environ['NDGSEC_MYPROXY_UNITTEST_DIR'],
+        configParser = CaseSensitiveConfigParser()
+        configFilePath = jnPath(os.environ['MYPROXYCLIENT_UNITTEST_DIR'],
                                 "myProxyClientTest.cfg")
         configParser.read(configFilePath)
 …
             self.cfg[section] = dict(configParser.items(section))
         self.clnt = MyProxyClient(\
                     propFilePath=xpdVars(self.cfg['setUp']['propfilepath']))
+        self.clnt = MyProxyClient(
+                        cfgFilePath=xpdVars(self.cfg['setUp']['cfgFilePath']))
     def test1Store(self):
         '''test1Store: upload X509 cert and private key to repository'''
+        thisSection = self.cfg['test1Store']
+        passphrase = thisSection.get('passphrase')
+        if passphrase is None:
+            passphrase = getpass.getpass(prompt="\ntest1Store credential "
+                                                "pass-phrase: ")
+        passphrase = self.cfg['test1Store'].get('passphrase')
+        if passphrase is None:
+            passphrase = getpass.getpass(\
+                                 prompt="\ntest1Store cred. pass-phrase: ")
+        ownerPassphrase = thisSection.get('ownerPassphrase')
+        if ownerPassphrase is None:
+            ownerPassphrase = getpass.getpass(prompt="\ntest1Store credential "
+                                                     " owner pass-phrase: ")
+        certFile = xpdVars(thisSection['signingCertFilePath'])
+        keyFile = xpdVars(thisSection['signingPriKeyFilePath'])
+        ownerCertFile = xpdVars(thisSection['ownerCertFile'])
+        ownerKeyFile = xpdVars(thisSection['ownerKeyFile'])
+        ownerPassphrase = self.cfg['test1Store'].get('ownerpassphrase')
+        if ownerPassphrase is None:
+            ownerPassphrase = getpass.getpass(\
+                              prompt="\ntest1Store cred. owner pass-phrase: ")
+        certFile = xpdVars(self.cfg['test1Store']['signingcertfilepath'])
+        keyFile = xpdVars(self.cfg['test1Store']['signingprikeyfilepath'])
+        ownerCertFile = xpdVars(self.cfg['test1Store']['ownercertfile'])
+        ownerKeyFile = xpdVars(self.cfg['test1Store']['ownerkeyfile'])
+        try:
+            self.clnt.store(self.cfg['test1Store']['username'],
+                            passphrase,
+                            certFile,
+                            keyFile,
+                            ownerCertFile=ownerCertFile,
+                            ownerKeyFile=ownerKeyFile,
+                            ownerPassphrase=ownerPassphrase,
+                            force=False)
+            print "Store creds for user %s" % \
+                                            self.cfg['test1Store']['username']
+        except:
+            self.fail(traceback.print_exc())
+        self.clnt.store(thisSection['username'],
+                        passphrase,
+                        certFile,
+                        keyFile,
+                        ownerCertFile=ownerCertFile,
+                        ownerKeyFile=ownerKeyFile,
+                        ownerPassphrase=ownerPassphrase,
+                        force=False)
+        print "Store creds for user %s" % thisSection['username']
     def test2GetDelegation(self):
         '''test2GetDelegation: retrieve proxy cert./private key'''
+        passphrase = self.cfg['test2GetDelegation'].get('passphrase')
+        thisSection = self.cfg['test2GetDelegation']
+        passphrase = thisSection.get('passphrase')
         if passphrase is None:
             passphrase = getpass.getpass(\
                                  prompt="\ntest2GetDelegation pass-phrase: ")
+            passphrase = getpass.getpass(prompt="\ntest2GetDelegation "
+                                                "pass-phrase: ")
+        try:
+            proxyCertFile = \
+                xpdVars(self.cfg['test2GetDelegation']['proxycertfileout'])
+            proxyKeyFile = \
+                xpdVars(self.cfg['test2GetDelegation']['proxykeyfileout'])
+        proxyCertFile = xpdVars(thisSection['proxyCertFileOut'])
+        proxyKeyFile = xpdVars(thisSection['proxykeyfileout'])
+            creds = self.clnt.getDelegation(\
+                                  self.cfg['test2GetDelegation']['username'],
+                                  passphrase)
+            print "proxy credentials:"
+            print ''.join(creds)
+            open(proxyCertFile, 'w').write(creds[0]+''.join(creds[2:]))
+            open(proxyKeyFile, 'w').write(creds[1])
+        except:
+            self.fail(traceback.print_exc())
+        creds = self.clnt.getDelegation(thisSection['username'],
+                                        passphrase)
+        print "proxy credentials:"
+        print ''.join(creds)
+        open(proxyCertFile, 'w').write(creds[0]+''.join(creds[2:]))
+        open(proxyKeyFile, 'w').write(creds[1])
     def test3Info(self):
         '''test3Info: Retrieve information about a given credential'''
+        thisSection = thisSection
         # ownerpassphrase can be omitted from the congif file in which case
+        # ownerPassphrase can be omitted from the congif file in which case
         # the get call below would return None
         ownerPassphrase = self.cfg['test3Info'].get('ownerpassphrase')
+        ownerPassphrase = thisSection.get('ownerPassphrase')
         if ownerPassphrase is None:
             ownerPassphrase = getpass.getpass(\
                               prompt="\ntest3Info owner creds pass-phrase: ")
+            ownerPassphrase = getpass.getpass(prompt="\ntest3Info owner "
+                                              "credentials pass-phrase: ")
+        try:
+            credExists, errorTxt, fields = self.clnt.info(
+                             self.cfg['test3Info']['username'],
+                             xpdVars(self.cfg['test3Info']['ownercertfile']),
+                             xpdVars(self.cfg['test3Info']['ownerkeyfile']),
+                             ownerPassphrase=ownerPassphrase)
+            print "test3Info... "
+            print "credExists: %s" % credExists
+            print "errorTxt: " + errorTxt
+            print "fields: %s" % fields
+        except:
+            self.fail(traceback.print_exc())
+        credExists, errorTxt, fields = self.clnt.info(
+                                     thisSection['username'],
+                                     xpdVars(thisSection['ownerCertFile']),
+                                     xpdVars(thisSection['ownerKeyFile']),
+                                     ownerPassphrase=ownerPassphrase)
+        print "test3Info... "
+        print "credExists: %s" % credExists
+        print "errorTxt: " + errorTxt
+        print "fields: %s" % fields
 …
         """test4ChangePassphrase: change pass-phrase protecting a given
         credential"""
+        try:
+            passphrase=self.cfg['test4ChangePassphrase'].get('passphrase')
+            if passphrase is None:
+                passphrase = getpass.getpass(\
+                             prompt="test4ChangePassphrase - pass-phrase: ")
+            newPassphrase = \
+                        self.cfg['test4ChangePassphrase'].get('newpassphrase')
+            if newPassphrase is None:
+                newPassphrase = getpass.getpass(\
+                        prompt="test4ChangePassphrase - new pass-phrase: ")
+                confirmNewPassphrase = getpass.getpass(\
+                prompt="test4ChangePassphrase - confirm new pass-phrase: ")
+                if newPassphrase != confirmNewPassphrase:
+                    self.fail("New and confirmed new password don't match")
+            ownerPassphrase = \
+                self.cfg['test4ChangePassphrase'].get('ownerpassphrase') or \
+                passphrase
+            self.clnt.changePassphrase(
+                self.cfg['test4ChangePassphrase']['username'],
+                passphrase,
+                newPassphrase,
+                xpdVars(self.cfg['test4ChangePassphrase']['ownercertfile']),
+                xpdVars(self.cfg['test4ChangePassphrase']['ownerkeyfile']),
+                ownerPassphrase=ownerPassphrase)
+            print "Change pass-phrase"
+        except:
+            self.fail(traceback.print_exc())
+        thisSection = self.cfg['test4ChangePassphrase']
+        passphrase = thisSection.get('passphrase')
+        if passphrase is None:
+            passphrase = getpass.getpass(prompt="test4ChangePassphrase - "
+                                                "pass-phrase: ")
+        newPassphrase = thisSection.get('newpassphrase')
+        if newPassphrase is None:
+            newPassphrase = getpass.getpass(prompt="test4ChangePassphrase "
+                                                   "- new pass-phrase: ")
+            confirmNewPassphrase = getpass.getpass(prompt=\
+                                                   "test4ChangePassphrase "
+                                                   "- confirm new "
+                                                   "pass-phrase: ")
+            if newPassphrase != confirmNewPassphrase:
+                self.fail("New and confirmed new password don't match")
+        ownerPassphrase = thisSection.get('ownerPassphrase') or passphrase
+        self.clnt.changePassphrase(thisSection['username'],
+                                   passphrase,
+                                   newPassphrase,
+                                   xpdVars(thisSection['ownerCertFile']),
+                                   xpdVars(thisSection['ownerKeyFile']),
+                                   ownerPassphrase=ownerPassphrase)
+        print "Change pass-phrase"
 …
         '''test5Destroy: destroy credentials for a given user'''
         ownerPassphrase = self.cfg['test5Destroy'].get('ownerpassphrase')
+        ownerPassphrase = self.cfg['test5Destroy'].get('ownerPassphrase')
         if ownerPassphrase is None:
             ownerPassphrase = getpass.getpass(\
                           prompt="\ntest5Destroy cred. owner pass-phrase: ")
+            ownerPassphrase = getpass.getpass(prompt="\ntest5Destroy "
+                                              "credential owner pass-phrase: ")
         try:
             self.clnt.destroy(self.cfg['test5Destroy']['username'],
             ownerCertFile=xpdVars(self.cfg['test5Destroy']['ownercertfile']),
             ownerKeyFile=xpdVars(self.cfg['test5Destroy']['ownerkeyfile']),
+            ownerCertFile=xpdVars(self.cfg['test5Destroy']['ownerCertFile']),
+            ownerKeyFile=xpdVars(self.cfg['test5Destroy']['ownerKeyFile']),
             ownerPassphrase=ownerPassphrase)
             print "Destroy creds for user %s" % \
 …
-#_____________________________________________________________________________
 class MyProxyClientTestSuite(unittest.TestSuite):
     def __init__(self):

Note: See TracChangeset for help on using the changeset viewer.