Changeset 7699 for TI12-security


Ignore:
Timestamp:
04/11/10 16:11:57 (9 years ago)
Author:
pjkersha
Message:

Fixes for NCAR Gateway use:

  • fix default cert/key and CA dir locations


Location:
TI12-security/trunk/esg_wget_script
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/esg_wget_script/esg-download.sh

    r7253 r7699  
    1212cmdline_opt=`getopt -o hO: --long help,output-document:,certificate:,private-key:,ca-directory:,save-cookies:: -n "$cmdname" -- "$@"` 
    1313 
    14 defaultCaDir=$HOME/.globus/certificates/esg 
    1514esgDotDir=$HOME/.esg 
     15defaultCertFile=$esgDotDir/credentials.pem 
     16defaultPrivateKeyFile=$esgDotDir/credentials.pem 
     17defaultCaDir=$esgDotDir/certificates 
    1618defaultCookieFile=$esgDotDir/cookies.txt 
    1719usage="Usage: $cmdname <data download URI> <options ...>\n 
     
    2123   Options\n 
    2224       -h | --help\t\t\t\tDisplays usage\n 
    23        -O | --output-document\t<filepath>\tLocation of output file (defaults to appropriate file name based on requested URI\n 
    24        --certificate\t<certificate file>\tSSL certificate to authenticate with (PEM format).\n 
    25        \t\t\t\t\tDefaults to X509_USER_PROXY or X509_USER_CERT if set.  If using X509_USER_PROXY,\n 
    26        \t\t\t\t\tit must point to a file containing the concatenated certificate and private\n 
     25       -O | --output-document\t<filepath>\tLocation of output file (defaults to\n 
     26       \t\t\t\t\tappropriate file name based on requested\n 
     27       \t\t\t\t\tURI\n 
     28       --certificate\t<certificate file>\tSSL certificate to authenticate with\n 
     29       \t\t\t\t\t(PEM format).\n 
     30       \t\t\t\t\tDefaults to X509_USER_PROXY or\n 
     31       \t\t\t\t\tX509_USER_CERT if set, otherwise to\n  
     32       \t\t\t\t\t$defaultCertFile.  If\n 
     33       \t\t\t\t\tusing X509_USER_PROXY,\n 
     34       \t\t\t\t\tit must point to a file containing the\n 
     35       \t\t\t\t\tconcatenated certificate and private\n 
    2736       \t\t\t\t\tkey files.\n 
    28        --private-key\t<private key file>\tfile containing private key for SSL authentication (PEM format)\n 
    29        \t\t\t\t\tDefaults to X509_USER_PROXY or X509_USER_KEY if set.\n 
    30        --ca-directory\t<directory path>\tDirectory containing the trusted CA (Certificate Authority) certificates used\n 
    31        \t\t\t\t\tto verify the identity of the server (defaults to \n 
    32        \t\t\t\t\t$defaultCaDir or may be set from the X509_CERT_DIR\n 
    33        \t\t\t\t\tenvironment variable).  The CA files can be obtained by a call\n 
    34        \t\t\t\t\tto MyProxy logon saving 'trust roots' to the selected CA directory.\n 
    35        --save-cookies\t<cookie file>\t\tSave cookies to this file.  The default location is $defaultCookieFile 
     37       --private-key\t<private key file>\tfile containing private key for SSL\n 
     38       \t\t\t\t\tauthentication (PEM format) Defaults to\n 
     39       \t\t\t\t\tX509_USER_PROXY or X509_USER_KEY if set,\n  
     40       \t\t\t\t\totherwise to\n 
     41       \t\t\t\t\t$defaultPrivateKeyFile.\n 
     42       --ca-directory\t<directory path>\tDirectory containing the trusted\n 
     43       \t\t\t\t\tCA (Certificate Authority) certificates\n 
     44       \t\t\t\t\tused to verify the identity of the\n 
     45       \t\t\t\t\tserver (defaults to \n 
     46       \t\t\t\t\t$defaultCaDir or may\n 
     47       \t\t\t\t\tbe set from the X509_CERT_DIR\n 
     48       \t\t\t\t\tenvironment variable).  The CA files can\n 
     49       \t\t\t\t\tbe obtained by a call to MyProxy logon\n 
     50       \t\t\t\t\tsaving 'trust roots' to the selected CA\n 
     51       \t\t\t\t\tdirectory.\n 
     52       --save-cookies\t<cookie file>\t\tSave cookies to this file.  The default\n 
     53       \t\t\t\t\tlocation is\n 
     54       \t\t\t\t\t$defaultCookieFile. 
    3655" 
    3756 
     
    6180    exit 1 ; 
    6281fi 
    63      
     82 
     83# Set up default ESG config directory 
     84if [ ! -d $esgDotDir ]; then 
     85    mkdir $esgDotDir ; 
     86fi 
     87    
    6488# Set-up trust root 
    6589if [ -z $caDir ]; then   
    6690    if [ ${X509_CERT_DIR} ]; then 
    6791        caDir=${X509_CERT_DIR} 
    68     elif [ "$username" = "root" ]; then 
    69         caDir=/etc/grid-security/certificates 
    7092    else 
    71         caDir=${HOME}/.globus/certificates/esg 
     93        caDir=$defaultCaDir 
    7294    fi 
    7395fi 
     
    83105    elif [ ${X509_USER_CERT} ]; then 
    84106        certFile=${X509_USER_CERT}     
     107    else 
     108        certFile=$defaultCertFile    
    85109    fi 
    86110     
     
    92116    if [ ${X509_USER_KEY} ]; then 
    93117        privateKeyFile=${X509_USER_KEY} 
     118    else 
     119        privateKeyFile=$defaultPrivateKeyFile 
    94120    fi 
    95121     
     
    101127if [ -z $cookieFile ]; then 
    102128    cookieFile=$defaultCookieFile 
    103     if [ ! -d $esgDotDir ]; then 
    104         mkdir $esgDotDir ; 
    105     fi 
    106129fi 
    107130 
     
    113136 
    114137# Make the call 
    115 wget --secure-protocol=SSLv3 \ 
     138wget \ 
    116139 --ca-directory=$caDir \ 
    117140 --certificate=$certFile \ 
  • TI12-security/trunk/esg_wget_script/esg-recursive-download.sh

    r7253 r7699  
    11# 
    2 # ESG Download script wraps wget call with settings for ESG Security 
     2# ESG Recursive Download script wraps wget call with settings for ESG Security 
    33# 
    44# @author P J Kershaw 28/07/2010 
     
    1212cmdline_opt=`getopt -o hO: --long help,output-document:,certificate:,private-key:,ca-directory:,save-cookies:: -n "$cmdname" -- "$@"` 
    1313 
    14 defaultCaDir=$HOME/.globus/certificates/esg 
    1514esgDotDir=$HOME/.esg 
     15defaultCertFile=$esgDotDir/credentials.pem 
     16defaultPrivateKeyFile=$esgDotDir/credentials.pem 
     17defaultCaDir=$esgDotDir/certificates 
    1618defaultCookieFile=$esgDotDir/cookies.txt 
    1719usage="Usage: $cmdname <data download URI> <options ...>\n 
    1820\n 
    19 Script for Earth System Grid recursive data download.\n\n 
     21Script for Earth System Grid data download.\n\n 
    2022 
    2123   Options\n 
    2224       -h | --help\t\t\t\tDisplays usage\n 
    23        -O | --output-document\t<filepath>\tLocation of output file (defaults to appropriate file name based on requested URI\n 
    24        --certificate\t<certificate file>\tSSL certificate to authenticate with (PEM format).\n 
    25        \t\t\t\t\tDefaults to X509_USER_PROXY or X509_USER_CERT if set.  If using X509_USER_PROXY,\n 
    26        \t\t\t\t\tit must point to a file containing the concatenated certificate and private\n 
     25       -O | --output-document\t<filepath>\tLocation of output file (defaults to\n 
     26       \t\t\t\t\tappropriate file name based on requested\n 
     27       \t\t\t\t\tURI\n 
     28       --certificate\t<certificate file>\tSSL certificate to authenticate with\n 
     29       \t\t\t\t\t(PEM format).\n 
     30       \t\t\t\t\tDefaults to X509_USER_PROXY or\n 
     31       \t\t\t\t\tX509_USER_CERT if set, otherwise to\n  
     32       \t\t\t\t\t$defaultCertFile.  If\n 
     33       \t\t\t\t\tusing X509_USER_PROXY,\n 
     34       \t\t\t\t\tit must point to a file containing the\n 
     35       \t\t\t\t\tconcatenated certificate and private\n 
    2736       \t\t\t\t\tkey files.\n 
    28        --private-key\t<private key file>\tfile containing private key for SSL authentication (PEM format)\n 
    29        \t\t\t\t\tDefaults to X509_USER_PROXY or X509_USER_KEY if set.\n 
    30        --ca-directory\t<directory path>\tDirectory containing the trusted CA (Certificate Authority) certificates used\n 
    31        \t\t\t\t\tto verify the identity of the server (defaults to \n 
    32        \t\t\t\t\t$defaultCaDir or may be set from the X509_CERT_DIR\n 
    33        \t\t\t\t\tenvironment variable).  The CA files can be obtained by a call\n 
    34        \t\t\t\t\tto MyProxy logon saving 'trust roots' to the selected CA directory.\n 
    35        --save-cookies\t<cookie file>\t\tSave cookies to this file.  The default location is $defaultCookieFile 
     37       --private-key\t<private key file>\tfile containing private key for SSL\n 
     38       \t\t\t\t\tauthentication (PEM format) Defaults to\n 
     39       \t\t\t\t\tX509_USER_PROXY or X509_USER_KEY if set,\n  
     40       \t\t\t\t\totherwise to\n 
     41       \t\t\t\t\t$defaultPrivateKeyFile.\n 
     42       --ca-directory\t<directory path>\tDirectory containing the trusted\n 
     43       \t\t\t\t\tCA (Certificate Authority) certificates\n 
     44       \t\t\t\t\tused to verify the identity of the\n 
     45       \t\t\t\t\tserver (defaults to \n 
     46       \t\t\t\t\t$defaultCaDir or may\n 
     47       \t\t\t\t\tbe set from the X509_CERT_DIR\n 
     48       \t\t\t\t\tenvironment variable).  The CA files can\n 
     49       \t\t\t\t\tbe obtained by a call to MyProxy logon\n 
     50       \t\t\t\t\tsaving 'trust roots' to the selected CA\n 
     51       \t\t\t\t\tdirectory.\n 
     52       --save-cookies\t<cookie file>\t\tSave cookies to this file.  The default\n 
     53       \t\t\t\t\tlocation is\n 
     54       \t\t\t\t\t$defaultCookieFile. 
    3655" 
    3756 
     
    6180    exit 1 ; 
    6281fi 
    63      
     82 
     83# Set up default ESG config directory 
     84if [ ! -d $esgDotDir ]; then 
     85    mkdir $esgDotDir ; 
     86fi 
     87    
    6488# Set-up trust root 
    6589if [ -z $caDir ]; then   
    6690    if [ ${X509_CERT_DIR} ]; then 
    6791        caDir=${X509_CERT_DIR} 
    68     elif [ "$username" = "root" ]; then 
    69         caDir=/etc/grid-security/certificates 
    7092    else 
    71         caDir=${HOME}/.globus/certificates/esg 
     93        caDir=$defaultCaDir 
    7294    fi 
    7395fi 
     
    83105    elif [ ${X509_USER_CERT} ]; then 
    84106        certFile=${X509_USER_CERT}     
     107    else 
     108        certFile=$defaultCertFile    
    85109    fi 
    86110     
     
    92116    if [ ${X509_USER_KEY} ]; then 
    93117        privateKeyFile=${X509_USER_KEY} 
     118    else 
     119        privateKeyFile=$defaultPrivateKeyFile 
    94120    fi 
    95121     
     
    101127if [ -z $cookieFile ]; then 
    102128    cookieFile=$defaultCookieFile 
    103     if [ ! -d $esgDotDir ]; then 
    104         mkdir $esgDotDir ; 
    105     fi 
    106129fi 
    107130 
     
    111134    outputFileSetting= 
    112135fi 
    113  
    114136 
    115137# Two stage wget call to workaround recursive mode (-r) not working with  
Note: See TracChangeset for help on using the changeset viewer.