| 1 |
ronalds |
192 |
################################################################################ |
| 2 |
|
|
# This is '@SELF@', a @NAME@'s file |
| 3 |
|
|
################################################################################ |
| 4 |
|
|
# |
| 5 |
|
|
# VERSION: @VERSION@, @DATE@ |
| 6 |
|
|
# AUTHOR: @AUTHOR@ |
| 7 |
|
|
# MAINTAINER: @MAINTAINER@ |
| 8 |
|
|
# LICENSE: @LICENSE@ |
| 9 |
|
|
# |
| 10 |
|
|
################################################################################ |
| 11 |
|
|
# Coding style: emulate <TAB> characters with 4 spaces, thanks! |
| 12 |
|
|
################################################################################ |
| 13 |
|
|
|
| 14 |
|
|
package NCM::Component::@COMP@; |
| 15 |
|
|
|
| 16 |
|
|
use strict; |
| 17 |
|
|
use warnings; |
| 18 |
|
|
use NCM::Component; |
| 19 |
|
|
use EDG::WP4::CCM::Property; |
| 20 |
|
|
use NCM::Check; |
| 21 |
|
|
use FileHandle; |
| 22 |
|
|
use LC::Process qw (execute); |
| 23 |
|
|
use LC::Exception qw (throw_error); |
| 24 |
|
|
use File::Basename; |
| 25 |
|
|
|
| 26 |
|
|
our @ISA = qw (NCM::Component); |
| 27 |
|
|
our $EC = LC::Exception::Context->new->will_store_all; |
| 28 |
|
|
|
| 29 |
|
|
use constant COMP_PATH => '/software/components/@COMP@'; |
| 30 |
|
|
|
| 31 |
ronalds |
1604 |
|
| 32 |
|
|
sub prepare_backup_and_dir { |
| 33 |
|
|
my $file = @_; |
| 34 |
|
|
|
| 35 |
|
|
# make backup of existing file |
| 36 |
|
|
LC::File::move($file, $file.".old") if ( -f $file ); |
| 37 |
|
|
|
| 38 |
|
|
# create the directory to hold the file |
| 39 |
|
|
my $dir = dirname($file); |
| 40 |
|
|
if ( ! -d $dir ) { |
| 41 |
|
|
LC::File::makedir($dir); |
| 42 |
|
|
} |
| 43 |
|
|
} |
| 44 |
|
|
|
| 45 |
|
|
|
| 46 |
ronalds |
192 |
sub Configure |
| 47 |
|
|
{ |
| 48 |
|
|
my ($self, $config) = @_; |
| 49 |
|
|
|
| 50 |
|
|
if ( $config->elementExists(COMP_PATH) ) { |
| 51 |
|
|
my $st = $config->getElement(COMP_PATH)->getTree; |
| 52 |
|
|
|
| 53 |
ronalds |
1604 |
my $keycerts = $st->{'key_cert'}; |
| 54 |
ronalds |
192 |
my $server_url = $st->{'server_url'}; |
| 55 |
|
|
my $trustedget = $st->{'trustedget'}; |
| 56 |
|
|
|
| 57 |
|
|
# can the program to access the URL be executed? |
| 58 |
|
|
if ( ! -x $trustedget ) { |
| 59 |
|
|
$self->error("Cannot execute $trustedget: $!"); |
| 60 |
|
|
return; |
| 61 |
|
|
} |
| 62 |
|
|
|
| 63 |
ronalds |
1604 |
# create random directory only accessible for root |
| 64 |
|
|
my $tmpdir = LC::File::random_directory( '/tmp/trustedget-X', 0700 ); |
| 65 |
|
|
my $tmpcert = "$tmpdir/hostcert.pem"; |
| 66 |
|
|
my $tmpkey = "$tmpdir/hostkey.pem"; |
| 67 |
|
|
|
| 68 |
ronalds |
192 |
# query the server to determine if the key can be downloaded |
| 69 |
|
|
my $err; |
| 70 |
|
|
my $can_download = 0; |
| 71 |
|
|
$self->debug(1, "Determine if the host key can be downloaded"); |
| 72 |
|
|
my $cmd = "$trustedget ${server_url}?willdo"; |
| 73 |
|
|
$self->debug(3, "$cmd"); |
| 74 |
|
|
LC::Process::execute([$cmd], "stdout" => \$err); |
| 75 |
|
|
if ( $? ) { |
| 76 |
|
|
chomp($err); |
| 77 |
|
|
$self->info($err); |
| 78 |
|
|
$can_download = 0; |
| 79 |
|
|
} |
| 80 |
|
|
else { |
| 81 |
|
|
$can_download = 1; |
| 82 |
|
|
|
| 83 |
ronalds |
1604 |
# download key |
| 84 |
|
|
my $cmd = "$trustedget ${server_url}?key > $tmpkey"; |
| 85 |
ronalds |
192 |
$self->debug(3, "$cmd"); |
| 86 |
|
|
LC::Process::execute([$cmd], "stdout" => \$err); |
| 87 |
|
|
if ( $? ) { |
| 88 |
|
|
chomp $err; |
| 89 |
|
|
$self->error($err); |
| 90 |
|
|
} |
| 91 |
ronalds |
1604 |
chmod 0400, $tmpkey; |
| 92 |
ronalds |
192 |
|
| 93 |
ronalds |
1604 |
# download certificate |
| 94 |
|
|
$cmd = "$trustedget ${server_url}?cert > $tmpcert"; |
| 95 |
ronalds |
192 |
$self->debug(3, "$cmd"); |
| 96 |
|
|
LC::Process::execute([$cmd], "stdout" => \$err); |
| 97 |
|
|
if ( $? ) { |
| 98 |
|
|
chomp $err; |
| 99 |
|
|
$self->error($err); |
| 100 |
|
|
} |
| 101 |
ronalds |
1604 |
chmod 0644, $tmpcert; |
| 102 |
ronalds |
192 |
} |
| 103 |
ronalds |
1604 |
|
| 104 |
ronalds |
192 |
|
| 105 |
ronalds |
1604 |
# download certificate and key if possible |
| 106 |
|
|
if ( $can_download ) { |
| 107 |
|
|
$self->info("Copying downloaded files..."); |
| 108 |
|
|
foreach my $i ( @$keycerts ) { |
| 109 |
|
|
my $key = $i->{'hostkey'}; |
| 110 |
|
|
my $cert = $i->{'hostcert'}; |
| 111 |
|
|
|
| 112 |
|
|
my $uid = getpwnam( $i->{'owner'} ); |
| 113 |
|
|
my $gid = getgrnam( $i->{'group'} ); |
| 114 |
|
|
|
| 115 |
|
|
$self->debug("$i: $key"); |
| 116 |
|
|
|
| 117 |
|
|
&prepare_backup_and_dir( $key ); |
| 118 |
|
|
$self->info("Installing key to $key"); |
| 119 |
|
|
LC::File::copy( $tmpkey, $key ); |
| 120 |
|
|
if ( -f $key ) { |
| 121 |
|
|
chown $uid, $gid, $key; |
| 122 |
|
|
chmod 0400, $key; |
| 123 |
|
|
} |
| 124 |
|
|
|
| 125 |
|
|
&prepare_backup_and_dir( $cert ); |
| 126 |
|
|
$self->info("Installing certificate to $cert"); |
| 127 |
|
|
LC::File::copy( $tmpcert, $cert ); |
| 128 |
|
|
if ( -f $cert ) { |
| 129 |
|
|
chown $uid, $gid, $cert; |
| 130 |
|
|
} |
| 131 |
|
|
} |
| 132 |
|
|
} |
| 133 |
|
|
LC::File::remove( $tmpkey ); |
| 134 |
|
|
LC::File::remove( $tmpcert ); |
| 135 |
|
|
rmdir $tmpdir; |
| 136 |
ronalds |
192 |
} |
| 137 |
|
|
|
| 138 |
|
|
return 1; |
| 139 |
|
|
} |
Parent Directory
| 
Revision Log