/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/trustedget/gethostkey.pm.cin
ViewVC logotype

Annotation of /trunk/nl.nikhef.ndpf.tools/trustedget/gethostkey.pm.cin

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1604 - (hide annotations) (download)
Wed Mar 31 16:29:29 2010 UTC (12 years, 4 months ago) by ronalds
File size: 4183 byte(s)
Version 1.2: changed quattor schema to support multiple destinations of cert/key pair and configurable owner

1 ronalds 192 ################################################################################
2     # This is '@SELF@', a @NAME@'s file
3     ################################################################################
4     #
5     # VERSION: @VERSION@, @DATE@
6     # AUTHOR: @AUTHOR@
7     # MAINTAINER: @MAINTAINER@
8     # LICENSE: @LICENSE@
9     #
10     ################################################################################
11     # Coding style: emulate <TAB> characters with 4 spaces, thanks!
12     ################################################################################
13    
14     package NCM::Component::@COMP@;
15    
16     use strict;
17     use warnings;
18     use NCM::Component;
19     use EDG::WP4::CCM::Property;
20     use NCM::Check;
21     use FileHandle;
22     use LC::Process qw (execute);
23     use LC::Exception qw (throw_error);
24     use File::Basename;
25    
26     our @ISA = qw (NCM::Component);
27     our $EC = LC::Exception::Context->new->will_store_all;
28    
29     use constant COMP_PATH => '/software/components/@COMP@';
30    
31 ronalds 1604
32     sub prepare_backup_and_dir {
33     my $file = @_;
34    
35     # make backup of existing file
36     LC::File::move($file, $file.".old") if ( -f $file );
37    
38     # create the directory to hold the file
39     my $dir = dirname($file);
40     if ( ! -d $dir ) {
41     LC::File::makedir($dir);
42     }
43     }
44    
45    
46 ronalds 192 sub Configure
47     {
48     my ($self, $config) = @_;
49    
50     if ( $config->elementExists(COMP_PATH) ) {
51     my $st = $config->getElement(COMP_PATH)->getTree;
52    
53 ronalds 1604 my $keycerts = $st->{'key_cert'};
54 ronalds 192 my $server_url = $st->{'server_url'};
55     my $trustedget = $st->{'trustedget'};
56    
57     # can the program to access the URL be executed?
58     if ( ! -x $trustedget ) {
59     $self->error("Cannot execute $trustedget: $!");
60     return;
61     }
62    
63 ronalds 1604 # create random directory only accessible for root
64     my $tmpdir = LC::File::random_directory( '/tmp/trustedget-X', 0700 );
65     my $tmpcert = "$tmpdir/hostcert.pem";
66     my $tmpkey = "$tmpdir/hostkey.pem";
67    
68 ronalds 192 # query the server to determine if the key can be downloaded
69     my $err;
70     my $can_download = 0;
71     $self->debug(1, "Determine if the host key can be downloaded");
72     my $cmd = "$trustedget ${server_url}?willdo";
73     $self->debug(3, "$cmd");
74     LC::Process::execute([$cmd], "stdout" => \$err);
75     if ( $? ) {
76     chomp($err);
77     $self->info($err);
78     $can_download = 0;
79     }
80     else {
81     $can_download = 1;
82    
83 ronalds 1604 # download key
84     my $cmd = "$trustedget ${server_url}?key > $tmpkey";
85 ronalds 192 $self->debug(3, "$cmd");
86     LC::Process::execute([$cmd], "stdout" => \$err);
87     if ( $? ) {
88     chomp $err;
89     $self->error($err);
90     }
91 ronalds 1604 chmod 0400, $tmpkey;
92 ronalds 192
93 ronalds 1604 # download certificate
94     $cmd = "$trustedget ${server_url}?cert > $tmpcert";
95 ronalds 192 $self->debug(3, "$cmd");
96     LC::Process::execute([$cmd], "stdout" => \$err);
97     if ( $? ) {
98     chomp $err;
99     $self->error($err);
100     }
101 ronalds 1604 chmod 0644, $tmpcert;
102 ronalds 192 }
103 ronalds 1604
104 ronalds 192
105 ronalds 1604 # download certificate and key if possible
106     if ( $can_download ) {
107     $self->info("Copying downloaded files...");
108     foreach my $i ( @$keycerts ) {
109     my $key = $i->{'hostkey'};
110     my $cert = $i->{'hostcert'};
111    
112     my $uid = getpwnam( $i->{'owner'} );
113     my $gid = getgrnam( $i->{'group'} );
114    
115     $self->debug("$i: $key");
116    
117     &prepare_backup_and_dir( $key );
118     $self->info("Installing key to $key");
119     LC::File::copy( $tmpkey, $key );
120     if ( -f $key ) {
121     chown $uid, $gid, $key;
122     chmod 0400, $key;
123     }
124    
125     &prepare_backup_and_dir( $cert );
126     $self->info("Installing certificate to $cert");
127     LC::File::copy( $tmpcert, $cert );
128     if ( -f $cert ) {
129     chown $uid, $gid, $cert;
130     }
131     }
132     }
133     LC::File::remove( $tmpkey );
134     LC::File::remove( $tmpcert );
135     rmdir $tmpdir;
136 ronalds 192 }
137    
138     return 1;
139     }

Properties

Name Value
svn:executable *
svn:keywords id

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28