/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/trustedget/gethostkey.pm.cin
ViewVC logotype

Contents of /trunk/nl.nikhef.ndpf.tools/trustedget/gethostkey.pm.cin

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1604 - (show annotations) (download)
Wed Mar 31 16:29:29 2010 UTC (12 years, 3 months ago) by ronalds
File size: 4183 byte(s)
Version 1.2: changed quattor schema to support multiple destinations of cert/key pair and configurable owner

1 ################################################################################
2 # This is '@SELF@', a @NAME@'s file
3 ################################################################################
4 #
5 # VERSION: @VERSION@, @DATE@
6 # AUTHOR: @AUTHOR@
7 # MAINTAINER: @MAINTAINER@
8 # LICENSE: @LICENSE@
9 #
10 ################################################################################
11 # Coding style: emulate <TAB> characters with 4 spaces, thanks!
12 ################################################################################
13
14 package NCM::Component::@COMP@;
15
16 use strict;
17 use warnings;
18 use NCM::Component;
19 use EDG::WP4::CCM::Property;
20 use NCM::Check;
21 use FileHandle;
22 use LC::Process qw (execute);
23 use LC::Exception qw (throw_error);
24 use File::Basename;
25
26 our @ISA = qw (NCM::Component);
27 our $EC = LC::Exception::Context->new->will_store_all;
28
29 use constant COMP_PATH => '/software/components/@COMP@';
30
31
32 sub prepare_backup_and_dir {
33 my $file = @_;
34
35 # make backup of existing file
36 LC::File::move($file, $file.".old") if ( -f $file );
37
38 # create the directory to hold the file
39 my $dir = dirname($file);
40 if ( ! -d $dir ) {
41 LC::File::makedir($dir);
42 }
43 }
44
45
46 sub Configure
47 {
48 my ($self, $config) = @_;
49
50 if ( $config->elementExists(COMP_PATH) ) {
51 my $st = $config->getElement(COMP_PATH)->getTree;
52
53 my $keycerts = $st->{'key_cert'};
54 my $server_url = $st->{'server_url'};
55 my $trustedget = $st->{'trustedget'};
56
57 # can the program to access the URL be executed?
58 if ( ! -x $trustedget ) {
59 $self->error("Cannot execute $trustedget: $!");
60 return;
61 }
62
63 # create random directory only accessible for root
64 my $tmpdir = LC::File::random_directory( '/tmp/trustedget-X', 0700 );
65 my $tmpcert = "$tmpdir/hostcert.pem";
66 my $tmpkey = "$tmpdir/hostkey.pem";
67
68 # query the server to determine if the key can be downloaded
69 my $err;
70 my $can_download = 0;
71 $self->debug(1, "Determine if the host key can be downloaded");
72 my $cmd = "$trustedget ${server_url}?willdo";
73 $self->debug(3, "$cmd");
74 LC::Process::execute([$cmd], "stdout" => \$err);
75 if ( $? ) {
76 chomp($err);
77 $self->info($err);
78 $can_download = 0;
79 }
80 else {
81 $can_download = 1;
82
83 # download key
84 my $cmd = "$trustedget ${server_url}?key > $tmpkey";
85 $self->debug(3, "$cmd");
86 LC::Process::execute([$cmd], "stdout" => \$err);
87 if ( $? ) {
88 chomp $err;
89 $self->error($err);
90 }
91 chmod 0400, $tmpkey;
92
93 # download certificate
94 $cmd = "$trustedget ${server_url}?cert > $tmpcert";
95 $self->debug(3, "$cmd");
96 LC::Process::execute([$cmd], "stdout" => \$err);
97 if ( $? ) {
98 chomp $err;
99 $self->error($err);
100 }
101 chmod 0644, $tmpcert;
102 }
103
104
105 # download certificate and key if possible
106 if ( $can_download ) {
107 $self->info("Copying downloaded files...");
108 foreach my $i ( @$keycerts ) {
109 my $key = $i->{'hostkey'};
110 my $cert = $i->{'hostcert'};
111
112 my $uid = getpwnam( $i->{'owner'} );
113 my $gid = getgrnam( $i->{'group'} );
114
115 $self->debug("$i: $key");
116
117 &prepare_backup_and_dir( $key );
118 $self->info("Installing key to $key");
119 LC::File::copy( $tmpkey, $key );
120 if ( -f $key ) {
121 chown $uid, $gid, $key;
122 chmod 0400, $key;
123 }
124
125 &prepare_backup_and_dir( $cert );
126 $self->info("Installing certificate to $cert");
127 LC::File::copy( $tmpcert, $cert );
128 if ( -f $cert ) {
129 chown $uid, $gid, $cert;
130 }
131 }
132 }
133 LC::File::remove( $tmpkey );
134 LC::File::remove( $tmpcert );
135 rmdir $tmpdir;
136 }
137
138 return 1;
139 }

Properties

Name Value
svn:executable *
svn:keywords id

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28