Changeset 353db8c for fedd/federation/util.py
- Timestamp:
- Nov 23, 2010 5:00:48 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 6e63513
- Parents:
- 3ff5e2a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/util.py
r3ff5e2a r353db8c 2 2 3 3 import re 4 import os 4 5 import string 5 6 import logging … … 262 263 return base 263 264 265 def abac_pem_type(cert): 266 key_re = re.compile('\s*-----BEGIN RSA PRIVATE KEY-----$') 267 cert_re = re.compile('\s*-----BEGIN CERTIFICATE-----$') 268 type = None 269 f = open(cert, 'r') 270 for line in f: 271 if key_re.match(line): 272 if type is None: type = 'key' 273 elif type == 'cert': type = 'both' 274 elif cert_re.match(line): 275 if type is None: type = 'cert' 276 elif type == 'key': type = 'both' 277 if type == 'both': break 278 f.close() 279 return type 280 281 def abac_split_cert(cert, keyfile=None, certfile=None): 282 """ 283 Split the certificate file in cert into a certificate file and a key file 284 in cf and kf respectively. The ABAC tools generally cannot handle combined 285 certificates/keys. If kf anc cf are given, they are used, otherwise tmp 286 files are created. Created tmp files must be deleted. Problems opening or 287 writing files will cause exceptions. 288 """ 289 class diversion: 290 ''' 291 Wraps up the reqular expression to start and end a diversion, as well as 292 the open file that gets the lines. 293 ''' 294 def __init__(self, start, end, fn): 295 self.start = re.compile(start) 296 self.end = re.compile(end) 297 # Open the file securely with minimal permissions. NB file cannot 298 # exist before this call. 299 self.f = os.fdopen(os.open(fn, 300 (os.O_WRONLY | os.O_CREAT | os.O_TRUNC | os.O_EXCL), 0600), 301 'w') 302 303 def close(self): 304 self.f.close() 305 306 if not keyfile: 307 f, keyfile = mkstemp(suffix=".pem") 308 os.close(f); 309 if not certfile: 310 f, certfile = mkstemp(suffix=".pem") 311 os.close(f); 312 313 # Initialize the diversions 314 divs = [diversion(s, e, fn) for s, e,fn in ( 315 ('\s*-----BEGIN RSA PRIVATE KEY-----$', 316 '\s*-----END RSA PRIVATE KEY-----$', 317 keyfile), 318 ('\s*-----BEGIN CERTIFICATE-----$', 319 '\s*-----END CERTIFICATE-----$', 320 certfile))] 321 322 # walk through the file, beginning a diversion when a start regexp 323 # matches until the end regexp matches. While in the two regexps, 324 # print each line to the open diversion file (including the two 325 # matches). 326 active = None 327 f = open(cert, 'r') 328 for l in f: 329 if active: 330 if active.end.match(l): 331 print >>active.f, l, 332 active = None 333 else: 334 for d in divs: 335 if d.start.match(l): 336 active = d 337 break 338 if active: print >>active.f, l, 339 340 # This is probably unnecessary. Close all the diversion files. 341 for d in divs: d.close() 342 return keyfile, certfile 343 264 344 def find_pickle_problem(o, st=None): 265 345 """
Note: See TracChangeset
for help on using the changeset viewer.