Changeset c573278 for fedd/fedd_to_abac.py
- Timestamp:
- Nov 24, 2010 3:45:50 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 725c55d
- Parents:
- de7cb08
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/fedd_to_abac.py
rde7cb08 rc573278 10 10 from string import join 11 11 from optparse import OptionParser 12 13 from federation.util import abac_pem_type, abac_split_cert 12 14 13 15 class Parser(OptionParser): … … 46 48 parser = Parser() 47 49 opts, args = parser.parse_args() 50 cert, key = None, None 51 delete_certs = False 48 52 49 if any([ x is None for x in (opts.cert, opts.dir, opts.key)]):50 print >>sys.stderr, "Need all of --dir, --cert, and --key to create certs"51 print >>sys.stderr, "Reverting to debug mode"52 debug = True53 else:54 debug = opts.debug55 53 56 if opts.cert and not os.access(opts.cert, os.R_OK):57 sys.exit('Cannot read %s (certificate file)' % opts.cert)58 54 59 if opts.key and not os.access(opts.key, os.R_OK): 60 sys.exit('Cannot read %s (key file)' % opts.key) 55 if opts.key: 56 if os.access(opts.key, os.R_OK): key = opts.key 57 else: sys.exit('Cannot read %s (key file)' % opts.key) 61 58 62 59 if opts.dir: … … 73 70 sys.exit('%s is not writable' % opts.dir) 74 71 72 if opts.cert: 73 if os.access(opts.cert, os.R_OK): 74 if not key: 75 if abac_pem_type(opts.cert) == 'both': 76 key, cert = abac_split_cert(opts.cert) 77 delete_certs = True 78 else: 79 cert = opts.cert 80 else: 81 sys.exit('Cannot read %s (certificate file)' % opts.cert) 82 83 if any([ x is None for x in (cert, opts.dir, key)]): 84 print >>sys.stderr, "Need output dir, certificate and key to make creds" 85 print >>sys.stderr, "Reverting to debug mode" 86 debug = True 87 else: 88 debug = opts.debug 75 89 76 90 roles = { } 91 try: 92 for fn in args: 93 try: 94 f = open(fn, "r") 95 for l in f: 96 id = None 97 for r in (comment_re, single_re, double_re): 98 m = r.match(l) 99 if m: 100 if m.groups(): 101 g = m.groups() 102 id = g[0] 103 r = [ bad_role.sub('_', x) for x in g[1:] ] 104 break 105 else: 106 print 'Unmatched line: %s' % l 107 if id: 108 # New and create are implicit. >sigh< 109 r.extend(('new', 'create')) 110 if id in roles: roles[id].add_roles(r) 111 else: roles[id] = identity(r[0], r) 77 112 78 for fn in args: 79 try: 80 f = open(fn, "r") 81 for l in f: 82 id = None 83 for r in (comment_re, single_re, double_re): 84 m = r.match(l) 85 if m: 86 if m.groups(): 87 g = m.groups() 88 id = g[0] 89 r = [ bad_role.sub('_', x) for x in g[1:] ] 90 break 113 except EnvironmentError, e: 114 print >>sys.stderr, 'Cannot open file (%s): %s' % \ 115 (e.filename, e.strerror) 116 117 if not roles: 118 print >>sys.stderr, "No roles found. Did you specify a configuration?" 119 120 for k, id in roles.items(): 121 for i, r in enumerate(id.roles): 122 cmd = ['creddy', '--attribute', 123 '--issuer=%s' % (cert or 'cert_file'), 124 '--key=%s' % (key or 'key_file'), '--role=%s' % r, 125 '--subject-id=%s' % k, 126 '--out=%s/%s%03d_attr.der' % \ 127 (opts.dir or 'new_cert_dir', id.name, i)] 128 if debug: 129 print join(cmd) 91 130 else: 92 print 'Unmatched line: %s' % l 93 if id: 94 # New and create are implicit. >sigh< 95 r.extend(('new', 'create')) 96 if id in roles: roles[id].add_roles(r) 97 else: roles[id] = identity(r[0], r) 98 99 except EnvironmentError, e: 100 print >>sys.stderr, 'Cannot open file (%s): %e' % e 101 102 if not roles: 103 print >>sys.stderr, "No roles found. Did you specify a configuration?" 104 105 for k, id in roles.items(): 106 for i, r in enumerate(id.roles): 107 cmd = ['creddy', '--attribute', 108 '--issuer=%s' % (opts.cert or 'cert_file'), 109 '--key=%s' % (opts.key or 'key_file'), '--role=%s' % r, 110 '--subject-id=%s' % k, 111 '--out=%s/%s%03d_attr.der' % \ 112 (opts.dir or 'new_cert_dir', id.name, i)] 113 if debug: 114 print join(cmd) 115 else: 116 rv = subprocess.call(cmd) 117 if rv != 0: 118 sys.exit('%s failed: %d' % (join(cmd), rv)) 119 131 rv = subprocess.call(cmd) 132 if rv != 0: 133 sys.exit('%s failed: %d' % (join(cmd), rv)) 134 finally: 135 if delete_certs: 136 if cert: os.unlink(cert) 137 if key: os.unlink(key)
Note: See TracChangeset
for help on using the changeset viewer.