...
 
Commits (4)
lscsoft-glue (1.59.2-1) unstable; urgency=low
* Jun 2018 1.59.2 removing old M2Crypto import hiding in LDBDWClient.py
-- Ryan Fisher <ryan.fisher@ligo.org> Tue, 19 Jun 2018 12:19:00 -0500
lscsoft-glue (1.59.1-1) unstable; urgency=low
* Jun 2018 1.59.1 release adding more python 3 package generation.
-- Ryan Fisher <ryan.fisher@ligo.org> Thu, 8 Jun 2018 01:19:00 -0500
-- Ryan Fisher <ryan.fisher@ligo.org> Thu, 7 Jun 2018 01:19:00 -0500
lscsoft-glue (1.59.0-1) unstable; urgency=low
......
Name: glue
Summary: The Grid LSC User Environment
Version: 1.59.1
Version: 1.59.2
Release: 1%{?dist}
License: GPLv2+
Group: Development/Libraries
......@@ -199,6 +199,9 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/ligolw_sqlite
%changelog
* Tue Jun 19 2018 Ryan Fisher <rpfisher@syr.edu>
- 1.59.2 removing old M2Crypto import hiding in LDBDWClient.py.
* Thu Jun 7 2018 Ryan Fisher <rpfisher@syr.edu>
- 1.59.1 adding more python 3 package generation.
......
......@@ -28,36 +28,15 @@ import re
import six.moves.cPickle
import xml.parsers.expat
import six.moves.http_client
import calendar
import time
try:
from cjson import (decode, encode)
except ImportError:
from json import (loads as decode, dumps as encode)
try:
import M2Crypto
except ImportError as e:
sys.stderr.write("""
ligo_data_find requires M2Crypto
On CentOS 5 and other RHEL based platforms
this package is available from the EPEL
repository by doing
yum install m2crypto
For Debian Lenny this package is available
by doing
apt-get install python-m2crypto
Mac OS X users can find this package in
MacPorts.
%s
""" % e)
sys.exit(1)
from OpenSSL import crypto
def version():
return __version__
......@@ -187,68 +166,47 @@ def findCredential():
sys.exit(1)
def validateProxy(path):
"""
Test that the proxy certificate is RFC 3820
compliant and that it is valid for at least
the next 15 minutes.
"""
# load the proxy from path
try:
proxy = M2Crypto.X509.load_cert(path)
except Exception as e:
msg = "Unable to load proxy from path %s : %s\n" % (path, e)
sys.stderr.write(msg)
sys.exit(1)
"""Validate the users X509 proxy certificate
# make sure the proxy is RFC 3820 compliant
# or is an end-entity X.509 certificate
try:
proxy.get_ext("proxyCertInfo")
except LookupError:
# it is not an RFC 3820 proxy so check
# if it is an old globus legacy proxy
subject = proxy.get_subject().as_text()
if re.search(r'.+CN=proxy$', subject):
# it is so print warning and exit
RFCproxyUsage()
sys.exit(1)
Tests that the proxy certificate is RFC 3820 compliant and that it
is valid for at least the next 15 minutes.
# attempt to make sure the proxy is still good for more than 15 minutes
@returns: L{True} if the certificate validates
@raises RuntimeError: if the certificate cannot be validated
"""
# load the proxy from path
try:
expireASN1 = proxy.get_not_after().__str__()
expireGMT = time.strptime(expireASN1, "%b %d %H:%M:%S %Y %Z")
expireUTC = calendar.timegm(expireGMT)
now = int(time.time())
secondsLeft = expireUTC - now
except Exception as e:
# problem getting or parsing time so just let the client
# continue and pass the issue along to the server
secondsLeft = 3600
if secondsLeft <= 0:
msg = """\
Your proxy certificate is expired.
Please generate a new proxy certificate and
try again.
"""
sys.stderr.write(msg)
sys.exit(1)
if secondsLeft < (60 * 15):
msg = """\
Your proxy certificate expires in less than
15 minutes.
Please generate a new proxy certificate and
try again.
"""
sys.stderr.write(msg)
sys.exit(1)
with open(path, 'rt') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
except IOError as e:
e.args = ('Failed to load proxy certificate: %s' % str(e),)
raise
# try and read proxyCertInfo
rfc3820 = False
for i in range(cert.get_extension_count()):
if cert.get_extension(i).get_short_name() == 'proxyCertInfo':
rfc3820 = True
break
# otherwise test common name
if not rfc3820:
subject = cert.get_subject()
if subject.CN.startswith('proxy'):
raise RuntimeError('Could not find a valid proxy credential')
# check time remaining
expiry = cert.get_notAfter()
if isinstance(expiry, bytes):
expiry = expiry.decode('utf-8')
expiryu = calendar.timegm(time.strptime(expiry, "%Y%m%d%H%M%SZ"))
if expiryu < time.time():
raise RuntimeError('Required proxy credential has expired')
# return True to indicate validated proxy
return True
def RFCproxyUsage():
......
......@@ -15,7 +15,7 @@ from distutils import log
from misc import generate_vcs_info as gvcsi
ver = "1.59.1"
ver = "1.59.3"
def remove_root(path,root):
if root:
......