CreateGlobusProxy(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

CreateGlobusProxyGPI(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

CreateGlobusProxyProgrammatic(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

CreateGlobusProxyProgrammatic_GT24(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy, GT2.4 version.

certFile - filename of user certificate keyFile - filename of user key certDir - directory containing trusted CA certificates outFile - filename for generated proxy certificate bits - keysize of generated proxy certificate hours - lifetime (in hours) of generated proxy certificate

Errors we might see:

bad password:

pyGlobus.security.GSIException: globus_gsi_credential.c:1092: globus_gsi_cred_read_key: Error reading user credential: Can't read credential's private key from PEM

Missing CA cert or expired cert. Would be nice to be able to differentiate these.

pyGlobus.security.GSIException: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential

The corresponding error messages from grid-proxy-init from globus are as follows. Missing ca cert:

grid_proxy_init.c:947: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:443: globus_i_gsi_callback_cred_verify: Could not verify credential: unable to get issuer certificate

Expired cert:

grid_proxy_init.c:947: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:436: globus_i_gsi_callback_cred_verify: The certificate has expired: Credential with subject: /C=US/O=Globus/CN=Globus Certification Authority has expired.

Missing signing policy:

globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:490: globus_i_gsi_callback_cred_verify: Could not verify credential globus_gsi_callback.c:850: globus_i_gsi_callback_check_signing_policy: Error with signing policy globus_gsi_callback.c:927: globus_i_gsi_callback_check_gaa_auth: Error with signing policy: The signing policy file doesn't exist or can't be read

Can't open key:

globus_gsi_credential.c:1066: globus_gsi_cred_read_key: Error reading user credential: Can't open bio stream for key file: ~/.tcshrc for reading OpenSSL Error: bss_file.c:106: in library: BIO routines, function BIO_new_file: system lib OpenSSL Error: bss_file.c:104: in library: system library, function fopen: No such file or directory OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line

Key file isn't actually a key:

globus_gsi_credential.c:1092: globus_gsi_cred_read_key: Error reading user credential: Can't read credential's private key from PEM OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line

findCertInArgs(args)