Package AccessGrid :: Package Security :: Module ProxyGen
[show private | hide private]
[frames | no frames]

Module AccessGrid.Security.ProxyGen

Globus proxy generation.
Exceptions
GridProxyInitError Some other error has occured.
GridProxyInitUnknownSSLError We've received an exception that don't understand.
InvalidPassphraseException The user entered an invalid passphrase.
PassphraseRequestCancelled The user cancelled this request.
ProxyRequestError Baseclass for proxy generation exceptions.

Function Summary
  CreateGlobusProxy(passphrase, certFile, keyFile, certDir, outFile, bits, hours)
Create a globus proxy.
  CreateGlobusProxyGPI(passphrase, certFile, keyFile, certDir, outFile, bits, hours)
Create a globus proxy.
  CreateGlobusProxyProgrammatic(passphrase, certFile, keyFile, certDir, outFile, bits, hours)
Create a globus proxy.
  CreateGlobusProxyProgrammatic_GT24(passphrase, certFile, keyFile, certDir, outFile, bits, hours)
Create a globus proxy, GT2.4 version.
  findCertInArgs(args)
Look for the certificate in the rest of the error queue.
  IsGlobusProxy(certObj)
  IsGlobusProxy_Generic(certObj)
  IsGlobusProxy_GT24(certObj)

Variable Summary
str __revision__ = '$Id: ProxyGen.py,v 1.20.2.1 2005/07/19 2...
Logger log = <logging.Logger instance at 0x014347B0>
list SslutilsFunctions = ['proxy_genreq', 'proxy_sign', 'veri...

Function Details

CreateGlobusProxy(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

certFile - filename of user certificate keyFile - filename of user key certDir - directory containing trusted CA certificates outFile - filename for generated proxy certificate bits - keysize of generated proxy certificate hours - lifetime (in hours) of generated proxy certificate

CreateGlobusProxyGPI(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

certFile - filename of user certificate keyFile - filename of user key certDir - directory containing trusted CA certificates outFile - filename for generated proxy certificate bits - keysize of generated proxy certificate hours - lifetime (in hours) of generated proxy certificate

CreateGlobusProxyProgrammatic(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy.

certFile - filename of user certificate keyFile - filename of user key certDir - directory containing trusted CA certificates outFile - filename for generated proxy certificate bits - keysize of generated proxy certificate hours - lifetime (in hours) of generated proxy certificate

CreateGlobusProxyProgrammatic_GT24(passphrase, certFile, keyFile, certDir, outFile, bits, hours)

Create a globus proxy, GT2.4 version.

certFile - filename of user certificate keyFile - filename of user key certDir - directory containing trusted CA certificates outFile - filename for generated proxy certificate bits - keysize of generated proxy certificate hours - lifetime (in hours) of generated proxy certificate

Errors we might see:

bad password:

pyGlobus.security.GSIException: globus_gsi_credential.c:1092: globus_gsi_cred_read_key: Error reading user credential: Can't read credential's private key from PEM

Missing CA cert or expired cert. Would be nice to be able to differentiate these.

pyGlobus.security.GSIException: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential

The corresponding error messages from grid-proxy-init from globus are as follows. Missing ca cert:

grid_proxy_init.c:947: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:443: globus_i_gsi_callback_cred_verify: Could not verify credential: unable to get issuer certificate

Expired cert:

grid_proxy_init.c:947: globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:436: globus_i_gsi_callback_cred_verify: The certificate has expired: Credential with subject: /C=US/O=Globus/CN=Globus Certification Authority has expired.

Missing signing policy:

globus_gsi_cred_handle.c:1518: globus_gsi_cred_verify_proxy_cert_chain: Error verifying credential: Failed to verify credential OpenSSL Error: (null):0: in library: (null), function (null): (null) globus_gsi_callback.c:283: globus_i_gsi_callback_create_proxy_callback: Could not verify credential globus_gsi_callback.c:490: globus_i_gsi_callback_cred_verify: Could not verify credential globus_gsi_callback.c:850: globus_i_gsi_callback_check_signing_policy: Error with signing policy globus_gsi_callback.c:927: globus_i_gsi_callback_check_gaa_auth: Error with signing policy: The signing policy file doesn't exist or can't be read

Can't open key:

globus_gsi_credential.c:1066: globus_gsi_cred_read_key: Error reading user credential: Can't open bio stream for key file: ~/.tcshrc for reading OpenSSL Error: bss_file.c:106: in library: BIO routines, function BIO_new_file: system lib OpenSSL Error: bss_file.c:104: in library: system library, function fopen: No such file or directory OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line

Key file isn't actually a key:

globus_gsi_credential.c:1092: globus_gsi_cred_read_key: Error reading user credential: Can't read credential's private key from PEM OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line

Cert file isn't actually a cert: globus_gsi_credential.c:1169: globus_gsi_cred_read_cert: Error reading user credential: Can't read credential cert from bio stream OpenSSL Error: pem_lib.c:666: in library: PEM routines, function PEM_read_bio: no start line

findCertInArgs(args)

Look for the certificate in the rest of the error queue.

Variable Details

__revision__

Type:
str
Value:
'$Id: ProxyGen.py,v 1.20.2.1 2005/07/19 21:22:39 turam Exp $'          

log

Type:
Logger
Value:
<logging.Logger instance at 0x014347B0>                                

SslutilsFunctions

Type:
list
Value:
['proxy_genreq',
 'proxy_sign',
 'verify_callback',
 'proxy_marshal_tmp',
 'proxy_init_cred',
 'proxy_local_create',
 'proxy_pw_cb',
 'get_ca_signing_policy_path',
...                                                                    

Generated by Epydoc 2.1 on Mon Jan 09 13:23:49 2006 http://epydoc.sf.net