source: trunk/esg_wget_script/esg-download.sh @ 7920

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/esg_wget_script/esg-download.sh
Revision 7920, 4.4 KB checked in by pjkersha, 9 years ago (diff)

Added --no-cache option to avoid results being cached on proxy servers - on request of the MO.
Line 
1#
2# ESG Download script wraps wget call with settings for ESG Security
3#
4# @author P J Kershaw 28/07/2010
5#
6# @copyright: (C) 2010 STFC
7#
8# @license: BSD - See top-level LICENCE file for licence details
9#
10# $Id$
11cmdname=$(basename $0)
12cmdline_opt=`getopt -o hO: --long help,output-document:,certificate:,private-key:,ca-directory:,save-cookies:: -n "$cmdname" -- "$@"`
13
14esgDotDir=$HOME/.esg
15defaultCertFile=$esgDotDir/credentials.pem
16defaultPrivateKeyFile=$esgDotDir/credentials.pem
17defaultCaDir=$esgDotDir/certificates
18defaultCookieFile=$esgDotDir/cookies.txt
19usage="Usage: $cmdname <data download URI> <options ...>\n
20\n
21Script for Earth System Grid data download.\n\n
22
23   Options\n
24       -h | --help\t\t\t\tDisplays usage\n
25       -O | --output-document\t<filepath>\tLocation of output file (defaults to\n
26       \t\t\t\t\tappropriate file name based on requested\n
27       \t\t\t\t\tURI\n
28       --certificate\t<certificate file>\tSSL certificate to authenticate with\n
29       \t\t\t\t\t(PEM format).\n
30       \t\t\t\t\tDefaults to X509_USER_PROXY or\n
31       \t\t\t\t\tX509_USER_CERT if set, otherwise to\n
32       \t\t\t\t\t$defaultCertFile.  If\n
33       \t\t\t\t\tusing X509_USER_PROXY,\n
34       \t\t\t\t\tit must point to a file containing the\n
35       \t\t\t\t\tconcatenated certificate and private\n
36       \t\t\t\t\tkey files.\n
37       --private-key\t<private key file>\tfile containing private key for SSL\n
38       \t\t\t\t\tauthentication (PEM format) Defaults to\n
39       \t\t\t\t\tX509_USER_PROXY or X509_USER_KEY if set,\n
40       \t\t\t\t\totherwise to\n
41       \t\t\t\t\t$defaultPrivateKeyFile.\n
42       --ca-directory\t<directory path>\tDirectory containing the trusted\n
43       \t\t\t\t\tCA (Certificate Authority) certificates\n
44       \t\t\t\t\tused to verify the identity of the\n
45       \t\t\t\t\tserver (defaults to \n
46       \t\t\t\t\t$defaultCaDir or may\n
47       \t\t\t\t\tbe set from the X509_CERT_DIR\n
48       \t\t\t\t\tenvironment variable).  The CA files can\n
49       \t\t\t\t\tbe obtained by a call to MyProxy logon\n
50       \t\t\t\t\tsaving 'trust roots' to the selected CA\n
51       \t\t\t\t\tdirectory.\n
52       --save-cookies\t<cookie file>\t\tSave cookies to this file.  The default\n
53       \t\t\t\t\tlocation is\n
54       \t\t\t\t\t$defaultCookieFile.
55"
56
57if [ $? != 0 ] ; then
58    echo -e $usage >&2 ;
59    exit 1 ;
60fi
61
62eval set -- "$cmdline_opt"
63
64while true ; do
65    case "$1" in
66        -h|--help) echo -e $usage ; exit 0 ;;
67        --certificate) certFile=$2 ; shift 2 ;;
68        --private-key) privateKeyFile=$2 ; shift 2 ;;
69        --ca-directory) caDir=$2 ; shift 2 ;;
70        -O|--output-document) outputFile=$2 ; shift 2 ;;
71        --save-cookies) cookieFile=$2 ; shift 2 ;;
72        --) uri=$2 ; shift 1 ; break ;;
73        *) echo "Error parsing command line" ; exit 1 ;;
74    esac
75done
76
77if [ -z $uri ]; then
78    echo "Error: missing download URI." >&2 ;
79    echo -e $usage >&2 ;
80    exit 1 ;
81fi
82
83# Set up default ESG config directory
84if [ ! -d $esgDotDir ]; then
85    mkdir $esgDotDir ;
86fi
87   
88# Set-up trust root
89if [ -z $caDir ]; then 
90    if [ ${X509_CERT_DIR} ]; then
91        caDir=${X509_CERT_DIR}
92    else
93        caDir=$defaultCaDir
94    fi
95fi
96
97# Set-up client certificate and private key
98if [ -z $certFile ]; then
99    if [ ${X509_USER_PROXY} ]; then
100        # This environment variable setting means both cert and key are
101        # concatenated together in the same file
102        certFile=${X509_USER_PROXY}
103        privateKeyFile=${X509_USER_PROXY}
104       
105    elif [ ${X509_USER_CERT} ]; then
106        certFile=${X509_USER_CERT}   
107    else
108        certFile=$defaultCertFile   
109    fi
110   
111    # No check for cert not set because this is a valid condition if the data
112    # requested is not secured.
113fi
114
115if [ -z $privateKeyFile ]; then
116    if [ ${X509_USER_KEY} ]; then
117        privateKeyFile=${X509_USER_KEY}
118    else
119        privateKeyFile=$defaultPrivateKeyFile
120    fi
121   
122    # No check for key not set because this is a valid condition if the data
123    # requested is not secured
124fi
125
126# Set-up the cookie file path
127if [ -z $cookieFile ]; then
128    cookieFile=$defaultCookieFile
129fi
130
131if [ $outputFile ]; then
132    outputFileSetting=--output-document=$outputFile
133else
134    outputFileSetting=
135fi
136
137# Make the call
138wget \
139 --ca-directory=$caDir \
140 --certificate=$certFile \
141 --private-key=$privateKeyFile \
142 --keep-session-cookies \
143 --save-cookies=$cookieFile \
144 --cookies=on \
145 --no-cache \
146 $outputFileSetting \
147 $uri
Note: See TracBrowser for help on using the repository browser.