wiki:MyProxyClient

Version 13 (modified by pjkersha, 9 years ago) (diff)

--

MyProxyClient

The MyProxyClient Python package has been developed as part of development activities for the  NERC DataGrid Security system. This work has been supported over the past year (2007-2008) by  OMII-UK.

The implementation is based on the  myproxy_logon script developed by Tom Uram of ANL. Rather than binding to the  MyProxy C libraries, it uses the M2Crypto Python OpenSSL library wrapper to make calls to a MyProxy server following the  MyProxy protocol.

Releases

1.2.0 30 Sept 2010

  • important fix for SSL peer verification. Verify callback for OpenSSL.SSL.Context.set_verify was not enforcing the pre-verify OK code passed to it. This means that when a DN was set as accepted it would ignore any possible error caused in verification of the server certs CA certificate chain.
  • added myproxyclient console script contributed by Stephen Pascoe.

1.1.0 2 June 2010

  • added bootstrap capability to initialise client CA certificate set-up to trust the server's SSL certificate.

1.0 26 April 2010

  • This version includes a new method getTrustRoots to support the ability to download the CA certificates for a given MyProxy server (command=7 - see:  http://grid.ncsa.illinois.edu/myproxy/protocol/)
  • 1.0 switches from M2Crypto to PyOpenSSL for its OpenSSL wrapper.
  • A put method is included as a stub only. Unfortunately, the PyOpenSSL X.509 Extensions interface doesn't support the proxyCertInfo extension type needed for creating proxy certificates.

Installation

MyProxyClient is available from PyPI:

$ easy_install MyProxyClient

Example

API

Retrieve credentials from a MyProxy server running at myproxy.localhost on the default port:

>>> from myproxy.client import MyProxyClient
>>> myproxy = MyProxyClient(hostname='myproxy.localhost')
>>> credentials = myproxy.logon('myusername', 'mypassword', bootstrap=True)

credentials is a tuple containing certificate(s) and private key as strings. The bootstrap flag bootstraps the trust roots for the server downloading the CA certificate(s) to ~/.globus/certificates.

Console Script

Call from the command line.

$ myproxyclient logon -s myproxy.somewhere.ac.uk -o ~/creds.pem

Only the logon command is currently supported for this console script. Other commands may be added in future releases.

Documentation

epydoc generated  documentation is available at the Python package site.

SubVersion Repository

See  http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/MyProxyClient


NDG3: Capability?, Discovery?, Vocab?, Software?, MOLES?, Security?, Community?, Roadmap?, Management?