feature #754: Support for proxy certificates in oneuser

2025-03-21 14:50:08 +03:00 · 2011-08-25 17:42:13 +02:00 · 2011-08-25 17:42:13 +02:00 · d44282c982
commit d44282c982
parent 84b3ff38af
2 changed files with 45 additions and 6 deletions
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@ -95,10 +95,34 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
            options[:key]  ||= ENV['X509_USER_KEY']

            begin
-                auth = X509Auth.new(:cert=>options[:cert], :key=>options[:key])
+                certs    = Array.new
+                certs[0] = File.read(options[:cert])
+                
+                key = File.read(options[:key])
+
+                auth = X509Auth.new(:cert=>certs, :key=>key)
            rescue Exception => e
                return -1, e.message
            end
+        elsif options[:x509_proxy]
+            require 'x509_auth'
+
+            options[:proxy] ||= ENV['X509_PROXY_CERT']
+            
+            begin  
+                proxy = File.read(options[:proxy])
+
+                rc = proxy.scan(/-+BEGIN CERTIFICATE-+\n([^-]*)\n-+END CERTIFICATE-+/)
+                certs = rc.flatten!
+
+                rc = proxy.match(/-+BEGIN RSA PRIVATE KEY-+\n([^-]*)\n-+END RSA PRIVATE KEY-+/)
+
+                key  = rc[1]
+
+                auth = X509Auth.new(:cert=>certs, :key=>key)
+            rescue => e
+                return -1, e.message
+            end
        else
            return -1, "You have to specify an Auth method"
        end
--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@ -68,24 +68,37 @@ cmd=CommandParser::CmdParser.new(ARGV) do
    X509={
        :name => "x509",
        :large => "--x509",
-        :description => "x509 Auth system"
+        :description => "x509 Auth system for x509 certificates"
+    }
+
+    X509_PROXY={
+        :name => "x509_proxy",
+        :large => "--x509_proxy",
+        :description => "x509 Auth system based on x509 proxy certificates"
    }

    KEY={
        :name => "key",
-        :short => "-k private_key",
-        :large => "--key private_key",
+        :short => "-k path_to_private_key_pem",
+        :large => "--key path_to_private_key_pem",
        :format => String,
        :description => "Path to the Private Key of the User"
    }

    CERT={
        :name => "cert",
-        :large => "--cert s",
+        :large => "--cert path_to_user_cert_pem",
        :format => String,
        :description => "Path to the Certificate of the User"
    }

+    PROXY={
+        :name => "proxy",
+        :large => "--proxy path_to_user_proxy_pem",
+        :format => String,
+        :description => "Path to the user proxy certificate"
+    }
+
    TIME={
        :name  => "time",
        :large => "--time x",
@ -94,7 +107,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
    }

    create_options = [READ_FILE, PLAIN, SSH, X509, KEY, CERT]
-    login_options  = [SSH, X509, KEY, CERT, TIME]
+    login_options  = [SSH, X509, X509_PROXY, KEY, CERT, PROXY, TIME]

    ########################################################################
    # Formatters for arguments
@ -152,6 +165,8 @@ cmd=CommandParser::CmdParser.new(ARGV) do
          oneuser login my_user --ssh --key /tmp/id_rsa --time 72000
          oneuser login my_user --x509 --cert /tmp/my_cert.pem \
                                --key /tmp/my_key.pk --time 72000
+          oneuser login my_user --x509_proxy --proxy /tmp/my_cert.pem \
+                                --time 72000
    EOT

    command :login, login_desc, :username, [:password, nil],