-
Notifications
You must be signed in to change notification settings - Fork 10
/
install_certificate
executable file
·87 lines (72 loc) · 3 KB
/
install_certificate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#! /bin/bash
proxy_exists(){
echo "Check for certificates in $HOME/.globus ... "
if [ -d "$HOME/.globus" ]; then
if [ "$1" != "N" ] && [ "$1" != "Y" ]; then
echo -e "\tUnknown option \"$1\". You must specify [Y/N] to delete or keep any existing .pem files."
return 0
elif [ -a "$HOME/.globus/usercert.pem" ] && [ -a "$HOME/.globus/userkey.pem" ] && [ "$1" == "N" ]; then
echo -e "\tCertificates exist. Doing nothing."
return 0
elif [ -a "$HOME/.globus/usercert.pem" ] && [ -a "$HOME/.globus/userkey.pem" ] && [ "$1" == "Y" ]; then
echo -e "\tCertificates exist, but removing them in order to replace them."
rm -f "$HOME/.globus/usercert.pem"
rm -f "$HOME/.globus/userkey.pem"
return 1
fi
fi
echo -e "\tCouldn't find any certificates."
return 1
}
read -d '' USAGE <<"EOF"
\\t\\t\\t=================================================================================
\\t\\t\\tThis script checks if you have globus certificates or lets you
\\t\\t\\tinstall them from a p12 file (default: mycert.p12)
\\t\\t\\tTo overwrite existing certificates you must specify that [y/N] (default: N)
\\t\\t\\tNOTE: New certificates need to be requested first. Follow this Twiki for that:
\\t\\t\\t
\\t\\t\\thttps://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert
\\t\\t\\t=================================================================================\\n\\n
EOF
echo -e "$USAGE"
read -e -p "If certificates already exist would you like to overwrite them? [Y/N]: " -i "N" overwrite
if proxy_exists "${overwrite:-$name}"; then
exit
fi
cert_file='mycert.p12'
read -e -p "Enter the full path of the p12 certificate file (default: mycert.p12): " -i "mycert.p12" input
cert_file="${input:-$name}"
if [ ! -e "${cert_file}" ]; then
echo -e "\tUnable to find the certificate file ${cert_file}."
echo -e "\tNOTE: The home character \"~\" is not expanded and must not be used."
exit 1
fi
echo "Installing certificates from ${cert_file} ... "
if [ ! -d "$HOME/.globus" ]; then
mkdir "$HOME/.globus"
chmod 700 "$HOME/.globus"
fi
curdir=$PWD
cd "$HOME/.globus" || exit 2
echo -e "Running the command \`openssl pkcs12 -in ${cert_file} -clcerts -nokeys -out usercert.pem\`"
openssl pkcs12 -in "${cert_file}" -clcerts -nokeys -out usercert.pem
res=$?
echo -e "Running the command \`openssl pkcs12 -in ${cert_file} -nocerts -out userkey.pem\`"
openssl pkcs12 -in "${cert_file}" -nocerts -out userkey.pem
res=$((res + $?))
chmod 400 userkey.pem
res=$((res + $?))
chmod 400 usercert.pem
res=$((res + $?))
if [ "$res" = "0" ]; then
echo -e "\nAll Done..."
echo -e "You can execute the following to initialize your proxy: \n"
echo -e "voms-proxy-init -voms cms -valid 192:00"
else
echo -e "\nThere were problems installing the certificates."
echo -e "Please, check the directions at "
echo -e " https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert"
echo -e " and try the process manually."
fi
cd "$curdir" || exit "$res"
exit $res