updatecert.in 2.27 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/usr/bin/perl -w
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2011 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
use Getopt::Std;

#
#
#
sub usage()
{
16
    print STDERR "Usage: $0 [-o output_file] [-u url] <certfile>\n";
17
18
    exit(-1);
}
19
my $optlist = "i:o:u:";
20
21
22
my $ascm    = 0;
my $outfile;
my $tmpfile;
23
my $url;
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

# Configure ...
my $TB		  = "@prefix@";
my $PROTOUSER	  = "elabman";
my $MKSYSCERT	  = "$TB/sbin/mksyscert";
my $SUDO	  = "/usr/local/bin/sudo";
my $CMCERT	  = "$TB/etc/genicm.pem";

# Do this early so that we talk to the right DB. 
use vars qw($GENI_DBNAME);
BEGIN { $GENI_DBNAME = "geni"; }

use lib '@prefix@/lib';
use GeniCertificate;

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"o"})) {
    $outfile = 1;
}
58
59
60
if (defined($options{"u"})) {
    $url = $options{"u"};
}
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
usage()
    if (@ARGV != 1);
my $infile = $ARGV[0];

#
# Load the input certificate.
#
my $certificate = GeniCertificate->LoadFromFile($infile);
if (!defined($certificate)) {
    fatal("Could not load certificate from $infile\n");
}
# Associate private key, to ensure its in the file.
if ($certificate->LoadKeyFromFile($infile)) {
    fatal("Could not load private key from $infile\n");
}
# Write key to a file by itself, for mksyscert.
my $keyfile = $certificate->WriteKeyToFile() or
    fatal("Could not write private key to new file");

my $urn  = $certificate->urn();
my $uuid = $certificate->uuid();
my $hrn  = $certificate->hrn();
my $arg  = "-o ";
84
$url  = $certificate->URL() if (!defined($url));
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

if (defined($outfile)) {
    $arg .= $outfile;
}
else {
    #
    # Temporary file, then rename to original.
    #
    $tmpfile = "/tmp/cert-$$.pem";
    $arg .= $tmpfile;
}
system("$SUDO -u $PROTOUSER $MKSYSCERT $arg ".
       "  -u $url -i $urn -k $keyfile $hrn $uuid" ) == 0
    or fatal("Could not generate new certificate");

if (defined($tmpfile)) {
    system("/bin/mv -f $infile ${infile}.$$") == 0 or
	fatal("Could not rename $infile");
    system("/bin/cp -f $tmpfile $infile") == 0 or
	fatal("Could not rename $tmpfile to $infile");
}
exit(0);