diff --git a/config/ca-issuer.conf b/config/ca-issuer.conf index bbe03f3..67d9828 100644 --- a/config/ca-issuer.conf +++ b/config/ca-issuer.conf @@ -1,6 +1,6 @@ [InCommon] -organization: -department: +organization: 9697 +department: 9732 customeruri: InCommon igtfservercert: 20583 igtfmultidomain: 20812 diff --git a/osgpkitools/incommon_request.py b/osgpkitools/incommon_request.py index cef7eb3..534d96e 100644 --- a/osgpkitools/incommon_request.py +++ b/osgpkitools/incommon_request.py @@ -82,11 +82,11 @@ def parse_cli(): optional.add_argument('-a', '--altname', action='append', dest='altnames', default=[], help='Specify the SAN for the requested certificate (only works with -H/--hostname). ' 'May be specified more than once for additional SANs.') - optional.add_argument('-C', '--config', action='store', dest='config_file', default='/etc/osg/pki/ca-issuer.conf' - 'Path to configuration file') + optional.add_argument('-C', '--config', action='store', dest='config_file', default='/etc/osg/pki/ca-issuer.conf', + help='Path to configuration file') optional.add_argument('-d', '--directory', action='store', dest='write_directory', default='.', help="The directory to write the host certificate(s) and key(s)") - optional.add_argument('-O', '--orgcode', action='store', dest='orgcode', default='9697,9732', metavar='ORG,DEPT', + optional.add_argument('-O', '--orgcode', action='store', dest='orgcode', metavar='ORG,DEPT', help='Organization and Department codes for the InCommon Certificate Service. Defaults are Fermilab\'s codes.') optional.add_argument('-l', '--key-length', action='store', default=cert_utils.Csr.KEY_LENGTH, type=int, help='The key size to generate') @@ -132,6 +132,12 @@ def __call__(self, parser, namespace, values, option_string=None): raise IOError(f"Unable to read the file at: {values}") +def fail(message): + """Immediately fail with the specified message + """ + sys.exit(message) + + def build_headers(config): """"This function build the headers for the HTTP request. Returns headers for the HTTP request @@ -269,9 +275,20 @@ def main(): args = parse_cli() config_parser = configparser.ConfigParser() - config_parser.read(args.config_file) - CONFIG = dict(config_parser.items('InCommon')) - + try: + with open(args.config_file, 'r', encoding='utf-8') as config_file: + try: + config_parser.read_file(config_file) + except configparser.Error as exc: + fail(exc) + except OSError as exc: + fail(exc) + + try: + CONFIG = dict(config_parser.items('InCommon')) + except configparser.NoSectionError: + fail(f'Could not find [InCommon] section header in {args.config_file}') + if args.orgcode: codes = [code.strip() for code in args.orgcode.split(',')] CONFIG['organization'] = codes[0] diff --git a/osgpkitools/utils.py b/osgpkitools/utils.py index 1746500..a8837b0 100644 --- a/osgpkitools/utils.py +++ b/osgpkitools/utils.py @@ -7,7 +7,7 @@ from .ExceptionDefinitions import * -VERSION_NUMBER = "3.5.1" +VERSION_NUMBER = "3.6.1" HELP_EMAIL = 'help@opensciencegrid.org' diff --git a/rpm/osg-pki-tools.spec b/rpm/osg-pki-tools.spec index 9bc328f..b939698 100644 --- a/rpm/osg-pki-tools.spec +++ b/rpm/osg-pki-tools.spec @@ -1,6 +1,6 @@ Summary: osg-pki-tools Name: osg-pki-tools -Version: 3.6.0 +Version: 3.6.1 Release: 1%{?dist} Source: osg-pki-tools-%{version}.tar.gz License: Apache 2.0 @@ -43,6 +43,10 @@ mv %{buildroot}/%{_prefix}/config/ca-issuer.conf %{buildroot}%{_sysconfdir}/osg/ %config(noreplace) %{_sysconfdir}/osg/pki/ca-issuer.conf %changelog +* Wed Sep 6 2023 Brian Lin - 3.6.1 +- Fix bug with default CA config file option (SOFTWARE-5668) +- Update default InCommon IGTF CA IDs to point to CA 3 + * Fri Sep 1 2023 Brian Lin - 3.6.0 - Add configuration file for osg-incommon-cert-request (SOFTWARE-5668) - Update default CSR key length to 4096, add CLI option (SOFTWARE-5651)