find_x509_credentials¶

igwn_auth_utils.find_x509_credentials(timeleft=600)[source]¶

Locate X509 certificate and (optionally) private key files.

This function checks the following paths in order:

• ${X509_USER_CERT} and ${X509_USER_KEY}

• ${X509_USER_PROXY}

• /tmp/x509up_u${UID}

• ~/.globus/usercert.pem and ~/.globus/userkey.pem

Note

If the X509_USER_{CERT,KEY,PROXY} variables are set, their paths are not validated in any way, but are trusted to point at valid, non-expired credentials. The default paths in /tmp and globus are validated before being returned.

Parameters:¶

timeleft=600¶

minimum required time left until expiry (in seconds) for a certificate to be considered ‘valid’

Returns:¶

• cert (str) – the path of the certificate file that also contains the private key, OR

• cert, key (str) – the paths of the separate cert and private key files

Raises:¶

IgwnAuthError – if not certificate files can be found, or if the files found on disk cannot be validtted.

Examples

If no environment variables are set, but a short-lived certificate has been generated in the default location:

>>> find_credentials()
'/tmp/x509up_u1000'

If a long-lived (grid) certificate has been downloaded:

>>> find_credentials()
('/home/me/.globus/usercert.pem', '/home/me/.globus/userkey.pem')