find_x509_credentials¶
-
igwn_auth_utils.find_x509_credentials(timeleft=
600
)[source]¶ Locate X509 certificate and (optionally) private key files.
This function checks the following paths in order:
${X509_USER_CERT}
and${X509_USER_KEY}
${X509_USER_PROXY}
/tmp/x509up_u${UID}
~/.globus/usercert.pem
and~/.globus/userkey.pem
Note
If the
X509_USER_{CERT,KEY,PROXY}
variables are set, their paths are not validated in any way, but are trusted to point at valid, non-expired credentials. The default paths in/tmp
andglobus
are validated before being returned.- Parameters:¶
- timeleft=
600
¶ minimum required time left until expiry (in seconds) for a certificate to be considered ‘valid’
- timeleft=
- Returns:¶
- Raises:¶
IgwnAuthError – if not certificate files can be found, or if the files found on disk cannot be validtted.
Examples
If no environment variables are set, but a short-lived certificate has been generated in the default location:
>>> find_credentials() '/tmp/x509up_u1000'
If a long-lived (grid) certificate has been downloaded:
>>> find_credentials() ('/home/me/.globus/usercert.pem', '/home/me/.globus/userkey.pem')