Merge pull request #81 from brianhlin/SOFTWARE-5668.incommon-config-file

Fix bug with config file defaults

Author: brianhlin

config/ca-issuer.conf

@@ -1,6 +1,6 @@
 [InCommon]
-organization:
-department:
+organization: 9697
+department: 9732
 customeruri: InCommon
 igtfservercert: 20583
 igtfmultidomain: 20812

osgpkitools/incommon_request.py

@@ -82,11 +82,11 @@ def parse_cli():
     optional.add_argument('-a', '--altname', action='append', dest='altnames', default=[],
                           help='Specify the SAN for the requested certificate (only works with -H/--hostname). '
                           'May be specified more than once for additional SANs.')
-    optional.add_argument('-C', '--config', action='store', dest='config_file', default='/etc/osg/pki/ca-issuer.conf'
-                          'Path to configuration file')
+    optional.add_argument('-C', '--config', action='store', dest='config_file', default='/etc/osg/pki/ca-issuer.conf',
+                          help='Path to configuration file')
     optional.add_argument('-d', '--directory', action='store', dest='write_directory', default='.',
                           help="The directory to write the host certificate(s) and key(s)")
-    optional.add_argument('-O', '--orgcode', action='store', dest='orgcode', default='9697,9732', metavar='ORG,DEPT',
+    optional.add_argument('-O', '--orgcode', action='store', dest='orgcode', metavar='ORG,DEPT',
                           help='Organization and Department codes for the InCommon Certificate Service. Defaults are Fermilab\'s codes.')
     optional.add_argument('-l', '--key-length', action='store', default=cert_utils.Csr.KEY_LENGTH,
                           type=int, help='The key size to generate')
@@ -132,6 +132,12 @@ def __call__(self, parser, namespace, values, option_string=None):
             raise IOError(f"Unable to read the file at: {values}")
 
 
+def fail(message):
+    """Immediately fail with the specified message
+    """
+    sys.exit(message)
+
+
 def build_headers(config):
     """"This function build the headers for the HTTP request.
         Returns headers for the HTTP request
@@ -269,9 +275,20 @@ def main():
         args = parse_cli()
 
         config_parser = configparser.ConfigParser()
-        config_parser.read(args.config_file)
-        CONFIG = dict(config_parser.items('InCommon'))
-        
+        try:
+            with open(args.config_file, 'r', encoding='utf-8') as config_file:
+                try:
+                    config_parser.read_file(config_file)
+                except configparser.Error as exc:
+                    fail(exc)
+        except OSError as exc:
+            fail(exc)
+
+        try:
+            CONFIG = dict(config_parser.items('InCommon'))
+        except configparser.NoSectionError:
+            fail(f'Could not find [InCommon] section header in {args.config_file}')
+
         if args.orgcode:
             codes = [code.strip() for code in args.orgcode.split(',')]
             CONFIG['organization'] = codes[0]

osgpkitools/utils.py

@@ -7,7 +7,7 @@
 
 from .ExceptionDefinitions import *
 
-VERSION_NUMBER = "3.5.1"
+VERSION_NUMBER = "3.6.1"
 HELP_EMAIL = 'help@opensciencegrid.org'
 
 

rpm/osg-pki-tools.spec

@@ -1,6 +1,6 @@
 Summary: osg-pki-tools
 Name: osg-pki-tools
-Version: 3.6.0
+Version: 3.6.1
 Release: 1%{?dist}
 Source: osg-pki-tools-%{version}.tar.gz
 License: Apache 2.0
@@ -43,6 +43,10 @@ mv %{buildroot}/%{_prefix}/config/ca-issuer.conf %{buildroot}%{_sysconfdir}/osg/
 %config(noreplace) %{_sysconfdir}/osg/pki/ca-issuer.conf
 
 %changelog
+* Wed Sep 6 2023 Brian Lin <blin@cs.wisc.edu> - 3.6.1
+- Fix bug with default CA config file option (SOFTWARE-5668)
+- Update default InCommon IGTF CA IDs to point to CA 3
+
 * Fri Sep 1 2023 Brian Lin <blin@cs.wisc.edu> - 3.6.0
 - Add configuration file for osg-incommon-cert-request (SOFTWARE-5668)
 - Update default CSR key length to 4096, add CLI option (SOFTWARE-5651)