def generateProxyToString( self, lifeTime, diracGroup = False, strength = 1024, limited = False, rfc = False, proxyKey = False ):
"""
Generate a proxy and get it as a string
Args:
lifeTime (int): expected lifetime in seconds of proxy
diracGroup (str): diracGroup to add to the certificate
strength (int): length in bits of the pair
limited (bool): Create a limited proxy
"""
if not self.__loadedChain:
return S_ERROR( DErrno.ENOCHAIN )
if not self.__loadedPKey:
return S_ERROR( DErrno.ENOPKEY )
if self.__isProxy:
rfc = self.isRFC().get( 'Value', False )
issuerCert = self.__certList[0]
if not proxyKey:
proxyKey = crypto.PKey()
proxyKey.generate_key( crypto.TYPE_RSA, strength )
proxyCert = crypto.X509()
if rfc:
proxyCert.set_serial_number( str( int( random.random() * 10 ** 10 ) ) )
cloneSubject = issuerCert.get_subject().clone()
cloneSubject.insert_entry( "CN", str( int( random.random() * 10 ** 10 ) ) )
proxyCert.set_subject( cloneSubject )
proxyCert.add_extensions( self.__getProxyExtensionList( diracGroup, rfc and not limited, rfc and limited ) )
else:
proxyCert.set_serial_number( issuerCert.get_serial_number() )
cloneSubject = issuerCert.get_subject().clone()
if limited:
cloneSubject.insert_entry( "CN", "limited proxy" )
else:
cloneSubject.insert_entry( "CN", "proxy" )
proxyCert.set_subject( cloneSubject )
proxyCert.add_extensions( self.__getProxyExtensionList( diracGroup ) )
proxyCert.set_issuer( issuerCert.get_subject() )
proxyCert.set_version( issuerCert.get_version() )
proxyCert.set_pubkey( proxyKey )
proxyCert.gmtime_adj_notBefore( -900 )
proxyCert.gmtime_adj_notAfter( int( lifeTime ) )
proxyCert.sign( self.__keyObj, 'sha256' )
proxyString = "%s%s" % ( crypto.dump_certificate( crypto.FILETYPE_PEM, proxyCert ),
crypto.dump_privatekey( crypto.FILETYPE_PEM, proxyKey ) )
for i in range( len( self.__certList ) ):
proxyString += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
return S_OK( proxyString )
def generateProxyToString(self, lifeTime, diracGroup=False, strength=1024, limited=False, rfc=False, proxyKey=False):
"""
Generate a proxy and get it as a string
Args:
lifeTime (int): expected lifetime in seconds of proxy
diracGroup (str): diracGroup to add to the certificate
strength (int): length in bits of the pair
limited (bool): Create a limited proxy
"""
if not self.__loadedChain:
return S_ERROR(DErrno.ENOCHAIN)
if not self.__loadedPKey:
return S_ERROR(DErrno.ENOPKEY)
if self.__isProxy:
rfc = self.isRFC().get('Value', False)
issuerCert = self.__certList[0]
if not proxyKey:
proxyKey = crypto.PKey()
proxyKey.generate_key(crypto.TYPE_RSA, strength)
proxyCert = crypto.X509()
if rfc:
proxyCert.set_serial_number(str(int(random.random() * 10 ** 10)))
cloneSubject = issuerCert.get_subject().clone()
cloneSubject.insert_entry("CN", str(int(random.random() * 10 ** 10)))
proxyCert.set_subject(cloneSubject)
proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup, rfc and not limited, rfc and limited))
else:
proxyCert.set_serial_number(issuerCert.get_serial_number())
cloneSubject = issuerCert.get_subject().clone()
if limited:
cloneSubject.insert_entry("CN", "limited proxy")
else:
cloneSubject.insert_entry("CN", "proxy")
proxyCert.set_subject(cloneSubject)
proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))
proxyCert.set_issuer(issuerCert.get_subject())
proxyCert.set_version(issuerCert.get_version())
proxyCert.set_pubkey(proxyKey)
proxyCert.gmtime_adj_notBefore(-900)
proxyCert.gmtime_adj_notAfter(int(lifeTime))
proxyCert.sign(self.__keyObj, 'sha256')
proxyString = "%s%s" % (crypto.dump_certificate(crypto.FILETYPE_PEM, proxyCert),
crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey))
for i in range(len(self.__certList)):
proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])
return S_OK(proxyString)
def dumpAllToString( self ):
"""
Dump all to string
"""
if not self.__loadedChain:
return S_ERROR( "No chain loaded" )
data = crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[0] )
if self.__loadedPKey:
data += crypto.dump_privatekey( crypto.FILETYPE_PEM, self.__keyObj )
for i in range( 1, len( self.__certList ) ):
data += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
return S_OK( data )
def dumpAllToString(self):
"""
Dump all to string
"""
if not self.__loadedChain:
return S_ERROR(DErrno.ENOCHAIN)
data = crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[0])
if self.__loadedPKey:
data += crypto.dump_privatekey(crypto.FILETYPE_PEM, self.__keyObj)
for i in range(1, len(self.__certList)):
data += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])
return S_OK(data)
def dumpAllToString( self ):
"""
Dump all to string
"""
if not self.__loadedChain:
return S_ERROR( "No chain loaded" )
buffer = crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[0] )
if self.__loadedPKey:
buffer += crypto.dump_privatekey( crypto.FILETYPE_PEM, self.__keyObj )
for i in range( 1, len( self.__certList ) ):
buffer += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
return S_OK( buffer )
def generateProxyToString(self,
lifeTime,
diracGroup=False,
strength=1024,
limited=False):
"""
Generate a proxy and get it as a string
Args:
- lifeTime : expected lifetime in seconds of proxy
- diracGroup : diracGroup to add to the certificate
- strength : length in bits of the pair
- limited : Create a limited proxy
"""
if not self.__loadedChain:
return S_ERROR("No chain loaded")
if not self.__loadedPKey:
return S_ERROR("No pkey loaded")
issuerCert = self.__certList[0]
proxyKey = crypto.PKey()
proxyKey.generate_key(crypto.TYPE_RSA, strength)
proxyCert = crypto.X509()
cloneSubject = issuerCert.get_subject().clone()
if limited:
cloneSubject.insert_entry("CN", "limited proxy")
else:
cloneSubject.insert_entry("CN", "proxy")
proxyCert.set_subject(cloneSubject)
proxyCert.set_serial_number(issuerCert.get_serial_number())
proxyCert.set_issuer(issuerCert.get_subject())
proxyCert.set_version(issuerCert.get_version())
proxyCert.set_pubkey(proxyKey)
proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))
proxyCert.gmtime_adj_notBefore(-900)
proxyCert.gmtime_adj_notAfter(lifeTime)
proxyCert.sign(self.__keyObj, 'sha1')
proxyString = "%s%s" % (crypto.dump_certificate(
crypto.FILETYPE_PEM,
proxyCert), crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey))
for i in range(len(self.__certList)):
proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM,
self.__certList[i])
return S_OK(proxyString)
def generateProxyToString(self, lifeTime, diracGroup=False, strength=1024, limited=False):
"""
Generate a proxy and get it as a string
Args:
- lifeTime : expected lifetime in seconds of proxy
- diracGroup : diracGroup to add to the certificate
- strength : length in bits of the pair
- limited : Create a limited proxy
"""
if not self.__loadedChain:
return S_ERROR("No chain loaded")
if not self.__loadedPKey:
return S_ERROR("No pkey loaded")
issuerCert = self.__certList[0]
proxyKey = crypto.PKey()
proxyKey.generate_key(crypto.TYPE_RSA, strength)
proxyCert = crypto.X509()
cloneSubject = issuerCert.get_subject().clone()
if limited:
cloneSubject.insert_entry("CN", "limited proxy")
else:
cloneSubject.insert_entry("CN", "proxy")
proxyCert.set_subject(cloneSubject)
proxyCert.set_serial_number(issuerCert.get_serial_number())
proxyCert.set_issuer(issuerCert.get_subject())
proxyCert.set_version(issuerCert.get_version())
proxyCert.set_pubkey(proxyKey)
proxyCert.add_extensions(self.__getProxyExtensionList(diracGroup))
proxyCert.gmtime_adj_notBefore(-900)
proxyCert.gmtime_adj_notAfter(lifeTime)
proxyCert.sign(self.__keyObj, "md5")
proxyString = "%s%s" % (
crypto.dump_certificate(crypto.FILETYPE_PEM, proxyCert),
crypto.dump_privatekey(crypto.FILETYPE_PEM, proxyKey),
)
for i in range(len(self.__certList)):
proxyString += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])
return S_OK(proxyString)
def dumpChainToString( self ):
"""
Dump only cert chain to string
"""
if not self.__loadedChain:
return S_ERROR( "No chain loaded" )
data = ''
for i in range( len( self.__certList ) ):
data += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
return S_OK( data )
def dumpChainToString(self):
"""
Dump only cert chain to string
"""
if not self.__loadedChain:
return S_ERROR(DErrno.ENOCHAIN)
data = ''
for i in range(len(self.__certList)):
data += crypto.dump_certificate(crypto.FILETYPE_PEM, self.__certList[i])
return S_OK(data)
def dumpChainToString( self ):
"""
Dump only cert chain to string
"""
if not self.__loadedChain:
return S_ERROR( "No chain loaded" )
buffer = ''
for i in range( len( self.__certList ) ):
buffer += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[1] )
return S_OK( buffer )
return S_ERROR(
"Only limited proxies are allowed to be delegated but request was for a full one"
)
childCert = crypto.X509()
childCert.set_subject(newSubj)
childCert.set_issuer(issuerCert.get_subject())
childCert.set_serial_number(issuerCert.get_serial_number())
childCert.set_version(issuerCert.get_version())
childCert.set_pubkey(req.get_pubkey())
childCert.add_extensions(self.__getProxyExtensionList(diracGroup))
childCert.gmtime_adj_notBefore(-900)
childCert.gmtime_adj_notAfter(lifetime)
childCert.sign(self.__keyObj, 'md5')
childString = crypto.dump_certificate(crypto.FILETYPE_PEM, childCert)
for i in range(len(self.__certList)):
childString += crypto.dump_certificate(crypto.FILETYPE_PEM,
self.__certList[i])
return S_OK(childString)
def getRemainingSecs(self):
"""
Get remaining time
"""
if not self.__loadedChain:
return S_ERROR("No chain loaded")
remainingSecs = self.getCertInChain(
0)['Value'].getRemainingSecs()['Value']
for i in range(1, len(self.__certList)):
if requireLimited and not isLimited:
return S_ERROR( "Only limited proxies are allowed to be delegated but request was for a full one" )
childCert = crypto.X509()
childCert.set_subject( newSubj )
childCert.set_issuer( issuerCert.get_subject() )
childCert.set_serial_number( issuerCert.get_serial_number() )
childCert.set_version( issuerCert.get_version() )
childCert.set_pubkey( req.get_pubkey() )
childCert.add_extensions( self.__getProxyExtensionList( diracGroup ) )
childCert.gmtime_adj_notBefore( -900 )
childCert.gmtime_adj_notAfter( lifetime )
childCert.sign( self.__keyObj, 'md5' )
childString = crypto.dump_certificate( crypto.FILETYPE_PEM, childCert )
for i in range( len( self.__certList ) ):
childString += crypto.dump_certificate( crypto.FILETYPE_PEM, self.__certList[i] )
return S_OK( childString )
def getRemainingSecs( self ):
"""
Get remaining time
"""
if not self.__loadedChain:
return S_ERROR( "No chain loaded" )
remainingSecs = self.getCertInChain( 0 )[ 'Value' ].getRemainingSecs()[ 'Value' ]
for i in range( 1, len( self.__certList ) ):
stepRS = self.getCertInChain( i )[ 'Value' ].getRemainingSecs()[ 'Value' ]
remainingSecs = min( remainingSecs, stepRS )
