def renewFromMyProxy(self, userDN, userGroup, lifeTime=False, chain=False):
if not lifeTime:
lifeTime = 43200
if not self.__useMyProxy:
return S_ERROR("myproxy is disabled")
#Get the chain
if not chain:
retVal = self.__getPemAndTimeLeft(userDN, userGroup)
if not retVal['OK']:
return retVal
pemData = retVal['Value'][0]
chain = X509Chain()
retVal = chain.loadProxyFromString(pemData)
if not retVal['OK']:
return retVal
originChainLifeTime = chain.getRemainingSecs()['Value']
maxMyProxyLifeTime = self.getMyProxyMaxLifeTime()
#If we have a chain that's 0.8 of max mplifetime don't ask to mp
if originChainLifeTime > maxMyProxyLifeTime * 0.8:
self.log.error(
"Skipping myproxy download",
"user %s %s chain has %s secs and requested %s secs" %
(userDN, userGroup, originChainLifeTime, maxMyProxyLifeTime))
return S_OK(chain)
lifeTime *= 1.3
if lifeTime > maxMyProxyLifeTime:
lifeTime = maxMyProxyLifeTime
self.log.error(
"Renewing proxy from myproxy",
"user %s %s for %s secs" % (userDN, userGroup, lifeTime))
myProxy = MyProxy(server=self.getMyProxyServer())
retVal = myProxy.getDelegatedProxy(chain, lifeTime)
if not retVal['OK']:
return retVal
mpChain = retVal['Value']
retVal = mpChain.getRemainingSecs()
if not retVal['OK']:
return S_ERROR(
"Can't retrieve remaining secs from renewed proxy: %s" %
retVal['Message'])
mpChainSecsLeft = retVal['Value']
if mpChainSecsLeft < originChainLifeTime:
self.log.info(
"Chain downloaded from myproxy has less lifetime than the one stored in the db",
"\n Downloaded from myproxy: %s secs\n Stored in DB: %s secs" %
(mpChainSecsLeft, originChainLifeTime))
return S_OK(chain)
retVal = mpChain.getDIRACGroup()
if not retVal['OK']:
return S_ERROR(
"Can't retrieve DIRAC Group from renewed proxy: %s" %
retVal['Message'])
chainGroup = retVal['Value']
if chainGroup != userGroup:
return S_ERROR(
"Mismatch between renewed proxy group and expected: %s vs %s" %
(userGroup, chainGroup))
retVal = self.storeProxy(userDN, userGroup, mpChain)
if not retVal['OK']:
self.log.error("Cannot store proxy after renewal",
retVal['Message'])
retVal = myProxy.getServiceDN()
if not retVal['OK']:
hostDN = userDN
else:
hostDN = retVal['Value']
self.logAction("myproxy renewal", hostDN, "host", userDN, userGroup)
return S_OK(mpChain)
def renewFromMyProxy( self, userDN, userGroup, lifeTime = False, chain = False ):
if not lifeTime:
lifeTime = 43200
if not self.__useMyProxy:
return S_ERROR( "myproxy is disabled" )
#Get the chain
if not chain:
retVal = self.__getPemAndTimeLeft( userDN, userGroup )
if not retVal[ 'OK' ]:
return retVal
pemData = retVal[ 'Value' ][0]
chain = X509Chain()
retVal = chain.loadProxyFromString( pemData )
if not retVal[ 'OK' ]:
return retVal
originChainLifeTime = chain.getRemainingSecs()[ 'Value' ]
maxMyProxyLifeTime = self.getMyProxyMaxLifeTime()
#If we have a chain that's 0.8 of max mplifetime don't ask to mp
if originChainLifeTime > maxMyProxyLifeTime * 0.8:
self.log.error( "Skipping myproxy download",
"user %s %s chain has %s secs and requested %s secs" % ( userDN,
userGroup,
originChainLifeTime,
maxMyProxyLifeTime ) )
return S_OK( chain )
lifeTime *= 1.3
if lifeTime > maxMyProxyLifeTime:
lifeTime = maxMyProxyLifeTime
self.log.error( "Renewing proxy from myproxy", "user %s %s for %s secs" % ( userDN, userGroup, lifeTime ) )
myProxy = MyProxy( server = self.getMyProxyServer() )
retVal = myProxy.getDelegatedProxy( chain, lifeTime )
if not retVal[ 'OK' ]:
return retVal
mpChain = retVal[ 'Value' ]
retVal = mpChain.getRemainingSecs()
if not retVal[ 'OK' ]:
return S_ERROR( "Can't retrieve remaining secs from renewed proxy: %s" % retVal[ 'Message' ] )
mpChainSecsLeft = retVal['Value']
if mpChainSecsLeft < originChainLifeTime:
self.log.info( "Chain downloaded from myproxy has less lifetime than the one stored in the db",
"\n Downloaded from myproxy: %s secs\n Stored in DB: %s secs" % ( mpChainSecsLeft, originChainLifeTime ) )
return S_OK( chain )
retVal = mpChain.getDIRACGroup()
if not retVal[ 'OK' ]:
return S_ERROR( "Can't retrieve DIRAC Group from renewed proxy: %s" % retVal[ 'Message' ] )
chainGroup = retVal['Value']
if chainGroup != userGroup:
return S_ERROR( "Mismatch between renewed proxy group and expected: %s vs %s" % ( userGroup, chainGroup ) )
retVal = self.storeProxy( userDN, userGroup, mpChain )
if not retVal[ 'OK' ]:
self.log.error( "Cannot store proxy after renewal", retVal[ 'Message' ] )
retVal = myProxy.getServiceDN()
if not retVal[ 'OK' ]:
hostDN = userDN
else:
hostDN = retVal[ 'Value' ]
self.logAction( "myproxy renewal", hostDN, "host", userDN, userGroup )
return S_OK( mpChain )
