def getVOMSProxy( self, userDN, userGroup, requiredLifeTime = False, requestedVOMSAttr = False ):
""" Get proxy string from the Proxy Repository for use with userDN
in the userGroup and VOMS attr
"""
retVal = self.__getVOMSAttribute( userGroup, requestedVOMSAttr )
if not retVal[ 'OK' ]:
return retVal
vomsAttr = retVal[ 'Value' ][ 'attribute' ]
vomsVO = retVal[ 'Value' ][ 'VOMSVO' ]
#Look in the cache
retVal = self.__getPemAndTimeLeft( userDN, userGroup, vomsAttr )
if retVal[ 'OK' ]:
pemData = retVal[ 'Value' ][0]
vomsTime = retVal[ 'Value' ][1]
chain = X509Chain()
retVal = chain.loadProxyFromString( pemData )
if retVal[ 'OK' ]:
retVal = chain.getRemainingSecs()
if retVal[ 'OK' ]:
remainingSecs = retVal[ 'Value' ]
if requiredLifeTime and requiredLifeTime <= vomsTime and requiredLifeTime <= remainingSecs:
return S_OK( ( chain, min( vomsTime, remainingSecs ) ) )
retVal = self.getProxy( userDN, userGroup, requiredLifeTime )
if not retVal[ 'OK' ]:
return retVal
chain, secsLeft = retVal[ 'Value' ]
if requiredLifeTime and requiredLifeTime > secsLeft:
return S_ERROR( "Stored proxy is not long lived enough" )
vomsMgr = VOMS()
retVal = vomsMgr.getVOMSAttributes( chain )
if retVal[ 'OK' ]:
attrs = retVal[ 'Value' ]
if len( attrs ) > 0:
if attrs[0] != vomsAttr:
return S_ERROR( "Stored proxy has already a different VOMS attribute %s than requested %s" % ( vomsAttr, attrs[0] ) )
else:
result = self.__storeVOMSProxy( userDN, userGroup, vomsAttr, chain )
if not result[ 'OK' ]:
return result
secsLeft = result[ 'Value' ]
if requiredLifeTime and requiredLifeTime <= secsLeft:
return S_OK( ( chain, secsLeft ) )
return S_ERROR( "Stored proxy has already a different VOMS attribute and is not long lived enough" )
retVal = vomsMgr.setVOMSAttributes( chain , vomsAttr, vo = vomsVO )
if not retVal[ 'OK' ]:
return S_ERROR( "Cannot append voms extension: %s" % retVal[ 'Message' ] )
chain = retVal[ 'Value' ]
result = self.__storeVOMSProxy( userDN, userGroup, vomsAttr, chain )
if not result[ 'OK' ]:
return result
secsLeft = result[ 'Value' ]
return S_OK( ( chain, secsLeft ) )
def __checkVOMSisAlignedWithGroup( self, userGroup, chain ):
#HACK: We deny proxies with VOMS extensions
result = chain.isVOMS()
if result[ 'OK' ] and result[ 'Value' ]:
return S_ERROR( "Proxies with VOMS extensions are not allowed to be uploaded" )
#END HACK
voms = VOMS()
if not voms.vomsInfoAvailable():
if self.__vomsRequired:
return S_ERROR( "VOMS is required, but it's not available" )
self.log.warn( "voms-proxy-info is not available" )
return S_OK()
retVal = voms.getVOMSAttributes( chain )
if not retVal[ 'OK' ]:
return retVal
attr = retVal[ 'Value' ]
validVOMSAttr = Registry.getVOMSAttributeForGroup( userGroup )
if len( attr ) == 0 or attr[0] == validVOMSAttr:
return S_OK( 'OK' )
msg = "VOMS attributes are not aligned with dirac group"
msg += "Attributes are %s and allowed is %s for group %s" % ( attr, validVOMSAttr, userGroup )
return S_ERROR( msg )
def __checkVOMSisAlignedWithGroup(self, userGroup, chain):
#HACK: We deny proxies with VOMS extensions
result = chain.isVOMS()
if result['OK'] and result['Value']:
return S_ERROR(
"Proxies with VOMS extensions are not allowed to be uploaded")
#END HACK
voms = VOMS()
if not voms.vomsInfoAvailable():
if self.__vomsRequired:
return S_ERROR("VOMS is required, but it's not available")
self.log.warn("voms-proxy-info is not available")
return S_OK()
retVal = voms.getVOMSAttributes(chain)
if not retVal['OK']:
return retVal
attr = retVal['Value']
validVOMSAttr = CS.getVOMSAttributeForGroup(userGroup)
if len(attr) == 0 or attr[0] == validVOMSAttr:
return S_OK('OK')
msg = "VOMS attributes are not aligned with dirac group"
msg += "Attributes are %s and allowed is %s for group %s" % (
attr, validVOMSAttr, userGroup)
return S_ERROR(msg)
def getVOMSProxy(self,
userDN,
userGroup,
requiredLifeTime=False,
requestedVOMSAttr=False):
""" Get proxy string from the Proxy Repository for use with userDN
in the userGroup and VOMS attr
"""
retVal = self.__getVOMSAttribute(userGroup, requestedVOMSAttr)
if not retVal['OK']:
return retVal
vomsAttr = retVal['Value']['attribute']
vomsVO = retVal['Value']['VOMSVO']
#Look in the cache
retVal = self.__getPemAndTimeLeft(userDN, userGroup, vomsAttr)
if retVal['OK']:
pemData = retVal['Value'][0]
vomsTime = retVal['Value'][1]
chain = X509Chain()
retVal = chain.loadProxyFromString(pemData)
if retVal['OK']:
retVal = chain.getRemainingSecs()
if retVal['OK']:
remainingSecs = retVal['Value']
if requiredLifeTime and requiredLifeTime <= vomsTime and requiredLifeTime <= remainingSecs:
return S_OK((chain, min(vomsTime, remainingSecs)))
retVal = self.getProxy(userDN, userGroup, requiredLifeTime)
if not retVal['OK']:
return retVal
chain, secsLeft = retVal['Value']
if requiredLifeTime and requiredLifeTime > secsLeft:
return S_ERROR("Stored proxy is not long lived enough")
vomsMgr = VOMS()
retVal = vomsMgr.getVOMSAttributes(chain)
if retVal['OK']:
attrs = retVal['Value']
if len(attrs) > 0:
if attrs[0] != vomsAttr:
return S_ERROR(
"Stored proxy has already a different VOMS attribute %s than requested %s"
% (vomsAttr, attrs[0]))
else:
result = self.__storeVOMSProxy(userDN, userGroup, vomsAttr,
chain)
if not result['OK']:
return result
secsLeft = result['Value']
if requiredLifeTime and requiredLifeTime <= secsLeft:
return S_OK((chain, secsLeft))
return S_ERROR(
"Stored proxy has already a different VOMS attribute and is not long lived enough"
)
retVal = vomsMgr.setVOMSAttributes(chain, vomsAttr, vo=vomsVO)
if not retVal['OK']:
return S_ERROR("Cannot append voms extension: %s" %
retVal['Message'])
chain = retVal['Value']
result = self.__storeVOMSProxy(userDN, userGroup, vomsAttr, chain)
if not result['OK']:
return result
secsLeft = result['Value']
return S_OK((chain, secsLeft))
def renewProxy(self, proxyToBeRenewed=None, minLifeTime=3600, newProxyLifeTime=43200, proxyToConnect=None):
""" Renew a proxy using the ProxyManager
:param X509Chain proxyToBeRenewed: proxy to renew
:param int minLifeTime: if proxy life time is less than this, renew. Skip otherwise
:param int newProxyLifeTime: life time of new proxy
:param X509Chain proxyToConnect: proxy to use for connecting to the service
:return: S_OK(X509Chain)/S_ERROR()
"""
retVal = multiProxyArgument(proxyToBeRenewed)
if not retVal['Value']:
return retVal
proxyToRenewDict = retVal['Value']
secs = proxyToRenewDict['chain'].getRemainingSecs()['Value']
if secs > minLifeTime:
deleteMultiProxy(proxyToRenewDict)
return S_OK()
if not proxyToConnect:
proxyToConnectDict = {'chain': False, 'tempFile': False}
else:
retVal = multiProxyArgument(proxyToConnect)
if not retVal['Value']:
deleteMultiProxy(proxyToRenewDict)
return retVal
proxyToConnectDict = retVal['Value']
userDN = proxyToRenewDict['chain'].getIssuerCert()['Value'].getSubjectDN()['Value']
retVal = proxyToRenewDict['chain'].getDIRACGroup()
if not retVal['OK']:
deleteMultiProxy(proxyToRenewDict)
deleteMultiProxy(proxyToConnectDict)
return retVal
userGroup = retVal['Value']
limited = proxyToRenewDict['chain'].isLimitedProxy()['Value']
voms = VOMS()
retVal = voms.getVOMSAttributes(proxyToRenewDict['chain'])
if not retVal['OK']:
deleteMultiProxy(proxyToRenewDict)
deleteMultiProxy(proxyToConnectDict)
return retVal
vomsAttrs = retVal['Value']
if vomsAttrs:
retVal = self.downloadVOMSProxy(userDN,
userGroup,
limited=limited,
requiredTimeLeft=newProxyLifeTime,
requiredVOMSAttribute=vomsAttrs[0],
proxyToConnect=proxyToConnectDict['chain'])
else:
retVal = self.downloadProxy(userDN,
userGroup,
limited=limited,
requiredTimeLeft=newProxyLifeTime,
proxyToConnect=proxyToConnectDict['chain'])
deleteMultiProxy(proxyToRenewDict)
deleteMultiProxy(proxyToConnectDict)
if not retVal['OK']:
return retVal
chain = retVal['Value']
if not proxyToRenewDict['tempFile']:
return chain.dumpAllToFile(proxyToRenewDict['file'])
return S_OK(chain)
def renewProxy( self, proxyToBeRenewed = False, minLifeTime = 3600, newProxyLifeTime = 43200, proxyToConnect = False ):
"""
Renew a proxy using the ProxyManager
Arguments:
proxyToBeRenewed : proxy to renew
minLifeTime : if proxy life time is less than this, renew. Skip otherwise
newProxyLifeTime : life time of new proxy
proxyToConnect : proxy to use for connecting to the service
"""
retVal = multiProxyArgument( proxyToBeRenewed )
if not retVal[ 'Value' ]:
return retVal
proxyToRenewDict = retVal[ 'Value' ]
secs = proxyToRenewDict[ 'chain' ].getRemainingSecs()[ 'Value' ]
if secs > minLifeTime:
deleteMultiProxy( proxyToRenewDict )
return S_OK()
if not proxyToConnect:
proxyToConnectDict = { 'chain': False, 'tempFile': False }
else:
retVal = multiProxyArgument( proxyToConnect )
if not retVal[ 'Value' ]:
deleteMultiProxy( proxyToRenewDict )
return retVal
proxyToConnectDict = retVal[ 'Value' ]
userDN = proxyToRenewDict[ 'chain' ].getIssuerCert()[ 'Value' ].getSubjectDN()[ 'Value' ]
retVal = proxyToRenewDict[ 'chain' ].getDIRACGroup()
if not retVal[ 'OK' ]:
deleteMultiProxy( proxyToRenewDict )
deleteMultiProxy( proxyToConnectDict )
return retVal
userGroup = retVal[ 'Value' ]
limited = proxyToRenewDict[ 'chain' ].isLimitedProxy()[ 'Value' ]
voms = VOMS()
retVal = voms.getVOMSAttributes( proxyToRenewDict[ 'chain' ] )
if not retVal[ 'OK' ]:
deleteMultiProxy( proxyToRenewDict )
deleteMultiProxy( proxyToConnectDict )
return retVal
vomsAttrs = retVal[ 'Value' ]
if vomsAttrs:
retVal = self.downloadVOMSProxy( userDN,
userGroup,
limited = limited,
requiredTimeLeft = newProxyLifeTime,
requiredVOMSAttribute = vomsAttrs[0],
proxyToConnect = proxyToConnectDict[ 'chain' ] )
else:
retVal = self.downloadProxy( userDN,
userGroup,
limited = limited,
requiredTimeLeft = newProxyLifeTime,
proxyToConnect = proxyToConnectDict[ 'chain' ] )
deleteMultiProxy( proxyToRenewDict )
deleteMultiProxy( proxyToConnectDict )
if not retVal[ 'OK' ]:
return retVal
chain = retVal['Value']
if not proxyToRenewDict[ 'tempFile' ]:
return chain.dumpAllToFile( proxyToRenewDict[ 'file' ] )
return S_OK( chain )
