def downloadVOMSProxy( self, userDN, userGroup, limited = False, requiredTimeLeft = 1200,
cacheTime = 43200, requiredVOMSAttribute = False, proxyToConnect = False, token = False ):
"""
Download a proxy if needed and transform it into a VOMS one
"""
cacheKey = ( userDN, userGroup, requiredVOMSAttribute, limited )
if self.__vomsProxiesCache.exists( cacheKey, requiredTimeLeft ):
return S_OK( self.__vomsProxiesCache.get( cacheKey ) )
req = X509Request()
req.generateProxyRequest( limited = limited )
if proxyToConnect:
rpcClient = RPCClient( "Framework/ProxyManager", proxyChain = proxyToConnect, timeout = 120 )
else:
rpcClient = RPCClient( "Framework/ProxyManager", timeout = 120 )
if token:
retVal = rpcClient.getVOMSProxyWithToken( userDN, userGroup, req.dumpRequest()['Value'],
long( cacheTime + requiredTimeLeft ), token, requiredVOMSAttribute )
else:
retVal = rpcClient.getVOMSProxy( userDN, userGroup, req.dumpRequest()['Value'],
long( cacheTime + requiredTimeLeft ), requiredVOMSAttribute )
if not retVal[ 'OK' ]:
return retVal
chain = X509Chain( keyObj = req.getPKey() )
retVal = chain.loadChainFromString( retVal[ 'Value' ] )
if not retVal[ 'OK' ]:
return retVal
self.__vomsProxiesCache.add( cacheKey, chain.getRemainingSecs()['Value'], chain )
return S_OK( chain )
def downloadProxy( self, userDN, userGroup, limited = False, requiredTimeLeft = 1200,
cacheTime = 43200, proxyToConnect = False, token = False ):
"""
Get a proxy Chain from the proxy management
"""
cacheKey = ( userDN, userGroup )
if self.__proxiesCache.exists( cacheKey, requiredTimeLeft ):
return S_OK( self.__proxiesCache.get( cacheKey ) )
req = X509Request()
req.generateProxyRequest( limited = limited )
if proxyToConnect:
rpcClient = RPCClient( "Framework/ProxyManager", proxyChain = proxyToConnect, timeout = 120 )
else:
rpcClient = RPCClient( "Framework/ProxyManager", timeout = 120 )
if token:
retVal = rpcClient.getProxyWithToken( userDN, userGroup, req.dumpRequest()['Value'],
long( cacheTime + requiredTimeLeft ), token )
else:
retVal = rpcClient.getProxy( userDN, userGroup, req.dumpRequest()['Value'],
long( cacheTime + requiredTimeLeft ) )
if not retVal[ 'OK' ]:
return retVal
chain = X509Chain( keyObj = req.getPKey() )
retVal = chain.loadChainFromString( retVal[ 'Value' ] )
if not retVal[ 'OK' ]:
return retVal
self.__proxiesCache.add( cacheKey, chain.getRemainingSecs()['Value'], chain )
return S_OK( chain )
def downloadVOMSProxy(
self,
userDN,
userGroup,
limited=False,
requiredTimeLeft=1200,
cacheTime=14400,
requiredVOMSAttribute=None,
proxyToConnect=None,
token=None,
):
"""Download a proxy if needed and transform it into a VOMS one
:param str userDN: user DN
:param str userGroup: user group
:param boolean limited: if need limited proxy
:param int requiredTimeLeft: required proxy live time in a seconds
:param int cacheTime: store in a cache time in a seconds
:param str requiredVOMSAttribute: VOMS attr to add to the proxy
:param X509Chain proxyToConnect: proxy as a chain
:param str token: valid token to get a proxy
:return: S_OK(X509Chain)/S_ERROR()
"""
cacheKey = (userDN, userGroup, requiredVOMSAttribute, limited)
if self.__vomsProxiesCache.exists(cacheKey, requiredTimeLeft):
return S_OK(self.__vomsProxiesCache.get(cacheKey))
req = X509Request()
req.generateProxyRequest(limited=limited)
if proxyToConnect:
rpcClient = Client(url="Framework/ProxyManager",
proxyChain=proxyToConnect,
timeout=120)
else:
rpcClient = Client(url="Framework/ProxyManager", timeout=120)
if token:
retVal = rpcClient.getVOMSProxyWithToken(
userDN,
userGroup,
req.dumpRequest()["Value"],
int(cacheTime + requiredTimeLeft),
token,
requiredVOMSAttribute,
)
else:
retVal = rpcClient.getVOMSProxy(userDN, userGroup,
req.dumpRequest()["Value"],
int(cacheTime + requiredTimeLeft),
requiredVOMSAttribute)
if not retVal["OK"]:
return retVal
chain = X509Chain(keyObj=req.getPKey())
retVal = chain.loadChainFromString(retVal["Value"])
if not retVal["OK"]:
return retVal
self.__vomsProxiesCache.add(cacheKey,
chain.getRemainingSecs()["Value"], chain)
return S_OK(chain)
def downloadProxy(self,
userDN,
userGroup,
limited=False,
requiredTimeLeft=1200,
cacheTime=14400,
proxyToConnect=None,
token=None):
""" Get a proxy Chain from the proxy management
:param basestring userDN: user DN
:param basestring userGroup: user group
:param boolean limited: if need limited proxy
:param int requiredTimeLeft: required proxy live time in a seconds
:param int cacheTime: store in a cache time in a seconds
:param X509Chain proxyToConnect: proxy as a chain
:param basestring token: valid token to get a proxy
:return: S_OK(X509Chain)/S_ERROR()
"""
cacheKey = (userDN, userGroup)
if self.__proxiesCache.exists(cacheKey, requiredTimeLeft):
return S_OK(self.__proxiesCache.get(cacheKey))
req = X509Request()
req.generateProxyRequest(limited=limited)
if proxyToConnect:
rpcClient = RPCClient("Framework/ProxyManager",
proxyChain=proxyToConnect,
timeout=120)
else:
rpcClient = RPCClient("Framework/ProxyManager", timeout=120)
if token:
retVal = rpcClient.getProxyWithToken(
userDN, userGroup,
req.dumpRequest()['Value'], int(cacheTime + requiredTimeLeft),
token)
else:
retVal = rpcClient.getProxy(userDN, userGroup,
req.dumpRequest()['Value'],
int(cacheTime + requiredTimeLeft))
if not retVal['OK']:
return retVal
chain = X509Chain(keyObj=req.getPKey())
retVal = chain.loadChainFromString(retVal['Value'])
if not retVal['OK']:
return retVal
self.__proxiesCache.add(cacheKey,
chain.getRemainingSecs()['Value'], chain)
return S_OK(chain)
def retrieveDelegationRequest(self, requestId, userDN):
"""
Retrieve a request from the DB
"""
cmd = "SELECT Pem FROM `ProxyDB_Requests` WHERE Id = %s AND UserDN = '%s'" % (
requestId, userDN)
retVal = self._query(cmd)
if not retVal['OK']:
return retVal
data = retVal['Value']
if len(data) == 0:
return S_ERROR("No requests with id %s" % requestId)
request = X509Request()
retVal = request.loadAllFromString(data[0][0])
if not retVal['OK']:
return retVal
return S_OK(request)
def generateProxyRequest( self, bitStrength = 1024, limited = False ):
"""
Generate a proxy request
Return S_OK( X509Request ) / S_ERROR
"""
if not self.__valid:
return S_ERROR( "No certificate loaded" )
if not limited:
subj = self.__certObj.get_subject()
lastEntry = subj.get_entry( subj.num_entries() - 1 )
if lastEntry[0] == 'CN' and lastEntry[1] == "limited proxy":
limited = True
from DIRAC.Core.Security.X509Request import X509Request
req = X509Request()
req.generateProxyRequest( bitStrength = bitStrength, limited = limited )
return S_OK( req )
