def generateProxyRequest(self, bitStrength=1024, limited=False):
"""
Generate a proxy request. See :py:class:`DIRAC.Core.Security.m2crypto.X509Request.X509Request`
In principle, there is no reason to have this here, since a the X509Request is independant of
the 509Certificate when generating it. The only reason is to check whether the current Certificate
is limited or not.
:param bitStrength: strength of the key
:param limited: if True or if the current certificate is limited (see proxy RFC),
creates a request for a limited proxy
:returns: S_OK( :py:class:`DIRAC.Core.Security.m2crypto.X509Request.X509Request` ) / S_ERROR
"""
if not limited:
# We check whether "limited proxy" is in the subject
subj = self.__certObj.get_subject()
# M2Crypto does not understand the [-1] syntax...
lastEntry = subj[len(subj) - 1]
if lastEntry.get_data() == "limited proxy":
limited = True
# The import is done here to avoid circular import
# X509Certificate -> X509Request -> X509Chain -> X509Certificate
from DIRAC.Core.Security.m2crypto.X509Request import X509Request
req = X509Request()
req.generateProxyRequest(bitStrength=bitStrength, limited=limited)
return S_OK(req)
def _generateX509Request():
""" Instanciate the object
:returns: an X509Request instance
"""
return X509Request()