def getVOMSProxy( self, userDN, userGroup, requiredLifeTime = False, requestedVOMSAttr = False ): """ Get proxy string from the Proxy Repository for use with userDN in the userGroup and VOMS attr """ retVal = self.__getVOMSAttribute( userGroup, requestedVOMSAttr ) if not retVal[ 'OK' ]: return retVal vomsAttr = retVal[ 'Value' ][ 'attribute' ] vomsVO = retVal[ 'Value' ][ 'VOMSVO' ] #Look in the cache retVal = self.__getPemAndTimeLeft( userDN, userGroup, vomsAttr ) if retVal[ 'OK' ]: pemData = retVal[ 'Value' ][0] vomsTime = retVal[ 'Value' ][1] chain = X509Chain() retVal = chain.loadProxyFromString( pemData ) if retVal[ 'OK' ]: retVal = chain.getRemainingSecs() if retVal[ 'OK' ]: remainingSecs = retVal[ 'Value' ] if requiredLifeTime and requiredLifeTime <= vomsTime and requiredLifeTime <= remainingSecs: return S_OK( ( chain, min( vomsTime, remainingSecs ) ) ) retVal = self.getProxy( userDN, userGroup, requiredLifeTime ) if not retVal[ 'OK' ]: return retVal chain, secsLeft = retVal[ 'Value' ] if requiredLifeTime and requiredLifeTime > secsLeft: return S_ERROR( "Stored proxy is not long lived enough" ) vomsMgr = VOMS() retVal = vomsMgr.getVOMSAttributes( chain ) if retVal[ 'OK' ]: attrs = retVal[ 'Value' ] if len( attrs ) > 0: if attrs[0] != vomsAttr: return S_ERROR( "Stored proxy has already a different VOMS attribute %s than requested %s" % ( vomsAttr, attrs[0] ) ) else: result = self.__storeVOMSProxy( userDN, userGroup, vomsAttr, chain ) if not result[ 'OK' ]: return result secsLeft = result[ 'Value' ] if requiredLifeTime and requiredLifeTime <= secsLeft: return S_OK( ( chain, secsLeft ) ) return S_ERROR( "Stored proxy has already a different VOMS attribute and is not long lived enough" ) retVal = vomsMgr.setVOMSAttributes( chain , vomsAttr, vo = vomsVO ) if not retVal[ 'OK' ]: return S_ERROR( "Cannot append voms extension: %s" % retVal[ 'Message' ] ) chain = retVal[ 'Value' ] result = self.__storeVOMSProxy( userDN, userGroup, vomsAttr, chain ) if not result[ 'OK' ]: return result secsLeft = result[ 'Value' ] return S_OK( ( chain, secsLeft ) )
def __checkVOMSisAlignedWithGroup( self, userGroup, chain ): #HACK: We deny proxies with VOMS extensions result = chain.isVOMS() if result[ 'OK' ] and result[ 'Value' ]: return S_ERROR( "Proxies with VOMS extensions are not allowed to be uploaded" ) #END HACK voms = VOMS() if not voms.vomsInfoAvailable(): if self.__vomsRequired: return S_ERROR( "VOMS is required, but it's not available" ) self.log.warn( "voms-proxy-info is not available" ) return S_OK() retVal = voms.getVOMSAttributes( chain ) if not retVal[ 'OK' ]: return retVal attr = retVal[ 'Value' ] validVOMSAttr = Registry.getVOMSAttributeForGroup( userGroup ) if len( attr ) == 0 or attr[0] == validVOMSAttr: return S_OK( 'OK' ) msg = "VOMS attributes are not aligned with dirac group" msg += "Attributes are %s and allowed is %s for group %s" % ( attr, validVOMSAttr, userGroup ) return S_ERROR( msg )
def __checkVOMSisAlignedWithGroup(self, userGroup, chain): #HACK: We deny proxies with VOMS extensions result = chain.isVOMS() if result['OK'] and result['Value']: return S_ERROR( "Proxies with VOMS extensions are not allowed to be uploaded") #END HACK voms = VOMS() if not voms.vomsInfoAvailable(): if self.__vomsRequired: return S_ERROR("VOMS is required, but it's not available") self.log.warn("voms-proxy-info is not available") return S_OK() retVal = voms.getVOMSAttributes(chain) if not retVal['OK']: return retVal attr = retVal['Value'] validVOMSAttr = CS.getVOMSAttributeForGroup(userGroup) if len(attr) == 0 or attr[0] == validVOMSAttr: return S_OK('OK') msg = "VOMS attributes are not aligned with dirac group" msg += "Attributes are %s and allowed is %s for group %s" % ( attr, validVOMSAttr, userGroup) return S_ERROR(msg)
def getVOMSProxy(self, userDN, userGroup, requiredLifeTime=False, requestedVOMSAttr=False): """ Get proxy string from the Proxy Repository for use with userDN in the userGroup and VOMS attr """ retVal = self.__getVOMSAttribute(userGroup, requestedVOMSAttr) if not retVal['OK']: return retVal vomsAttr = retVal['Value']['attribute'] vomsVO = retVal['Value']['VOMSVO'] #Look in the cache retVal = self.__getPemAndTimeLeft(userDN, userGroup, vomsAttr) if retVal['OK']: pemData = retVal['Value'][0] vomsTime = retVal['Value'][1] chain = X509Chain() retVal = chain.loadProxyFromString(pemData) if retVal['OK']: retVal = chain.getRemainingSecs() if retVal['OK']: remainingSecs = retVal['Value'] if requiredLifeTime and requiredLifeTime <= vomsTime and requiredLifeTime <= remainingSecs: return S_OK((chain, min(vomsTime, remainingSecs))) retVal = self.getProxy(userDN, userGroup, requiredLifeTime) if not retVal['OK']: return retVal chain, secsLeft = retVal['Value'] if requiredLifeTime and requiredLifeTime > secsLeft: return S_ERROR("Stored proxy is not long lived enough") vomsMgr = VOMS() retVal = vomsMgr.getVOMSAttributes(chain) if retVal['OK']: attrs = retVal['Value'] if len(attrs) > 0: if attrs[0] != vomsAttr: return S_ERROR( "Stored proxy has already a different VOMS attribute %s than requested %s" % (vomsAttr, attrs[0])) else: result = self.__storeVOMSProxy(userDN, userGroup, vomsAttr, chain) if not result['OK']: return result secsLeft = result['Value'] if requiredLifeTime and requiredLifeTime <= secsLeft: return S_OK((chain, secsLeft)) return S_ERROR( "Stored proxy has already a different VOMS attribute and is not long lived enough" ) retVal = vomsMgr.setVOMSAttributes(chain, vomsAttr, vo=vomsVO) if not retVal['OK']: return S_ERROR("Cannot append voms extension: %s" % retVal['Message']) chain = retVal['Value'] result = self.__storeVOMSProxy(userDN, userGroup, vomsAttr, chain) if not result['OK']: return result secsLeft = result['Value'] return S_OK((chain, secsLeft))
def renewProxy(self, proxyToBeRenewed=None, minLifeTime=3600, newProxyLifeTime=43200, proxyToConnect=None): """ Renew a proxy using the ProxyManager :param X509Chain proxyToBeRenewed: proxy to renew :param int minLifeTime: if proxy life time is less than this, renew. Skip otherwise :param int newProxyLifeTime: life time of new proxy :param X509Chain proxyToConnect: proxy to use for connecting to the service :return: S_OK(X509Chain)/S_ERROR() """ retVal = multiProxyArgument(proxyToBeRenewed) if not retVal['Value']: return retVal proxyToRenewDict = retVal['Value'] secs = proxyToRenewDict['chain'].getRemainingSecs()['Value'] if secs > minLifeTime: deleteMultiProxy(proxyToRenewDict) return S_OK() if not proxyToConnect: proxyToConnectDict = {'chain': False, 'tempFile': False} else: retVal = multiProxyArgument(proxyToConnect) if not retVal['Value']: deleteMultiProxy(proxyToRenewDict) return retVal proxyToConnectDict = retVal['Value'] userDN = proxyToRenewDict['chain'].getIssuerCert()['Value'].getSubjectDN()['Value'] retVal = proxyToRenewDict['chain'].getDIRACGroup() if not retVal['OK']: deleteMultiProxy(proxyToRenewDict) deleteMultiProxy(proxyToConnectDict) return retVal userGroup = retVal['Value'] limited = proxyToRenewDict['chain'].isLimitedProxy()['Value'] voms = VOMS() retVal = voms.getVOMSAttributes(proxyToRenewDict['chain']) if not retVal['OK']: deleteMultiProxy(proxyToRenewDict) deleteMultiProxy(proxyToConnectDict) return retVal vomsAttrs = retVal['Value'] if vomsAttrs: retVal = self.downloadVOMSProxy(userDN, userGroup, limited=limited, requiredTimeLeft=newProxyLifeTime, requiredVOMSAttribute=vomsAttrs[0], proxyToConnect=proxyToConnectDict['chain']) else: retVal = self.downloadProxy(userDN, userGroup, limited=limited, requiredTimeLeft=newProxyLifeTime, proxyToConnect=proxyToConnectDict['chain']) deleteMultiProxy(proxyToRenewDict) deleteMultiProxy(proxyToConnectDict) if not retVal['OK']: return retVal chain = retVal['Value'] if not proxyToRenewDict['tempFile']: return chain.dumpAllToFile(proxyToRenewDict['file']) return S_OK(chain)
def renewProxy( self, proxyToBeRenewed = False, minLifeTime = 3600, newProxyLifeTime = 43200, proxyToConnect = False ): """ Renew a proxy using the ProxyManager Arguments: proxyToBeRenewed : proxy to renew minLifeTime : if proxy life time is less than this, renew. Skip otherwise newProxyLifeTime : life time of new proxy proxyToConnect : proxy to use for connecting to the service """ retVal = multiProxyArgument( proxyToBeRenewed ) if not retVal[ 'Value' ]: return retVal proxyToRenewDict = retVal[ 'Value' ] secs = proxyToRenewDict[ 'chain' ].getRemainingSecs()[ 'Value' ] if secs > minLifeTime: deleteMultiProxy( proxyToRenewDict ) return S_OK() if not proxyToConnect: proxyToConnectDict = { 'chain': False, 'tempFile': False } else: retVal = multiProxyArgument( proxyToConnect ) if not retVal[ 'Value' ]: deleteMultiProxy( proxyToRenewDict ) return retVal proxyToConnectDict = retVal[ 'Value' ] userDN = proxyToRenewDict[ 'chain' ].getIssuerCert()[ 'Value' ].getSubjectDN()[ 'Value' ] retVal = proxyToRenewDict[ 'chain' ].getDIRACGroup() if not retVal[ 'OK' ]: deleteMultiProxy( proxyToRenewDict ) deleteMultiProxy( proxyToConnectDict ) return retVal userGroup = retVal[ 'Value' ] limited = proxyToRenewDict[ 'chain' ].isLimitedProxy()[ 'Value' ] voms = VOMS() retVal = voms.getVOMSAttributes( proxyToRenewDict[ 'chain' ] ) if not retVal[ 'OK' ]: deleteMultiProxy( proxyToRenewDict ) deleteMultiProxy( proxyToConnectDict ) return retVal vomsAttrs = retVal[ 'Value' ] if vomsAttrs: retVal = self.downloadVOMSProxy( userDN, userGroup, limited = limited, requiredTimeLeft = newProxyLifeTime, requiredVOMSAttribute = vomsAttrs[0], proxyToConnect = proxyToConnectDict[ 'chain' ] ) else: retVal = self.downloadProxy( userDN, userGroup, limited = limited, requiredTimeLeft = newProxyLifeTime, proxyToConnect = proxyToConnectDict[ 'chain' ] ) deleteMultiProxy( proxyToRenewDict ) deleteMultiProxy( proxyToConnectDict ) if not retVal[ 'OK' ]: return retVal chain = retVal['Value'] if not proxyToRenewDict[ 'tempFile' ]: return chain.dumpAllToFile( proxyToRenewDict[ 'file' ] ) return S_OK( chain )