import tempfile
import hashlib
import re
import M2Crypto
from DIRAC import S_OK, S_ERROR
from DIRAC.Core.Utilities import DErrno
from DIRAC.Core.Utilities.Decorators import executeOnlyIf, deprecated
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Core.Security.m2crypto import PROXY_OID, LIMITED_PROXY_OID, DIRAC_GROUP_OID
from DIRAC.Core.Security.m2crypto.X509Certificate import X509Certificate
# Decorator to check that _certList is not empty
needCertList = executeOnlyIf('_certList', S_ERROR(DErrno.ENOCHAIN))
# Decorator to check that the PKey has been loaded
needPKey = executeOnlyIf('_keyObj', S_ERROR(DErrno.ENOPKEY))
class X509Chain(object):
"""
An X509Chain is basically a list of X509Certificate object, as well as a PKey object,
which is associated to the X509Certificate the lowest in the chain.
This is what you will want to use for user certificate (because they will turn into proxy....), and for
proxy.
A priori, once we get rid of pyGSI, we could even meld the X509Certificate into this one, and use the X509Chain
for host certificates. After all, a certificate is nothing but a chain of length 1...
import re
import M2Crypto
from io import open
from DIRAC import S_OK, S_ERROR
from DIRAC.Core.Utilities import DErrno
from DIRAC.Core.Utilities.Decorators import executeOnlyIf, deprecated
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Core.Security.m2crypto import PROXY_OID, LIMITED_PROXY_OID, DIRAC_GROUP_OID
from DIRAC.Core.Security.m2crypto.X509Certificate import X509Certificate
# Decorator to check that _certList is not empty
needCertList = executeOnlyIf("_certList", S_ERROR(DErrno.ENOCHAIN))
# Decorator to check that the PKey has been loaded
needPKey = executeOnlyIf("_keyObj", S_ERROR(DErrno.ENOPKEY))
class X509Chain(object):
"""
An X509Chain is basically a list of X509Certificate object, as well as a PKey object,
which is associated to the X509Certificate the lowest in the chain.
This is what you will want to use for user certificate (because they will turn into proxy....), and for
proxy.
A priori, once we get rid of pyGSI, we could even meld the X509Certificate into this one, and use the X509Chain
for host certificates. After all, a certificate is nothing but a chain of length 1...
import M2Crypto
from io import open
from DIRAC import S_OK, S_ERROR
from DIRAC.Core.Utilities import DErrno
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Core.Security.m2crypto import asn1_utils
from DIRAC.Core.Utilities.Decorators import executeOnlyIf
# Init the rand seed
random.seed()
# Decorator to execute the method only of the certificate has been loaded
executeOnlyIfCertLoaded = executeOnlyIf('_certLoaded', S_ERROR(DErrno.ENOCERT))
class X509Certificate(object):
""" The X509Certificate object represents ... a X509Certificate.
It is a wrapper around a lower level implementation (M2Crypto in this case) of a certificate.
In theory, tt can be a host or user certificate. Also, a proxy certificate is a X509Certificate,
however it is useless without all the chain of issuers.
That's why one has the X509Chain.
In practice, X509Certificate is just used for checking if the host certificate has expired.
This class will most probably disappear once we get ride of pyGSI. After all, a X509Certificate
is nothing but a X509Chain of length 1.
Note that the SSL connection itself does not use this class, it gives directly the certificate to the library