def do_authentication(credentials, env):
"""
The user will be the one who gave the bearer token
"""
res_provider = FTS3OAuth2ResourceProvider(env)
authn = res_provider.get_authorization()
if authn is None:
return False
if not authn.is_valid:
if authn.error == 'access_denied':
raise InvalidCredentials('Invalid OAuth2 credentials')
return False
credentials.dn.append(authn.credentials.dn)
credentials.user_dn = authn.credentials.dn
credentials.delegation_id = authn.credentials.dlg_id
if authn.credentials.voms_attrs:
for fqan in authn.credentials.voms_attrs.split('\n'):
credentials.voms_cred.append(fqan)
credentials.vos.append(vo_from_fqan(fqan))
else:
credentials.vos.append(build_vo_from_dn(credentials.user_dn))
credentials.method = 'oauth2'
# Override get_granted_level_for so we can filter by the scope
setattr(credentials, 'oauth2_scope', authn.scope)
setattr(credentials, 'get_granted_level_for_overriden',
credentials.get_granted_level_for)
setattr(credentials, 'get_granted_level_for',
types.MethodType(_oauth2_get_granted_level_for, credentials))
return True
def _mod_gridsite_authn(credentials, env):
"""
Retrieve credentials from GRST_ variables set by mod_gridsite
"""
grst_index = 0
grst_env = 'GRST_CRED_AURI_%d' % grst_index
while grst_env in env:
cred = env[grst_env]
if cred.startswith('dn:'):
credentials.dn.append(urllib.unquote_plus(cred[3:]))
elif cred.startswith('fqan:'):
fqan = urllib.unquote_plus(cred[5:])
vo = vo_from_fqan(fqan)
credentials.voms_cred.append(fqan)
if vo not in credentials.vos and vo:
credentials.vos.append(vo)
grst_index += 1
grst_env = 'GRST_CRED_AURI_%d' % grst_index
return len(credentials.dn) > 0
def _mod_gridsite_authn(credentials, env):
"""
Retrieve credentials from GRST_ variables set by mod_gridsite
"""
grst_index = 0
grst_env = 'GRST_CRED_AURI_%d' % grst_index
while grst_env in env:
cred = env[grst_env]
if cred.startswith('dn:'):
credentials.dn.append(urllib.unquote_plus(cred[3:]))
elif cred.startswith('fqan:'):
fqan = urllib.unquote_plus(cred[5:])
vo = vo_from_fqan(fqan)
credentials.voms_cred.append(fqan)
if vo not in credentials.vos and vo:
credentials.vos.append(vo)
grst_index += 1
grst_env = 'GRST_CRED_AURI_%d' % grst_index
return len(credentials.dn) > 0
log.info("Trying to verify the proxy")
if not ctx.validate_certificate(chain):
log.info("Certificate verification failed")
raise InvalidCredentials("Certificate verification failed")
elif not ctx.validate_certificate(x509):
log.info("Certificate verification failed")
raise InvalidCredentials("Certificate verification failed")
credentials.user_dn = certDN
if proxy:
credentials.dn.append(proxyDN)
credentials.dn.append(credentials.user_dn)
if 'SSL_CLIENT_S_DN' in env:
credentials.dn.append(urllib.unquote_plus(env['SSL_CLIENT_S_DN']))
if proxy:
voms_client = VomsClient(chain_pem)
log.info("proxy path: " + voms_client.proxy_path)
fqans = voms_client.get_proxy_fqans()
for fqan in fqans:
vo = vo_from_fqan(fqan)
credentials.voms_cred.append(fqan)
if vo not in credentials.vos and vo:
credentials.vos.append(vo)
# Generate the delegation ID
credentials.delegation_id = generate_delegation_id(credentials.user_dn, credentials.voms_cred)
# If no vo information is available, build a 'virtual vo' for this user
if not credentials.vos:
credentials.vos.append(build_vo_from_dn(credentials.user_dn))
credentials.method = 'certificate'
return True