def renewFromMyProxy(self, userDN, userGroup, lifeTime=False, chain=False): if not lifeTime: lifeTime = 43200 if not self.__useMyProxy: return S_ERROR("myproxy is disabled") #Get the chain if not chain: retVal = self.__getPemAndTimeLeft(userDN, userGroup) if not retVal['OK']: return retVal pemData = retVal['Value'][0] chain = X509Chain() retVal = chain.loadProxyFromString(pemData) if not retVal['OK']: return retVal originChainLifeTime = chain.getRemainingSecs()['Value'] maxMyProxyLifeTime = self.getMyProxyMaxLifeTime() #If we have a chain that's 0.8 of max mplifetime don't ask to mp if originChainLifeTime > maxMyProxyLifeTime * 0.8: self.log.error( "Skipping myproxy download", "user %s %s chain has %s secs and requested %s secs" % (userDN, userGroup, originChainLifeTime, maxMyProxyLifeTime)) return S_OK(chain) lifeTime *= 1.3 if lifeTime > maxMyProxyLifeTime: lifeTime = maxMyProxyLifeTime self.log.error( "Renewing proxy from myproxy", "user %s %s for %s secs" % (userDN, userGroup, lifeTime)) myProxy = MyProxy(server=self.getMyProxyServer()) retVal = myProxy.getDelegatedProxy(chain, lifeTime) if not retVal['OK']: return retVal mpChain = retVal['Value'] retVal = mpChain.getRemainingSecs() if not retVal['OK']: return S_ERROR( "Can't retrieve remaining secs from renewed proxy: %s" % retVal['Message']) mpChainSecsLeft = retVal['Value'] if mpChainSecsLeft < originChainLifeTime: self.log.info( "Chain downloaded from myproxy has less lifetime than the one stored in the db", "\n Downloaded from myproxy: %s secs\n Stored in DB: %s secs" % (mpChainSecsLeft, originChainLifeTime)) return S_OK(chain) retVal = mpChain.getDIRACGroup() if not retVal['OK']: return S_ERROR( "Can't retrieve DIRAC Group from renewed proxy: %s" % retVal['Message']) chainGroup = retVal['Value'] if chainGroup != userGroup: return S_ERROR( "Mismatch between renewed proxy group and expected: %s vs %s" % (userGroup, chainGroup)) retVal = self.storeProxy(userDN, userGroup, mpChain) if not retVal['OK']: self.log.error("Cannot store proxy after renewal", retVal['Message']) retVal = myProxy.getServiceDN() if not retVal['OK']: hostDN = userDN else: hostDN = retVal['Value'] self.logAction("myproxy renewal", hostDN, "host", userDN, userGroup) return S_OK(mpChain)
def renewFromMyProxy( self, userDN, userGroup, lifeTime = False, chain = False ): if not lifeTime: lifeTime = 43200 if not self.__useMyProxy: return S_ERROR( "myproxy is disabled" ) #Get the chain if not chain: retVal = self.__getPemAndTimeLeft( userDN, userGroup ) if not retVal[ 'OK' ]: return retVal pemData = retVal[ 'Value' ][0] chain = X509Chain() retVal = chain.loadProxyFromString( pemData ) if not retVal[ 'OK' ]: return retVal originChainLifeTime = chain.getRemainingSecs()[ 'Value' ] maxMyProxyLifeTime = self.getMyProxyMaxLifeTime() #If we have a chain that's 0.8 of max mplifetime don't ask to mp if originChainLifeTime > maxMyProxyLifeTime * 0.8: self.log.error( "Skipping myproxy download", "user %s %s chain has %s secs and requested %s secs" % ( userDN, userGroup, originChainLifeTime, maxMyProxyLifeTime ) ) return S_OK( chain ) lifeTime *= 1.3 if lifeTime > maxMyProxyLifeTime: lifeTime = maxMyProxyLifeTime self.log.error( "Renewing proxy from myproxy", "user %s %s for %s secs" % ( userDN, userGroup, lifeTime ) ) myProxy = MyProxy( server = self.getMyProxyServer() ) retVal = myProxy.getDelegatedProxy( chain, lifeTime ) if not retVal[ 'OK' ]: return retVal mpChain = retVal[ 'Value' ] retVal = mpChain.getRemainingSecs() if not retVal[ 'OK' ]: return S_ERROR( "Can't retrieve remaining secs from renewed proxy: %s" % retVal[ 'Message' ] ) mpChainSecsLeft = retVal['Value'] if mpChainSecsLeft < originChainLifeTime: self.log.info( "Chain downloaded from myproxy has less lifetime than the one stored in the db", "\n Downloaded from myproxy: %s secs\n Stored in DB: %s secs" % ( mpChainSecsLeft, originChainLifeTime ) ) return S_OK( chain ) retVal = mpChain.getDIRACGroup() if not retVal[ 'OK' ]: return S_ERROR( "Can't retrieve DIRAC Group from renewed proxy: %s" % retVal[ 'Message' ] ) chainGroup = retVal['Value'] if chainGroup != userGroup: return S_ERROR( "Mismatch between renewed proxy group and expected: %s vs %s" % ( userGroup, chainGroup ) ) retVal = self.storeProxy( userDN, userGroup, mpChain ) if not retVal[ 'OK' ]: self.log.error( "Cannot store proxy after renewal", retVal[ 'Message' ] ) retVal = myProxy.getServiceDN() if not retVal[ 'OK' ]: hostDN = userDN else: hostDN = retVal[ 'Value' ] self.logAction( "myproxy renewal", hostDN, "host", userDN, userGroup ) return S_OK( mpChain )