code.grnet.gr Git - snf-occi/blob - snfOCCI/voms/voms_helper.py

   1 # vim: tabstop=4 shiftwidth=4 softtabstop=4
   2
   3 # Copyright 2012 OpenStack LLC
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   6 # not use this file except in compliance with the License. You may obtain
   7 # a copy of the License at
   8 #
   9 #      http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  14 # License for the specific language governing permissions and limitations
  15 # under the License.
  16
  17 import commands
  18 import ctypes
  19 import os
  20
  21 import M2Crypto
  22
  23
  24 class _voms(ctypes.Structure):
  25     _fields_ = [
  26         ("siglen", ctypes.c_int32),
  27         ("signature", ctypes.c_char_p),
  28         ("user", ctypes.c_char_p),
  29         ("userca", ctypes.c_char_p),
  30         ("server", ctypes.c_char_p),
  31         ("serverca", ctypes.c_char_p),
  32         ("voname", ctypes.c_char_p),
  33         ("uri", ctypes.c_char_p),
  34         ("date1", ctypes.c_char_p),
  35         ("date2", ctypes.c_char_p),
  36         ("type", ctypes.c_int32),
  37         ("std", ctypes.c_void_p),
  38         ("custom", ctypes.c_char_p),
  39         ("datalen", ctypes.c_int32),
  40         ("version", ctypes.c_int32),
  41         ("fqan", ctypes.POINTER(ctypes.c_char_p)),
  42         ("serial", ctypes.c_char_p),
  43         ("ac", ctypes.c_void_p),
  44         ("holder", ctypes.c_void_p),
  45     ]
  46
  47
  48 class _vomsdata(ctypes.Structure):
  49     _fields_ = [
  50         ("cdir", ctypes.c_char_p),
  51         ("vdir", ctypes.c_char_p),
  52         ("data", ctypes.POINTER(ctypes.POINTER(_voms))),
  53         ("workvo", ctypes.c_char_p),
  54         ("extra_data", ctypes.c_char_p),
  55         ("volen", ctypes.c_int32),
  56         ("extralen", ctypes.c_int32),
  57         ("real", ctypes.c_void_p),
  58     ]
  59
  60
  61 class VOMS(object):
  62     """Context Manager for VOMS handling"""
  63
  64     def __init__(self, vomsdir_path, ca_path, vomsapi_lib):
  65         self.VOMSApi = ctypes.CDLL(vomsapi_lib)
  66         self.VOMSApi.VOMS_Init.restype = ctypes.POINTER(_vomsdata)
  67
  68         self.VOMSDIR = vomsdir_path
  69         self.CADIR = ca_path
  70
  71         self.vd = None
  72
  73     def __enter__(self):
  74         self.vd = self.VOMSApi.VOMS_Init(self.VOMSDIR, self.CADIR).contents
  75         return self
  76
  77     def set_no_verify(self):
  78         """Skip verification of AC.
  79
  80         This method skips the AC signature verification, this it should
  81         only be used for debugging and tests.
  82         """
  83
  84         error = ctypes.c_int32(0)
  85         self.VOMSApi.VOMS_SetVerificationType(0x040,
  86                                               ctypes.byref(self.vd),
  87                                               ctypes.byref(error))
  88
  89     def retrieve(self, cert, chain):
  90         """Retrieve VOMS credentials from a certificate and chain."""
  91
  92         self.error = ctypes.c_int32(0)
  93
  94         cert_ptr = ctypes.cast(long(cert._ptr()), ctypes.c_void_p)
  95         chain_ptr = ctypes.cast(long(chain._ptr()), ctypes.c_void_p)
  96
  97         res = self.VOMSApi.VOMS_Retrieve(cert_ptr,
  98                                          chain_ptr,
  99                                          0,
 100                                          ctypes.byref(self.vd),
 101                                          ctypes.byref(self.error))
 102         if res == 0:
 103             return None
 104         else:
 105             return self.vd.data.contents.contents
 106
 107     def __exit__(self, type, value, tb):
 108         self.VOMSApi.VOMS_Destroy(ctypes.byref(self.vd))