#!/usr/bin/env python
+import re
+import string
from snfOCCI.registry import snfRegistry
from snfOCCI.compute import ComputeBackend
from snfOCCI.config import SERVER_CONFIG, KAMAKI_CONFIG
self.refresh_compute_instances(compClient)
ssl_dict = dict()
- ssl_dict["SSL_CLIENT_S_DN_ENV"] = environ["SSL_CLIENT_S_DN_ENV"]
- ssl_dict["SSL_CLIENT_CERT_ENV"] = environ["SSL_CLIENT_CERT_ENV"]
- ssl_dict["SSL_CLIENT_CERT_CHAIN_0_ENV"] = environ["SSL_CLIENT_CERT_CHAIN_0_ENV"]
+
+ #Regular expression in HTTP headers
+ #environ[HTTP_SSL] contains PEM certificates in wrong format
+ client_cert = re.search(r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT"])
+ client_chain = re.search(r'^(-----BEGIN CERTIFICATE-----)(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])
+
+ client_cert_list=[]
+ client_chain_list=[]
+
+ for i in range(1,4):
+ client_cert_list.append(string.strip(client_cert.group(i)))
+
+ for i in range(1,4):
+ client_chain_list.append(string.strip(client_chain.group(i)))
+
+
+ cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]
+ chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]
+
+ ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]
+ ssl_dict["SSL_CLIENT_CERT"] = cert
+ ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain
info = voms.authenticate(ssl_dict)
print info
SERVER_CONFIG = {
- 'port': 8888,
+ 'port': 8889,
'hostname': 'snf-%(id)d.vm.okeanos.grnet.gr',
'compute_arch': 'x86'
}
VOMS_CONFIG = {
'vomsdir_path': '/etc/grid-security/vomsdir',
'ca_path': '/etc/grid-security/certificates',
- 'vomsapi_lib': 'libvomsapi.so.1',
+ 'vomsapi_lib': '/usr/lib/libvomsapi.so.0',
}
import M2Crypto
-import snfOCCI.config
+from snfOCCI.config import VOMS_CONFIG
import voms_helper
import exception
cert = ssl_info.get(SSL_CLIENT_CERT_ENV, "")
chain = ssl_info.get(SSL_CLIENT_CERT_CHAIN_0_ENV, "")
+
cert = M2Crypto.X509.load_cert_string(cert)
aux = M2Crypto.X509.load_cert_string(chain)
chain = M2Crypto.X509.X509_Stack()
chain.push(aux)
- return cert, chain
+
+ return (cert, chain)
-def _get_voms_info(self, ssl_info):
+def _get_voms_info(ssl_info):
"""Extract voms info from ssl_info and return dict with it."""
try:
- cert, chain = self._get_cert_chain(ssl_info)
- except M2Crypto.X509.X509Error:
- print "Error getting certificate chain"
+ cert, chain = _get_cert_chain(ssl_info)
+ except M2Crypto.X509.X509Error as e:
+ print e
with voms_helper.VOMS(VOMS_CONFIG["vomsdir_path"],VOMS_CONFIG["ca_path"], VOMS_CONFIG["vomsapi_lib"]) as v:
- if self._no_verify:
- v.set_no_verify()
+
voms_data = v.retrieve(cert, chain)
+
+
if not voms_data:
+ print "error \n"
raise VomsError(v.error.value)
d = {}
return (vogroup, role, capability)
-def authenticate(self, ssl_data):
+def authenticate(ssl_data):
try:
- voms_info = self._get_voms_info(ssl_data)
+ voms_info = _get_voms_info(ssl_data)
except VomsError as e:
raise e
0,
ctypes.byref(self.vd),
ctypes.byref(self.error))
+
if res == 0:
return None
else:
projects / snf-occi / commitdiff