From 0e9a60981c343ba5c34c0d6565e77c08409aca51 Mon Sep 17 00:00:00 2001
From: John Giannelos <johngian@grnet.gr>
Date: Fri, 2 Nov 2012 16:30:27 +0200
Subject: [PATCH 1/1] Implement voms integration in snf-occi

---
 snfOCCI/APIserver.py        |   27 ++++++++++++++++++++++++---
 snfOCCI/config.py           |    4 ++--
 snfOCCI/voms/__init__.py    |   24 ++++++++++++++----------
 snfOCCI/voms/voms_helper.py |    1 +
 4 files changed, 41 insertions(+), 15 deletions(-)

diff --git a/snfOCCI/APIserver.py b/snfOCCI/APIserver.py
index ca7af62..392b196 100755
--- a/snfOCCI/APIserver.py
+++ b/snfOCCI/APIserver.py
@@ -1,5 +1,7 @@
 #!/usr/bin/env python
 
+import re
+import string
 from snfOCCI.registry import snfRegistry
 from snfOCCI.compute import ComputeBackend
 from snfOCCI.config import SERVER_CONFIG, KAMAKI_CONFIG
@@ -100,9 +102,28 @@ class MyAPP(Application):
         self.refresh_compute_instances(compClient)
 
         ssl_dict = dict()
-        ssl_dict["SSL_CLIENT_S_DN_ENV"] = environ["SSL_CLIENT_S_DN_ENV"]
-        ssl_dict["SSL_CLIENT_CERT_ENV"] = environ["SSL_CLIENT_CERT_ENV"]
-        ssl_dict["SSL_CLIENT_CERT_CHAIN_0_ENV"] = environ["SSL_CLIENT_CERT_CHAIN_0_ENV"]
+
+        #Regular expression in HTTP headers
+        #environ[HTTP_SSL] contains PEM certificates in wrong format
+        client_cert = re.search(r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT"])
+        client_chain = re.search(r'^(-----BEGIN CERTIFICATE-----)(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])
+
+        client_cert_list=[]
+        client_chain_list=[]
+
+        for i in range(1,4):
+            client_cert_list.append(string.strip(client_cert.group(i)))
+
+        for i in range(1,4):
+            client_chain_list.append(string.strip(client_chain.group(i)))
+
+
+        cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]
+        chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]
+
+        ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]
+        ssl_dict["SSL_CLIENT_CERT"] = cert
+        ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain
 
         info = voms.authenticate(ssl_dict)
         print info
diff --git a/snfOCCI/config.py b/snfOCCI/config.py
index 514245f..2d6492e 100644
--- a/snfOCCI/config.py
+++ b/snfOCCI/config.py
@@ -1,5 +1,5 @@
 SERVER_CONFIG = {
-    'port': 8888,
+    'port': 8889,
     'hostname': 'snf-%(id)d.vm.okeanos.grnet.gr',
     'compute_arch': 'x86'
     }
@@ -11,7 +11,7 @@ KAMAKI_CONFIG = {
 VOMS_CONFIG = {
     'vomsdir_path': '/etc/grid-security/vomsdir',
     'ca_path': '/etc/grid-security/certificates',
-    'vomsapi_lib': 'libvomsapi.so.1',
+    'vomsapi_lib': '/usr/lib/libvomsapi.so.0',
 }        
 
     
diff --git a/snfOCCI/voms/__init__.py b/snfOCCI/voms/__init__.py
index 4e94a5c..3e97ed1 100644
--- a/snfOCCI/voms/__init__.py
+++ b/snfOCCI/voms/__init__.py
@@ -6,7 +6,7 @@ import tempfile
 
 import M2Crypto
 
-import snfOCCI.config
+from snfOCCI.config import VOMS_CONFIG
 import voms_helper
 import exception
 
@@ -55,26 +55,30 @@ def _get_cert_chain(ssl_info):
 
     cert = ssl_info.get(SSL_CLIENT_CERT_ENV, "")
     chain = ssl_info.get(SSL_CLIENT_CERT_CHAIN_0_ENV, "")
+
     cert = M2Crypto.X509.load_cert_string(cert)
     aux = M2Crypto.X509.load_cert_string(chain)
     chain = M2Crypto.X509.X509_Stack()
     chain.push(aux)
-    return cert, chain
+
+    return (cert, chain)
 
 
-def _get_voms_info(self, ssl_info):
+def _get_voms_info(ssl_info):
     """Extract voms info from ssl_info and return dict with it."""
 
     try:
-        cert, chain = self._get_cert_chain(ssl_info)
-    except M2Crypto.X509.X509Error:
-        print "Error getting certificate chain"
+        cert, chain = _get_cert_chain(ssl_info)
+    except M2Crypto.X509.X509Error as e:
+        print e
 
     with voms_helper.VOMS(VOMS_CONFIG["vomsdir_path"],VOMS_CONFIG["ca_path"], VOMS_CONFIG["vomsapi_lib"]) as v:
-        if self._no_verify:
-            v.set_no_verify()
+
         voms_data = v.retrieve(cert, chain)
+        
+        
         if not voms_data:
+            print "error \n"
             raise VomsError(v.error.value)
 
         d = {}
@@ -119,9 +123,9 @@ def _split_fqan(fqan):
         return (vogroup, role, capability)
 
 
-def authenticate(self, ssl_data):
+def authenticate(ssl_data):
     try:
-        voms_info = self._get_voms_info(ssl_data)
+        voms_info = _get_voms_info(ssl_data)
     except VomsError as e:
         raise e
 
diff --git a/snfOCCI/voms/voms_helper.py b/snfOCCI/voms/voms_helper.py
index 511c402..a546669 100644
--- a/snfOCCI/voms/voms_helper.py
+++ b/snfOCCI/voms/voms_helper.py
@@ -99,6 +99,7 @@ class VOMS(object):
                                          0,
                                          ctypes.byref(self.vd),
                                          ctypes.byref(self.error))
+
         if res == 0:
             return None
         else:
-- 
1.7.10.4