Revision 0e9a6098
b/snfOCCI/APIserver.py | ||
---|---|---|
1 | 1 |
#!/usr/bin/env python |
2 | 2 |
|
3 |
import re |
|
4 |
import string |
|
3 | 5 |
from snfOCCI.registry import snfRegistry |
4 | 6 |
from snfOCCI.compute import ComputeBackend |
5 | 7 |
from snfOCCI.config import SERVER_CONFIG, KAMAKI_CONFIG |
... | ... | |
100 | 102 |
self.refresh_compute_instances(compClient) |
101 | 103 |
|
102 | 104 |
ssl_dict = dict() |
103 |
ssl_dict["SSL_CLIENT_S_DN_ENV"] = environ["SSL_CLIENT_S_DN_ENV"] |
|
104 |
ssl_dict["SSL_CLIENT_CERT_ENV"] = environ["SSL_CLIENT_CERT_ENV"] |
|
105 |
ssl_dict["SSL_CLIENT_CERT_CHAIN_0_ENV"] = environ["SSL_CLIENT_CERT_CHAIN_0_ENV"] |
|
105 |
|
|
106 |
#Regular expression in HTTP headers |
|
107 |
#environ[HTTP_SSL] contains PEM certificates in wrong format |
|
108 |
client_cert = re.search(r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT"]) |
|
109 |
client_chain = re.search(r'^(-----BEGIN CERTIFICATE-----)(.*|\s]*)( -----END CERTIFICATE-----)', environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"]) |
|
110 |
|
|
111 |
client_cert_list=[] |
|
112 |
client_chain_list=[] |
|
113 |
|
|
114 |
for i in range(1,4): |
|
115 |
client_cert_list.append(string.strip(client_cert.group(i))) |
|
116 |
|
|
117 |
for i in range(1,4): |
|
118 |
client_chain_list.append(string.strip(client_chain.group(i))) |
|
119 |
|
|
120 |
|
|
121 |
cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2] |
|
122 |
chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2] |
|
123 |
|
|
124 |
ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"] |
|
125 |
ssl_dict["SSL_CLIENT_CERT"] = cert |
|
126 |
ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain |
|
106 | 127 |
|
107 | 128 |
info = voms.authenticate(ssl_dict) |
108 | 129 |
print info |
b/snfOCCI/config.py | ||
---|---|---|
1 | 1 |
SERVER_CONFIG = { |
2 |
'port': 8888,
|
|
2 |
'port': 8889,
|
|
3 | 3 |
'hostname': 'snf-%(id)d.vm.okeanos.grnet.gr', |
4 | 4 |
'compute_arch': 'x86' |
5 | 5 |
} |
... | ... | |
11 | 11 |
VOMS_CONFIG = { |
12 | 12 |
'vomsdir_path': '/etc/grid-security/vomsdir', |
13 | 13 |
'ca_path': '/etc/grid-security/certificates', |
14 |
'vomsapi_lib': 'libvomsapi.so.1',
|
|
14 |
'vomsapi_lib': '/usr/lib/libvomsapi.so.0',
|
|
15 | 15 |
} |
16 | 16 |
|
17 | 17 |
|
b/snfOCCI/voms/__init__.py | ||
---|---|---|
6 | 6 |
|
7 | 7 |
import M2Crypto |
8 | 8 |
|
9 |
import snfOCCI.config
|
|
9 |
from snfOCCI.config import VOMS_CONFIG
|
|
10 | 10 |
import voms_helper |
11 | 11 |
import exception |
12 | 12 |
|
... | ... | |
55 | 55 |
|
56 | 56 |
cert = ssl_info.get(SSL_CLIENT_CERT_ENV, "") |
57 | 57 |
chain = ssl_info.get(SSL_CLIENT_CERT_CHAIN_0_ENV, "") |
58 |
|
|
58 | 59 |
cert = M2Crypto.X509.load_cert_string(cert) |
59 | 60 |
aux = M2Crypto.X509.load_cert_string(chain) |
60 | 61 |
chain = M2Crypto.X509.X509_Stack() |
61 | 62 |
chain.push(aux) |
62 |
return cert, chain |
|
63 |
|
|
64 |
return (cert, chain) |
|
63 | 65 |
|
64 | 66 |
|
65 |
def _get_voms_info(self, ssl_info):
|
|
67 |
def _get_voms_info(ssl_info): |
|
66 | 68 |
"""Extract voms info from ssl_info and return dict with it.""" |
67 | 69 |
|
68 | 70 |
try: |
69 |
cert, chain = self._get_cert_chain(ssl_info)
|
|
70 |
except M2Crypto.X509.X509Error: |
|
71 |
print "Error getting certificate chain"
|
|
71 |
cert, chain = _get_cert_chain(ssl_info) |
|
72 |
except M2Crypto.X509.X509Error as e:
|
|
73 |
print e
|
|
72 | 74 |
|
73 | 75 |
with voms_helper.VOMS(VOMS_CONFIG["vomsdir_path"],VOMS_CONFIG["ca_path"], VOMS_CONFIG["vomsapi_lib"]) as v: |
74 |
if self._no_verify: |
|
75 |
v.set_no_verify() |
|
76 |
|
|
76 | 77 |
voms_data = v.retrieve(cert, chain) |
78 |
|
|
79 |
|
|
77 | 80 |
if not voms_data: |
81 |
print "error \n" |
|
78 | 82 |
raise VomsError(v.error.value) |
79 | 83 |
|
80 | 84 |
d = {} |
... | ... | |
119 | 123 |
return (vogroup, role, capability) |
120 | 124 |
|
121 | 125 |
|
122 |
def authenticate(self, ssl_data):
|
|
126 |
def authenticate(ssl_data): |
|
123 | 127 |
try: |
124 |
voms_info = self._get_voms_info(ssl_data)
|
|
128 |
voms_info = _get_voms_info(ssl_data) |
|
125 | 129 |
except VomsError as e: |
126 | 130 |
raise e |
127 | 131 |
|
b/snfOCCI/voms/voms_helper.py | ||
---|---|---|
99 | 99 |
0, |
100 | 100 |
ctypes.byref(self.vd), |
101 | 101 |
ctypes.byref(self.error)) |
102 |
|
|
102 | 103 |
if res == 0: |
103 | 104 |
return None |
104 | 105 |
else: |
Also available in: Unified diff