Synnefo » snf-occi

import collections

import commands

import ctypes

import os

import tempfile 

import M2Crypto

from snfOCCI.config import VOMS_CONFIG

import voms_helper

import exception

SSL_CLIENT_S_DN_ENV = "SSL_CLIENT_S_DN"

SSL_CLIENT_CERT_ENV = "SSL_CLIENT_CERT"

SSL_CLIENT_CERT_CHAIN_0_ENV = "SSL_CLIENT_CERT_CHAIN_0"

class VomsError(exception.Error):

    """Voms credential management error"""

    errors = {

        0: ('none', None),

        1: ('nosocket', 'Socket problem'),

        2: ('noident', 'Cannot identify itself (certificate problem)'),

        3: ('comm', 'Server problem'),

        4: ('param', 'Wrong parameters'),

        5: ('noext', 'VOMS extension missing'),

        6: ('noinit', 'Initialization error'),

        7: ('time', 'Error in time checking'),

        8: ('idcheck', 'User data in extension different from the real'),

        9: ('extrainfo', 'VO name and URI missing'),

        10: ('format', 'Wrong data format'),

        11: ('nodata', 'Empty extension'),

        12: ('parse', 'Parse error'),

        13: ('dir', 'Directory error'),

        14: ('sign', 'Signature error'),

        15: ('server', 'Unidentifiable VOMS server'),

        16: ('mem', 'Memory problems'),

        17: ('verify', 'Generic verification error'),

        18: ('type', 'Returned data of unknown type'),

        19: ('order', 'Ordering different than required'),

        20: ('servercode', 'Error from the server'),

        21: ('notavail', 'Method not available'),

    }

    http_codes = {

        5: (400, "Bad Request"),

        11: (400, "Bad Request"),

        14: (401, "Not Authorized"),

    }

def _get_cert_chain(ssl_info):

    """Return certificate and chain from the ssl info in M2Crypto format"""

    cert = ssl_info.get(SSL_CLIENT_CERT_ENV, "")

    chain = ssl_info.get(SSL_CLIENT_CERT_CHAIN_0_ENV, "")

    cert = M2Crypto.X509.load_cert_string(cert)

    aux = M2Crypto.X509.load_cert_string(chain)

    chain = M2Crypto.X509.X509_Stack()

    chain.push(aux)

    return (cert, chain)

def _get_voms_info(ssl_info):

    """Extract voms info from ssl_info and return dict with it."""

    try:

        cert, chain = _get_cert_chain(ssl_info)

    except M2Crypto.X509.X509Error as e:

        print e

    with voms_helper.VOMS(VOMS_CONFIG["vomsdir_path"],VOMS_CONFIG["ca_path"], VOMS_CONFIG["vomsapi_lib"]) as v:

        voms_data = v.retrieve(cert, chain)

        if not voms_data:

            print "error \n"

            raise VomsError(v.error.value)

        d = {}

        for attr in ('user', 'userca', 'server', 'serverca',

                     'voname',  'uri', 'version', 'serial',

                     ('not_before', 'date1'), ('not_after', 'date2')):

            if isinstance(attr, basestring):

                d[attr] = getattr(voms_data, attr)

            else:

                d[attr[0]] = getattr(voms_data, attr[1])

        d["fqans"] = []

        for fqan in iter(voms_data.fqan):

            if fqan is None:

                break

            d["fqans"].append(fqan)

    return d

def _split_fqan(fqan):

        """

        gets a fqan and returns a tuple containing

        (vo/groups, role, capability)

        """

        l = fqan.split("/")

        capability = l.pop().split("=")[-1]

        role = l.pop().split("=")[-1]

        vogroup = "/".join(l)

        return (vogroup, role, capability)

def _split_fqan(fqan):

        """

        gets a fqan and returns a tuple containing

        (vo/groups, role, capability)

        """

        l = fqan.split("/")

        capability = l.pop().split("=")[-1]

        role = l.pop().split("=")[-1]

        vogroup = "/".join(l)

        return (vogroup, role, capability)

def authenticate(ssl_data):

    try:

        voms_info = _get_voms_info(ssl_data)

    except VomsError as e:

        raise e

    user_dn = voms_info["user"]

    user_vo = voms_info["voname"]

    user_fqans = voms_info["fqans"]

    return user_dn, user_vo, user_fqans