root / snfOCCI / snf_voms / voms_helper.py @ f25a4623
History | View | Annotate | Download (3.3 kB)
| 1 |
# Copyright 2012 Spanish National Research Council
|
|---|---|
| 2 |
#
|
| 3 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
| 4 |
# not use this file except in compliance with the License. You may obtain
|
| 5 |
# a copy of the License at
|
| 6 |
#
|
| 7 |
# http://www.apache.org/licenses/LICENSE-2.0
|
| 8 |
#
|
| 9 |
# Unless required by applicable law or agreed to in writing, software
|
| 10 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
| 11 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
| 12 |
# License for the specific language governing permissions and limitations
|
| 13 |
# under the License.
|
| 14 |
|
| 15 |
import ctypes |
| 16 |
|
| 17 |
import M2Crypto |
| 18 |
|
| 19 |
|
| 20 |
class _voms(ctypes.Structure): |
| 21 |
_fields_ = [ |
| 22 |
("siglen", ctypes.c_int32),
|
| 23 |
("signature", ctypes.c_char_p),
|
| 24 |
("user", ctypes.c_char_p),
|
| 25 |
("userca", ctypes.c_char_p),
|
| 26 |
("server", ctypes.c_char_p),
|
| 27 |
("serverca", ctypes.c_char_p),
|
| 28 |
("voname", ctypes.c_char_p),
|
| 29 |
("uri", ctypes.c_char_p),
|
| 30 |
("date1", ctypes.c_char_p),
|
| 31 |
("date2", ctypes.c_char_p),
|
| 32 |
("type", ctypes.c_int32),
|
| 33 |
("std", ctypes.c_void_p),
|
| 34 |
("custom", ctypes.c_char_p),
|
| 35 |
("datalen", ctypes.c_int32),
|
| 36 |
("version", ctypes.c_int32),
|
| 37 |
("fqan", ctypes.POINTER(ctypes.c_char_p)),
|
| 38 |
("serial", ctypes.c_char_p),
|
| 39 |
("ac", ctypes.c_void_p),
|
| 40 |
("holder", ctypes.c_void_p),
|
| 41 |
] |
| 42 |
|
| 43 |
|
| 44 |
class _vomsdata(ctypes.Structure): |
| 45 |
_fields_ = [ |
| 46 |
("cdir", ctypes.c_char_p),
|
| 47 |
("vdir", ctypes.c_char_p),
|
| 48 |
("data", ctypes.POINTER(ctypes.POINTER(_voms))),
|
| 49 |
("workvo", ctypes.c_char_p),
|
| 50 |
("extra_data", ctypes.c_char_p),
|
| 51 |
("volen", ctypes.c_int32),
|
| 52 |
("extralen", ctypes.c_int32),
|
| 53 |
("real", ctypes.c_void_p),
|
| 54 |
] |
| 55 |
|
| 56 |
|
| 57 |
class VOMS(object): |
| 58 |
"""Context Manager for VOMS handling"""
|
| 59 |
|
| 60 |
def __init__(self, vomsdir_path, ca_path, vomsapi_lib): |
| 61 |
self.VOMSApi = ctypes.CDLL(vomsapi_lib)
|
| 62 |
self.VOMSApi.VOMS_Init.restype = ctypes.POINTER(_vomsdata)
|
| 63 |
|
| 64 |
self.VOMSDIR = vomsdir_path
|
| 65 |
self.CADIR = ca_path
|
| 66 |
|
| 67 |
self.vd = None |
| 68 |
|
| 69 |
def __enter__(self): |
| 70 |
self.vd = self.VOMSApi.VOMS_Init(self.VOMSDIR, self.CADIR).contents |
| 71 |
return self |
| 72 |
|
| 73 |
def set_no_verify(self): |
| 74 |
"""Skip verification of AC.
|
| 75 |
|
| 76 |
This method skips the AC signature verification, this it should
|
| 77 |
only be used for debugging and tests.
|
| 78 |
"""
|
| 79 |
|
| 80 |
error = ctypes.c_int32(0)
|
| 81 |
self.VOMSApi.VOMS_SetVerificationType(0x040, |
| 82 |
ctypes.byref(self.vd),
|
| 83 |
ctypes.byref(error)) |
| 84 |
|
| 85 |
def retrieve(self, cert, chain): |
| 86 |
"""Retrieve VOMS credentials from a certificate and chain."""
|
| 87 |
|
| 88 |
self.error = ctypes.c_int32(0) |
| 89 |
|
| 90 |
cert_ptr = ctypes.cast(long(cert._ptr()), ctypes.c_void_p)
|
| 91 |
chain_ptr = ctypes.cast(long(chain._ptr()), ctypes.c_void_p)
|
| 92 |
|
| 93 |
res = self.VOMSApi.VOMS_Retrieve(cert_ptr,
|
| 94 |
chain_ptr, |
| 95 |
0,
|
| 96 |
ctypes.byref(self.vd),
|
| 97 |
ctypes.byref(self.error))
|
| 98 |
if res == 0: |
| 99 |
return None |
| 100 |
else:
|
| 101 |
return self.vd.data.contents.contents |
| 102 |
|
| 103 |
def __exit__(self, type, value, tb): |
| 104 |
self.VOMSApi.VOMS_Destroy(ctypes.byref(self.vd)) |