root / snfOCCI / snf_voms / voms_helper.py @ fe35958e
History | View | Annotate | Download (3.3 kB)
1 |
# Copyright 2012 Spanish National Research Council
|
---|---|
2 |
#
|
3 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
4 |
# not use this file except in compliance with the License. You may obtain
|
5 |
# a copy of the License at
|
6 |
#
|
7 |
# http://www.apache.org/licenses/LICENSE-2.0
|
8 |
#
|
9 |
# Unless required by applicable law or agreed to in writing, software
|
10 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
11 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
12 |
# License for the specific language governing permissions and limitations
|
13 |
# under the License.
|
14 |
|
15 |
import ctypes |
16 |
|
17 |
#import M2Crypto
|
18 |
|
19 |
|
20 |
class _voms(ctypes.Structure): |
21 |
_fields_ = [ |
22 |
("siglen", ctypes.c_int32),
|
23 |
("signature", ctypes.c_char_p),
|
24 |
("user", ctypes.c_char_p),
|
25 |
("userca", ctypes.c_char_p),
|
26 |
("server", ctypes.c_char_p),
|
27 |
("serverca", ctypes.c_char_p),
|
28 |
("voname", ctypes.c_char_p),
|
29 |
("uri", ctypes.c_char_p),
|
30 |
("date1", ctypes.c_char_p),
|
31 |
("date2", ctypes.c_char_p),
|
32 |
("type", ctypes.c_int32),
|
33 |
("std", ctypes.c_void_p),
|
34 |
("custom", ctypes.c_char_p),
|
35 |
("datalen", ctypes.c_int32),
|
36 |
("version", ctypes.c_int32),
|
37 |
("fqan", ctypes.POINTER(ctypes.c_char_p)),
|
38 |
("serial", ctypes.c_char_p),
|
39 |
("ac", ctypes.c_void_p),
|
40 |
("holder", ctypes.c_void_p),
|
41 |
] |
42 |
|
43 |
|
44 |
class _vomsdata(ctypes.Structure): |
45 |
_fields_ = [ |
46 |
("cdir", ctypes.c_char_p),
|
47 |
("vdir", ctypes.c_char_p),
|
48 |
("data", ctypes.POINTER(ctypes.POINTER(_voms))),
|
49 |
("workvo", ctypes.c_char_p),
|
50 |
("extra_data", ctypes.c_char_p),
|
51 |
("volen", ctypes.c_int32),
|
52 |
("extralen", ctypes.c_int32),
|
53 |
("real", ctypes.c_void_p),
|
54 |
] |
55 |
|
56 |
|
57 |
class VOMS(object): |
58 |
"""Context Manager for VOMS handling"""
|
59 |
|
60 |
def __init__(self, vomsdir_path, ca_path, vomsapi_lib): |
61 |
self.VOMSApi = ctypes.CDLL(vomsapi_lib)
|
62 |
self.VOMSApi.VOMS_Init.restype = ctypes.POINTER(_vomsdata)
|
63 |
|
64 |
self.VOMSDIR = vomsdir_path
|
65 |
self.CADIR = ca_path
|
66 |
|
67 |
self.vd = None |
68 |
|
69 |
def __enter__(self): |
70 |
self.vd = self.VOMSApi.VOMS_Init(self.VOMSDIR, self.CADIR).contents |
71 |
return self |
72 |
|
73 |
def set_no_verify(self): |
74 |
"""Skip verification of AC.
|
75 |
|
76 |
This method skips the AC signature verification, this it should
|
77 |
only be used for debugging and tests.
|
78 |
"""
|
79 |
|
80 |
error = ctypes.c_int32(0)
|
81 |
self.VOMSApi.VOMS_SetVerificationType(0x040, |
82 |
ctypes.byref(self.vd),
|
83 |
ctypes.byref(error)) |
84 |
|
85 |
def retrieve(self, cert, chain): |
86 |
"""Retrieve VOMS credentials from a certificate and chain."""
|
87 |
|
88 |
self.error = ctypes.c_int32(0) |
89 |
|
90 |
cert_ptr = ctypes.cast(long(cert._ptr()), ctypes.c_void_p)
|
91 |
chain_ptr = ctypes.cast(long(chain._ptr()), ctypes.c_void_p)
|
92 |
|
93 |
res = self.VOMSApi.VOMS_Retrieve(cert_ptr,
|
94 |
chain_ptr, |
95 |
0,
|
96 |
ctypes.byref(self.vd),
|
97 |
ctypes.byref(self.error))
|
98 |
if res == 0: |
99 |
return None |
100 |
else:
|
101 |
return self.vd.data.contents.contents |
102 |
|
103 |
def __exit__(self, type, value, tb): |
104 |
self.VOMSApi.VOMS_Destroy(ctypes.byref(self.vd)) |