CRAB/python/Proxy.py

import os,sys
import commands
import traceback
import time
import re
from ProdCommon.BossLite.Common.System import executeCommand

class Proxy:
    """
    basic class to handle user Token  
    """
    def __init__( self, **args ):
        self.timeout = args.get( "timeout", None )
        self.myproxyServer = args.get( "myProxySvr", '')
        self.serverDN = args.get( "serverDN", '')
        self.shareDir = args.get( "shareDir", '')
        self.userName = args.get( "userName", '')
        self.debug = args.get("debug",False)
        self.args = args

    def ExecuteCommand( self, command ):
        """
        _ExecuteCommand_

        Util it execute the command provided in a popen object with a timeout
        """

        return executeCommand( command, self.timeout )


    def getUserProxy(self):
        """
        """
        try:
            proxy = os.path.expandvars('$X509_USER_PROXY')
        except Exception,ex:
            msg = ('Error %s in getUserProxy search\n' %str(ex))
            if self.debug : msg += traceback.format_exc()
            raise Exception(msg)
        return proxy.strip() 

    def getSubject(self, proxy = None):
        """
        """
        subject = None    
        if proxy == None: proxy=self.getUserProxy()

        cmd = 'openssl x509 -in '+proxy+' -subject -noout'

        out, ret = self.ExecuteCommand(cmd)
        if ret != 0 :
            msg = "Error while checking proxy subject for %s"%proxy
            raise Exception(msg)
        lines = out.split('\n')[0]
   
        return subject.strip()    
    
    def getUserName(self, proxy = None ):
        """
        """
        uName = None
        if proxy == None: proxy=self.getUserProxy()

        cmd = "voms-proxy-info -file "+proxy+" -subject"

        out, ret = self.ExecuteCommand(cmd)
        if ret != 0 :
            msg = "Error while extracting User Name from proxy %s"%proxy
            raise Exception(msg)

        emelments = out.split('/')
        uName = elements[-1:][0].split('CN=')[1]   

        return uName.strip()

    def checkCredential(self, proxy=None, Time=10):
        """
        Function to check the Globus proxy.
        """
        valid = True
        if proxy == None: proxy=self.getUserProxy()
        minTimeLeft=int(Time)*3600 # in seconds

        cmd = 'voms-proxy-info -file '+proxy+' -timeleft 2>/dev/null'
 
        timeLeftLocal,  ret = self.ExecuteCommand(cmd)
       
        if ret != 0 and ret != 1:
            msg = "Error while checking proxy timeleft for %s"%proxy
            raise Exception(msg)
        
        ## if no valid proxy
        if not timeLeftLocal :
            valid = False
        elif int(timeLeftLocal)<minTimeLeft :
            valid = False
        return valid 

    def renewCredential( self, proxy=None ): 
        """
        """
        if proxy == None: proxy=self.getUserProxy()
        # check 
        if not self.checkCredential():
            # ask for proxy delegation 
            # using myproxy
            pass
        return 

    def checkAttribute( self, proxy=None, vo='cms', group=None, role=None): 
        """
        """
        valid = True
        if proxy == None: proxy=self.getUserProxy()

        ## check first attribute
        cmd = 'export X509_USER_PROXY=%s; voms-proxy-info -fqan 2>/dev/null | head -1'%proxy

        reg="/%s/"%vo
        if group:
            reg+=group
        if role:
            reg+="/Role=%s"%role

        att, ret = self.ExecuteCommand(cmd)

        if ret != 0 :
            msg = "Error while checking proxy timeleft for %s"%proxy
            raise Exception(msg)
 
       ## you always have at least  /cms/Role=NULL/Capability=NULL
        if not re.compile(r"^"+reg).search(att):
            if self.debug: print "\tWrong VO group/role.\n"
            valid = False
        return valid 

    def ManualRenewCredential( self, proxy=None, vo='cms', group=None, role=None ):
        """
        """

        cmd = 'voms-proxy-init -voms %s'%vo

        if group:
            cmd += ':/'+vo+'/'+group
        if role:
            cmd += '/role='+role
        cmd += ' -valid 192:00'
        print cmd
        try:
            out = os.system(cmd)
            if (out>0): raise Exception("Unable to create a valid proxy!\n")
        except:
            msg = "Unable to create a valid proxy!\n"
            raise Exception(msg)

    def checkMyProxy( self , proxy=None, Time=4 ):
        """
        """
        if proxy == None: proxy=self.getUserProxy()
        ## check the myproxy server
        valid = True

        #cmd = 'export X509_USER_PROXY=%s; myproxy-info -d -s %s 2>/dev/null'%(proxy,self.myproxyServer)
        cmd = 'myproxy-info -d -s %s 2>/dev/null'%(self.myproxyServer)

        out, ret = self.ExecuteCommand(cmd)
        if ret != 0 and ret != 1 :
            msg = "Error while checking myproxy timeleft for %s"%proxy
            raise Exception(msg)

        if not out:
            if self.debug: print '\tNo credential delegated to myproxy server %s will do now'%self.myproxyServer
            valid = False
        else:
            ## minimum time: 5 days
            minTime = int(Time) * 24 * 3600
            ## regex to extract the right information
            myproxyRE = re.compile("timeleft: (?P<hours>[\\d]*):(?P<minutes>[\\d]*):(?P<seconds>[\\d]*)")
            for row in out.split("\n"):
                g = myproxyRE.search(row)
                if g:
                    hours = g.group("hours")
                    minutes = g.group("minutes")
                    seconds = g.group("seconds")
                    timeleft = int(hours)*3600 + int(minutes)*60 + int(seconds)
                    if timeleft < minTime:
                        if self.debug: print '\tYour proxy will expire in:\n\t%s hours %s minutes %s seconds\n'%(hours,minutes,seconds)
                        valid = False
        return valid    

    def ManualRenewMyProxy( self ): 
        """
        """
        cmd = 'myproxy-init -d -n -s %s'%self.myproxyServer
        out = os.system(cmd)
        if (out>0):
            raise Exception("Unable to delegate the proxy to myproxyserver %s"%self.myproxyServer+" !\n")
        return
  
    def logonProxy( self ):
        """
        To be implemented
        """
        #
        return
Revision:	1.3
Committed:	Fri Dec 5 11:53:50 2008 UTC (16 years, 5 months ago) by spiga
Content type:	text/x-python
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.2:	+0 -0 lines
State:	*FILE REMOVED*
Log Message:	moved to prodcommon
#	Content
1	import os,sys
2	import commands
3	import traceback
4	import time
5	import re
6	from ProdCommon.BossLite.Common.System import executeCommand
7
8	class Proxy:
9	"""
10	basic class to handle user Token
11	"""
12	def __init__( self, **args ):
13	self.timeout = args.get( "timeout", None )
14	self.myproxyServer = args.get( "myProxySvr", '')
15	self.serverDN = args.get( "serverDN", '')
16	self.shareDir = args.get( "shareDir", '')
17	self.userName = args.get( "userName", '')
18	self.debug = args.get("debug",False)
19	self.args = args
20
21	def ExecuteCommand( self, command ):
22	"""
23	_ExecuteCommand_
24
25	Util it execute the command provided in a popen object with a timeout
26	"""
27
28	return executeCommand( command, self.timeout )
29
30
31	def getUserProxy(self):
32	"""
33	"""
34	try:
35	proxy = os.path.expandvars('$X509_USER_PROXY')
36	except Exception,ex:
37	msg = ('Error %s in getUserProxy search\n' %str(ex))
38	if self.debug : msg += traceback.format_exc()
39	raise Exception(msg)
40	return proxy.strip()
41
42	def getSubject(self, proxy = None):
43	"""
44	"""
45	subject = None
46	if proxy == None: proxy=self.getUserProxy()
47
48	cmd = 'openssl x509 -in '+proxy+' -subject -noout'
49
50	out, ret = self.ExecuteCommand(cmd)
51	if ret != 0 :
52	msg = "Error while checking proxy subject for %s"%proxy
53	raise Exception(msg)
54	lines = out.split('\n')[0]
55
56	return subject.strip()
57
58	def getUserName(self, proxy = None ):
59	"""
60	"""
61	uName = None
62	if proxy == None: proxy=self.getUserProxy()
63
64	cmd = "voms-proxy-info -file "+proxy+" -subject"
65
66	out, ret = self.ExecuteCommand(cmd)
67	if ret != 0 :
68	msg = "Error while extracting User Name from proxy %s"%proxy
69	raise Exception(msg)
70
71	emelments = out.split('/')
72	uName = elements[-1:][0].split('CN=')[1]
73
74	return uName.strip()
75
76	def checkCredential(self, proxy=None, Time=10):
77	"""
78	Function to check the Globus proxy.
79	"""
80	valid = True
81	if proxy == None: proxy=self.getUserProxy()
82	minTimeLeft=int(Time)*3600 # in seconds
83
84	cmd = 'voms-proxy-info -file '+proxy+' -timeleft 2>/dev/null'
85
86	timeLeftLocal, ret = self.ExecuteCommand(cmd)
87
88	if ret != 0 and ret != 1:
89	msg = "Error while checking proxy timeleft for %s"%proxy
90	raise Exception(msg)
91
92	## if no valid proxy
93	if not timeLeftLocal :
94	valid = False
95	elif int(timeLeftLocal)<minTimeLeft :
96	valid = False
97	return valid
98
99	def renewCredential( self, proxy=None ):
100	"""
101	"""
102	if proxy == None: proxy=self.getUserProxy()
103	# check
104	if not self.checkCredential():
105	# ask for proxy delegation
106	# using myproxy
107	pass
108	return
109
110	def checkAttribute( self, proxy=None, vo='cms', group=None, role=None):
111	"""
112	"""
113	valid = True
114	if proxy == None: proxy=self.getUserProxy()
115
116	## check first attribute
117	cmd = 'export X509_USER_PROXY=%s; voms-proxy-info -fqan 2>/dev/null \| head -1'%proxy
118
119	reg="/%s/"%vo
120	if group:
121	reg+=group
122	if role:
123	reg+="/Role=%s"%role
124
125	att, ret = self.ExecuteCommand(cmd)
126
127	if ret != 0 :
128	msg = "Error while checking proxy timeleft for %s"%proxy
129	raise Exception(msg)
130
131	## you always have at least /cms/Role=NULL/Capability=NULL
132	if not re.compile(r"^"+reg).search(att):
133	if self.debug: print "\tWrong VO group/role.\n"
134	valid = False
135	return valid
136
137	def ManualRenewCredential( self, proxy=None, vo='cms', group=None, role=None ):
138	"""
139	"""
140
141	cmd = 'voms-proxy-init -voms %s'%vo
142
143	if group:
144	cmd += ':/'+vo+'/'+group
145	if role:
146	cmd += '/role='+role
147	cmd += ' -valid 192:00'
148	print cmd
149	try:
150	out = os.system(cmd)
151	if (out>0): raise Exception("Unable to create a valid proxy!\n")
152	except:
153	msg = "Unable to create a valid proxy!\n"
154	raise Exception(msg)
155
156	def checkMyProxy( self , proxy=None, Time=4 ):
157	"""
158	"""
159	if proxy == None: proxy=self.getUserProxy()
160	## check the myproxy server
161	valid = True
162
163	#cmd = 'export X509_USER_PROXY=%s; myproxy-info -d -s %s 2>/dev/null'%(proxy,self.myproxyServer)
164	cmd = 'myproxy-info -d -s %s 2>/dev/null'%(self.myproxyServer)
165
166	out, ret = self.ExecuteCommand(cmd)
167	if ret != 0 and ret != 1 :
168	msg = "Error while checking myproxy timeleft for %s"%proxy
169	raise Exception(msg)
170
171	if not out:
172	if self.debug: print '\tNo credential delegated to myproxy server %s will do now'%self.myproxyServer
173	valid = False
174	else:
175	## minimum time: 5 days
176	minTime = int(Time) * 24 * 3600
177	## regex to extract the right information
178	myproxyRE = re.compile("timeleft: (?P<hours>[\\d]):(?P<minutes>[\\d]):(?P<seconds>[\\d]*)")
179	for row in out.split("\n"):
180	g = myproxyRE.search(row)
181	if g:
182	hours = g.group("hours")
183	minutes = g.group("minutes")
184	seconds = g.group("seconds")
185	timeleft = int(hours)3600 + int(minutes)60 + int(seconds)
186	if timeleft < minTime:
187	if self.debug: print '\tYour proxy will expire in:\n\t%s hours %s minutes %s seconds\n'%(hours,minutes,seconds)
188	valid = False
189	return valid
190
191	def ManualRenewMyProxy( self ):
192	"""
193	"""
194	cmd = 'myproxy-init -d -n -s %s'%self.myproxyServer
195	out = os.system(cmd)
196	if (out>0):
197	raise Exception("Unable to delegate the proxy to myproxyserver %s"%self.myproxyServer+" !\n")
198	return
199
200	def logonProxy( self ):
201	"""
202	To be implemented
203	"""
204	#
205	return