feat (ProxyManager): allow to query the proxy strength

andresailer · May 10, 2022 · 381a593 · 381a593
1 parent db52b56
commit 381a593
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 4 deletions.
diff --git a/src/DIRAC/FrameworkSystem/Client/ProxyManagerClient.py b/src/DIRAC/FrameworkSystem/Client/ProxyManagerClient.py
@@ -242,12 +242,25 @@ def downloadProxy(
         cacheKey = (userDN, userGroup)
         if self.__proxiesCache.exists(cacheKey, requiredTimeLeft):
             return S_OK(self.__proxiesCache.get(cacheKey))
-        req = X509Request()
-        req.generateProxyRequest(limited=limited)
+
         if proxyToConnect:
             rpcClient = Client(url="Framework/ProxyManager", proxyChain=proxyToConnect, timeout=120)
         else:
             rpcClient = Client(url="Framework/ProxyManager", timeout=120)
+
+        generateProxyArgs = {"limited": limited}
+        res = rpcClient.getStoredProxyStrength(userDN, userGroup, None)
+        if not res["OK"]:
+            gLogger.warn(
+                "Could not get stored proxy strength",
+                "%s, %s: %s" % (userDN, userGroup, res),
+            )
+        else:
+            generateProxyArgs["bitStrength"] = res["Value"]
+
+        req = X509Request()
+        req.generateProxyRequest(**generateProxyArgs)
+
         if token:
             retVal = rpcClient.getProxyWithToken(
                 userDN, userGroup, req.dumpRequest()["Value"], int(cacheTime + requiredTimeLeft), token
@@ -327,12 +340,24 @@ def downloadVOMSProxy(
         cacheKey = (userDN, userGroup, requiredVOMSAttribute, limited)
         if self.__vomsProxiesCache.exists(cacheKey, requiredTimeLeft):
             return S_OK(self.__vomsProxiesCache.get(cacheKey))
-        req = X509Request()
-        req.generateProxyRequest(limited=limited)
+
         if proxyToConnect:
             rpcClient = Client(url="Framework/ProxyManager", proxyChain=proxyToConnect, timeout=120)
         else:
             rpcClient = Client(url="Framework/ProxyManager", timeout=120)
+
+        generateProxyArgs = {"limited": limited}
+        res = rpcClient.getStoredProxyStrength(userDN, userGroup, requiredVOMSAttribute)
+        if not res["OK"]:
+            gLogger.warn(
+                "Could not get stored proxy strength",
+                "%s, %s, %s: %s" % (userDN, userGroup, requiredVOMSAttribute, res),
+            )
+        else:
+            generateProxyArgs["bitStrength"] = res["Value"]
+
+        req = X509Request()
+        req.generateProxyRequest(**generateProxyArgs)
         if token:
             retVal = rpcClient.getVOMSProxyWithToken(
                 userDN,

diff --git a/src/DIRAC/FrameworkSystem/DB/ProxyDB.py b/src/DIRAC/FrameworkSystem/DB/ProxyDB.py
@@ -527,6 +527,24 @@ def deleteProxy(self, userDN, userGroup=None, proxyProvider=None):
             return S_ERROR(", ".join(errMsgs))
         return result
 
+    def getProxyStrength(self, userDN, userGroup=None, vomsAttr=None):
+        """Load the proxy in cache corresponding to the criteria, and check its strength
+
+        :param userDN: DN of the user
+        :param userGroup: group of the user
+        :param vomsAttr: VOMS attr we plan to add on the proxy
+        """
+        # Look in the cache
+        retVal = self.__getPemAndTimeLeft(userDN, userGroup, vomsAttr=vomsAttr)
+        if retVal["OK"]:
+            pemData = retVal["Value"][0]
+            chain = X509Chain()
+            retVal = chain.loadProxyFromString(pemData)
+            if retVal["OK"]:
+                return chain.getStrength()
+
+        return retVal
+
     def __getPemAndTimeLeft(self, userDN, userGroup=None, vomsAttr=None, proxyProvider=None):
         """Get proxy from database
 

diff --git a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py
@@ -175,6 +175,17 @@ def __checkProperties(self, requestedUserDN, requestedUserGroup):
         # Not authorized!
         return S_ERROR("You can't get proxies!")
 
+    types_getStoredProxyStrength = [six.string_types, six.string_types, [six.string_types, type(None), bool]]
+
+    def export_getStoredProxyStrength(self, userDN, userGroup=None, vomsAttr=None):
+        """Return the strength in bit of the stored proxy
+
+        :param userDN: DN of the user
+        :param userGroup: group of the user
+        :param vomsAttr: VOMS attr we plan to add on the proxy
+        """
+        return self.__proxyDB.getProxyStrength(userDN, userGroup=userGroup, vomsAttr=vomsAttr)
+
     types_getProxy = [six.string_types, six.string_types, six.string_types, six.integer_types]
 
     def export_getProxy(self, userDN, userGroup, requestPem, requiredLifetime):