X509Chain

X509Chain is a class for managing X509 chains with their Pkeys

class DIRAC.Core.Security.X509Chain.X509Chain(certList=False, keyObj=False)

Bases: object

__init__(certList=False, keyObj=False)

x.__init__(…) initializes x; see help(type(x)) for signature

dumpAllToFile(filename=False)

Dump all to file. If no filename specified a temporal one will be created

dumpAllToString()

Dump all to string

dumpChainToString()

Dump only cert chain to string

dumpPKeyToString()

Dump key to string

generateChainFromRequestString(pemData, lifetime=86400, requireLimited=False, diracGroup=False, rfc=False)

Generate a x509 chain from a request return S_OK( string ) / S_ERROR

generateProxyRequest(bitStrength=1024, limited=False)

Generate a proxy request Return S_OK( X509Request ) / S_ERROR

generateProxyToFile(filePath, lifeTime, diracGroup=False, strength=1024, limited=False, rfc=False)

Generate a proxy and put it into a file

Parameters:
  • filePath – file to write
  • lifeTime – expected lifetime in seconds of proxy
  • diracGroup – diracGroup to add to the certificate
  • strength – length in bits of the pair
  • limited – Create a limited proxy
generateProxyToString(lifeTime, diracGroup=False, strength=1024, limited=False, rfc=False, proxyKey=False)

Generate a proxy and get it as a string

Parameters:
  • lifeTime (int) – expected lifetime in seconds of proxy
  • diracGroup (str) – diracGroup to add to the certificate
  • strength (int) – length in bits of the pair
  • limited (bool) – Create a limited proxy
getCertInChain(certPos=0)

Get a certificate in the chain

getCertList()

Get the cert list

getCredentials(ignoreDefault=False)
getDIRACGroup(ignoreDefault=False)

Get the dirac group if present

getIssuerCert()

Get a issuer cert in the chain

getNotAfterDate()

Get the smallest not after date

getNumCertsInChain()

Numbers of certificates in chain

getPKeyObj()

Get the pkey obj

getRemainingSecs()

Get remaining time

getVOMSData()

Check wether this chain is a proxy

hasExpired()

Is any of the elements in the chain expired?

hash()
classmethod instanceFromFile(chainLocation)

Instance a X509Chain from a file

isLimitedProxy()

Check wether this chain is a proxy

isPUSP()
isProxy()

Check wether this chain is a proxy

isRFC()
isVOMS()

Check wether this chain is a proxy

isValidProxy(ignoreDefault=False)
Check wether this chain is a valid proxy
checks if its a proxy checks if its expired
loadChainFromFile(chainLocation)

Load a x509 chain from a pem file Return : S_OK / S_ERROR

loadChainFromString(data, dataFormat=<MyMock name='mock.crypto.FILETYPE_PEM' id='140370992617360'>)

Load a x509 cert from a string containing the pem data Return : S_OK / S_ERROR

loadKeyFromFile(chainLocation, password=False)

Load a PKey from a pem file Return : S_OK / S_ERROR

loadKeyFromString(pemData, password=False)

Load a xPKey from a string containing the pem data Return : S_OK / S_ERROR

loadProxyFromFile(chainLocation)

Load a Proxy from a pem file Return : S_OK / S_ERROR

loadProxyFromString(pemData)

Load a Proxy from a pem buffer Return : S_OK / S_ERROR

setChain(certList)

Set the chain Return : S_OK / S_ERROR

setPKey(pkeyObj)

Set the chain Return : S_OK / S_ERROR

DIRAC.Core.Security.X509Chain.g_X509ChainType

alias of DIRAC.Core.Security.X509Chain.X509Chain

DIRAC.Core.Security.X509Chain.isPUSPdn(userDN)

Evaluate if the DN is of the PUSP type or not

Parameters:userDN (str) – user DN string
Returns:the subproxy user name or None