fix: make proxyLocation working with host certificates

chaen · Nov 30, 2023 · c003267 · c003267
1 parent ebdf7ee
commit c003267
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/src/DIRAC/Core/DISET/private/BaseClient.py b/src/DIRAC/Core/DISET/private/BaseClient.py
@@ -253,7 +253,11 @@ def __discoverExtraCredentials(self):
  :return: S_OK()/S_ERROR()
  """
  # which extra credentials to use?
- self.__extraCredentials = self.VAL_EXTRA_CREDENTIALS_HOST if self.__useCertificates else ""
+ self.__extraCredentials = (
+ self.VAL_EXTRA_CREDENTIALS_HOST
+ if (self.__useCertificates and not self.kwargs.get(self.KW_PROXY_LOCATION))
+ else ""
+ )
  if self.KW_EXTRA_CREDENTIALS in self.kwargs:
  self.__extraCredentials = self.kwargs[self.KW_EXTRA_CREDENTIALS]
 

diff --git a/src/DIRAC/Core/DISET/private/Transports/SSLTransport.py b/src/DIRAC/Core/DISET/private/Transports/SSLTransport.py
@@ -40,7 +40,9 @@ def checkSanity(urlTuple, kwargs):
  """
  useCerts = False
  certFile = ""
- if "useCertificates" in kwargs and kwargs["useCertificates"]:
+ if kwargs.get("proxyLocation"):
+ certFile = kwargs["proxyLocation"]
+ elif "useCertificates" in kwargs and kwargs["useCertificates"]:
  certTuple = Locations.getHostCertificateAndKeyLocation()
  if not certTuple:
  gLogger.error("No cert/key found! ")
@@ -52,10 +54,7 @@ def checkSanity(urlTuple, kwargs):
  gLogger.error("proxyString parameter is not a valid type", str(type(kwargs["proxyString"])))
  return S_ERROR("proxyString parameter is not a valid type")
  else:
- if "proxyLocation" in kwargs:
- certFile = kwargs["proxyLocation"]
- else:
- certFile = Locations.getProxyLocation()
+ certFile = Locations.getProxyLocation()
  if not certFile:
  gLogger.error("No proxy found")
  return S_ERROR("No proxy found")

diff --git a/src/DIRAC/Core/Tornado/Client/private/TornadoBaseClient.py b/src/DIRAC/Core/Tornado/Client/private/TornadoBaseClient.py
@@ -277,7 +277,7 @@ def __discoverExtraCredentials(self):
  WARNING: COPY/PASTE FROM Core/Diset/private/BaseClient
  """
  # which extra credentials to use?
- if self.__useCertificates:
+ if self.__useCertificates and not self.kwargs.get(self.KW_PROXY_LOCATION):
  self.__extraCredentials = self.VAL_EXTRA_CREDENTIALS_HOST
  else:
  self.__extraCredentials = ""
@@ -508,10 +508,11 @@ def _request(self, retry=0, outputFile=None, **kwargs):
  return url
  url = url["Value"]
 
+ if self.kwargs.get(self.KW_PROXY_LOCATION):
+ auth = {"cert": self.kwargs[self.KW_PROXY_LOCATION]}
  # getting certificate
  # Do we use the server certificate ?
- if self.kwargs[self.KW_USE_CERTIFICATES]:
- # TODO: make this code path work with DiracX for Agents and possibly webapp ?
+ elif self.kwargs[self.KW_USE_CERTIFICATES]:
  auth = {"cert": Locations.getHostCertificateAndKeyLocation()}
 
  # Use access token?
@@ -550,8 +551,6 @@ def _request(self, retry=0, outputFile=None, **kwargs):
  fp = os.fdopen(tmpHandle, "w")
  fp.write(self.kwargs[self.KW_PROXY_STRING])
  fp.close()
- elif self.kwargs.get(self.KW_PROXY_LOCATION):
- auth = {"cert": self.kwargs[self.KW_PROXY_LOCATION]}
  else:
  auth = {"cert": Locations.getProxyLocation()}
  if not auth["cert"]: