module Backends::Opennebula::Authn::CloudAuth::VomsCloudAuth

Public Instance Methods

do_auth(params = {}) click to toggle source
# File lib/backends/opennebula/authn/cloud_auth/voms_cloud_auth.rb, line 19
def do_auth(params = {})
  fail Backends::Errors::AuthenticationError, 'Credentials for X.509 not set!' unless params && params[:client_cert_dn]
  fail Backends::Errors::AuthenticationError, 'Attributes for VOMS not set!' unless params[:client_cert_voms_attrs] && params[:client_cert_voms_attrs].first

  # TODO: interate through all available sets of attrs?
  first_voms = params[:client_cert_voms_attrs].first

  if first_voms[:vo].blank? || first_voms[:role].blank? || first_voms[:capability].blank?
    fail Backends::Errors::AuthenticationError, "Invalid VOMS attributes! #{first_voms.inspect}"
  end

  # Password should be a DN with VOMS attrs appended and whitespaces removed.
  constructed_dn = "#{params[:client_cert_dn]}/VO=#{first_voms[:vo]}/Role=#{first_voms[:role]}/Capability=#{first_voms[:capability]}"
  username = get_username(X509Auth.escape_dn(constructed_dn))

  # TODO: remove this hack after Perun propagation scripts are updated
  if username.blank?
    # try a DN with whitespace chars removed
    username = get_username(constructed_dn.gsub(/\s+/, ''))
  end

  return nil if username.blank?

  username
end