putting everything under sso and ssl

Author: vlimant

README.md

@@ -24,7 +24,8 @@ To be documented
 
 Vizualisation of on-going production
 --------------
-Browse to http://cms-caltech-db.cern.ch/ from within cern network
+Browse to https://cms-caltech-db.cern.ch/ from within cern network
+Restricted acces to "razor-cms" e-group.
 
 Specifying specific tasks
 --------------

cert.sh

@@ -1,3 +1,6 @@
+## get the sso cookie
+cern-get-sso-cookie -u https://cms-caltech-db.cern.ch -o ~/private/ct-cookie.txt --krb
+
 ## setup a cannocial location for a proxy
 export X509_USER_PROXY=$HOME/cert/voms_proxy.cert
 

couchdb/http.py

@@ -26,6 +26,7 @@
 try:
     from http.client import BadStatusLine, HTTPConnection, HTTPSConnection
 except ImportError:
+    print "Getting it from httplib"
     from httplib import BadStatusLine, HTTPConnection, HTTPSConnection
 
 try:
@@ -85,6 +86,7 @@ def __init__(self, *a, **k):
 
     class HTTPSConnection(TimeoutMixin, _HTTPSConnection):
         def __init__(self, *a, **k):
+            print "this is the https version"
             timeout = k.pop('timeout', None)
             _HTTPSConnection.__init__(self, *a, **k)
             self.timeout = timeout
@@ -267,6 +269,7 @@ def __init__(self, cache=None, timeout=None, max_redirects=5,
         self.connection_pool = ConnectionPool(timeout)
         self.retry_delays = list(retry_delays) # We don't want this changing on us.
         self.retryable_errors = set(retryable_errors)
+        self.cookie_items={}
 
     def request(self, method, url, body=None, headers=None, credentials=None,
                 num_redirects=0):
@@ -303,6 +306,22 @@ def request(self, method, url, body=None, headers=None, credentials=None,
         if authorization:
             headers['Authorization'] = authorization
 
+        if not self.cookie_items and 'https' in url:
+            import os
+            print "Fetching sso cookies"
+            cookies = filter(None,open('%s/private/ct-cookie.txt'%(os.getenv('HOME'))).read().split('\n'))
+            for c in cookies:
+                for key in ['_shibsession','_saml_idp']:
+                    if key in c:
+                        rekey=filter(lambda w : w.startswith(key), c.split())[0]
+                        item=c.split()[ c.split().index( rekey )+1]
+                        self.cookie_items[rekey] =item
+            import pprint
+            pprint.pprint( self.cookie_items) 
+        if self.cookie_items:
+            headers.update({"Cookie": '; '.join(map(lambda (k,v) : "%s=%s"%(k,v), self.cookie_items.items()))})
+        
+
         path_query = util.urlunsplit(('', '') + util.urlsplit(url)[2:4] + ('',))
         conn = self.connection_pool.get(url)
 
@@ -498,7 +517,10 @@ def get(self, url):
                 cls = HTTPSConnection
             else:
                 raise ValueError('%s is not a supported scheme' % scheme)
+            #print "We have selected a",cls,"from"#,cls.__class__
             conn = cls(host, timeout=self.timeout)
+            #import cookielib
+            #cf = cookielib.FileCookieJar('/afs/cern.ch/user/v/vlimant/private/ct-cookie.txt')
             conn.connect()
 
         return conn

db.py

@@ -6,7 +6,7 @@
 
 class db:
     def __init__(self):
-        self.couch = couchdb.Server('http://cms-caltech-db/db/')
+        self.couch = couchdb.Server('https://cms-caltech-db/db/')
         self.rdb = self.couch['tasks']
         self.cdb = self.couch['prods']
         self.odb = self.couch['outputs']