Closed bbockelm closed 1 year ago
With this, it should be possible to write simple python scripts for manipulating the keycache:
>>> import json >>> from cffi import FFI >>> ffi = FFI() >>> ffi.cdef(""" ... void free(void *); ... int keycache_refresh_jwks(const char *issuer, char **err_msg); ... int keycache_get_cached_jwks(const char *issuer, char **jwks, char **err_msg); ... int keycache_set_jwks(const char *issuer, const char *jwks, char **err_msg); ... """) >>> C = ffi.dlopen(None) >>> scitokens = ffi.dlopen("release_dir/lib64/libSciTokens.so") >>> jwks_result = ffi.new("char**", ffi.NULL) >>> err_msg = ffi.new("char**", ffi.NULL) >>> scitokens.keycache_get_cached_jwks("https://demo.scitokens.org".encode(), jwks_result, err_msg) 0 >>> json.loads(ffi.string(jwks_result[0]).decode()) {'keys': [{'alg': 'ES256', 'kid': 'key-es256', 'kty': 'EC', 'use': 'sig', 'x': 'ncSCrGTBTXXOhNiAOTwNdPjwRz1hVY4saDNiHQK9Bh4=', 'y': 'sCsFXvx7FAAklwq3CzRCBcghqZOFPB2dKUayS6LY_Lo='}]} >>> C.free(jwks_result[0])
Nifty!
This will allow me write a condor-ce script which injects temporary public keys for a given issuer, allowing the admins to generate an arbitrary token "as", say, CMS which is valid only at that CE.
With this, it should be possible to write simple python scripts for manipulating the keycache:
Nifty!
This will allow me write a condor-ce script which injects temporary public keys for a given issuer, allowing the admins to generate an arbitrary token "as", say, CMS which is valid only at that CE.