Add certificates handling to Tier0Handler

CondCore/Utilities/python/tier0.py

@@ -23,7 +23,7 @@ def __init__(self, message):
 
 def unique(seq, keepstr=True):
     t = type(seq)
-    if t in (unicode, str):
+    if t is str:
         t = (list, t('').join)[bool(keepstr)]
     try:
         remaining = set(seq)
@@ -105,8 +105,18 @@ def _queryTier0DataSvc( self, url ):
 
         debug = " -s -S "
         if self._debug: debug = " -v "
-
-        cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, debug, url)
+        certs = ""
+        if not proxy:
+            cert_path = os.getenv('X509_USER_CERT', '')
+            if cert_path:
+                certs += f' --cert {cert_path}'
+            else:
+                logging.warn("No certificate, nor proxy provided for Tier0 access")
+            key_path = os.getenv('X509_USER_KEY', '')
+            if key_path:
+                certs += f' --key {key_path}'
+        cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s %s' \
+            % (userAgent, proxy, self._timeOut, self._retries, debug, url, certs)
 
         # time the curl to understand if re-tries have been carried out
         start = time.time()
@@ -123,7 +133,8 @@ def _queryTier0DataSvc( self, url ):
            logging.error(msg)
 
            time.sleep(10)
-           cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, "-v", url)
+           cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s %s ' % \
+              (userAgent, proxy, self._timeOut, self._retries, "-v", url, certs)
            process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
            (stdoutdata, stderrdata) =  process.communicate()
            retcode = process.returncode