sfa/methods/get_signed_ticket.py

   1 ### $Id: get_ticket.py 15823 2009-11-20 19:45:52Z tmack $
   2 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
   3 import time
   4 from sfa.util.faults import *
   5 from sfa.util.method import Method
   6 from sfa.util.parameter import Parameter, Mixed
   7 from sfa.trust.auth import Auth
   8 from sfa.util.config import Config
   9 from sfa.trust.credential import Credential
  10 from sfa.util.genitable import GeniTable
  11 from sfa.util.sfaticket import SfaTicket
  12 from sfa.plc.slices import Slices
  13
  14 class get_signed_ticket(Method):
  15     """
  16     Retrieve a ticket. This operation is currently implemented on PLC
  17     only (see SFA, engineering decisions); it is not implemented on
  18     components.
  19
  20     The ticket is filled in with information from the PLC database. This
  21     information includes resources, and attributes such as user keys and
  22     initscripts.
  23
  24     @param cred credential string
  25     @param hrn human readable name (hrn) of slice
  26     @param rspec resource specification string
  27     @param data extra data
  28
  29     @return the string representation of a signed ticket object
  30     """
  31
  32     interfaces = ['registry']
  33
  34     accepts = [
  35         Parameter(str, "Credential string"),
  36         Parameter(str, "human readable name (hrn) of slice"),
  37         Parameter(str, "resource specification string"),
  38         Parameter(dict, "extra data"),
  39         Mixed(Parameter(str, "Request hash"),
  40               Parameter(None, "Request hash not specified"))
  41         ]
  42
  43     returns = Parameter(str, "String represeneation of a signed ticket object")
  44
  45     def call(self, cred, hrn, rspec, data, request_hash=None):
  46         self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
  47         self.api.auth.check(cred, "signticket")
  48         self.api.auth.verify_object_belongs_to_me(hrn)
  49         self.api.auth.verify_object_permission(hrn)
  50
  51         # get the record info
  52         table = GeniTable()
  53         records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
  54         if not records:
  55             raise RecordNotFound(hrn)
  56         record = records[0]
  57         auth_hrn = record['authority']
  58         auth_info = self.api.auth.get_auth_info(auth_hrn)
  59         object_gid = record.get_gid_object()
  60         new_ticket = SfaTicket(subject = object_gid.get_subject())
  61         new_ticket.set_gid_caller(self.api.auth.client_gid)
  62         new_ticket.set_gid_object(object_gid)
  63         new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
  64         new_ticket.set_pubkey(object_gid.get_pubkey())
  65         newticket.set_attributes(data)
  66         new_ticket.set_rspec(rspec)
  67         new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
  68         new_ticket.encode()
  69         new_ticket.sign()
  70
  71         return new_ticket.save_to_string(save_parents=True)
  72