1 ### $Id: get_ticket.py 15823 2009-11-20 19:45:52Z tmack $
2 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
4 from sfa.util.faults import *
5 from sfa.util.method import Method
6 from sfa.util.parameter import Parameter, Mixed
7 from sfa.trust.auth import Auth
8 from sfa.util.config import Config
9 from sfa.trust.credential import Credential
10 from sfa.util.genitable import GeniTable
11 from sfa.util.sfaticket import SfaTicket
12 from sfa.plc.slices import Slices
14 class get_signed_ticket(Method):
16 Retrieve a ticket. This operation is currently implemented on PLC
17 only (see SFA, engineering decisions); it is not implemented on
20 The ticket is filled in with information from the PLC database. This
21 information includes resources, and attributes such as user keys and
24 @param cred credential string
25 @param hrn human readable name (hrn) of slice
26 @param rspec resource specification string
27 @param data extra data
29 @return the string representation of a signed ticket object
32 interfaces = ['registry']
35 Parameter(str, "Credential string"),
36 Parameter(str, "human readable name (hrn) of slice"),
37 Parameter(str, "resource specification string"),
38 Parameter(dict, "extra data"),
39 Mixed(Parameter(str, "Request hash"),
40 Parameter(None, "Request hash not specified"))
43 returns = Parameter(str, "String represeneation of a signed ticket object")
45 def call(self, cred, hrn, rspec, data, request_hash=None):
46 self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
47 self.api.auth.check(cred, "signticket")
48 self.api.auth.verify_object_belongs_to_me(hrn)
49 self.api.auth.verify_object_permission(hrn)
53 records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
55 raise RecordNotFound(hrn)
57 auth_hrn = record['authority']
58 auth_info = self.api.auth.get_auth_info(auth_hrn)
59 object_gid = record.get_gid_object()
60 new_ticket = SfaTicket(subject = object_gid.get_subject())
61 new_ticket.set_gid_caller(self.api.auth.client_gid)
62 new_ticket.set_gid_object(object_gid)
63 new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
64 new_ticket.set_pubkey(object_gid.get_pubkey())
65 newticket.set_attributes(data)
66 new_ticket.set_rspec(rspec)
67 new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
71 return new_ticket.save_to_string(save_parents=True)