sfa/methods/get_signed_ticket.py

   1 ### $Id: get_ticket.py 15823 2009-11-20 19:45:52Z tmack $
   2 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
   3 import time
   4 from sfa.util.faults import *
   5 from sfa.util.method import Method
   6 from sfa.util.parameter import Parameter, Mixed
   7 from sfa.trust.auth import Auth
   8 from sfa.util.config import Config
   9 from sfa.trust.credential import Credential
  10 from sfa.util.genitable import GeniTable
  11 from sfa.util.sfaticket import SfaTicket
  12 from sfa.plc.slices import Slices
  13
  14 class get_signed_ticket(Method):
  15     """
  16     Retrieve a ticket. This operation is currently implemented on PLC
  17     only (see SFA, engineering decisions); it is not implemented on
  18     components.
  19
  20     The ticket is filled in with information from the PLC database. This
  21     information includes resources, and attributes such as user keys and
  22     initscripts.
  23
  24     @param cred credential string
  25     @param ticket string representation of a ticket object
  26
  27     @return the string representation of a signed ticket object
  28     """
  29
  30     interfaces = ['registry']
  31
  32     accepts = [
  33         Parameter(str, "Credential string"),
  34         Parameter(str, "String representation of a ticket object"),
  35         Mixed(Parameter(str, "Request hash"),
  36               Parameter(None, "Request hash not specified"))
  37         ]
  38
  39     returns = Parameter(str, "String represeneation of a signed ticket object")
  40
  41     def call(self, cred, hrn, rspec, data, request_hash=None):
  42         self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
  43         self.api.auth.check(cred, "signticket")
  44         self.api.auth.verify_object_belongs_to_me(hrn)
  45         self.api.auth.verify_object_permission(hrn)
  46
  47         # get the record info
  48         table = GeniTable()
  49         records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
  50         if not records:
  51             raise RecordNotFound(hrn)
  52         record = records[0]
  53         auth_hrn = record['authority']
  54         auth_info = self.api.auth.get_auth_info(auth_hrn)
  55         object_gid = record.get_gid_object()
  56         new_ticket = SfaTicket(subject = object_gid.get_subject())
  57         new_ticket.set_gid_caller(self.api.auth.client_gid)
  58         new_ticket.set_gid_object(object_gid)
  59         new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
  60         new_ticket.set_pubkey(object_gid.get_pubkey())
  61         newticket.set_attributes(data)
  62         new_ticket.set_rspec(rspec)
  63         new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
  64         new_ticket.encode()
  65         new_ticket.sign()
  66
  67         return new_ticket.save_to_string(save_parents=True)
  68