1 ### $Id: get_ticket.py 15823 2009-11-20 19:45:52Z tmack $
2 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
4 from sfa.util.faults import *
5 from sfa.util.method import Method
6 from sfa.util.parameter import Parameter, Mixed
7 from sfa.trust.auth import Auth
8 from sfa.util.config import Config
9 from sfa.trust.credential import Credential
10 from sfa.util.genitable import GeniTable
11 from sfa.util.sfaticket import SfaTicket
12 from sfa.plc.slices import Slices
14 class get_signed_ticket(Method):
16 Retrieve a ticket. This operation is currently implemented on PLC
17 only (see SFA, engineering decisions); it is not implemented on
20 The ticket is filled in with information from the PLC database. This
21 information includes resources, and attributes such as user keys and
24 @param cred credential string
25 @param ticket string representation of a ticket object
27 @return the string representation of a signed ticket object
30 interfaces = ['registry']
33 Parameter(str, "Credential string"),
34 Parameter(str, "String representation of a ticket object"),
35 Mixed(Parameter(str, "Request hash"),
36 Parameter(None, "Request hash not specified"))
39 returns = Parameter(str, "String represeneation of a signed ticket object")
41 def call(self, cred, hrn, rspec, data, request_hash=None):
42 self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
43 self.api.auth.check(cred, "signticket")
44 self.api.auth.verify_object_belongs_to_me(hrn)
45 self.api.auth.verify_object_permission(hrn)
49 records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
51 raise RecordNotFound(hrn)
53 auth_hrn = record['authority']
54 auth_info = self.api.auth.get_auth_info(auth_hrn)
55 object_gid = record.get_gid_object()
56 new_ticket = SfaTicket(subject = object_gid.get_subject())
57 new_ticket.set_gid_caller(self.api.auth.client_gid)
58 new_ticket.set_gid_object(object_gid)
59 new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
60 new_ticket.set_pubkey(object_gid.get_pubkey())
61 newticket.set_attributes(data)
62 new_ticket.set_rspec(rspec)
63 new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
67 return new_ticket.save_to_string(save_parents=True)