4 # SFA Certificate Signing and management. Root authorities can use this script
5 # to sign the certificate of another authority and become its parent. Sub
6 # authorities (authorities that have had their cert signed by another authority)
7 # can use this script to update their registry hierarchy with the new cert
12 # sfa-ca.py --sign PEER_CERT_FILENAME -o OUTPUT_FILENAME
14 ## import a cert and update the registry hierarchy
15 # sfa-ca.py --import CERT_FILENAME
18 # sfa-ca.py --display CERT_FILENAME
23 from optparse import OptionParser
25 from sfa.util.config import Config
27 from sfa.trust.gid import GID, create_uuid
28 from sfa.trust.hierarchy import Hierarchy
30 from sfa.storage.alchemy import dbsession
31 from sfa.storage.persistentobjs import RegRecord
36 parser = OptionParser(usage="%(script_name)s [options]" % locals())
37 parser.add_option("-d", "--display", dest="display", default=None,
38 help="print contents of specified gid")
39 parser.add_option("-s", "--sign", dest="sign", default=None,
41 parser.add_option("-k", "--key", dest="key", default=None,
42 help="keyfile to use for signing")
43 parser.add_option("-a", "--authority", dest="authority", default=None,
44 help="sign the gid using the specified authority ")
45 parser.add_option("-i", "--import", dest="importgid", default=None,
46 help="gid file to import into the registry")
47 parser.add_option("-e", "--export", dest="export",
48 help="name of gid to export from registry")
49 parser.add_option("-t", "--type", dest="type",
50 help="record type", default=None)
51 parser.add_option("-o", "--outfile", dest="outfile",
52 help="where to write the exprted gid")
53 parser.add_option("-v", "--verbose", dest="verbose", default=False,
54 action="store_true", help="be verbose")
56 (options, args) = parser.parse_args()
63 elif options.importgid:
74 Display the sepcified GID
76 gidfile = os.path.abspath(options.display)
77 if not gidfile or not os.path.isfile(gidfile):
78 print "No such gid: %s" % gidfile
80 gid = GID(filename=gidfile)
81 gid.dump(dump_parents=True)
85 Sign the specified gid
87 hierarchy = Hierarchy()
89 default_authority = config.SFA_INTERFACE_HRN
90 auth_info = hierarchy.get_auth_info(default_authority)
93 gidfile = os.path.abspath(options.sign)
94 if not os.path.isfile(gidfile):
95 print "no such gid: %s" % gidfile
97 gid = GID(filename=gidfile)
99 # extract pub_key and create new gid
100 pkey = gid.get_pubkey()
102 gid = hierarchy.create_gid(urn, create_uuid(), pkey)
105 outfile = options.outfile
107 outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn())
109 # save the signed gid
111 print "Writing signed gid %s" % outfile
112 gid.save_to_file(outfile, save_parents=True)
115 def export_gid(options):
116 # lookup the record for the specified hrn
119 # check sfa table first
120 request=dbsession.query(RegRecord).filter_by(hrn=hrn)
121 if type: request = request.filter_by(type=type)
122 record=request.first()
124 # check the authorities hierarchy
125 hierarchy = Hierarchy()
127 auth_info = hierarchy.get_auth_info(hrn)
128 gid = auth_info.gid_object
130 print "Record: %s not found" % hrn
133 gid = GID(string=record.gid)
136 outfile = options.outfile
138 outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
142 print "Writing %s gid to %s" % (gid.get_hrn(), outfile)
143 gid.save_to_file(outfile, save_parents=True)
145 def import_gid(options):
147 Import the specified gid into the registry (db and authorities
148 hierarchy) overwriting any previous gid.
151 gidfile = os.path.abspath(options.importgid)
152 if not gidfile or not os.path.isfile(gidfile):
153 print "No such gid: %s" % gidfile
155 gid = GID(filename=gidfile)
157 # check if it exists within the hierarchy
158 hierarchy = Hierarchy()
159 if not hierarchy.auth_exists(gid.get_hrn()):
160 print "%s not found in hierarchy" % gid.get_hrn()
163 # check if record exists in db
164 record = dbsession.query(RegRecord).filter_by(type='authority',hrn=gid.get_hrn()).first()
166 print "%s not found in record database" % gid.get_hrn()
169 # update the database record
170 record.gid = gid.save_to_string(save_parents=True)
173 print "Imported %s gid into db" % record['hrn']
175 # update the hierarchy
176 auth_info = hierarchy.get_auth_info(gid.get_hrn())
177 filename = auth_info.gid_filename
178 gid.save_to_file(filename, save_parents=True)
180 print "Writing %s gid to %s" % (gid.get_hrn(), filename)
185 if __name__ == '__main__':