3 # hierarchy of GENI authorities
5 # This correspond's almost identically to the functionality of Soner's
6 # "tree" module. Each component of an HRN is stored in a different subdirectory.
7 # Inside this subdirectory are:
9 # *.PKEY - private key file
10 # *.DBINFO - database info
21 privkey_filename = None
22 dbinfo_filename = None
24 def __init__(self, hrn, gid_filename, privkey_filename, dbinfo_filename):
26 self.gid_filename = gid_filename
27 self.privkey_filename = privkey_filename
28 self.dbinfo_filename = dbinfo_filename
30 def get_gid_object(self):
31 return GID(filename = self.gid_filename)
33 def get_pkey_object(self):
34 return Keypair(filename = self.privkey_filename)
37 f = file(self.dbinfo_filename)
38 dict = eval(f.read())
\r
43 def __init__(self, basedir="."):
44 self.basedir = basedir
47 def get_auth_info(self, hrn, type, can_create=True):
49 parent_hrn = get_authority(hrn)
50 directory = os.path.join(self.basedir,
51 os.path.join(type, hrn.replace(".", "/")))
53 gid_filename = os.path.join(directory, leaf+".gid")
54 privkey_filename = os.path.join(directory, leaf+".pkey")
55 dbinfo_filename = os.path.join(directory, leaf+".dbinfo")
57 if (not os.path.exists(gid_filename)) or \
58 (not os.path.exists(privkey_filename)) or \
59 (not os.path.exists(dbinfo_filename)):
61 return MissingAuthorityFiles(hrn)
63 # create the directory to hold the files
65 os.makedirs(directory)
\r
66 # if the path already exists then pass
\r
67 except OSError, (errno, strerr):
\r
71 pkey = Keypair(create = True)
72 pkey.save_to_file(privkey_filename)
74 gid = self.create_gid(type, hrn, create_uuid(), pkey)
75 gid.save_to_file(gid_filename)
77 # XXX TODO: think up a better way for the dbinfo to work
79 dbinfo = get_default_dbinfo()
80 dbinfo_file = file(dbinfo_filename, "w")
81 dbinfo_file.write(str(dbinfo))
\r
84 auth_info = AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)
88 def create_gid(self, type, hrn, uuid, pkey):
89 parent_hrn = get_authority(hrn)
91 gid = GID(subject=hrn, uuid=uuid)
94 # if there is no parent hrn, then it must be self-signed. this
95 # is where we terminate the recursion
96 gid.set_issuer(pkey, hrn)
98 # we need the parent's private key in order to sign this GID
99 parent_auth_info = self.get_auth_info(parent_hrn, type)
100 gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
101 gid.set_parent(parent_auth_info.get_gid_object())
108 def refresh_gid(self, type, gid, hrn=None, uuid=None, pubkey=None):
109 # TODO: compute expiration time of GID, refresh it if necessary
110 gid_is_expired = False
112 # update the gid if we need to
113 if gid_is_expired or hrn or uuid or pubkey:
117 uuid = gid.get_uuid()
119 pubkey = gid.get_pubkey()
121 gid = self.create_gid(type, hrn, uuid, pubkey)
git://git.onelab.eu / sfa.git / blob