3 # hierarchy of GENI authorities
5 # This correspond's almost identically to the functionality of Soner's
6 # "tree" module. Each component of an HRN is stored in a different subdirectory.
7 # Inside this subdirectory are:
9 # *.PKEY - private key file
10 # *.DBINFO - database info
21 privkey_filename = None
22 dbinfo_filename = None
24 def __init__(self, hrn, gid_filename, privkey_filename, dbinfo_filename):
26 self.gid_filename = gid_filename
27 self.privkey_filename = privkey_filename
28 self.dbinfo_filename = dbinfo_filename
30 def get_gid_object(self):
31 return GID(filename = self.gid_filename)
33 def get_pkey_object(self):
34 return Keypair(filename = self.privkey_filename)
37 f = file(self.dbinfo_filename)
38 dict = eval(f.read())
\r
43 def __init__(self, basedir="."):
44 self.basedir = basedir
46 def get_auth_filenames(self, hrn):
48 parent_hrn = get_authority(hrn)
49 directory = os.path.join(self.basedir, hrn.replace(".", "/"))
51 gid_filename = os.path.join(directory, leaf+".gid")
52 privkey_filename = os.path.join(directory, leaf+".pkey")
53 dbinfo_filename = os.path.join(directory, leaf+".dbinfo")
55 return (directory, gid_filename, privkey_filename, dbinfo_filename)
57 def auth_exists(self, hrn):
58 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
59 self.get_auth_filenames(hrn)
61 return os.path.exists(gid_filename) and \
62 os.path.exists(privkey_filename) and \
63 os.path.exists(dbinfo_filename)
65 def create_auth(self, hrn):
66 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
67 self.get_auth_filenames(hrn)
69 # create the directory to hold the files
71 os.makedirs(directory)
\r
72 # if the path already exists then pass
\r
73 except OSError, (errno, strerr):
\r
77 pkey = Keypair(create = True)
78 pkey.save_to_file(privkey_filename)
80 gid = self.create_gid(hrn, create_uuid(), pkey)
81 gid.save_to_file(gid_filename)
83 # XXX TODO: think up a better way for the dbinfo to work
85 dbinfo = get_default_dbinfo()
86 dbinfo_file = file(dbinfo_filename, "w")
87 dbinfo_file.write(str(dbinfo))
\r
90 def get_auth_info(self, hrn, can_create=True):
91 if not self.auth_exists(hrn):
93 return MissingAuthority(hrn)
97 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
98 self.get_auth_filenames(hrn)
100 auth_info = AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)
104 def create_gid(self, hrn, uuid, pkey):
105 parent_hrn = get_authority(hrn)
107 gid = GID(subject=hrn, uuid=uuid)
110 # if there is no parent hrn, then it must be self-signed. this
111 # is where we terminate the recursion
112 gid.set_issuer(pkey, hrn)
114 # we need the parent's private key in order to sign this GID
115 parent_auth_info = self.get_auth_info(parent_hrn)
116 gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
117 gid.set_parent(parent_auth_info.get_gid_object())
124 def refresh_gid(self, gid, hrn=None, uuid=None, pubkey=None):
125 # TODO: compute expiration time of GID, refresh it if necessary
126 gid_is_expired = False
128 # update the gid if we need to
129 if gid_is_expired or hrn or uuid or pubkey:
133 uuid = gid.get_uuid()
135 pubkey = gid.get_pubkey()
137 gid = self.create_gid(hrn, uuid, pubkey)
git://git.onelab.eu / sfa.git / blob