3 # hierarchy of GENI authorities
5 # This correspond's almost identically to the functionality of Soner's
6 # "tree" module. Each component of an HRN is stored in a different subdirectory.
7 # Inside this subdirectory are:
9 # *.PKEY - private key file
10 # *.DBINFO - database info
22 privkey_filename = None
23 dbinfo_filename = None
25 def __init__(self, hrn, gid_filename, privkey_filename, dbinfo_filename):
27 self.gid_filename = gid_filename
28 self.privkey_filename = privkey_filename
29 self.dbinfo_filename = dbinfo_filename
31 def get_gid_object(self):
32 return GID(filename = self.gid_filename)
34 def get_pkey_object(self):
35 return Keypair(filename = self.privkey_filename)
38 f = file(self.dbinfo_filename)
39 dict = eval(f.read())
\r
44 def __init__(self, basedir="."):
45 self.basedir = basedir
47 def get_auth_filenames(self, hrn):
49 parent_hrn = get_authority(hrn)
50 directory = os.path.join(self.basedir, hrn.replace(".", "/"))
52 gid_filename = os.path.join(directory, leaf+".gid")
53 privkey_filename = os.path.join(directory, leaf+".pkey")
54 dbinfo_filename = os.path.join(directory, leaf+".dbinfo")
56 return (directory, gid_filename, privkey_filename, dbinfo_filename)
58 def auth_exists(self, hrn):
59 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
60 self.get_auth_filenames(hrn)
62 return os.path.exists(gid_filename) and \
63 os.path.exists(privkey_filename) and \
64 os.path.exists(dbinfo_filename)
66 def create_auth(self, hrn, create_parents=False):
67 report.trace("Hierarchy: creating authority: " + hrn)
69 # create the parent authority if necessary
70 parent_hrn = get_authority(hrn)
71 if (parent_hrn) and (not self.auth_exists(parent_hrn)) and (create_parents):
72 self.create_auth(parent_hrn, create_parents)
74 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
75 self.get_auth_filenames(hrn)
77 # create the directory to hold the files
79 os.makedirs(directory)
\r
80 # if the path already exists then pass
\r
81 except OSError, (errno, strerr):
\r
85 pkey = Keypair(create = True)
86 pkey.save_to_file(privkey_filename)
88 gid = self.create_gid(hrn, create_uuid(), pkey)
89 gid.save_to_file(gid_filename)
91 # XXX TODO: think up a better way for the dbinfo to work
93 dbinfo = get_default_dbinfo()
94 dbinfo_file = file(dbinfo_filename, "w")
95 dbinfo_file.write(str(dbinfo))
\r
98 def get_auth_info(self, hrn):
99 #report.trace("Hierarchy: getting authority: " + hrn)
101 if not self.auth_exists(hrn):
102 raise MissingAuthority(hrn)
104 (directory, gid_filename, privkey_filename, dbinfo_filename) = \
105 self.get_auth_filenames(hrn)
107 auth_info = AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)
111 def create_gid(self, hrn, uuid, pkey):
112 parent_hrn = get_authority(hrn)
114 gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
117 # if there is no parent hrn, then it must be self-signed. this
118 # is where we terminate the recursion
119 gid.set_issuer(pkey, hrn)
121 # we need the parent's private key in order to sign this GID
122 parent_auth_info = self.get_auth_info(parent_hrn)
123 gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
124 gid.set_parent(parent_auth_info.get_gid_object())
132 def refresh_gid(self, gid, hrn=None, uuid=None, pubkey=None):
133 # TODO: compute expiration time of GID, refresh it if necessary
134 gid_is_expired = False
136 # update the gid if we need to
137 if gid_is_expired or hrn or uuid or pubkey:
141 uuid = gid.get_uuid()
143 pubkey = gid.get_pubkey()
145 gid = self.create_gid(hrn, uuid, pubkey)
git://git.onelab.eu / sfa.git / blob