Implements GENI GID. GIDs are based on certificates, and the GID class is a descendant of the certificate class.
Create a new uuid. Returns the UUID as a string.
GID is a tuplie: (uuid, hrn, public_key) UUID is a unique identifier and is created by the python uuid module (or the utility function create_uuid() in gid.py).
For more information about this class, see The GID Class.
GID is a tuplie: (uuid, hrn, public_key) UUID is a unique identifier and is created by the python uuid module (or the utility function create_uuid() in gid.py). HRN is a human readable name. It is a dotted form similar to a backward domain name. For example, planetlab.us.arizona.bakers. PUBLIC_KEY is the public key of the principal identified by the UUID/HRN. It is a Keypair object as defined in the cert.py module. It is expected that there is a one-to-one pairing between UUIDs and HRN, but it is uncertain how this would be inforced or if it needs to be enforced. These fields are encoded using xmlrpc into the subjectAltName field of the x509 certificate. Note: Call encode() once the fields have been filled in to perform this encoding.
Create a new GID object
Decode the subject-alt-name field of the X509 certificate into the fields of the GID. This is automatically called by the various get_*() functions in this class.
Dump the credential to stdout.
Encode the GID fields and package them into the subject-alt-name field of the X509 certificate. This must be called prior to signing the certificate. It may only be called once per certificate.
Verify the chain of authenticity of the GID. First perform the checks of the certificate class (verifying that each parent signs the child, etc). In addition, GIDs also confirm that the parent's HRN is a prefix of the child's HRN. Verifying these prefixes prevents a rogue authority from signing a GID for a principal that is not a member of that authority. For example, planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.