This module implements a hierarchy of authorities and performs a similar function as the "tree" module of the original geniwrapper prototype. An HRN is assumed to be a string of authorities separated by dots. For example, "planetlab.us.arizona.bakers". Each component of the HRN is a different authority, with the last component being a leaf in the tree. Each authority is stored in a subdirectory on the registry. Inside this subdirectory are several files: *.GID - GID file *.PKEY - private key file *.DBINFO - database info
The AuthInfo class contains the information for an authority.
For more information about this class, see The AuthInfo Class.
The Hierarchy class is responsible for managing the tree of authorities.
For more information about this class, see The Hierarchy Class.
The AuthInfo class contains the information for an authority. This information includes the GID, private key, and database connection information.
Initialize and authority object.
Get the dbinfo in the form of a dictionary
Get the GID in the form of a GID object
Get the private key in the form of a Keypair object
Set the filename of the GID
Replace the GID with a new one. The file specified by gid_filename is overwritten with the new GID object
The Hierarchy class is responsible for managing the tree of authorities. Each authority is a node in the tree and exists as an AuthInfo object. The tree is stored on disk in a hierarchical manner than reflects the structure of the tree. Each authority is a subdirectory, and each subdirectory contains the GID, pkey, and dbinfo files for that authority (as well as subdirectories for each sub-authority)
Check to see if an authority exists. An authority exists if it's disk files exist.
Create an authority. A private key for the authority and the associated GID are created and signed by the parent authority.
Create a new GID. The GID will be signed by the authority that is it's immediate parent in the hierarchy (and recursively, the parents' GID will be signed by its parent)
Retrieve an authority credential for an authority. The authority credential will contain the authority privilege and will be signed by the authority's parent.
Given a hrn, return the filenames of the GID, private key, and dbinfo files.
Return the AuthInfo object for the specified authority. If the authority does not exist, then an exception is thrown. As a side effect, disk files and a subdirectory may be created to store the authority.
Retrieve an authority ticket. An authority ticket is not actually a redeemable ticket, but only serves the purpose of being included as the parent of another ticket, in order to provide a chain of authentication for a ticket. This looks almost the same as get_auth_cred, but works for tickets XXX does similarity imply there should be more code re-use?
Refresh a GID. The primary use of this function is to refresh the the expiration time of the GID. It may also be used to change the HRN, UUID, or Public key of the GID.