The hierarchy Module

This module implements a hierarchy of authorities and performs a similar function as the "tree" module of the original geniwrapper prototype. An HRN is assumed to be a string of authorities separated by dots. For example, "planetlab.us.arizona.bakers". Each component of the HRN is a different authority, with the last component being a leaf in the tree. Each authority is stored in a subdirectory on the registry. Inside this subdirectory are several files: *.GID - GID file *.PKEY - private key file *.DBINFO - database info

AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename) (class) [#]

The AuthInfo class contains the information for an authority.

For more information about this class, see The AuthInfo Class.

Hierarchy(basedir=".") (class) [#]

The Hierarchy class is responsible for managing the tree of authorities.

For more information about this class, see The Hierarchy Class.

The AuthInfo Class

AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename) (class) [#]

The AuthInfo class contains the information for an authority. This information includes the GID, private key, and database connection information.

__init__(hrn, gid_filename, privkey_filename, dbinfo_filename) [#]

Initialize and authority object.

hrn
the human readable name of the authority
gid_filename
the filename containing the GID
privkey_filename
the filename containing the private key
dbinfo_filename
the filename containing the database info

get_dbinfo() [#]

Get the dbinfo in the form of a dictionary

get_gid_object() [#]

Get the GID in the form of a GID object

get_pkey_object() [#]

Get the private key in the form of a Keypair object

set_gid_filename(fn) [#]

Set the filename of the GID

fn
filename of file containing GID

update_gid_object(gid) [#]

Replace the GID with a new one. The file specified by gid_filename is overwritten with the new GID object

gid
object containing new GID

The Hierarchy Class

Hierarchy(basedir=".") (class) [#]

The Hierarchy class is responsible for managing the tree of authorities. Each authority is a node in the tree and exists as an AuthInfo object. The tree is stored on disk in a hierarchical manner than reflects the structure of the tree. Each authority is a subdirectory, and each subdirectory contains the GID, pkey, and dbinfo files for that authority (as well as subdirectories for each sub-authority)

auth_exists(hrn) [#]

Check to see if an authority exists. An authority exists if it's disk files exist.

the
human readable name of the authority to check

create_auth(hrn, create_parents=False) [#]

Create an authority. A private key for the authority and the associated GID are created and signed by the parent authority.

hrn
the human readable name of the authority to create
create_parents
if true, also create the parents if they do not exist

create_gid(hrn, uuid, pkey) [#]

Create a new GID. The GID will be signed by the authority that is it's immediate parent in the hierarchy (and recursively, the parents' GID will be signed by its parent)

hrn
the human readable name to store in the GID
uuid
the unique identifier to store in the GID
pkey
the public key to store in the GID

get_auth_cred(hrn) [#]

Retrieve an authority credential for an authority. The authority credential will contain the authority privilege and will be signed by the authority's parent.

hrn
the human readable name of the authority

get_auth_filenames(hrn) [#]

Given a hrn, return the filenames of the GID, private key, and dbinfo files.

hrn
the human readable name of the authority

get_auth_info(hrn) [#]

Return the AuthInfo object for the specified authority. If the authority does not exist, then an exception is thrown. As a side effect, disk files and a subdirectory may be created to store the authority.

hrn
the human readable name of the authority to create.

get_auth_ticket(hrn) [#]

Retrieve an authority ticket. An authority ticket is not actually a redeemable ticket, but only serves the purpose of being included as the parent of another ticket, in order to provide a chain of authentication for a ticket. This looks almost the same as get_auth_cred, but works for tickets XXX does similarity imply there should be more code re-use?

hrn
the human readable name of the authority

refresh_gid(gid, hrn=None, uuid=None, pubkey=None) [#]

Refresh a GID. The primary use of this function is to refresh the the expiration time of the GID. It may also be used to change the HRN, UUID, or Public key of the GID.

gid
the GID to refresh
hrn
if !=None, change the hrn
uuid
if !=None, change the uuid
pubkey
if !=None, change the public key