+sfi_dir = os.path.expanduser("~/.sfi/")
+slicemgr = None
+registry = None
+user = None
+authority = None
+verbose = False
+
+#
+# Establish Connection to SliceMgr and Registry Servers
+#
+def set_servers(options):
+ global slicemgr
+ global registry
+ global user
+ global authority
+
+ # Set SliceMgr URL
+ if (options.sm is not None):
+ sm_url = options.sm
+ elif ("SFI_SM" in os.environ):
+ sm_url = os.environ["SFI_SM"]
+ else:
+ print "No Known Slice Manager"
+ sys.exit(1)
+
+ # Set Registry URL
+ if (options.registry is not None):
+ reg_url = options.registry
+ elif ("SFI_REGISTRY" in os.environ):
+ reg_url = os.environ["SFI_REGISTRY"]
+ else:
+ print "No Known Registry Server"
+ sys.exit(1)
+
+ if options.verbose :
+ print "Contacting Slice Manager at:", sm_url
+ print "Contacting Registry at:", reg_url
+
+ # Set user HRN
+ if (options.user is not None):
+ user = options.user
+ elif ("SFI_USER" in os.environ):
+ user = os.environ["SFI_USER"]
+ else:
+ print "No Known User Name"
+ sys.exit(1)
+
+ # Set authority HRN
+ if (options.auth is not None):
+ authority = options.auth
+ elif ("SFI_AUTH" in os.environ):
+ authority = os.environ["SFI_AUTH"]
+ else:
+ authority = None
+
+ # Get key and certificate
+ key_file = get_key_file()
+ cert_file = get_cert_file(key_file)
+
+ # Establish connection to server(s)
+ slicemgr = GeniClient(sm_url, key_file, cert_file)
+ registry = GeniClient(reg_url, key_file, cert_file)
+ return
+
+#
+# Get various credential and spec files
+#
+# Establishes limiting conventions
+# - conflates MAs and SAs
+# - assumes last token in slice name is unique
+#
+# Bootstraps credentials
+# - bootstrap user credential from self-signed certificate
+# - bootstrap authority credential from user credential
+# - bootstrap slice credential from user credential
+#
+
+def get_leaf(name):
+ parts = name.split(".")
+ return parts[-1]
+
+def get_key_file():
+ file = os.path.join(sfi_dir, get_leaf(user) + ".pkey")
+ if (os.path.isfile(file)):
+ return file
+ else:
+ print "Key file", file, "does not exist"
+ sys.exit(-1)
+ return
+
+def get_cert_file(key_file):
+ global verbose
+
+ file = os.path.join(sfi_dir, get_leaf(user) + ".cert")
+ if (os.path.isfile(file)):
+ return file
+ else:
+ k = Keypair(filename = key_file)
+ cert = Certificate(subject=user)
+ cert.set_pubkey(k)
+ cert.set_issuer(k, user)
+ cert.sign()
+ if verbose :
+ print "Writing self-signed certificate to", file
+ cert.save_to_file(file)
+ return file
+
+def get_user_cred():
+ global user
+
+ file = os.path.join(sfi_dir, get_leaf(user) + ".cred")
+ if (os.path.isfile(file)):
+ user_cred = Credential(filename=file)
+ return user_cred
+ else:
+ # bootstrap user credential
+ user_cred = registry.get_credential(None, "user", user)
+ if user_cred:
+ user_cred.save_to_file(file, save_parents=True)
+ if verbose:
+ print "Writing user credential to", file
+ return user_cred
+ else:
+ print "Failed to get user credential"
+ sys.exit(-1)
+
+def get_auth_cred():
+ global authority
+
+ if not authority:
+ print "no authority specified. Use -a or set SF_AUTH"
+ sys.exit(-1)
+
+ file = os.path.join(sfi_dir, get_leaf("authority") +".cred")
+ if (os.path.isfile(file)):
+ auth_cred = Credential(filename=file)
+ return auth_cred
+ else:
+ # bootstrap authority credential from user credential
+ user_cred = get_user_cred()
+ auth_cred = registry.get_credential(user_cred, "sa", authority)
+ if auth_cred:
+ auth_cred.save_to_file(file, save_parents=True)
+ if verbose:
+ print "Writing authority credential to", file
+ return auth_cred
+ else:
+ print "Failed to get authority credential"
+ sys.exit(-1)
+
+def get_slice_cred(name):
+ file = os.path.join(sfi_dir, "slice_" + get_leaf(name) + ".cred")
+ if (os.path.isfile(file)):
+ slice_cred = Credential(filename=file)
+ return slice_cred
+ else:
+ # bootstrap slice credential from user credential
+ user_cred = get_user_cred()
+ slice_cred = registry.get_credential(user_cred, "slice", name)
+ if slice_cred:
+ slice_cred.save_to_file(file, save_parents=True)
+ if verbose:
+ print "Writing slice credential to", file
+ return slice_cred
+ else:
+ print "Failed to get slice credential"
+ sys.exit(-1)
+
+def get_rspec_file(rspec):
+ if (os.path.isabs(rspec)):
+ file = rspec
+ else:
+ file = os.path.join(sfi_dir, rspec)
+ if (os.path.isfile(file)):
+ return file
+ else:
+ print "No such rspec file", rspec
+ sys.exit(1)
+
+def get_record_file(record):
+ if (os.path.isabs(record)):
+ file = record
+ else:
+ file = os.path.join(sfi_dir, record)
+ if (os.path.isfile(file)):
+ return file
+ else:
+ print "No such registry record file", record
+ sys.exit(1)
+
+def load_publickey_string(fn):
+ f = file(fn,"r")
+ key_string = f.read()
+
+ # if the filename is a private key file, then extract the public key
+ if "PRIVATE KEY" in key_string:
+ outfn = tempfile.mktemp()
+ cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
+ os.system(cmd)
+ f = file(outfn, "r")
+ key_string = f.read()
+ os.remove(outfn)
+
+ return key_string
+
+#
+# Generate sub-command parser
+#
+def create_cmd_parser(command, additional_cmdargs = None):