+ ######################################## *_produce methods
+ ### step1
+ # unconditionnally create a self-signed certificate
+ def self_signed_cert_produce (self,output):
+ self.assert_private_key()
+ private_key_filename = self.private_key_filename()
+ keypair=Keypair(filename=private_key_filename)
+ self_signed = Certificate (subject = self.hrn)
+ self_signed.set_pubkey (keypair)
+ self_signed.set_issuer (keypair, self.hrn)
+ self_signed.sign ()
+ self_signed.save_to_file (output)
+ self.logger.debug("SfaClientBootstrap: Created self-signed certificate for %s in %s"%\
+ (self.hrn,output))
+ return output
+
+ ### step2
+ # unconditionnally retrieve my credential (GetSelfCredential)
+ # we always use the self-signed-cert as the SSL cert
+ def my_credential_produce (self, output):
+ self.assert_self_signed_cert()
+ certificate_filename = self.self_signed_cert_filename()
+ certificate_string = self.plain_read (certificate_filename)
+ self.assert_private_key()
+ registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(),
+ certificate_filename)
+ try:
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user")
+ except:
+ # some urns hrns may replace non hierarchy delimiters '.' with an '_' instead of escaping the '.'
+ hrn = Xrn(self.hrn).get_hrn().replace('\.', '_')
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, hrn, "user")
+ self.plain_write (output, credential_string)
+ self.logger.debug("SfaClientBootstrap: Wrote result of GetSelfCredential in %s"%output)
+ return output
+
+ ### step3
+ # unconditionnally retrieve my GID - use the general form
+ def my_gid_produce (self,output):
+ return self.gid_produce (output, self.hrn, "user")
+
+ ### retrieve any credential (GetCredential) unconditionnal form
+ # we always use the GID as the SSL cert
+ def credential_produce (self, output, hrn, type):
+ self.assert_my_gid()
+ certificate_filename = self.my_gid_filename()
+ self.assert_private_key()
+ registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(),
+ certificate_filename)
+ self.assert_my_credential()
+ my_credential_string = self.my_credential_string()
+ credential_string=registry_proxy.GetCredential (my_credential_string, hrn, type)
+ self.plain_write (output, credential_string)
+ self.logger.debug("SfaClientBootstrap: Wrote result of GetCredential in %s"%output)
+ return output
+
+ def slice_credential_produce (self, output, hrn):
+ return self.credential_produce (output, hrn, "slice")
+
+ def authority_credential_produce (self, output, hrn):
+ return self.credential_produce (output, hrn, "authority")
+
+ ### retrieve any gid (Resolve) - unconditionnal form
+ # use my GID when available as the SSL cert, otherwise the self-signed
+ def gid_produce (self, output, hrn, type ):
+ try:
+ self.assert_my_gid()
+ certificate_filename = self.my_gid_filename()
+ except:
+ self.assert_self_signed_cert()
+ certificate_filename = self.self_signed_cert_filename()
+
+ self.assert_private_key()
+ registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(),
+ certificate_filename)
+ credential_string=self.plain_read (self.my_credential())
+ records = registry_proxy.Resolve (hrn, credential_string)
+ records=[record for record in records if record['type']==type]
+ if not records:
+ raise RecordNotFound, "hrn %s (%s) unknown to registry %s"%(hrn,type,self.registry_url)
+ record=records[0]
+ self.plain_write (output, record['gid'])
+ self.logger.debug("SfaClientBootstrap: Wrote GID for %s (%s) in %s"% (hrn,type,output))
+ return output
+
+
+ # Returns True if credential file is valid. Otherwise return false.
+ def validate_credential(self, filename):
+ valid = True
+ cred = Credential(filename=filename)
+ # check if credential is expires
+ if cred.get_expiration() < datetime.now():
+ valid = False
+ return valid
+
+