- #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
- file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
- if (os.path.isfile(file)):
- return file
- else:
- k = Keypair(filename=key_file)
- cert = Certificate(subject=self.user)
- cert.set_pubkey(k)
- cert.set_issuer(k, self.user)
- cert.sign()
- if self.options.verbose :
- print "Writing self-signed certificate to", file
- cert.save_to_file(file)
- return file
-
+ cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
+ if (os.path.isfile(cert_file)):
+ # we'd perfer to use Registry issued certs instead of self signed certs.
+ # if this is a Registry cert (GID) then we are done
+ gid = GID(filename=cert_file)
+ if gid.get_urn():
+ return cert_file
+
+ # generate self signed certificate
+ k = Keypair(filename=key_file)
+ cert = Certificate(subject=self.user)
+ cert.set_pubkey(k)
+ cert.set_issuer(k, self.user)
+ cert.sign()
+ self.logger.info("Writing self-signed certificate to %s"%cert_file)
+ cert.save_to_file(cert_file)
+ self.cert = cert
+ # try to get registry issued cert
+ try:
+ self.logger.info("Getting Registry issued cert")
+ self.read_config()
+ # *hack. need to set registyr before _get_gid() is called
+ self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
+ gid = self._get_gid(type='user')
+ self.registry = None
+ self.logger.info("Writing certificate to %s"%cert_file)
+ gid.save_to_file(cert_file)
+ except:
+ self.logger.info("Failed to download Registry issued cert")
+
+ return cert_file
+
+ def get_cached_gid(self, file):
+ """
+ Return a cached gid
+ """
+ gid = None
+ if (os.path.isfile(file)):
+ gid = GID(filename=file)
+ return gid
+
+ # xxx opts unused
+ def get_gid(self, opts, args):
+ """
+ Get the specify gid and save it to file
+ """
+ hrn = None
+ if args:
+ hrn = args[0]
+ gid = self._get_gid(hrn)
+ self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True))
+ return gid
+
+ def _get_gid(self, hrn=None, type=None):
+ """
+ git_gid helper. Retrive the gid from the registry and save it to file.
+ """
+
+ if not hrn:
+ hrn = self.user
+
+ gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
+ print gidfile
+ gid = self.get_cached_gid(gidfile)
+ if not gid:
+ user_cred = self.get_user_cred()
+ records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
+ if not records:
+ raise RecordNotFound(args[0])
+ record = records[0]
+ if type:
+ record=None
+ for rec in records:
+ if type == rec['type']:
+ record = rec
+ if not record:
+ raise RecordNotFound(args[0])
+
+ gid = GID(string=record['gid'])
+ self.logger.info("Writing gid to %s"%gidfile)
+ gid.save_to_file(filename=gidfile)
+ return gid
+
+