- if int(major) > 1:
- if int(minor) > 0 or int(rev) > 20:
- return True
- return False
-
- #
- # Get various credential and spec files
- #
- # Establishes limiting conventions
- # - conflates MAs and SAs
- # - assumes last token in slice name is unique
- #
- # Bootstraps credentials
- # - bootstrap user credential from self-signed certificate
- # - bootstrap authority credential from user credential
- # - bootstrap slice credential from user credential
- #
-
-
- def get_key_file(self):
- file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
- if (os.path.isfile(file)):
- return file
- else:
- self.logger.error("Key file %s does not exist"%file)
- sys.exit(-1)
- return
-
- def get_cert_file(self, key_file):
-
- cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
- if (os.path.isfile(cert_file)):
- # we'd perfer to use Registry issued certs instead of self signed certs.
- # if this is a Registry cert (GID) then we are done
- gid = GID(filename=cert_file)
- if gid.get_urn():
- return cert_file
-
- # generate self signed certificate
- k = Keypair(filename=key_file)
- cert = Certificate(subject=self.user)
- cert.set_pubkey(k)
- cert.set_issuer(k, self.user)
- cert.sign()
- self.logger.info("Writing self-signed certificate to %s"%cert_file)
- cert.save_to_file(cert_file)
- self.cert = cert
- # try to get registry issued cert
- try:
- self.logger.info("Getting Registry issued cert")
- self.read_config()
- # *hack. need to set registyr before _get_gid() is called
- self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
- gid = self._get_gid(type='user')
- self.registry = None
- self.logger.info("Writing certificate to %s"%cert_file)
- gid.save_to_file(cert_file)
- except:
- self.logger.info("Failed to download Registry issued cert")
-
- return cert_file
-
- def get_cached_gid(self, file):
- """
- Return a cached gid
- """
- gid = None
- if (os.path.isfile(file)):
- gid = GID(filename=file)
- return gid
-
- # xxx opts unused
- def get_gid(self, opts, args):
- """
- Get the specify gid and save it to file
- """
- hrn = None
- if args:
- hrn = args[0]
- gid = self._get_gid(hrn)
- self.logger.debug("Sfi.get_gid-> %s",gid.save_to_string(save_parents=True))
- return gid
-
- def _get_gid(self, hrn=None, type=None):
- """
- git_gid helper. Retrive the gid from the registry and save it to file.
- """
-
- if not hrn:
- hrn = self.user
-
- gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
- print gidfile
- gid = self.get_cached_gid(gidfile)
- if not gid:
- user_cred = self.get_user_cred()
- records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
- if not records:
- raise RecordNotFound(args[0])
- record = records[0]
- if type:
- record=None
- for rec in records:
- if type == rec['type']:
- record = rec
- if not record:
- raise RecordNotFound(args[0])
-
- gid = GID(string=record['gid'])
- self.logger.info("Writing gid to %s"%gidfile)
- gid.save_to_file(filename=gidfile)
- return gid
-
-
- def get_cached_credential(self, file):
- """
- Return a cached credential only if it hasn't expired.
- """
- if (os.path.isfile(file)):
- credential = Credential(filename=file)
- # make sure it isnt expired
- if not credential.get_expiration or \
- datetime.datetime.today() < credential.get_expiration():
- return credential
- return None
-
- def get_user_cred(self):
- file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
- return self.get_cred(file, 'user', self.user)
-
- def get_auth_cred(self):
- if not self.authority:
- self.logger.critical("no authority specified. Use -a or set SF_AUTH")
- sys.exit(-1)
- file = os.path.join(self.options.sfi_dir, self.authority + ".cred")
- return self.get_cred(file, 'authority', self.authority)
-
- def get_slice_cred(self, name):
- file = os.path.join(self.options.sfi_dir, "slice_" + get_leaf(name) + ".cred")
- return self.get_cred(file, 'slice', name)
-
- def get_cred(self, file, type, hrn):
- # attempt to load a cached credential
- cred = self.get_cached_credential(file)
- if not cred:
- if type in ['user']:
- cert_string = self.cert.save_to_string(save_parents=True)
- user_name = self.user.replace(self.authority + ".", '')
- if user_name.count(".") > 0:
- user_name = user_name.replace(".", '_')
- self.user = self.authority + "." + user_name
- cred_str = self.registry.GetSelfCredential(cert_string, hrn, "user")
- else:
- # bootstrap slice credential from user credential
- user_cred = self.get_user_cred().save_to_string(save_parents=True)
- cred_str = self.registry.GetCredential(user_cred, hrn, type)
-
- if not cred_str:
- self.logger.critical("Failed to get %s credential" % type)
- sys.exit(-1)
-
- cred = Credential(string=cred_str)
- cred.save_to_file(file, save_parents=True)
- self.logger.info("Writing %s credential to %s" %(type, file))