improve server-side logging of exceptions

[sfa.git] / sfa / client / sfi.py
diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py

index bb7918b..f3b8490 100755 (executable)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -3,47 +3,43 @@
  # sfi -- slice-based facility interface
  
  import sys
  # sfi -- slice-based facility interface
  
  import sys
+sys.path.append('.')
  import os, os.path
  import tempfile
  import traceback
  import socket
  import os, os.path
  import tempfile
  import traceback
  import socket
+import random
+import datetime
+from lxml import etree
+from StringIO import StringIO
  from types import StringTypes, ListType
  from optparse import OptionParser
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.credential import Credential
  from types import StringTypes, ListType
  from optparse import OptionParser
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.credential import Credential
-from sfa.util.geniclient import GeniClient
  from sfa.util.sfaticket import SfaTicket
  from sfa.util.record import *
  from sfa.util.sfaticket import SfaTicket
  from sfa.util.record import *
-from sfa.util.misc import *
-from sfa.util.rspec import RSpec
+from sfa.util.namespace import *
  from sfa.util.xmlrpcprotocol import ServerException
  import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  from sfa.util.config import Config
  from sfa.util.xmlrpcprotocol import ServerException
  import sfa.util.xmlrpcprotocol as xmlrpcprotocol
  from sfa.util.config import Config
+import zlib
+
+AGGREGATE_PORT=12346
+CM_PORT=12346
  
  # utility methods here
  # display methods
  
  # utility methods here
  # display methods
-def display_rspec(rspec, format = 'rspec'):
+def display_rspec(rspec, format='rspec'):
      if format in ['dns']:
      if format in ['dns']:
-        spec = RSpec()
-        spec.parseString(rspec)
-        hostnames = []
-        nodespecs = spec.getDictsByTagName('NodeSpec')
-        for nodespec in nodespecs:
-            if nodespec.has_key('name') and nodespec['name']:
-                if isinstance(nodespec['name'], ListType):
-                    hostnames.extend(nodespec['name'])
-                elif isinstance(nodespec['name'], StringTypes):
-                     hostnames.append(nodespec['name'])
-        result = hostnames
+        tree = etree.parse(StringIO(rspec))
+        root = tree.getroot()
+        result = root.xpath("./network/site/node/hostname/text()")
      elif format in ['ip']:
      elif format in ['ip']:
-        spec = RSpec()
-        spec.parseString(rspec)
-        ips = []
-        ifspecs = spec.getDictsByTagName('IfSpec')
-        for ifspec in ifspecs:
-            if ifspec.has_key('addr') and ifspec['addr']:
-                ips.append(ifspec['addr'])
-        result = ips
+        # The IP address is not yet part of the new RSpec
+        # so this doesn't do anything yet.
+        tree = etree.parse(StringIO(rspec))
+        root = tree.getroot()
+        result = root.xpath("./network/site/node/ipv4/text()")
      else:
          result = rspec
  
      else:
          result = rspec
  
@@ -54,13 +50,12 @@ def display_list(results):
      for result in results:
          print result
  
      for result in results:
          print result
  
-
-def display_records(recordList, dump = False):
+def display_records(recordList, dump=False):
      ''' Print all fields in the record'''
      for record in recordList:
          display_record(record, dump)
  
      ''' Print all fields in the record'''
      for record in recordList:
          display_record(record, dump)
  
-def display_record(record, dump = False):
+def display_record(record, dump=False):
      if dump:
          record.dump()
      else:
      if dump:
          record.dump()
      else:
@@ -90,7 +85,7 @@ def save_rspec_to_file(rspec, filename):
  def save_records_to_file(filename, recordList):
      index = 0
      for record in recordList:
  def save_records_to_file(filename, recordList):
      index = 0
      for record in recordList:
-        if index>0:
+        if index > 0:
              save_record_to_file(filename + "." + str(index), record)
          else:
              save_record_to_file(filename, record)
              save_record_to_file(filename + "." + str(index), record)
          else:
              save_record_to_file(filename, record)
@@ -98,15 +93,15 @@ def save_records_to_file(filename, recordList):
  
  def save_record_to_file(filename, record):
      if record['type'] in ['user']:
  
  def save_record_to_file(filename, record):
      if record['type'] in ['user']:
-        record = UserRecord(dict = record)
+        record = UserRecord(dict=record)
      elif record['type'] in ['slice']:
      elif record['type'] in ['slice']:
-        record = SliceRecord(dict = record)
+        record = SliceRecord(dict=record)
      elif record['type'] in ['node']:
      elif record['type'] in ['node']:
-        record = NodeRecord(dict = record)
+        record = NodeRecord(dict=record)
      elif record['type'] in ['authority', 'ma', 'sa']:
      elif record['type'] in ['authority', 'ma', 'sa']:
-        record = AuthorityRecord(dict = record)
+        record = AuthorityRecord(dict=record)
      else:
      else:
-        record = GeniRecord(dict = record)
+        record = SfaRecord(dict=record)
      str = record.save_to_string()
      file(filename, "w").write(str)
      return
      str = record.save_to_string()
      file(filename, "w").write(str)
      return
@@ -115,13 +110,13 @@ def save_record_to_file(filename, record):
  # load methods
  def load_record_from_file(filename):
      str = file(filename, "r").read()
  # load methods
  def load_record_from_file(filename):
      str = file(filename, "r").read()
-    record = GeniRecord(string=str)
+    record = SfaRecord(string=str)
      return record
  
  
  
  class Sfi:
      return record
  
  
  
  class Sfi:
-    
+
      slicemgr = None
      registry = None
      user = None
      slicemgr = None
      registry = None
      user = None
@@ -129,26 +124,30 @@ class Sfi:
      options = None
      hashrequest = False
     
      options = None
      hashrequest = False
     
-    def create_cmd_parser(self,command, additional_cmdargs = None):
-        cmdargs = {"gid": "",
-                  "list": "name",
+    def create_cmd_parser(self, command, additional_cmdargs=None):
+        cmdargs = {"list": "name",
                    "show": "name",
                    "remove": "name",
                    "add": "record",
                    "update": "record",
                    "aggregates": "[name]",
                    "registries": "[name]",
                    "show": "name",
                    "remove": "name",
                    "add": "record",
                    "update": "record",
                    "aggregates": "[name]",
                    "registries": "[name]",
+                  "get_gid": [],  
+                  "get_trusted_certs": "cred",
                    "slices": "",
                    "resources": "[name]",
                    "create": "name rspec",
                    "slices": "",
                    "resources": "[name]",
                    "create": "name rspec",
-                  "get_trusted_certs": "cred",
                    "get_ticket": "name rspec",
                    "get_ticket": "name rspec",
-                  "redeem_ticket": "ticket",  
+                  "redeem_ticket": "ticket",
                    "delete": "name",
                    "reset": "name",
                    "start": "name",
                    "stop": "name",
                    "delete": "name",
                    "reset": "name",
                    "start": "name",
                    "stop": "name",
-                  "delegate": "name"
+                  "delegate": "name",
+                  "status": "name",
+                  "renew": "name",
+                  "shutdown": "name",
+                  "version": "",  
                   }
  
          if additional_cmdargs:
                   }
  
          if additional_cmdargs:
@@ -158,33 +157,38 @@ class Sfi:
              print "Invalid command\n"
              print "Commands: ",
              for key in cmdargs.keys():
              print "Invalid command\n"
              print "Commands: ",
              for key in cmdargs.keys():
-                print key+",",
+                print key + ",",
              print ""
              sys.exit(2)
  
          parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
                                       % (command, cmdargs[command]))
  
              print ""
              sys.exit(2)
  
          parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
                                       % (command, cmdargs[command]))
  
-        if command in ("resources"):
-            parser.add_option("-f", "--format", dest="format",type="choice",
-                             help="display format ([xml]|dns|ip)",default="xml",
-                             choices=("xml","dns","ip"))
+        # user specifies remote aggregate/sm/component                          
+        if command in ("resources", "slices", "create", "delete", "start", "stop", 
+                       "restart", "shutdown",  "get_ticket", "renew", "status"):
              parser.add_option("-a", "--aggregate", dest="aggregate",
              parser.add_option("-a", "--aggregate", dest="aggregate",
-                             default=None, help="aggregate hrn")
-
-        if command in ("create", "get_ticket"):
-            parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
-                             help="aggregate hrn")
-
-        if command in ("start", "stop", "reset", "delete"):
-            parser.add_option("-c", "--component", dest="component",default=None,
+                             default=None, help="aggregate host")
+            parser.add_option("-p", "--port", dest="port",
+                             default=AGGREGATE_PORT, help="aggregate port")
+            parser.add_option("-c", "--component", dest="component", default=None,
                               help="component hrn")
                               help="component hrn")
-            
+            parser.add_option("-d", "--delegate", dest="delegate", default=None, 
+                             action="store_true",
+                             help="Include a credential delegated to the user's root"+\
+                                  "authority in set of credentials for this call")  
+        
+        # registy filter option    
          if command in ("list", "show", "remove"):
          if command in ("list", "show", "remove"):
-            parser.add_option("-t", "--type", dest="type",type="choice",
-                            help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
-                            choices=("all","user","slice","sa","ma","node","aggregate"),
+            parser.add_option("-t", "--type", dest="type", type="choice",
+                            help="type filter ([all]|user|slice|authority|node|aggregate)",
+                            choices=("all", "user", "slice", "authority", "node", "aggregate"),
                              default="all")
                              default="all")
+        # display formats
+        if command in ("resources"):
+            parser.add_option("-f", "--format", dest="format", type="choice",
+                             help="display format ([xml]|dns|ip)", default="xml",
+                             choices=("xml", "dns", "ip"))
  
          if command in ("resources", "show", "list"):
             parser.add_option("-o", "--output", dest="file",
  
          if command in ("resources", "show", "list"):
             parser.add_option("-o", "--output", dest="file",
@@ -192,8 +196,8 @@ class Sfi:
          
          if command in ("show", "list"):
             parser.add_option("-f", "--format", dest="format", type="choice",
          
          if command in ("show", "list"):
             parser.add_option("-f", "--format", dest="format", type="choice",
-                             help="display format ([text]|xml)",default="text",
-                             choices=("text","xml"))
+                             help="display format ([text]|xml)", default="text",
+                             choices=("text", "xml"))
  
          if command in ("delegate"):
             parser.add_option("-u", "--user",
  
          if command in ("delegate"):
             parser.add_option("-u", "--user",
@@ -201,6 +205,7 @@ class Sfi:
                              help="delegate user credential")
             parser.add_option("-s", "--slice", dest="delegate_slice",
                              help="delegate slice credential", metavar="HRN", default=None)
                              help="delegate user credential")
             parser.add_option("-s", "--slice", dest="delegate_slice",
                              help="delegate slice credential", metavar="HRN", default=None)
+        
          return parser
  
          
          return parser
  
          
@@ -213,10 +218,10 @@ class Sfi:
                           help="root registry", metavar="URL", default=None)
          parser.add_option("-s", "--slicemgr", dest="sm",
                           help="slice manager", metavar="URL", default=None)
                           help="root registry", metavar="URL", default=None)
          parser.add_option("-s", "--slicemgr", dest="sm",
                           help="slice manager", metavar="URL", default=None)
-        default_sfi_dir=os.path.expanduser("~/.sfi/")
+        default_sfi_dir = os.path.expanduser("~/.sfi/")
          parser.add_option("-d", "--dir", dest="sfi_dir",
                           help="config & working directory - default is " + default_sfi_dir,
          parser.add_option("-d", "--dir", dest="sfi_dir",
                           help="config & working directory - default is " + default_sfi_dir,
-                         metavar="PATH", default = default_sfi_dir)
+                         metavar="PATH", default=default_sfi_dir)
          parser.add_option("-u", "--user", dest="user",
                           help="user name", metavar="HRN", default=None)
          parser.add_option("-a", "--auth", dest="auth",
          parser.add_option("-u", "--user", dest="user",
                           help="user name", metavar="HRN", default=None)
          parser.add_option("-a", "--auth", dest="auth",
@@ -224,6 +229,9 @@ class Sfi:
          parser.add_option("-v", "--verbose",
                           action="store_true", dest="verbose", default=False,
                           help="verbose mode")
          parser.add_option("-v", "--verbose",
                           action="store_true", dest="verbose", default=False,
                           help="verbose mode")
+        parser.add_option("-D", "--debug",
+                          action="store_true", dest="debug", default=False,
+                          help="Debug (xml-rpc) protocol messages")
          parser.add_option("-p", "--protocol",
                           dest="protocol", default="xmlrpc",
                           help="RPC protocol (xmlrpc or soap)")
          parser.add_option("-p", "--protocol",
                           dest="protocol", default="xmlrpc",
                           help="RPC protocol (xmlrpc or soap)")
@@ -243,7 +251,7 @@ class Sfi:
         try:
            config = Config (config_file)
         except:
         try:
            config = Config (config_file)
         except:
-          print "Failed to read configuration file",config_file
+          print "Failed to read configuration file", config_file
            print "Make sure to remove the export clauses and to add quotes"
            if not self.options.verbose:
               print "Re-run with -v for more details"
            print "Make sure to remove the export clauses and to add quotes"
            if not self.options.verbose:
               print "Re-run with -v for more details"
@@ -251,49 +259,47 @@ class Sfi:
               traceback.print_exc()
            sys.exit(1)
      
               traceback.print_exc()
            sys.exit(1)
      
-       errors=0
+       errors = 0
         # Set SliceMgr URL
         if (self.options.sm is not None):
            sm_url = self.options.sm
         # Set SliceMgr URL
         if (self.options.sm is not None):
            sm_url = self.options.sm
-       elif hasattr(config,"SFI_SM"):
+       elif hasattr(config, "SFI_SM"):
            sm_url = config.SFI_SM
         else:
            sm_url = config.SFI_SM
         else:
-          print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s" % config_file
+          errors += 1 
      
         # Set Registry URL
         if (self.options.registry is not None):
            reg_url = self.options.registry
      
         # Set Registry URL
         if (self.options.registry is not None):
            reg_url = self.options.registry
-       elif hasattr(config,"SFI_REGISTRY"):
+       elif hasattr(config, "SFI_REGISTRY"):
            reg_url = config.SFI_REGISTRY
         else:
            reg_url = config.SFI_REGISTRY
         else:
-          print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s"%config_file
-          errors +=1 
-    
+          print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file
+          errors += 1 
+          
+
         # Set user HRN
         if (self.options.user is not None):
            self.user = self.options.user
         # Set user HRN
         if (self.options.user is not None):
            self.user = self.options.user
-       elif hasattr(config,"SFI_USER"):
+       elif hasattr(config, "SFI_USER"):
            self.user = config.SFI_USER
         else:
            self.user = config.SFI_USER
         else:
-          print "You need to set e.g. SFI_USER='plc.princeton.username' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file
+          errors += 1 
      
         # Set authority HRN
         if (self.options.auth is not None):
            self.authority = self.options.auth
      
         # Set authority HRN
         if (self.options.auth is not None):
            self.authority = self.options.auth
-       elif hasattr(config,"SFI_AUTH"):
+       elif hasattr(config, "SFI_AUTH"):
            self.authority = config.SFI_AUTH
         else:
            self.authority = config.SFI_AUTH
         else:
-          print "You need to set e.g. SFI_AUTH='plc.princeton' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file
+          errors += 1 
      
         if errors:
            sys.exit(1)
      
      
         if errors:
            sys.exit(1)
      
-       if self.options.verbose :
-          print "Contacting Slice Manager at:", sm_url
-          print "Contacting Registry at:", reg_url
      
         # Get key and certificate
         key_file = self.get_key_file()
      
         # Get key and certificate
         key_file = self.get_key_file()
@@ -303,10 +309,11 @@ class Sfi:
         self.cert_file = cert_file
         self.cert = Certificate(filename=cert_file) 
         # Establish connection to server(s)
         self.cert_file = cert_file
         self.cert = Certificate(filename=cert_file) 
         # Establish connection to server(s)
-       #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
-       #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
-       self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file)  
-       self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file)  
+       if self.options.verbose : print "Contacting Registry at:", reg_url
+       self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options.debug)  
+       if self.options.verbose : print "Contacting Slice Manager at:", sm_url
+       self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file, self.options.debug)
+
         return
      
      #
         return
      
      #
@@ -324,7 +331,7 @@ class Sfi:
      
      
      def get_key_file(self):
      
      
      def get_key_file(self):
-       file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
+       file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
         if (os.path.isfile(file)):
            return file
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
         if (os.path.isfile(file)):
            return file
@@ -333,14 +340,14 @@ class Sfi:
            sys.exit(-1)
         return
      
            sys.exit(-1)
         return
      
-    def get_cert_file(self,key_file):
+    def get_cert_file(self, key_file):
      
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
      
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
-       file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
+       file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
         if (os.path.isfile(file)):
            return file
         else:
         if (os.path.isfile(file)):
            return file
         else:
-          k = Keypair(filename = key_file)
+          k = Keypair(filename=key_file)
            cert = Certificate(subject=self.user)
            cert.set_pubkey(k)
            cert.set_issuer(k, self.user)
            cert = Certificate(subject=self.user)
            cert.set_pubkey(k)
            cert.set_issuer(k, self.user)
@@ -349,138 +356,99 @@ class Sfi:
               print "Writing self-signed certificate to", file
            cert.save_to_file(file)
            return file
               print "Writing self-signed certificate to", file
            cert.save_to_file(file)
            return file
-   
-    def get_gid(self):
-        #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
-        file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid")
+
+    def get_cached_gid(self, file):
+        """
+        Return a cached gid    
+        """
+        gid = None 
          if (os.path.isfile(file)):
              gid = GID(filename=file)
          if (os.path.isfile(file)):
              gid = GID(filename=file)
-            return gid
-        else:
-            cert_str = self.cert.save_to_string(save_parents=True)
-            request_hash=None
-            if self.hashrequest:
-                request_hash = self.key.compute_hash([cert_str, self.user, "user"])
-            gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash)
-            gid = GID(string=gid_str)
+        return gid
+
+    def get_gid(self, opts, args):
+        hrn = None
+        if args:
+            hrn = args[0]
+        gid = self._get_gid(hrn)
+        print gid.save_to_string(save_parents=True)
+        return gid
+
+    def _get_gid(self, hrn=None):
+        if not hrn:
+            hrn = self.user
+ 
+        gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
+        gid = self.get_cached_gid(gidfile)
+        if not gid:
+            user_cred = self.get_user_cred()
+            records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
+            if not records:
+                raise RecordNotFound(args[0])
+            gid = GID(string=records[0]['gid'])
              if self.options.verbose:
              if self.options.verbose:
-                print "Writing user gid to", file
-            gid.save_to_file(file, save_parents=True)
-            return gid       
+                print "Writing gid to ", gidfile 
+            gid.save_to_file(filename=gidfile)
+        return gid   
+                
+     
+    def get_cached_credential(self, file):
+        """
+        Return a cached credential only if it hasn't expired.
+        """
+        if (os.path.isfile(file)):
+            credential = Credential(filename=file)
+            # make sure it isnt expired 
+            if not credential.get_lifetime or \
+               datetime.datetime.today() < credential.get_lifetime():
+                return credential
+        return None 
   
      def get_user_cred(self):
          #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
   
      def get_user_cred(self):
          #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
-        file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
-        if (os.path.isfile(file)):
-            user_cred = Credential(filename=file)
-            return user_cred
-        else:
-            # bootstrap user credential
-            cert_string = self.cert.save_to_string(save_parents=True)
-            request_hash=None
-            if self.hashrequest:
-                request_hash = self.key.compute_hash([cert_string, "user", self.user])
-           user_name=self.user.replace(self.authority+".", '')
-           if user_name.count(".") > 0:
-              user_name = user_name.replace(".", '_')
-              self.user=self.authority + "." + user_name
-            user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash)
-            if user_cred:
-               cred = Credential(string=user_cred)
-               cred.save_to_file(file, save_parents=True)
-               if self.options.verbose:
-                    print "Writing user credential to", file
-               return cred
-            else:
-               print "Failed to get user credential"
-               sys.exit(-1)
-  
+        file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
+        return self.get_cred(file, 'user', self.user)
+
      def get_auth_cred(self):
          if not self.authority:
              print "no authority specified. Use -a or set SF_AUTH"
              sys.exit(-1)
      def get_auth_cred(self):
          if not self.authority:
              print "no authority specified. Use -a or set SF_AUTH"
              sys.exit(-1)
-    
-        file = os.path.join(self.options.sfi_dir, get_leaf("authority") +".cred")
-        if (os.path.isfile(file)):
-            auth_cred = Credential(filename=file)
-            return auth_cred
-        else:
-            # bootstrap authority credential from user credential
-            user_cred = self.get_user_cred().save_to_string(save_parents=True)
-            request_hash = None
-            if self.hashrequest:
-                request_hash = self.key.compute_hash([user_cred, "authority", self.authority])
-            auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash)
-            if auth_cred:
-                cred = Credential(string=auth_cred)
-                cred.save_to_file(file, save_parents=True)
-                if self.options.verbose:
-                    print "Writing authority credential to", file
-                return cred
-            else:
-                print "Failed to get authority credential"
-                sys.exit(-1)
-    
-    def get_slice_cred(self,name):
+        file = os.path.join(self.options.sfi_dir, get_leaf("authority") + ".cred")
+        return self.get_cred(file, 'authority', self.authority)
+
+    def get_slice_cred(self, name):
          file = os.path.join(self.options.sfi_dir, "slice_" + get_leaf(name) + ".cred")
          file = os.path.join(self.options.sfi_dir, "slice_" + get_leaf(name) + ".cred")
-        if (os.path.isfile(file)):
-            slice_cred = Credential(filename=file)
-            return slice_cred
-        else:
-            # bootstrap slice credential from user credential
-            user_cred = self.get_user_cred().save_to_string(save_parents=True)
-            arg_list = [user_cred, "slice", name]
-            request_hash=None
-            if self.hashrequest:
-                request_hash = self.key.compute_hash(arg_list)  
-            slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash)
-            if slice_cred_str:
-                slice_cred = Credential(string=slice_cred_str)
-                slice_cred.save_to_file(file, save_parents=True)
-                if self.options.verbose:
-                    print "Writing slice credential to", file
-                return slice_cred
+        return self.get_cred(file, 'slice', name)
+ 
+    def get_cred(self, file, type, hrn):
+        # attempt to load a cached credential 
+        cred = self.get_cached_credential(file)    
+        if not cred:
+            if type in ['user']:
+                cert_string = self.cert.save_to_string(save_parents=True)
+                user_name = self.user.replace(self.authority + ".", '')
+                if user_name.count(".") > 0:
+                    user_name = user_name.replace(".", '_')
+                    self.user = self.authority + "." + user_name
+                cred_str = self.registry.get_self_credential(cert_string, "user", hrn)
              else:
              else:
-                print "Failed to get slice credential"
+                # bootstrap slice credential from user credential
+                user_cred = self.get_user_cred().save_to_string(save_parents=True)
+                cred_str = self.registry.get_credential(user_cred, type, hrn)
+            
+            if not cred_str:
+                print "Failed to get %s credential" % (type)
                  sys.exit(-1)
                  sys.exit(-1)
+                
+            cred = Credential(string=cred_str)
+            cred.save_to_file(file, save_parents=True)
+            if self.options.verbose:
+                print "Writing %s credential to %s" %(type, file)
+
+        return cred
+ 
      
      
-    def delegate_cred(self,cred, hrn, type = 'authority'):
-        # the gid and hrn of the object we are delegating
-        object_gid = cred.get_gid_object()
-        object_hrn = object_gid.get_hrn()
-        cred.set_delegate(True)
-        if not cred.get_delegate():
-            raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
-           
-    
-        records = self.registry.resolve(cred, hrn)
-        records = filter_records(type, records)
-        
-        if not records:
-            raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
-    
-        # the gid of the user who will be delegated too
-        delegee_gid = records[0].get_gid_object()
-        delegee_hrn = delegee_gid.get_hrn()
-        
-        # the key and hrn of the user who will be delegating
-        user_key = Keypair(filename = self.get_key_file())
-        user_hrn = cred.get_gid_caller().get_hrn()
-    
-        dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
-        dcred.set_gid_caller(delegee_gid)
-        dcred.set_gid_object(object_gid)
-        dcred.set_privileges(cred.get_privileges())
-        dcred.set_delegate(True)
-        dcred.set_pubkey(object_gid.get_pubkey())
-        dcred.set_issuer(user_key, user_hrn)
-        dcred.set_parent(cred)
-        dcred.encode()
-        dcred.sign()
-    
-        return dcred
-    
-    def get_rspec_file(self,rspec):
+    def get_rspec_file(self, rspec):
         if (os.path.isabs(rspec)):
            file = rspec
         else:
         if (os.path.isabs(rspec)):
            file = rspec
         else:
@@ -491,7 +459,7 @@ class Sfi:
            print "No such rspec file", rspec
            sys.exit(1)
      
            print "No such rspec file", rspec
            sys.exit(1)
      
-    def get_record_file(self,record):
+    def get_record_file(self, record):
         if (os.path.isabs(record)):
            file = record
         else:
         if (os.path.isabs(record)):
            file = record
         else:
@@ -502,8 +470,8 @@ class Sfi:
            print "No such registry record file", record
            sys.exit(1)
      
            print "No such registry record file", record
            sys.exit(1)
      
-    def load_publickey_string(self,fn):
-       f = file(fn,"r")
+    def load_publickey_string(self, fn):
+       f = file(fn, "r")
         key_string = f.read()
      
         # if the filename is a private key file, then extract the public key
         key_string = f.read()
      
         # if the filename is a private key file, then extract the public key
@@ -517,42 +485,55 @@ class Sfi:
      
         return key_string
  
      
         return key_string
  
-    def get_component_server_from_hrn(hrn):
+    def get_component_server_from_hrn(self, hrn):
          # direct connection to the nodes component manager interface
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          # direct connection to the nodes component manager interface
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
-        request_hash = self.key.compute_hash([user_cred, hrn])
-        records = self.registry.resolve(user_cred, hrn, request_hash)
+        records = self.registry.Resolve(hrn, user_cred)
          records = filter_records('node', records)
          if not records:
              print "No such component:", opts.component
          record = records[0]
          records = filter_records('node', records)
          if not records:
              print "No such component:", opts.component
          record = records[0]
-        cm_port = "12346"
-        url = "https://%s:%s" % (record['hostname'], cm_port)
-        return xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
-    
-    #
+  
+        return self.get_server(record['hostname'], CM_PORT, self.key_file, \
+                               self.cert_file, self.options.debug)
+ 
+    def get_server(self, host, port, keyfile, certfile, debug):
+        """
+        Return an instnace of an xmlrpc server connection    
+        """
+        url = "http://%s:%s" % (host, port)
+        return xmlrpcprotocol.get_server(url, keyfile, certfile, debug)
+
+    def get_server_from_opts(self, opts):
+        """
+        Return instance of an xmlrpc connection to a slice manager, aggregate
+        or component server depending on the specified opts
+        """
+        server = self.slicemgr
+        # direct connection to an aggregate
+        if hasattr(opts, 'aggregate') and opts.aggregate:
+            server = self.get_server(opts.aggregate, opts.port, self.key_file, \
+                                     self.cert_file, self.options.debug)
+        # direct connection to the nodes component manager interface
+        if hasattr(opts, 'component') and opts.component:
+            server = self.get_component_server_from_hrn(opts.component)    
+ 
+        return server
+    #==========================================================================
      # Following functions implement the commands
      #
      # Registry-related commands
      # Following functions implement the commands
      #
      # Registry-related commands
-    #
+    #==========================================================================
    
    
-    def dispatch(self,command, cmd_opts, cmd_args):
-        getattr(self,command)(cmd_opts, cmd_args)
- 
-    def gid(self, opts, args):
-        gid = self.get_gid()
-        print "GID: %s" % (gid.save_to_string(save_parents=True))
-        return   
+    def dispatch(self, command, cmd_opts, cmd_args):
+        getattr(self, command)(cmd_opts, cmd_args)
   
      # list entires in named authority registry
   
      # list entires in named authority registry
-    def list(self,opts, args):
+    def list(self, opts, args):
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = args[0]
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = args[0]
-        request_hash=None
-        if self.hashrequest:
-            request_hash = self.key.compute_hash([user_cred, hrn])    
          try:
          try:
-            list = self.registry.list(user_cred, hrn, request_hash)
+            list = self.registry.List(hrn, user_cred)
          except IndexError:
              raise Exception, "Not enough parameters for the 'list' command"
            
          except IndexError:
              raise Exception, "Not enough parameters for the 'list' command"
            
@@ -569,30 +550,27 @@ class Sfi:
          return
      
      # show named registry record
          return
      
      # show named registry record
-    def show(self,opts, args):
+    def show(self, opts, args):
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = args[0]
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = args[0]
-        request_hash=None
-        if self.hashrequest:
-            request_hash = self.key.compute_hash([user_cred, hrn])    
-        records = self.registry.resolve(user_cred, hrn, request_hash)
+        records = self.registry.Resolve(hrn, user_cred)
          records = filter_records(opts.type, records)
          if not records:
              print "No record of type", opts.type
          for record in records:
              if record['type'] in ['user']:
          records = filter_records(opts.type, records)
          if not records:
              print "No record of type", opts.type
          for record in records:
              if record['type'] in ['user']:
-                record = UserRecord(dict = record)
+                record = UserRecord(dict=record)
              elif record['type'] in ['slice']:
              elif record['type'] in ['slice']:
-                record = SliceRecord(dict = record)
+                record = SliceRecord(dict=record)
              elif record['type'] in ['node']:
              elif record['type'] in ['node']:
-                record = NodeRecord(dict = record)
+                record = NodeRecord(dict=record)
              elif record['type'] in ['authority', 'ma', 'sa']:
              elif record['type'] in ['authority', 'ma', 'sa']:
-                record = AuthorityRecord(dict = record)
+                record = AuthorityRecord(dict=record)
              else:
              else:
-                record = GeniRecord(dict = record)
-            if (opts.format=="text"): 
+                record = SfaRecord(dict=record)
+            if (opts.format == "text"): 
                  record.dump()  
                  record.dump()  
-            else: 
+            else:
                  print record.save_to_string() 
         
          if opts.file:
                  print record.save_to_string() 
         
          if opts.file:
@@ -602,89 +580,74 @@ class Sfi:
              save_records_to_file(file, records)
          return
      
              save_records_to_file(file, records)
          return
      
-    def delegate(self,opts, args):
-       user_cred = self.get_user_cred()
-       if opts.delegate_user:
-           object_cred = user_cred
-       elif opts.delegate_slice:
-           object_cred = self.get_slice_cred(opts.delegate_slice)
-       else:
-           print "Must specify either --user or --slice <hrn>"
-           return
-    
-       # the gid and hrn of the object we are delegating
-       object_gid = object_cred.get_gid_object()
-       object_hrn = object_gid.get_hrn()
-    
-       if not object_cred.get_delegate():
-           print "Error: Object credential", object_hrn, "does not have delegate bit set"
-           return
-    
-       records = self.registry.resolve(user_cred, args[0])
-       records = filter_records("user", records)
-    
-       if not records:
-           print "Error: Didn't find a user record for", args[0]
-           return
-    
-       # the gid of the user who will be delegated too
-       delegee_gid = records[0].get_gid_object()
-       delegee_hrn = delegee_gid.get_hrn()
-    
-       # the key and hrn of the user who will be delegating
-       user_key = Keypair(filename = self.get_key_file())
-       user_hrn = user_cred.get_gid_caller().get_hrn()
-    
-       dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
-       dcred.set_gid_caller(delegee_gid)
-       dcred.set_gid_object(object_gid)
-       dcred.set_privileges(object_cred.get_privileges())
-       dcred.set_delegate(True)
-       dcred.set_pubkey(object_gid.get_pubkey())
-       dcred.set_issuer(user_key, user_hrn)
-       dcred.set_parent(object_cred)
-       dcred.encode()
-       dcred.sign()
-    
-       if opts.delegate_user:
-           dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_" 
+    def delegate(self, opts, args):
+
+        delegee_hrn = args[0]
+        if opts.delegate_user:
+            user_cred = self.get_user_cred()
+            cred = self.delegate_cred(user_cred, delegee_hrn)
+        elif opts.delegate_slice:
+            slice_cred = self.get_slice_cred(opts.delegate_slice)
+            cred = self.delegate_cred(slice_cred, delegee_hrn)
+        else:
+            print "Must specify either --user or --slice <hrn>"
+            return
+        delegated_cred = Credential(string=cred)
+        object_hrn = delegated_cred.get_gid_object().get_hrn()
+        if opts.delegate_user:
+            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
                                    + get_leaf(object_hrn) + ".cred")
                                    + get_leaf(object_hrn) + ".cred")
-       elif opts.delegate_slice:
-           dest_fn = os.path_join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_" 
+        elif opts.delegate_slice:
+            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
                                    + get_leaf(object_hrn) + ".cred")
                                    + get_leaf(object_hrn) + ".cred")
+
+        delegated_cred.save_to_file(dest_fn, save_parents=True)
+
+        print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
      
      
-       dcred.save_to_file(dest_fn, save_parents = True)
-    
-       print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
+    def delegate_cred(self, object_cred, hrn):
+        # the gid and hrn of the object we are delegating
+        if isinstance(object_cred, str):
+            object_cred = Credential(string=object_cred) 
+        object_gid = object_cred.get_gid_object()
+        object_hrn = object_gid.get_hrn()
      
      
+        if not object_cred.get_privileges().get_all_delegate():
+            print "Error: Object credential", object_hrn, "does not have delegate bit set"
+            return
+
+        # the delegating user's gid
+        caller_gid = self._get_gid(self.user)
+        caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid")
+  
+        # the gid of the user who will be delegated to
+        delegee_gid = self._get_gid(hrn)
+        delegee_hrn = delegee_gid.get_hrn()
+        delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid")
+        delegee_gid.save_to_file(filename=delegee_gidfile)
+        dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile)
+        return dcred.save_to_string(save_parents=True)
+     
      # removed named registry record
      #   - have to first retrieve the record to be removed
      # removed named registry record
      #   - have to first retrieve the record to be removed
-    def remove(self,opts, args):
+    def remove(self, opts, args):
          auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
          hrn = args[0]
          type = opts.type 
          if type in ['all']:
              type = '*'
          auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
          hrn = args[0]
          type = opts.type 
          if type in ['all']:
              type = '*'
-        request_hash=None
-        if self.hashrequest: 
-            arg_list = [auth_cred, type, hrn]
-            request_hash = self.key.compute_hash(arg_list)                   
-        return self.registry.remove(auth_cred, type, hrn, request_hash)
+        return self.registry.Remove(hrn, auth_cred, type)
      
      # add named registry record
      
      # add named registry record
-    def add(self,opts, args):
+    def add(self, opts, args):
          auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
          record_filepath = args[0]
          rec_file = self.get_record_file(record_filepath)
          record = load_record_from_file(rec_file).as_dict()
          auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
          record_filepath = args[0]
          rec_file = self.get_record_file(record_filepath)
          record = load_record_from_file(rec_file).as_dict()
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [auth_cred]
-            request_hash = self.key.compute_hash(arg_list)
-        return self.registry.register(auth_cred, record, request_hash)
+        return self.registry.Register(record, auth_cred)
      
      # update named registry entry
      
      # update named registry entry
-    def update(self,opts, args):
+    def update(self, opts, args):
          user_cred = self.get_user_cred()
          rec_file = self.get_record_file(args[0])
          record = load_record_from_file(rec_file)
          user_cred = self.get_user_cred()
          rec_file = self.get_record_file(args[0])
          record = load_record_from_file(rec_file)
@@ -710,15 +673,11 @@ class Sfi:
          else:
              raise "unknown record type" + record.get_type()
          record = record.as_dict()
          else:
              raise "unknown record type" + record.get_type()
          record = record.as_dict()
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [cred]  
-            request_hash = self.key.compute_hash(arg_list)
-        return self.registry.update(cred, record, request_hash)
+        return self.registry.Update(record, cred)
    
      def get_trusted_certs(self, opts, args):
          """
    
      def get_trusted_certs(self, opts, args):
          """
-        return the trusted certs at this interface 
+        return uhe trusted certs at this interface 
          """ 
          trusted_certs = self.registry.get_trusted_certs()
          for trusted_cert in trusted_certs:
          """ 
          trusted_certs = self.registry.get_trusted_certs()
          for trusted_cert in trusted_certs:
@@ -732,13 +691,10 @@ class Sfi:
          """
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = None
          """
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          hrn = None
-        if args: 
+        if args:
              hrn = args[0]
              hrn = args[0]
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [user_cred, hrn]  
-            request_hash = self.key.compute_hash(arg_list)
-        result = self.registry.get_aggregates(user_cred, hrn, request_hash)
+
+        result = self.registry.get_aggregates(user_cred, hrn)
          display_list(result)
          return 
  
          display_list(result)
          return 
  
@@ -750,60 +706,57 @@ class Sfi:
          hrn = None
          if args:
              hrn = args[0]
          hrn = None
          if args:
              hrn = args[0]
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [user_cred, hrn]  
-            request_hash = self.key.compute_hash(arg_list)
-        result = self.registry.get_registries(user_cred, hrn, request_hash)
+        result = self.registry.get_registries(user_cred, hrn)
          display_list(result)
          return
  
   
          display_list(result)
          return
  
   
-    #
+    # ==================================================================
      # Slice-related commands
      # Slice-related commands
-    #
+    # ==================================================================
      
      
-    # list available nodes -- use 'resources' w/ no argument instead
+
+    def version(self, opts, args):
+        server = self.get_server_from_opts(opts)
+        
+        print server.GetVersion()
  
      # list instantiated slices
  
      # list instantiated slices
-    def slices(self,opts, args):
+    def slices(self, opts, args):
+        """
+        list instantiated slices
+        """
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [user_cred]
-            request_hash = self.key.compute_hash(arg_list)
-        results = self.slicemgr.get_slices(user_cred, request_hash)
+        creds = [user_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority))
+            creds.append(delegated_cred)  
+        server = self.get_server_from_opts(opts)
+        results = server.ListSlices(creds)
          display_list(results)
          return
      
      # show rspec for named slice
          display_list(results)
          return
      
      # show rspec for named slice
-    def resources(self,opts, args):
+    def resources(self, opts, args):
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          server = self.slicemgr
          user_cred = self.get_user_cred().save_to_string(save_parents=True)
          server = self.slicemgr
-        if opts.aggregate:
-            agg_hrn = opts.aggregate
-            arg_list = [user_cred, agg_hrn]
-            request_hash = self.key.compute_hash(arg_list)
-            aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
-            if not aggregates:
-                raise Exception, "No such aggregate %s" % agg_hrn
-            aggregate = aggregates[0]
-            url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])     
-            server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+        call_options = {}
+        server = self.get_server_from_opts(opts)
+        
          if args:
              cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
              hrn = args[0]
          if args:
              cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
              hrn = args[0]
+            call_options = {'geni_slice_urn': hrn_to_urn(hrn, 'slice')}
          else:
              cred = user_cred
              hrn = None
          else:
              cred = user_cred
              hrn = None
-
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [cred, hrn]
-            request_hash = self.key.compute_hash(arg_list)  
-        result = server.get_resources(cred, hrn, request_hash)
+     
+        creds = [cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(cred, get_authority(self.authority))
+            creds.append(delegated_cred) 
+        result = server.ListResources(creds, call_options)
          format = opts.format
          format = opts.format
-       
          display_rspec(result, format)
          if (opts.file is not None):
              file = opts.file
          display_rspec(result, format)
          if (opts.file is not None):
              file = opts.file
@@ -813,46 +766,36 @@ class Sfi:
          return
      
      # created named slice with given rspec
          return
      
      # created named slice with given rspec
-    def create(self,opts, args):
+    def create(self, opts, args):
          slice_hrn = args[0]
          slice_hrn = args[0]
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
          rspec_file = self.get_rspec_file(args[1])
          rspec_file = self.get_rspec_file(args[1])
-        rspec=open(rspec_file).read()
-        server = self.slicemgr
-        if opts.aggregate:
-            aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
-            if not aggregates:
-                raise Exception, "No such aggregate %s" % opts.aggregate
-            aggregate = aggregates[0]
-            url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
-            server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn, rspec]
-            request_hash = self.key.compute_hash(arg_list) 
-        return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
+        rspec = open(rspec_file).read()
+        server = self.get_server_from_opts(opts)
+        result =  server.CreateSliver(slice_urn, creds, rspec, [])
+        print result
+        return result
  
      # get a ticket for the specified slice
      def get_ticket(self, opts, args):
          slice_hrn, rspec_path = args[0], args[1]
  
      # get a ticket for the specified slice
      def get_ticket(self, opts, args):
          slice_hrn, rspec_path = args[0], args[1]
+        slice_urn = hrn_to_urn(slice_hrn, 'slice')
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
          rspec_file = self.get_rspec_file(rspec_path) 
          rspec_file = self.get_rspec_file(rspec_path) 
-        rspec=open(rspec_file).read()
-        server = self.slicemgr
-        if opts.aggregate:
-            aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
-            if not aggregates:
-                raise Exception, "No such aggregate %s" % opts.aggregate
-            aggregate = aggregates[0]
-            url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
-            server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn, rspec]
-            request_hash = self.key.compute_hash(arg_list)
-        ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash)
+        rspec = open(rspec_file).read()
+        server = self.get_server_from_opts(opts)
+        ticket_string = server.GetTicket(slice_urn, creds, rspec, [])
          file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
          print "writing ticket to ", file        
          ticket = SfaTicket(string=ticket_string)
          file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
          print "writing ticket to ", file        
          ticket = SfaTicket(string=ticket_string)
@@ -865,93 +808,117 @@ class Sfi:
          # use this to get the right slice credential 
          ticket = SfaTicket(filename=ticket_file)
          ticket.decode()
          # use this to get the right slice credential 
          ticket = SfaTicket(filename=ticket_file)
          ticket.decode()
-        slice_hrn = ticket.attributes['slivers'][0]['hrn']
+        slice_hrn = ticket.gidObject.get_hrn()
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        #slice_hrn = ticket.attributes['slivers'][0]['hrn']
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
          
          user_cred = self.get_user_cred()
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
          
-        # get a list node hostnames from the nodespecs in the rspec 
-        rspec = RSpec()
-        rspec.parseString(ticket.rspec)
-        nodespecs = rspec.getDictsByTagName('NodeSpec')
-        hostnames = [nodespec['name'] for nodespec in nodespecs]
+        # get a list of node hostnames from the RSpec 
+        tree = etree.parse(StringIO(ticket.rspec))
+        root = tree.getroot()
+        hostnames = root.xpath("./network/site/node/hostname/text()")
          
          # create an xmlrpc connection to the component manager at each of these
          # components and gall redeem_ticket
          connections = {}
          for hostname in hostnames:
              try:
          
          # create an xmlrpc connection to the component manager at each of these
          # components and gall redeem_ticket
          connections = {}
          for hostname in hostnames:
              try:
-                cm_port = "12346" 
-                url = "https://%(hostname)s:%(cm_port)s" % locals() 
-                print "Calling get_ticket at %(url)s " % locals(),  
-                cm = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
-                cm.redeem_ticket(slice_cred, ticket.save_to_string(save_parents=True))
+                print "Calling redeem_ticket at %(hostname)s " % locals(),
+                server = self.get_server(hostname, CM_PORT, self.key_file, \
+                                         self.cert_file, self.options.debug)
+                server.RedeemTicket(ticket.save_to_string(save_parents=True), slice_cred)
                  print "Success"
              except socket.gaierror:
                  print "Failed:",
                  print "Componet Manager not accepting requests" 
              except Exception, e:
                  print "Failed:", e.message
                  print "Success"
              except socket.gaierror:
                  print "Failed:",
                  print "Componet Manager not accepting requests" 
              except Exception, e:
                  print "Failed:", e.message
-             
          return
   
      # delete named slice
          return
   
      # delete named slice
-    def delete(self,opts, args):
+    def delete(self, opts, args):
          slice_hrn = args[0]
          slice_hrn = args[0]
-        server = self.slicemgr
-        # direct connection to the nodes component manager interface
-        if opts.component:
-            server = self.get_component_server_from_hrn(opts.component)
- 
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
          slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn]
-            request_hash = self.key.compute_hash(arg_list) 
-        return server.delete_slice(slice_cred, slice_hrn, request_hash)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        server = self.get_server_from_opts(opts)
+        return server.DeleteSliver(slice_urn, creds)
      
      # start named slice
      
      # start named slice
-    def start(self,opts, args):
+    def start(self, opts, args):
          slice_hrn = args[0]
          slice_hrn = args[0]
-        server = self.slicemgr
-        # direct connection to the nodes component manager interface
-        if opts.component:
-            server = self.get_component_server_from_hrn(opts.component)
- 
-        slice_cred = self.get_slice_cred(args[0])
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn]
-            request_hash = self.key.compute_hash(arg_list)
-        return server.start_slice(slice_cred, slice_hrn, request_hash)
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        server = self.get_server_from_opts(opts)
+        return server.Start(slice_urn, creds)
      
      # stop named slice
      
      # stop named slice
-    def stop(self,opts, args):
+    def stop(self, opts, args):
          slice_hrn = args[0]
          slice_hrn = args[0]
-        server = self.slicemgr
-        # direct connection to the nodes component manager interface
-        if opts.component:
-            server = self.get_component_server_from_hrn(opts.component)
-
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
          slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn]
-            request_hash = self.key.compute_hash(arg_list)
-        return server.stop_slice(slice_cred, slice_hrn, request_hash)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        server = self.get_server_from_opts(opts)
+        return server.Stop(slice_urn, creds)
      
      # reset named slice
      
      # reset named slice
-    def reset(self,opts, args):
+    def reset(self, opts, args):
          slice_hrn = args[0]
          slice_hrn = args[0]
-        server = self.slicemgr
-        # direct connection to the nodes component manager interface
-        if opts.component:
-            server = self.get_component_server_from_hrn(opts.component)
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        server = self.get_server_from_opts(opts)
          slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
          slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
-        request_hash=None
-        if self.hashrequest:
-            arg_list = [slice_cred, slice_hrn]
-            request_hash = self.key.compute_hash(arg_list)
-        return server.reset_slice(slice_cred, slice_hrn, request_hash)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        return server.reset_slice(creds, slice_urn)
+
+    def renew(self, opts, args):
+        slice_hrn = args[0]
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        server = self.get_server_from_opts(opts)
+        slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        time = args[1]
+        return server.RenewSliver(slice_urn, creds, time)
+
+
+    def status(self, opts, args):
+        slice_hrn = args[0]
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        server = self.get_server_from_opts(opts)
+        print server.SliverStatus(slice_urn, creds)
+
+
+    def shutdown(self, opts, args):
+        slice_hrn = args[0]
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+        creds = [slice_cred]
+        if opts.delegate:
+            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+            creds.append(delegated_cred)
+        server = self.get_server_from_opts(opts)
+        return server.Shutdown(slice_urn, creds)         
      
      #
      # Main: parse arguments and dispatch to command
      
      #
      # Main: parse arguments and dispatch to command
@@ -962,11 +929,11 @@ class Sfi:
          self.options = options
     
          if options.hashrequest:
          self.options = options
     
          if options.hashrequest:
-            self.hashrequest=True
+            self.hashrequest = True
   
          if len(args) <= 0:
              print "No command given. Use -h for help."
   
          if len(args) <= 0:
              print "No command given. Use -h for help."
-            return -1
+            return - 1
      
          command = args[0]
          (cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
      
          command = args[0]
          (cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
@@ -974,12 +941,12 @@ class Sfi:
              print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry, options.sm,
                                                                     options.sfi_dir, options.user,
                                                                     options.auth)
              print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry, options.sm,
                                                                     options.sfi_dir, options.user,
                                                                     options.auth)
-            print "Command %s" %command
+            print "Command %s" % command
              if command in ("resources"):
              if command in ("resources"):
-                print "resources cmd_opts %s" %cmd_opts.format
-            elif command in ("list","show","remove"):
-                print "cmd_opts.type %s" %cmd_opts.type
-            print "cmd_args %s" %cmd_args
+                print "resources cmd_opts %s" % cmd_opts.format
+            elif command in ("list", "show", "remove"):
+                print "cmd_opts.type %s" % cmd_opts.type
+            print "cmd_args %s" % cmd_args
      
          self.set_servers()
      
      
          self.set_servers()
      
@@ -992,5 +959,5 @@ class Sfi:
      
          return
      
      
          return
      
-if __name__=="__main__":
+if __name__ == "__main__":
     Sfi().main()
     Sfi().main()