+++ /dev/null
-import tempfile
-import os
-
-from cert import *
-from gid import *
-from geniserver import *
-
-# DummyRegistry implements the security layer for a registry. It creates GIDs
-# by using the public key contained in client's certificate.
-
-
-class DummyRegistry(GeniServer):
- gid_dict = {}
-
- def __init__(self, ip, port, key_file, cert_file):
- GeniServer.__init__(self, ip, port, key_file, cert_file)
-
- def register_functions(self):
- GeniServer.register_functions(self)
- self.server.register_function(self.get_self_credential)
- self.server.register_function(self.get_credential)
- self.server.register_function(self.get_gid)
-
- def resolve_gid(self, name):
- gid = self.gid_dict.get(name, None)
- if gid:
- return [gid]
-
- # assume the user is who he says he is, and create a GID for him
- peer_cert = self.server.peer_cert
- gid = GID(subject=name, uuid=create_uuid(), hrn=name)
- gid.set_pubkey(peer_cert.get_pubkey())
- gid.set_issuer(key=self.key, cert=self.cert)
- gid.encode()
- gid.sign()
-
- self.gid_dict[name] = gid
-
- return [gid]
-
- def get_gid(self, name):
- gid_list = self.resolve_gid(name)
- gid_string_list = []
- for gid in gid_list:
- gid_string_list.append(gid.save_to_string())
- return gid_string_list
-
- def get_self_credential(self, type, name):
- client_gid = self.resolve_gid(name)[0]
- cred = Credential(subject = client_gid.get_subject())
- cred.set_gid_caller(client_gid)
- cred.set_issuer(key=self.key, cert=self.cert)
- cred.set_pubkey(client_gid.get_pubkey())
- cred.encode()
- cred.sign()
- return cred.save_to_string()
-
- def get_credential(self, cred, type, name):
- if not cred:
- return get_self_credential(self, type, name)
-
- self.decode_authentication(cred)
-
- object_gid = self.resolve_gid(name)[0]
- new_cred = Credential(subject = object_gid.get_subject())
- new_cred.set_gid_caller(self.client_gid)
- new_cred.set_gid_object(object_gid)
- new_cred.set_issuer(key=self.key, cert=self.cert)
- new_cred.set_pubkey(object_gid.get_pubkey())
- new_cred.encode()
- new_cred.sign()
-
- return new_cred.save_to_string()
-
-if __name__ == "__main__":
- key_file = "dummyserver.key"
- cert_file = "dummyserver.cert"
-
- # if no key is specified, then make one up
- if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
- key = Keypair(create=True)
- key_file = "dummyserver.key"
- key.save_to_file(key_file)
-
- cert = Certificate(subject="dummy")
- cert.set_issuer(key=key, subject="dummy")
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(cert_file)
-
- s = DummyRegistry("localhost", 12345, key_file, cert_file)
- s.run()
-
git://git.onelab.eu / sfa.git / blobdiff