def get_dbinfo(self):
f = file(self.dbinfo_filename)
- dict = eval(f.read())\r
- f.close()\r
- return dict\r
-\r
+ dict = eval(f.read())
+ f.close()
+ return dict
+
##\r
# Replace the GID with a new one. The file specified by gid_filename is\r
# overwritten with the new GID object\r
#\r
# @param gid object containing new GID\r
-\r
- def update_gid_object(self, gid):\r
- gid.save_to_file(self.gid_filename)\r
- self.gid_object = gid\r
-\r
+
+ def update_gid_object(self, gid):
+ gid.save_to_file(self.gid_filename)
+ self.gid_object = gid
+
##\r
# The Hierarchy class is responsible for managing the tree of authorities.\r
# Each authority is a node in the tree and exists as an AuthInfo object.\r
#
# @param basedir the base directory to store the hierarchy in
- def __init__(self, basedir="."):
+ def __init__(self, basedir = None):
+ config = Config()
+ if not basedir:
+ basedir = config.GENI_BASE_DIR + os.sep + 'geni' + os.sep
self.basedir = os.path.join(basedir, "authorities")
##
def auth_exists(self, hrn):
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
self.get_auth_filenames(hrn)
-
+
return os.path.exists(gid_filename) and \
os.path.exists(privkey_filename) and \
os.path.exists(dbinfo_filename)
if errno == 17:\r
pass
- pkey = Keypair(create = True)
- pkey.save_to_file(privkey_filename)
+ if os.path.exists(privkey_filename):
+ print "using existing key", privkey_filename, "for authority", hrn
+ pkey = Keypair(filename = privkey_filename)
+ else:
+ pkey = Keypair(create = True)
+ pkey.save_to_file(privkey_filename)
gid = self.create_gid(hrn, create_uuid(), pkey)
gid.save_to_file(gid_filename, save_parents=True)
def get_auth_info(self, hrn):
#report.trace("Hierarchy: getting authority: " + hrn)
-
+
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
# the authority's parent.
#
# @param hrn the human readable name of the authority
+ # @param authority type of credential to return (authority | sa | ma)
- def get_auth_cred(self, hrn):
+ def get_auth_cred(self, hrn, kind="authority"):
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
cred = Credential(subject=hrn)
cred.set_gid_caller(gid)
cred.set_gid_object(gid)
- cred.set_privileges("authority")
+ cred.set_privileges(kind)
cred.set_delegate(True)
cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
cred.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
- cred.set_parent(self.get_auth_cred(parent_hrn))
+ cred.set_parent(self.get_auth_cred(parent_hrn, kind))
cred.encode()
cred.sign()