# *.DBINFO - database info
##
+### $Id$
+### $URL$
+
import os
import report
-from cert import *
-from credential import *
-from gid import *
-from misc import *
-from config import *
-from geniticket import *
+
+from geni.trust.certificate import KeyPair
+from geni.trust.credential import *
+from geni.trust.gid import *
+
+from geni.util.misc import *
+from geni.util.config import *
+from geni.util.geniticket import *
##
# The AuthInfo class contains the information for an authority. This information
def get_dbinfo(self):
f = file(self.dbinfo_filename)
- dict = eval(f.read())\r
- f.close()\r
- return dict\r
-\r
- ##\r
- # Replace the GID with a new one. The file specified by gid_filename is\r
- # overwritten with the new GID object\r
- #\r
- # @param gid object containing new GID\r
-\r
- def update_gid_object(self, gid):\r
- gid.save_to_file(self.gid_filename)\r
- self.gid_object = gid\r
-\r
-##\r
-# The Hierarchy class is responsible for managing the tree of authorities.\r
-# Each authority is a node in the tree and exists as an AuthInfo object.\r
-#\r
-# The tree is stored on disk in a hierarchical manner than reflects the\r
-# structure of the tree. Each authority is a subdirectory, and each subdirectory\r
-# contains the GID, pkey, and dbinfo files for that authority (as well as\r
-# subdirectories for each sub-authority)\r
+ dict = eval(f.read())
+ f.close()
+ return dict
+
+ ##
+ # Replace the GID with a new one. The file specified by gid_filename is
+ # overwritten with the new GID object
+ #
+ # @param gid object containing new GID
+
+ def update_gid_object(self, gid):
+ gid.save_to_file(self.gid_filename)
+ self.gid_object = gid
+
+##
+# The Hierarchy class is responsible for managing the tree of authorities.
+# Each authority is a node in the tree and exists as an AuthInfo object.
+#
+# The tree is stored on disk in a hierarchical manner than reflects the
+# structure of the tree. Each authority is a subdirectory, and each subdirectory
+# contains the GID, pkey, and dbinfo files for that authority (as well as
+# subdirectories for each sub-authority)
class Hierarchy():
##
#
# @param basedir the base directory to store the hierarchy in
- def __init__(self, basedir="."):
- self.basedir = os.path.join(basedir, "authorities")
-
+ def __init__(self, basedir = None):
+ if not basedir:
+ config = Config()
+ basedir = config.config_path + os.sep + "authorities"
+ self.basedir = basedir
##
# Given a hrn, return the filenames of the GID, private key, and dbinfo
# files.
def auth_exists(self, hrn):
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
self.get_auth_filenames(hrn)
-
+
return os.path.exists(gid_filename) and \
os.path.exists(privkey_filename) and \
os.path.exists(dbinfo_filename)
# create the directory to hold the files
try:
- os.makedirs(directory)\r
- # if the path already exists then pass\r
- except OSError, (errno, strerr):\r
- if errno == 17:\r
+ os.makedirs(directory)
+ # if the path already exists then pass
+ except OSError, (errno, strerr):
+ if errno == 17:
pass
- pkey = Keypair(create = True)
- pkey.save_to_file(privkey_filename)
+ if os.path.exists(privkey_filename):
+ print "using existing key", privkey_filename, "for authority", hrn
+ pkey = Keypair(filename = privkey_filename)
+ else:
+ pkey = Keypair(create = True)
+ pkey.save_to_file(privkey_filename)
gid = self.create_gid(hrn, create_uuid(), pkey)
gid.save_to_file(gid_filename, save_parents=True)
dbinfo = get_default_dbinfo()
dbinfo_file = file(dbinfo_filename, "w")
- dbinfo_file.write(str(dbinfo))\r
+ dbinfo_file.write(str(dbinfo))
dbinfo_file.close()
##
def get_auth_info(self, hrn):
#report.trace("Hierarchy: getting authority: " + hrn)
-
+
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
# the authority's parent.
#
# @param hrn the human readable name of the authority
+ # @param authority type of credential to return (authority | sa | ma)
- def get_auth_cred(self, hrn):
+ def get_auth_cred(self, hrn, kind="authority"):
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
cred = Credential(subject=hrn)
cred.set_gid_caller(gid)
cred.set_gid_object(gid)
- cred.set_privileges("authority")
+ cred.set_privileges(kind)
cred.set_delegate(True)
cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
cred.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
- cred.set_parent(self.get_auth_cred(parent_hrn))
+ cred.set_parent(self.get_auth_cred(parent_hrn, kind))
cred.encode()
cred.sign()