import sys
import os,os.path
from datetime import datetime
+from sfa.util.xrn import Xrn
import sfa.util.sfalogging
# importing sfa.utils.faults does pull a lot of stuff
# see optimizing dependencies below
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
+from sfa.trust.gid import GID
##########
# a helper class to implement the bootstrapping of crypto. material
# assuming we are starting from scratch on the client side
# the usage model is to reuse an existing keypair)
#
# there might be a more portable, i.e. less language-dependant way, to
-# implement this step by exec'ing the openssl command a known
-# successful attempt at this approach that worked for Java is
-# documented below
+# implement this step by exec'ing the openssl command.
+# a known successful attempt at this approach that worked
+# for Java is documented below
# http://nam.ece.upatras.gr/fstoolkit/trac/wiki/JavaSFAClient
#
####################
self.assert_private_key()
registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(),
certificate_filename)
- credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user")
+ try:
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user")
+ except:
+ # some urns hrns may replace non hierarchy delimiters '.' with an '_' instead of escaping the '.'
+ hrn = Xrn(self.hrn).get_hrn().replace('\.', '_')
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, hrn, "user")
self.plain_write (output, credential_string)
self.logger.debug("SfaClientBootstrap: Wrote result of GetSelfCredential in %s"%output)
return output
# the expected filenames for the various pieces
def private_key_filename (self):
- return self.fullpath ("%s.pkey"%self.hrn)
+ return self.fullpath ("%s.pkey" % Xrn.unescape(self.hrn))
def self_signed_cert_filename (self):
return self.fullpath ("%s.sscert"%self.hrn)
def my_credential_filename (self):
return filename
else:
# remove invalid file
+ self.logger.warning ("Removing %s - has expired"%filename)
os.unlink(filename)
try:
produce_method (self, filename, *args, **kw)
def private_key (self):
self.assert_private_key()
return self.private_key_filename()
+
+ def delegate_credential_string (self, original_credential, to_hrn, to_type='authority'):
+ """
+ sign a delegation credential to someone else
+
+ original_credential : typically one's user- or slice- credential to be delegated to s/b else
+ to_hrn : the hrn of the person that will be allowed to do stuff on our behalf
+ to_type : goes with to_hrn, usually 'user' or 'authority'
+
+ returns a string with the delegated credential
+
+ this internally uses self.my_gid()
+ it also retrieves the gid for to_hrn/to_type
+ and uses Credential.delegate()"""
+
+ # the gid and hrn of the object we are delegating
+ if isinstance (original_credential, str):
+ original_credential = Credential (string=original_credential)
+ original_gid = original_credential.get_gid_object()
+ original_hrn = original_gid.get_hrn()
+
+ if not original_credential.get_privileges().get_all_delegate():
+ self.logger.error("delegate_credential_string: original credential %s does not have delegate bit set"%original_hrn)
+ return
+
+ # the delegating user's gid
+ my_gid = self.my_gid()
+
+ # retrieve the GID for the entity that we're delegating to
+ to_gidfile = self.gid (to_hrn,to_type)
+# to_gid = GID ( to_gidfile )
+# to_hrn = delegee_gid.get_hrn()
+# print 'to_hrn',to_hrn
+ delegated_credential = original_credential.delegate(to_gidfile, self.private_key(), my_gid)
+ return delegated_credential.save_to_string(save_parents=True)
git://git.onelab.eu / sfa.git / blobdiff