slicemgr_port=12347
import os, os.path
+import sys
from optparse import OptionParser
from sfa.trust.trustedroot import TrustedRootList
from sfa.server.registry import Registry
from sfa.server.aggregate import Aggregate
from sfa.server.slicemgr import SliceMgr
-
from sfa.trust.hierarchy import Hierarchy
+from sfa.util.config import Config
+from sfa.util.report import trace
# after http://www.erlenstar.demon.co.uk/unix/faq_2.html
def daemon():
os.dup2(crashlog, 1)
os.dup2(crashlog, 2)
+def init_server_key(server_key_file, server_cert_file, config, hierarchy):
+
+ subject = config.SFA_INTERFACE_HRN
+ # check if the server's private key exists. If it doesnt,
+ # get the right one from the authorities directory. If it cant be
+ # found in the authorities directory, generate a random one
+ if not os.path.exists(server_key_file):
+ hrn = config.SFA_INTERFACE_HRN.lower()
+ hrn_parts = hrn.split(".")
+ rel_key_path = hrn
+ pkey_filename = hrn+".pkey"
+
+ # sub authority's have "." in their hrn. This must
+ # be converted to os.path separator
+ if len(hrn_parts) > 0:
+ rel_key_path = hrn.replace(".", os.sep)
+ pkey_filename= hrn_parts[-1]+".pkey"
+
+ key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
+ if not os.path.exists(key_file):
+ # if it doesnt exist then this is probably a fresh interface
+ # with no records. Generate a random keypair for now
+ trace("server's public key not found in %s" % key_file)
+ trace("generating a random server key pair")
+ key = Keypair(create=True)
+ key.save_to_file(server_key_file)
+ cert = Certificate(subject=subject)
+ cert.set_issuer(key=key, subject=subject)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
+
+ else:
+ # the pkey was found in the authorites directory. lets
+ # copy it to where the server key should be and generate
+ # the cert
+ key = Keypair(filename=key_file)
+ key.save_to_file(server_key_file)
+ cert = Certificate(subject=subject)
+ cert.set_issuer(key=key, subject=subject)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
+
+
+ # If private key exists and cert doesnt, recreate cert
+ if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
+ key = Keypair(filename=server_key_file)
+ cert = Certificate(subject=subject)
+ cert.set_issuer(key=key, subject=subject)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
+
def main():
# xxx get rid of globals - name consistently CamelCase or under_score
global AuthHierarchy
global slicemgr_port
# Generate command line parser
- parser = OptionParser(usage="plc [options]")
+ parser = OptionParser(usage="sfa-server [options]")
parser.add_option("-r", "--registry", dest="registry", action="store_true",
help="run registry server", default=False)
parser.add_option("-s", "--slicemgr", dest="sm", action="store_true",
help="Run as daemon.", default=False)
(options, args) = parser.parse_args()
- hierarchy = Hierarchy()
- path = hierarchy.basedir
- key_file = os.path.join(path, "server.key")
- cert_file = os.path.join(path, "server.cert")
-
if (options.daemon): daemon()
- if (os.path.exists(key_file)) and (not os.path.exists(cert_file)):
- # If private key exists and cert doesnt, recreate cert
- key = Keypair(filename=key_file)
- cert = Certificate(subject="registry")
- cert.set_issuer(key=key, subject="registry")
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(cert_file)
-
- elif (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
- # if no key is specified, then make one up
- key = Keypair(create=True)
- key.save_to_file(key_file)
- cert = Certificate(subject="registry")
- cert.set_issuer(key=key, subject="registry")
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(cert_file)
-
- AuthHierarchy = Hierarchy()
-
- TrustedRoots = TrustedRootList()
+ config = Config()
+ hierarchy = Hierarchy()
+ trusted_roots = TrustedRootList(config.get_trustedroots_dir())
+ server_key_file = os.path.join(hierarchy.basedir, "server.key")
+ server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
+ init_server_key(server_key_file, server_cert_file, config, hierarchy)
+
# start registry server
if (options.registry):
- r = Registry("", registry_port, key_file, cert_file)
- #r.trusted_cert_list = TrustedRoots.get_list()
- #r.hierarchy = AuthHierarchy
+ r = Registry("", registry_port, server_key_file, server_cert_file)
r.start()
# start aggregate manager
if (options.am):
- a = Aggregate("", aggregate_port, key_file, cert_file)
- #a.trusted_cert_list = TrustedRoots.get_list()
+ a = Aggregate("", aggregate_port, server_key_file, server_cert_file)
a.start()
# start slice manager
if (options.sm):
- s = SliceMgr("", slicemgr_port, key_file, cert_file)
- #s.trusted_cert_list = TrustedRoots.get_list()
+ s = SliceMgr("", slicemgr_port, server_key_file, server_cert_file)
s.start()
if __name__ == "__main__":