import os, os.path
import traceback
import sys
-import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from optparse import OptionParser
from sfa.util.sfalogging import logger
+from sfa.util.xrn import get_authority, hrn_to_urn
+from sfa.util.config import Config
+import sfa.client.xmlrpcprotocol as xmlrpcprotocol
+from sfa.trust.gid import GID
+from sfa.trust.trustedroots import TrustedRoots
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.hierarchy import Hierarchy
from sfa.trust.gid import GID
-from sfa.util.config import Config
-from sfa.plc.plcsfaapi import PlcSfaApi
+
+from sfa.server.sfaapi import SfaApi
+
from sfa.server.registry import Registries
from sfa.server.aggregate import Aggregates
-from sfa.util.xrn import get_authority, hrn_to_urn
-from sfa.util.sfalogging import logger
-
-from sfa.managers.managerwrapper import import_manager
# after http://www.erlenstar.demon.co.uk/unix/faq_2.html
def daemon():
os.dup2(crashlog, 1)
os.dup2(crashlog, 2)
-def init_server_key(server_key_file, server_cert_file, config, hierarchy):
-
- hrn = config.SFA_INTERFACE_HRN.lower()
- # check if the server's private key exists. If it doesnt,
- # get the right one from the authorities directory. If it cant be
- # found in the authorities directory, generate a random one
- if not os.path.exists(server_key_file):
- hrn = config.SFA_INTERFACE_HRN.lower()
- hrn_parts = hrn.split(".")
- rel_key_path = hrn
- pkey_filename = hrn+".pkey"
-
- # sub authority's have "." in their hrn. This must
- # be converted to os.path separator
- if len(hrn_parts) > 0:
- rel_key_path = hrn.replace(".", os.sep)
- pkey_filename= hrn_parts[-1]+".pkey"
-
- key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
- if not os.path.exists(key_file):
- # if it doesnt exist then this is probably a fresh interface
- # with no records. Generate a random keypair for now
- logger.debug("server's public key not found in %s" % key_file)
-
- logger.debug("generating a random server key pair")
- key = Keypair(create=True)
- key.save_to_file(server_key_file)
- init_server_cert(hrn, key, server_cert_file, self_signed=True)
-
- else:
- # the pkey was found in the authorites directory. lets
- # copy it to where the server key should be and generate
- # the cert
- key = Keypair(filename=key_file)
- key.save_to_file(server_key_file)
- init_server_cert(hrn, key, server_cert_file)
-
- # If private key exists and cert doesnt, recreate cert
- if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
- key = Keypair(filename=server_key_file)
- init_server_cert(hrn, key, server_cert_file)
-
-
-def init_server_cert(hrn, key, server_cert_file, self_signed=False):
- """
- Setup the certificate for this server. Attempt to use gid before
- creating a self signed cert
- """
- if self_signed:
- init_self_signed_cert(hrn, key, server_cert_file)
- else:
- try:
- # look for gid file
- logger.debug("generating server cert from gid: %s"% hrn)
- hierarchy = Hierarchy()
- auth_info = hierarchy.get_auth_info(hrn)
- gid = GID(filename=auth_info.gid_filename)
- gid.save_to_file(filename=server_cert_file)
- except:
- # fall back to self signed cert
- logger.debug("gid for %s not found" % hrn)
- init_self_signed_cert(hrn, key, server_cert_file)
-
-def init_self_signed_cert(hrn, key, server_cert_file):
- logger.debug("generating self signed cert")
- # generate self signed certificate
- cert = Certificate(subject=hrn)
- cert.set_issuer(key=key, subject=hrn)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(server_cert_file)
-
-def init_server(options, config):
- """
- Locate the manager based on config.*TYPE
- Execute the init_server method (well in fact function, sigh) if defined in that module
- In order to migrate to a more generic approach:
- * search for <>_manager_<type>.py
- * if not found, try <>_manager.py (and issue a warning if <type>!='pl')
- """
- if options.registry:
- manager=import_manager ("registry", config.SFA_REGISTRY_TYPE)
- if manager and hasattr(manager, 'init_server'): manager.init_server()
- if options.am:
- manager=import_manager ("aggregate", config.SFA_AGGREGATE_TYPE)
- if manager and hasattr(manager, 'init_server'): manager.init_server()
- if options.sm:
- manager=import_manager ("slice", config.SFA_SM_TYPE)
- if manager and hasattr(manager, 'init_server'): manager.init_server()
- if options.cm:
- manager=import_manager ("component", config.SFA_CM_TYPE)
- if manager and hasattr(manager, 'init_server'): manager.init_server()
-
def install_peer_certs(server_key_file, server_cert_file):
"""
# There should be a gid file in /etc/sfa/trusted_roots for every
# peer registry found in in the registries.xml config file. If there
# are any missing gids, request a new one from the peer registry.
- api = PlcSfaApi(key_file = server_key_file, cert_file = server_cert_file)
+ api = SfaApi(key_file = server_key_file, cert_file = server_cert_file)
registries = Registries()
aggregates = Aggregates()
interfaces = dict(registries.items() + aggregates.items())
try:
# get gid from the registry
url = interfaces[new_hrn].get_url()
- interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
+ interface = interfaces[new_hrn].server_proxy(server_key_file, server_cert_file, timeout=30)
# skip non sfa aggregates
server_version = api.get_cached_server_version(interface)
if 'sfa' not in server_version:
config = Config()
if config.SFA_API_DEBUG: pass
+
+ # ge the server's key and cert
hierarchy = Hierarchy()
- server_key_file = os.path.join(hierarchy.basedir, "server.key")
- server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
+ auth_info = hierarchy.get_interface_auth_info()
+ server_key_file = auth_info.get_privkey_filename()
+ server_cert_file = auth_info.get_gid_filename()
- init_server_key(server_key_file, server_cert_file, config, hierarchy)
- init_server(options, config)
-
+ # ensure interface cert is present in trusted roots dir
+ trusted_roots = TrustedRoots(config.get_trustedroots_dir())
+ trusted_roots.add_gid(GID(filename=server_cert_file))
if (options.daemon): daemon()
if options.trusted_certs: