X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=sfa%2Fserver%2Fsfa-ca.py;h=2864751fcb21834218918c84cc8dbf511aa599da;hb=108f6d000af6517d3b22501255b377a83568b946;hp=8f4fafc101bc209c4727df87ecdbecb5141d54d6;hpb=4107e5c9c0938b68759068863b6aa92b93dc25ba;p=sfa.git

diff --git a/sfa/server/sfa-ca.py b/sfa/server/sfa-ca.py
index 8f4fafc1..2864751f 100755
--- a/sfa/server/sfa-ca.py
+++ b/sfa/server/sfa-ca.py
@@ -1,16 +1,34 @@
 #!/usr/bin/python
 
 #
-# SFA Certificate Signing and management 
-#   
+# SFA Certificate Signing and management. Root authorities can use this script 
+# to sign  the certificate of another authority and become its parent. Sub 
+# authorities (authorities that have had their cert signed by another authority) 
+# can use this script to update their registry hierarchy with the new cert    
+# 
+# Example usage: 
+#
+## sign a peer cert
+# sfa-ca.py --sign PEER_CERT_FILENAME -o OUTPUT_FILENAME 
+#
+## import a cert and update the registry hierarchy
+# sfa-ca.py --import CERT_FILENAME   
+#
+## display a cert
+# sfa-ca.py --display CERT_FILENAME
+
 
 import os
 import sys
 from optparse import OptionParser
-from sfa.trust.certificate import Keypair, Certificate
+
+from sfa.util.config import Config
+
 from sfa.trust.gid import GID, create_uuid
 from sfa.trust.hierarchy import Hierarchy
-from sfa.util.config import Config
+
+from sfa.storage.alchemy import dbsession
+from sfa.storage.persistentobjs import RegRecord
 
 def main():
     args = sys.argv
@@ -22,14 +40,18 @@ def main():
                       help="gid to sign" )
     parser.add_option("-k", "--key", dest="key", default=None, 
                       help="keyfile to use for signing")
+    parser.add_option("-a", "--authority", dest="authority", default=None, 
+                      help="sign the gid using the specified authority ")
     parser.add_option("-i", "--import", dest="importgid", default=None,
                       help="gid file to import into the registry")
     parser.add_option("-e", "--export", dest="export", 
                       help="name of gid to export from registry")
+    parser.add_option("-t", "--type", dest="type",
+                      help="record type", default=None)
     parser.add_option("-o", "--outfile", dest="outfile",
                       help="where to write the exprted gid") 
-    parser.add_option("-v", "--verbose", dest="verobse", 
-                      help="be verbose")           
+    parser.add_option("-v", "--verbose", dest="verbose", default=False, 
+                      action="store_true", help="be verbose")           
                 
     (options, args) = parser.parse_args()
 
@@ -64,8 +86,8 @@ def sign(options):
     """
     hierarchy = Hierarchy()
     config = Config()
-    parent_hrn = config.SFA_INTERFACE_HRN
-    auth_info = hierarchy.get_auth_info(parent_hrn)
+    default_authority = config.SFA_INTERFACE_HRN
+    auth_info = hierarchy.get_auth_info(default_authority)
 
     # load the gid
     gidfile = os.path.abspath(options.sign)
@@ -74,53 +96,41 @@ def sign(options):
         sys.exit(1)
     gid = GID(filename=gidfile)
 
-    # load the parent private key
-    pkeyfile = options.key
-    # if no pkey was specified, then use the this authority's key
-    if not pkeyfile:
-        pkeyfile = auth_info.privkey_filename
-    if not os.path.isfile(pkeyfile):
-        print "no such pkey: %s.\nPlease specify a valid private key" % pkeyfile
-        sys.exit(1)
-    parent_key = Keypair(filename=pkeyfile)
-
-    # load the parent gid
-    parent_gid = auth_info.gid_object
+    # extract pub_key and create new gid
+    pkey = gid.get_pubkey()
+    urn = gid.get_urn()
+    gid = hierarchy.create_gid(urn, create_uuid(), pkey)
 
     # get the outfile
     outfile = options.outfile
     if not outfile:
         outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn())
    
-    # check if gid already has a parent
- 
-    # sign the gid
-    gid.set_issuer(parent_key, parent_hrn)
-    gid.set_parent(parent_gid)
-    gid.sign()
-    gid.save_to_file(outfile, save_parents=True)            
+    # save the signed gid
+    if options.verbose:
+        print "Writing signed gid %s" % outfile  
+    gid.save_to_file(outfile, save_parents=True)
     
 
 def export_gid(options):
-    from sfa.util.table import SfaTable
     # lookup the record for the specified hrn 
     hrn = options.export
-
-    # check sfa table first    
-    table = SfaTable()
-    records = table.find({'hrn': hrn, type: 'authority'})
-    if not records:
+    type = options.type
+    # check sfa table first
+    request=dbsession.query(RegRecord).filter_by(hrn=hrn)
+    if type: request = request.filter_by(type=type)
+    record=request.first()
+    if not record:
         # check the authorities hierarchy 
         hierarchy = Hierarchy()
         try:
-            auth_info = hierarchy.get_auth_info()
+            auth_info = hierarchy.get_auth_info(hrn)
             gid = auth_info.gid_object 
         except:
             print "Record: %s not found" % hrn
             sys.exit(1)
     else:
-        record = records[0]
-        gid = GID(string=record['gid'])
+        gid = GID(string=record.gid)
         
     # get the outfile
     outfile = options.outfile
@@ -128,6 +138,8 @@ def export_gid(options):
         outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
 
     # save it
+    if options.verbose:
+        print "Writing %s gid to %s" % (gid.get_hrn(), outfile)
     gid.save_to_file(outfile, save_parents=True)
 
 def import_gid(options):
@@ -135,8 +147,6 @@ def import_gid(options):
     Import the specified gid into the registry (db and authorities 
     hierarchy) overwriting any previous gid.
     """
-    from sfa.util.table import SfaTable
-    from sfa.util.record import SfaRecord
     # load the gid
     gidfile = os.path.abspath(options.importgid)
     if not gidfile or not os.path.isfile(gidfile):
@@ -151,21 +161,26 @@ def import_gid(options):
         sys.exit(1)
 
     # check if record exists in db
-    table = SfaTable()
-    records = table.find({'hrn': gid.get_hrn(), 'type': 'authority'})
-    if not records:
-        print "%s not found in record database" % get.get_hrn()  
+    record = dbsession.query(RegRecord).filter_by(type='authority',hrn=gid.get_hrn()).first()
+    if not record:
+        print "%s not found in record database" % gid.get_hrn()  
         sys.exit(1)
 
     # update the database record
-    record = records[0]
-    record['gid'] = gid.save_to_string(save_parents=True)
-    table.update(record)
+    record.gid = gid.save_to_string(save_parents=True)
+    dbsession.commit()
+    if options.verbose:
+        print "Imported %s gid into db" % record['hrn']
 
     # update the hierarchy
     auth_info = hierarchy.get_auth_info(gid.get_hrn())  
     filename = auth_info.gid_filename
-    gid.save_to_file(filename, save_parents=True) 
-    
+    gid.save_to_file(filename, save_parents=True)
+    if options.verbose:
+        print "Writing %s gid to %s" % (gid.get_hrn(), filename)
+
+    # ending here
+    return
+
 if __name__ == '__main__':
     main()