X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=sfa%2Ftrust%2Fhierarchy.py;h=239240e21688178991160b3be40f7906d6b5dba3;hb=34ff591a1246e634ae4bc5730bda482baba1ea8a;hp=73b297b529daa747e44471618acec2e7925aa06a;hpb=73039ebe20d1a79b810023239fa7af07d19a3209;p=sfa.git diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py index 73b297b5..239240e2 100644 --- a/sfa/trust/hierarchy.py +++ b/sfa/trust/hierarchy.py @@ -14,14 +14,14 @@ import os -from sfa.util.faults import * +from sfa.util.faults import MissingAuthority from sfa.util.sfalogging import logger from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn, urn_to_hrn from sfa.trust.certificate import Keypair from sfa.trust.credential import Credential from sfa.trust.gid import GID, create_uuid from sfa.util.config import Config -from sfa.util.sfaticket import SfaTicket +from sfa.trust.sfaticket import SfaTicket ## # The AuthInfo class contains the information for an authority. This information @@ -112,8 +112,8 @@ class Hierarchy: # @param basedir the base directory to store the hierarchy in def __init__(self, basedir = None): + self.config = Config() if not basedir: - self.config = Config() basedir = os.path.join(self.config.SFA_DATA_DIR, "authorities") self.basedir = basedir ## @@ -165,7 +165,6 @@ class Hierarchy: parent_urn = hrn_to_urn(parent_hrn, 'authority') if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents): self.create_auth(parent_urn, create_parents) - (directory, gid_filename, privkey_filename, dbinfo_filename) = \ self.get_auth_filenames(hrn) @@ -194,6 +193,32 @@ class Hierarchy: dbinfo_file.write(str(dbinfo)) dbinfo_file.close() + def create_top_level_auth(self, hrn=None): + """ + Create top level records (includes root and sub authorities (local/remote) + """ + if not hrn: + hrn = self.config.SFA_INTERFACE_HRN + # make sure parent exists + parent_hrn = get_authority(hrn) + if not parent_hrn: + parent_hrn = hrn + if not parent_hrn == hrn: + self.create_top_level_auth(parent_hrn) + + # create the authority if it doesnt alrady exist + if not self.auth_exists(hrn): + self.create_auth(hrn) + + + def get_interface_auth_info(self, create=True): + hrn = self.config.SFA_INTERFACE_HRN + if not self.auth_exists(hrn): + if create==True: + self.create_top_level_auth(hrn) + else: + raise MissingAuthority(hrn) + return self.get_auth_info(hrn) ## # Return the AuthInfo object for the specified authority. If the authority # does not exist, then an exception is thrown. As a side effect, disk files @@ -204,7 +229,7 @@ class Hierarchy: def get_auth_info(self, xrn): hrn, type = urn_to_hrn(xrn) if not self.auth_exists(hrn): - logger.warning("Hierarchy: mising authority - xrn=%s, hrn=%s"%(xrn,hrn)) + logger.warning("Hierarchy: missing authority - xrn=%s, hrn=%s"%(xrn,hrn)) raise MissingAuthority(hrn) (directory, gid_filename, privkey_filename, dbinfo_filename) = \ @@ -229,15 +254,16 @@ class Hierarchy: # @param uuid the unique identifier to store in the GID # @param pkey the public key to store in the GID - def create_gid(self, xrn, uuid, pkey): + def create_gid(self, xrn, uuid, pkey, CA=False): hrn, type = urn_to_hrn(xrn) + if not type: + type = 'authority' parent_hrn = get_authority(hrn) # Using hrn_to_urn() here to make sure the urn is in the right format # If xrn was a hrn instead of a urn, then the gid's urn will be # of type None urn = hrn_to_urn(hrn, type) gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn) - # is this a CA cert if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn: # root or sub authority @@ -245,6 +271,10 @@ class Hierarchy: elif type and 'authority' in type: # authority type gid.set_intermediate_ca(True) + elif CA: + gid.set_intermediate_ca(True) + else: + gid.set_intermediate_ca(False) # set issuer if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: