This module implements a hierarchy of authorities and performs a similar +function as the "tree" module of the original geniwrapper prototype. An HRN +is assumed to be a string of authorities separated by dots. For example, +"planetlab.us.arizona.bakers". Each component of the HRN is a different +authority, with the last component being a leaf in the tree. + +Each authority is stored in a subdirectory on the registry. Inside this +subdirectory are several files: + *.GID - GID file + *.PKEY - private key file + *.DBINFO - database info
+The AuthInfo class contains the information for an authority.
+For more information about this class, see The AuthInfo Class.
+The Hierarchy class is responsible for managing the tree of authorities.
+For more information about this class, see The Hierarchy Class.
+The AuthInfo class contains the information for an authority. This information +includes the GID, private key, and database connection information.
+Initialize and authority object.
+Get the dbinfo in the form of a dictionary
+Get the GID in the form of a GID object
+Get the private key in the form of a Keypair object
+Set the filename of the GID
+Replace the GID with a new one. The file specified by gid_filename is +overwritten with the new GID object
+The Hierarchy class is responsible for managing the tree of authorities. +Each authority is a node in the tree and exists as an AuthInfo object. + +The tree is stored on disk in a hierarchical manner than reflects the +structure of the tree. Each authority is a subdirectory, and each subdirectory +contains the GID, pkey, and dbinfo files for that authority (as well as +subdirectories for each sub-authority)
+Check to see if an authority exists. An authority exists if it's disk +files exist.
+Create an authority. A private key for the authority and the associated +GID are created and signed by the parent authority.
+Create a new GID. The GID will be signed by the authority that is it's +immediate parent in the hierarchy (and recursively, the parents' GID +will be signed by its parent)
+Retrieve an authority credential for an authority. The authority +credential will contain the authority privilege and will be signed by +the authority's parent.
+Given a hrn, return the filenames of the GID, private key, and dbinfo +files.
+Return the AuthInfo object for the specified authority. If the authority +does not exist, then an exception is thrown. As a side effect, disk files +and a subdirectory may be created to store the authority.
+Retrieve an authority ticket. An authority ticket is not actually a +redeemable ticket, but only serves the purpose of being included as the +parent of another ticket, in order to provide a chain of authentication +for a ticket. + +This looks almost the same as get_auth_cred, but works for tickets +XXX does similarity imply there should be more code re-use?
+Refresh a GID. The primary use of this function is to refresh the +the expiration time of the GID. It may also be used to change the HRN, +UUID, or Public key of the GID.
+