X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fplc%2Fapi.py;h=2ad969fceae6e5cff94eced7259425d23badb24b;hb=994a70e742afb90799b395a811d3bc6739b3082d;hp=2143586db0be06eecf6fe5604b7e6f9179be065c;hpb=680d4fc1af88ed631f820545216bee6e7a698f39;p=sfa.git diff --git a/sfa/plc/api.py b/sfa/plc/api.py index 2143586d..2ad969fc 100644 --- a/sfa/plc/api.py +++ b/sfa/plc/api.py @@ -1,26 +1,26 @@ # # SFA XML-RPC and SOAP interfaces # -### $Id$ -### $URL$ -# import sys import os import traceback import string +import datetime import xmlrpclib -from sfa.trust.auth import Auth -from sfa.util.config import * + from sfa.util.faults import * -from sfa.util.debug import * -from sfa.trust.rights import * -from sfa.trust.credential import * -from sfa.trust.certificate import * -from sfa.util.namespace import * from sfa.util.api import * +from sfa.util.config import * +from sfa.util.sfalogging import sfa_logger +import sfa.util.xmlrpcprotocol as xmlrpcprotocol +from sfa.trust.auth import Auth +from sfa.trust.rights import Right, Rights, determine_rights +from sfa.trust.credential import Credential,Keypair +from sfa.trust.certificate import Certificate +from sfa.util.xrn import get_authority, hrn_to_urn +from sfa.util.plxrn import hostname_to_hrn, hrn_to_pl_slicename, hrn_to_pl_slicename, slicename_to_hrn from sfa.util.nodemanager import NodeManager -from sfa.util.sfalogging import * try: from collections import defaultdict except: @@ -105,7 +105,7 @@ class SfaAPI(BaseAPI): self.hrn = self.config.SFA_INTERFACE_HRN self.time_format = "%Y-%m-%d %H:%M:%S" - self.logger=get_sfa_logger() + self.logger=sfa_logger() def getPLCShell(self): self.plauth = {'Username': self.config.SFA_PLC_USER, @@ -124,37 +124,58 @@ class SfaAPI(BaseAPI): return shell def getCredential(self): - if self.interface in ['registry']: - return self.getCredentialFromLocalRegistry() - else: - return self.getCredentialFromRegistry() - - def getCredentialFromRegistry(self): - """ - Get our credential from a remote registry + """ + Return a valid credential for this interface. """ type = 'authority' path = self.config.SFA_DATA_DIR filename = ".".join([self.interface, self.hrn, type, "cred"]) cred_filename = path + os.sep + filename - try: - credential = Credential(filename = cred_filename) - return credential.save_to_string(save_parents=True) - except IOError: - from sfa.server.registry import Registries - registries = Registries(self) - registry = registries[self.hrn] - cert_string=self.cert.save_to_string(save_parents=True) - # get self credential - self_cred = registry.get_self_credential(cert_string, type, self.hrn) - # get credential - cred = registry.get_credential(self_cred, type, self.hrn) - - # save cred to file - Credential(string=cred).save_to_file(cred_filename, save_parents=True) - return cred + cred = None + if os.path.isfile(cred_filename): + cred = Credential(filename = cred_filename) + # make sure cred isnt expired + if not cred.get_expiration or \ + datetime.datetime.today() < cred.get_expiration(): + return cred.save_to_string(save_parents=True) + + # get a new credential + if self.interface in ['registry']: + cred = self.__getCredentialRaw() + else: + cred = self.__getCredential() + cred.save_to_file(cred_filename, save_parents=True) + + return cred.save_to_string(save_parents=True) + - def getCredentialFromLocalRegistry(self): + def getDelegatedCredential(self, creds): + """ + Attempt to find a credential delegated to us in + the specified list of creds. + """ + if creds and not isinstance(creds, list): + creds = [creds] + delegated_creds = filter_creds_by_caller(creds,self.hrn) + if not delegated_creds: + return None + return delegated_creds[0] + + def __getCredential(self): + """ + Get our credential from a remote registry + """ + from sfa.server.registry import Registries + registries = Registries(self) + registry = registries[self.hrn] + cert_string=self.cert.save_to_string(save_parents=True) + # get self credential + self_cred = registry.GetSelfCredential(cert_string, self.hrn, 'authority') + # get credential + cred = registry.GetCredential(self_cred, self.hrn, 'authority') + return Credential(string=cred) + + def __getCredentialRaw(self): """ Get our current credential directly from the local registry. """ @@ -180,15 +201,10 @@ class SfaAPI(BaseAPI): r1 = determine_rights(type, hrn) new_cred.set_privileges(r1) - - auth_kind = "authority,ma,sa" - - new_cred.set_parent(self.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) - new_cred.encode() new_cred.sign() - return new_cred.save_to_string(save_parents=True) + return new_cred def loadCredential (self): @@ -590,3 +606,73 @@ class ComponentAPI(BaseAPI): return True else: return False + + def get_registry(self): + addr, port = self.config.SFA_REGISTRY_HOST, self.config.SFA_REGISTRY_PORT + url = "http://%(addr)s:%(port)s" % locals() + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file) + return server + + def get_node_key(self): + # this call requires no authentication, + # so we can generate a random keypair here + subject="component" + (kfd, keyfile) = tempfile.mkstemp() + (cfd, certfile) = tempfile.mkstemp() + key = Keypair(create=True) + key.save_to_file(keyfile) + cert = Certificate(subject=subject) + cert.set_issuer(key=key, subject=subject) + cert.set_pubkey(key) + cert.sign() + cert.save_to_file(certfile) + registry = self.get_registry() + # the registry will scp the key onto the node + registry.get_key() + + def getCredential(self): + """ + Get our credential from a remote registry + """ + path = self.config.SFA_DATA_DIR + config_dir = self.config.config_path + cred_filename = path + os.sep + 'node.cred' + try: + credential = Credential(filename = cred_filename) + return credential.save_to_string(save_parents=True) + except IOError: + node_pkey_file = config_dir + os.sep + "node.key" + node_gid_file = config_dir + os.sep + "node.gid" + cert_filename = path + os.sep + 'server.cert' + if not os.path.exists(node_pkey_file) or \ + not os.path.exists(node_gid_file): + self.get_node_key() + + # get node's hrn + gid = GID(filename=node_gid_file) + hrn = gid.get_hrn() + # get credential from registry + cert_str = Certificate(filename=cert_filename).save_to_string(save_parents=True) + registry = self.get_registry() + cred = registry.GetSelfCredential(cert_str, hrn, 'node') + Credential(string=cred).save_to_file(credfile, save_parents=True) + + return cred + + def clean_key_cred(self): + """ + remove the existing keypair and cred and generate new ones + """ + files = ["server.key", "server.cert", "node.cred"] + for f in files: + filepath = KEYDIR + os.sep + f + if os.path.isfile(filepath): + os.unlink(f) + + # install the new key pair + # GetCredential will take care of generating the new keypair + # and credential + self.get_node_key() + self.getCredential() + +