X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fplc%2Fapi.py;h=9e77ddaa4a8a2d10553af55a3f6f3cb976ef0b69;hb=06b330f0ee047bdb107e43e82b1d7356c876bc15;hp=2143586db0be06eecf6fe5604b7e6f9179be065c;hpb=680d4fc1af88ed631f820545216bee6e7a698f39;p=sfa.git

diff --git a/sfa/plc/api.py b/sfa/plc/api.py
index 2143586d..9e77ddaa 100644
--- a/sfa/plc/api.py
+++ b/sfa/plc/api.py
@@ -1,26 +1,25 @@
 #
 # SFA XML-RPC and SOAP interfaces
 #
-### $Id$
-### $URL$
-#
 
 import sys
 import os
 import traceback
 import string
 import xmlrpclib
-from sfa.trust.auth import Auth
-from sfa.util.config import *
+
 from sfa.util.faults import *
-from sfa.util.debug import *
-from sfa.trust.rights import *
-from sfa.trust.credential import *
-from sfa.trust.certificate import *
-from sfa.util.namespace import *
 from sfa.util.api import *
+from sfa.util.config import *
+from sfa.util.sfalogging import sfa_logger
+import sfa.util.xmlrpcprotocol as xmlrpcprotocol
+from sfa.trust.auth import Auth
+from sfa.trust.rights import Right, Rights, determine_rights
+from sfa.trust.credential import Credential,Keypair
+from sfa.trust.certificate import Certificate
+from sfa.util.xrn import get_authority, hrn_to_urn
+from sfa.util.plxrn import hostname_to_hrn, hrn_to_pl_slicename, hrn_to_pl_slicename, slicename_to_hrn
 from sfa.util.nodemanager import NodeManager
-from sfa.util.sfalogging import *
 try:
     from collections import defaultdict
 except:
@@ -105,7 +104,7 @@ class SfaAPI(BaseAPI):
 
         self.hrn = self.config.SFA_INTERFACE_HRN
         self.time_format = "%Y-%m-%d %H:%M:%S"
-        self.logger=get_sfa_logger()
+        self.logger=sfa_logger()
 
     def getPLCShell(self):
         self.plauth = {'Username': self.config.SFA_PLC_USER,
@@ -124,11 +123,26 @@ class SfaAPI(BaseAPI):
         return shell
 
     def getCredential(self):
+        """
+        Return a valid credential for this interface. 
+        """
         if self.interface in ['registry']:
             return self.getCredentialFromLocalRegistry()
         else:
             return self.getCredentialFromRegistry()
-    
+
+    def getDelegatedCredential(self, creds):
+        """
+        Attempt to find a credential delegated to us in
+        the specified list of creds.
+        """
+        if creds and not isinstance(creds, list): 
+            creds = [creds]
+        delegated_creds = filter_creds_by_caller(creds,self.hrn)
+        if not delegated_creds:
+            return None
+        return delegated_creds[0]
+ 
     def getCredentialFromRegistry(self):
         """ 
         Get our credential from a remote registry 
@@ -146,9 +160,9 @@ class SfaAPI(BaseAPI):
             registry = registries[self.hrn]
             cert_string=self.cert.save_to_string(save_parents=True)
             # get self credential
-            self_cred = registry.get_self_credential(cert_string, type, self.hrn)
+            self_cred = registry.GetSelfCredential(cert_string, self.hrn, type)
             # get credential
-            cred = registry.get_credential(self_cred, type, self.hrn)
+            cred = registry.GetCredential(self_cred, self.hrn, type)
             
             # save cred to file
             Credential(string=cred).save_to_file(cred_filename, save_parents=True)
@@ -590,3 +604,73 @@ class ComponentAPI(BaseAPI):
             return True
         else:
             return False
+
+    def get_registry(self):
+        addr, port = self.config.SFA_REGISTRY_HOST, self.config.SFA_REGISTRY_PORT
+        url = "http://%(addr)s:%(port)s" % locals()
+        server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+        return server
+
+    def get_node_key(self):
+        # this call requires no authentication,
+        # so we can generate a random keypair here
+        subject="component"
+        (kfd, keyfile) = tempfile.mkstemp()
+        (cfd, certfile) = tempfile.mkstemp()
+        key = Keypair(create=True)
+        key.save_to_file(keyfile)
+        cert = Certificate(subject=subject)
+        cert.set_issuer(key=key, subject=subject)
+        cert.set_pubkey(key)
+        cert.sign()
+        cert.save_to_file(certfile)
+        registry = self.get_registry()
+        # the registry will scp the key onto the node
+        registry.get_key()        
+
+    def getCredential(self):
+        """
+        Get our credential from a remote registry
+        """
+        path = self.config.SFA_DATA_DIR
+        config_dir = self.config.config_path
+        cred_filename = path + os.sep + 'node.cred'
+        try:
+            credential = Credential(filename = cred_filename)
+            return credential.save_to_string(save_parents=True)
+        except IOError:
+            node_pkey_file = config_dir + os.sep + "node.key"
+            node_gid_file = config_dir + os.sep + "node.gid"
+            cert_filename = path + os.sep + 'server.cert'
+            if not os.path.exists(node_pkey_file) or \
+               not os.path.exists(node_gid_file):
+                self.get_node_key()
+
+            # get node's hrn
+            gid = GID(filename=node_gid_file)
+            hrn = gid.get_hrn()
+            # get credential from registry
+            cert_str = Certificate(filename=cert_filename).save_to_string(save_parents=True)
+            registry = self.get_registry()
+            cred = registry.GetSelfCredential(cert_str, hrn, 'node')
+            Credential(string=cred).save_to_file(credfile, save_parents=True)            
+
+            return cred
+
+    def clean_key_cred(self):
+        """
+        remove the existing keypair and cred  and generate new ones
+        """
+        files = ["server.key", "server.cert", "node.cred"]
+        for f in files:
+            filepath = KEYDIR + os.sep + f
+            if os.path.isfile(filepath):
+                os.unlink(f)
+
+        # install the new key pair
+        # GetCredential will take care of generating the new keypair
+        # and credential
+        self.get_node_key()
+        self.getCredential()
+
+