X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfa-server.py;h=c981158b390606cc604d6877f500a54039fb36b7;hb=db091e73c33c373b7f6c2c96bd2caf6a2acf0178;hp=ad9b4999d8a92aa751750a4781139bceecdec64b;hpb=cb83b38f6586314d51e23dad227047d126bd4b76;p=sfa.git

diff --git a/sfa/server/sfa-server.py b/sfa/server/sfa-server.py
index ad9b4999..c981158b 100755
--- a/sfa/server/sfa-server.py
+++ b/sfa/server/sfa-server.py
@@ -33,18 +33,21 @@
 ### xxx todo not in the config yet
 component_port=12346
 import os, os.path
+import traceback
 import sys
 from optparse import OptionParser
 
-from sfa.util.sfalogging import sfa_logger
+from sfa.util.sfalogging import logger
 from sfa.trust.trustedroot import TrustedRootList
 from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.hierarchy import Hierarchy
+from sfa.trust.gid import GID
 from sfa.util.config import Config
 from sfa.plc.api import SfaAPI
 from sfa.server.registry import Registries
 from sfa.server.aggregate import Aggregates
 
+
 # after http://www.erlenstar.demon.co.uk/unix/faq_2.html
 def daemon():
     """Daemonize the current process."""
@@ -61,7 +64,7 @@ def daemon():
 
 def init_server_key(server_key_file, server_cert_file, config, hierarchy):
 
-    subject = config.SFA_INTERFACE_HRN
+    hrn = config.SFA_INTERFACE_HRN.lower()
     # check if the server's private key exists. If it doesnt,
     # get the right one from the authorities directory. If it cant be
     # found in the authorities directory, generate a random one
@@ -81,15 +84,12 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy):
         if not os.path.exists(key_file):
             # if it doesnt exist then this is probably a fresh interface
             # with no records. Generate a random keypair for now
-            sfa_logger().debug("server's public key not found in %s" % key_file)
-            sfa_logger().debug("generating a random server key pair")
+            logger.debug("server's public key not found in %s" % key_file)
+
+            logger.debug("generating a random server key pair")
             key = Keypair(create=True)
             key.save_to_file(server_key_file)
-            cert = Certificate(subject=subject)
-            cert.set_issuer(key=key, subject=subject)
-            cert.set_pubkey(key)
-            cert.sign()
-            cert.save_to_file(server_cert_file, save_parents=True)
+            init_server_cert(hrn, key, server_cert_file, self_signed=True)    
 
         else:
             # the pkey was found in the authorites directory. lets 
@@ -97,55 +97,70 @@ def init_server_key(server_key_file, server_cert_file, config, hierarchy):
             # the cert
             key = Keypair(filename=key_file)
             key.save_to_file(server_key_file)
-            cert = Certificate(subject=subject)
-            cert.set_issuer(key=key, subject=subject)
-            cert.set_pubkey(key)
-            cert.sign()
-            cert.save_to_file(server_cert_file, save_parents=True)
-
+            init_server_cert(hrn, key, server_cert_file)    
 
     # If private key exists and cert doesnt, recreate cert
     if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
         key = Keypair(filename=server_key_file)
-        cert = Certificate(subject=subject)
-        cert.set_issuer(key=key, subject=subject)
-        cert.set_pubkey(key)
-        cert.sign()
-        cert.save_to_file(server_cert_file)
+        init_server_cert(hrn, key, server_cert_file)    
+
+
+def init_server_cert(hrn, key, server_cert_file, self_signed=False):
+    """
+    Setup the certificate for this server. Attempt to use gid before 
+    creating a self signed cert 
+    """
+    if self_signed:
+        init_self_signed_cert(hrn, key, server_cert_file)
+    else:
+        try:
+            # look for gid file
+            logger.debug("generating server cert from gid: %s"% hrn)
+            hierarchy = Hierarchy()
+            auth_info = hierarchy.get_auth_info(hrn)
+            gid = GID(filename=auth_info.gid_filename)
+            gid.save_to_file(filename=server_cert_file)
+        except:
+            # fall back to self signed cert
+            logger.debug("gid for %s not found" % hrn)
+            init_self_signed_cert(hrn, key, server_cert_file)        
+        
+def init_self_signed_cert(hrn, key, server_cert_file):
+    logger.debug("generating self signed cert")
+    # generate self signed certificate
+    cert = Certificate(subject=hrn)
+    cert.set_issuer(key=key, subject=hrn)
+    cert.set_pubkey(key)
+    cert.sign()
+    cert.save_to_file(server_cert_file)
 
 def init_server(options, config):
     """
     Execute the init method defined in the manager file 
     """
+    def init_manager(manager_module, manager_base):
+        try: manager = __import__(manager_module, fromlist=[manager_base])
+        except: manager = None
+        if manager and hasattr(manager, 'init_server'):
+            manager.init_server()
+    
     manager_base = 'sfa.managers'
     if options.registry:
         mgr_type = config.SFA_REGISTRY_TYPE
         manager_module = manager_base + ".registry_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'): 
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.am:
         mgr_type = config.SFA_AGGREGATE_TYPE
         manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.sm:
         mgr_type = config.SFA_SM_TYPE
         manager_module = manager_base + ".slice_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()    
+        init_manager(manager_module, manager_base)    
     if options.cm:
         mgr_type = config.SFA_CM_TYPE
         manager_module = manager_base + ".component_manager_%s" % mgr_type
-        try: manager = __import__(manager_module, fromlist=[manager_base])
-        except: manager = None
-        if manager and hasattr(manager, 'init_server'):
-            manager.init_server()
+        init_manager(manager_module, manager_base)    
 
 def sync_interfaces(server_key_file, server_cert_file):
     """
@@ -174,10 +189,9 @@ def main():
     parser.add_option("-d", "--daemon", dest="daemon", action="store_true",
          help="Run as daemon.", default=False)
     (options, args) = parser.parse_args()
-    sfa_logger().setLevelFromOptVerbose(options.verbose)
 
     config = Config()
-    if config.SFA_API_DEBUG: sfa_logger().setLevelDebug()
+    if config.SFA_API_DEBUG: pass
     hierarchy = Hierarchy()
     server_key_file = os.path.join(hierarchy.basedir, "server.key")
     server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
@@ -193,7 +207,6 @@ def main():
         r = Registry("", config.SFA_REGISTRY_PORT, server_key_file, server_cert_file)
         r.start()
 
-    # start aggregate manager
     if (options.am):
         from sfa.server.aggregate import Aggregate
         a = Aggregate("", config.SFA_AGGREGATE_PORT, server_key_file, server_cert_file)
@@ -215,4 +228,4 @@ if __name__ == "__main__":
     try:
         main()
     except:
-        sfa_logger().log_exc_critical("SFA server is exiting")
+        logger.log_exc_critical("SFA server is exiting")