X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fhierarchy.py;h=5e76dbf3735e6e67271d5b3152b1ef2c2e4cd6b9;hb=a0ef6e7c91c3c8fa376943d28fec8c5c204a78cd;hp=f28329ce106f6940369b12a5a2942d9d1503bcc6;hpb=db091e73c33c373b7f6c2c96bd2caf6a2acf0178;p=sfa.git

diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py
index f28329ce..5e76dbf3 100644
--- a/sfa/trust/hierarchy.py
+++ b/sfa/trust/hierarchy.py
@@ -9,19 +9,18 @@
 # subdirectory are several files:
 #      *.GID - GID file
 #      *.PKEY - private key file
-#      *.DBINFO - database info
 ##
 
 import os
 
-from sfa.util.faults import *
+from sfa.util.faults import MissingAuthority
 from sfa.util.sfalogging import logger
 from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn, urn_to_hrn
 from sfa.trust.certificate import Keypair
 from sfa.trust.credential import Credential
 from sfa.trust.gid import GID, create_uuid
 from sfa.util.config import Config
-from sfa.util.sfaticket import SfaTicket
+from sfa.trust.sfaticket import SfaTicket
 
 ##
 # The AuthInfo class contains the information for an authority. This information
@@ -32,21 +31,18 @@ class AuthInfo:
     gid_object = None
     gid_filename = None
     privkey_filename = None
-    dbinfo_filename = None
     ##
     # Initialize and authority object.
     #
     # @param xrn the human readable name of the authority (urn will be converted to hrn)
     # @param gid_filename the filename containing the GID
     # @param privkey_filename the filename containing the private key
-    # @param dbinfo_filename the filename containing the database info
 
-    def __init__(self, xrn, gid_filename, privkey_filename, dbinfo_filename):
+    def __init__(self, xrn, gid_filename, privkey_filename):
         hrn, type = urn_to_hrn(xrn)
         self.hrn = hrn
         self.set_gid_filename(gid_filename)
         self.privkey_filename = privkey_filename
-        self.dbinfo_filename = dbinfo_filename
 
     ##
     # Set the filename of the GID
@@ -77,15 +73,6 @@ class AuthInfo:
     def get_pkey_object(self):
         return Keypair(filename = self.privkey_filename)
 
-    ##
-    # Get the dbinfo in the form of a dictionary
-
-    def get_dbinfo(self):
-        f = file(self.dbinfo_filename)
-        dict = eval(f.read())
-        f.close()
-        return dict
-
     ##
     # Replace the GID with a new one. The file specified by gid_filename is
     # overwritten with the new GID object
@@ -102,7 +89,7 @@ class AuthInfo:
 #
 # The tree is stored on disk in a hierarchical manner than reflects the
 # structure of the tree. Each authority is a subdirectory, and each subdirectory
-# contains the GID, pkey, and dbinfo files for that authority (as well as
+# contains the GID and pkey files for that authority (as well as
 # subdirectories for each sub-authority)
 
 class Hierarchy:
@@ -112,27 +99,30 @@ class Hierarchy:
     # @param basedir the base directory to store the hierarchy in
 
     def __init__(self, basedir = None):
+        self.config = Config()
         if not basedir:
-            self.config = Config()
             basedir = os.path.join(self.config.SFA_DATA_DIR, "authorities")
         self.basedir = basedir
     ##
-    # Given a hrn, return the filenames of the GID, private key, and dbinfo
+    # Given a hrn, return the filenames of the GID, private key
     # files.
     #
     # @param xrn the human readable name of the authority (urn will be convertd to hrn)
 
     def get_auth_filenames(self, xrn):
         hrn, type = urn_to_hrn(xrn)
-        leaf = get_leaf(hrn)
+        if '\\' in hrn:
+            hrn = hrn.replace('\\', '')
+            leaf = hrn
+        else:
+            leaf = get_leaf(hrn)
         parent_hrn = get_authority(hrn)
         directory = os.path.join(self.basedir, hrn.replace(".", "/"))
 
         gid_filename = os.path.join(directory, leaf+".gid")
         privkey_filename = os.path.join(directory, leaf+".pkey")
-        dbinfo_filename = os.path.join(directory, leaf+".dbinfo")
 
-        return (directory, gid_filename, privkey_filename, dbinfo_filename)
+        return (directory, gid_filename, privkey_filename)
 
     ##
     # Check to see if an authority exists. An authority exists if it's disk
@@ -142,12 +132,10 @@ class Hierarchy:
 
     def auth_exists(self, xrn):
         hrn, type = urn_to_hrn(xrn) 
-        (directory, gid_filename, privkey_filename, dbinfo_filename) = \
+        (directory, gid_filename, privkey_filename) = \
             self.get_auth_filenames(hrn)
         
-        return os.path.exists(gid_filename) and \
-               os.path.exists(privkey_filename) and \
-               os.path.exists(dbinfo_filename)
+        return os.path.exists(gid_filename) and os.path.exists(privkey_filename) 
 
     ##
     # Create an authority. A private key for the authority and the associated
@@ -157,7 +145,7 @@ class Hierarchy:
     # @param create_parents if true, also create the parents if they do not exist
 
     def create_auth(self, xrn, create_parents=False):
-        hrn, type = urn_to_hrn(xrn)
+        hrn, type = urn_to_hrn(str(xrn))
         logger.debug("Hierarchy: creating authority: %s"% hrn)
 
         # create the parent authority if necessary
@@ -165,15 +153,15 @@ class Hierarchy:
         parent_urn = hrn_to_urn(parent_hrn, 'authority')
         if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
             self.create_auth(parent_urn, create_parents)
-
-        (directory, gid_filename, privkey_filename, dbinfo_filename) = \
+        (directory, gid_filename, privkey_filename,) = \
             self.get_auth_filenames(hrn)
 
         # create the directory to hold the files
         try:
             os.makedirs(directory)
         # if the path already exists then pass
-        except OSError, (errno, strerr):
+        except OSError as xxx_todo_changeme:
+            (errno, strerr) = xxx_todo_changeme.args
             if errno == 17:
                 pass
 
@@ -187,13 +175,23 @@ class Hierarchy:
         gid = self.create_gid(xrn, create_uuid(), pkey)
         gid.save_to_file(gid_filename, save_parents=True)
 
-        # XXX TODO: think up a better way for the dbinfo to work
-
-        dbinfo = Config().get_plc_dbinfo()
-        dbinfo_file = file(dbinfo_filename, "w")
-        dbinfo_file.write(str(dbinfo))
-        dbinfo_file.close()
-
+    def create_top_level_auth(self, hrn=None):
+        """
+        Create top level records (includes root and sub authorities (local/remote)
+        """
+        # create the authority if it doesnt alrady exist
+        if not self.auth_exists(hrn):
+            self.create_auth(hrn, create_parents=True)
+            
+        
+    def get_interface_auth_info(self, create=True):
+        hrn = self.config.SFA_INTERFACE_HRN
+        if not self.auth_exists(hrn):
+            if create==True:
+                self.create_top_level_auth(hrn) 
+            else:
+                raise MissingAuthority(hrn)
+        return self.get_auth_info(hrn)
     ##
     # Return the AuthInfo object for the specified authority. If the authority
     # does not exist, then an exception is thrown. As a side effect, disk files
@@ -204,13 +202,13 @@ class Hierarchy:
     def get_auth_info(self, xrn):
         hrn, type = urn_to_hrn(xrn)
         if not self.auth_exists(hrn):
-            logger.warning("Hierarchy: mising authority - xrn=%s, hrn=%s"%(xrn,hrn))
+            logger.warning("Hierarchy: missing authority - xrn=%s, hrn=%s"%(xrn,hrn))
             raise MissingAuthority(hrn)
 
-        (directory, gid_filename, privkey_filename, dbinfo_filename) = \
+        (directory, gid_filename, privkey_filename, ) = \
             self.get_auth_filenames(hrn)
 
-        auth_info = AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)
+        auth_info = AuthInfo(hrn, gid_filename, privkey_filename)
 
         # check the GID and see if it needs to be refreshed
         gid = auth_info.get_gid_object()
@@ -229,15 +227,29 @@ class Hierarchy:
     # @param uuid the unique identifier to store in the GID
     # @param pkey the public key to store in the GID
 
-    def create_gid(self, xrn, uuid, pkey):
+    def create_gid(self, xrn, uuid, pkey, CA=False, email=None, force_parent=None):
         hrn, type = urn_to_hrn(xrn)
+        if not type:
+            type = 'authority'
+        parent_hrn = force_parent if force_parent else get_authority(hrn)
         # Using hrn_to_urn() here to make sure the urn is in the right format
         # If xrn was a hrn instead of a urn, then the gid's urn will be
         # of type None 
         urn = hrn_to_urn(hrn, type)
-        gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn)
+        gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn, email=email)
+        # is this a CA cert
+        if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
+            # root or sub authority  
+            gid.set_intermediate_ca(True)
+        elif type and 'authority' in type:
+            # authority type
+            gid.set_intermediate_ca(True)
+        elif CA:
+            gid.set_intermediate_ca(True)
+        else:
+            gid.set_intermediate_ca(False)
 
-        parent_hrn = get_authority(hrn)
+        # set issuer
         if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
             # if there is no parent hrn, then it must be self-signed. this
             # is where we terminate the recursion
@@ -247,7 +259,6 @@ class Hierarchy:
             parent_auth_info = self.get_auth_info(parent_hrn)
             gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
             gid.set_parent(parent_auth_info.get_gid_object())
-            gid.set_intermediate_ca(True)
 
         gid.set_pubkey(pkey)
         gid.encode()