X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fhierarchy.py;h=dc66ef80ce708151b45639c598c996fd4ca0cea5;hb=1e95f8a388325499564df5f8eb6eb1fd10ca2d42;hp=93970df6759ae9b038bf883f2d18ff40297a2636;hpb=cb83b38f6586314d51e23dad227047d126bd4b76;p=sfa.git diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py index 93970df6..dc66ef80 100644 --- a/sfa/trust/hierarchy.py +++ b/sfa/trust/hierarchy.py @@ -12,18 +12,16 @@ # *.DBINFO - database info ## -### $Id$ -### $URL$ - import os -from sfa.util.sfalogging import sfa_logger +from sfa.util.faults import * +from sfa.util.sfalogging import logger +from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn, urn_to_hrn from sfa.trust.certificate import Keypair -from sfa.trust.credential import * +from sfa.trust.credential import Credential from sfa.trust.gid import GID, create_uuid -from sfa.util.namespace import * from sfa.util.config import Config -from sfa.util.sfaticket import SfaTicket +from sfa.trust.sfaticket import SfaTicket ## # The AuthInfo class contains the information for an authority. This information @@ -35,7 +33,6 @@ class AuthInfo: gid_filename = None privkey_filename = None dbinfo_filename = None - ## # Initialize and authority object. # @@ -161,7 +158,7 @@ class Hierarchy: def create_auth(self, xrn, create_parents=False): hrn, type = urn_to_hrn(xrn) - sfa_logger().debug("Hierarchy: creating authority: " + hrn) + logger.debug("Hierarchy: creating authority: %s"% hrn) # create the parent authority if necessary parent_hrn = get_authority(hrn) @@ -181,7 +178,7 @@ class Hierarchy: pass if os.path.exists(privkey_filename): - sfa_logger().debug("using existing key %r for authority %r"%(privkey_filename,hrn)) + logger.debug("using existing key %r for authority %r"%(privkey_filename,hrn)) pkey = Keypair(filename = privkey_filename) else: pkey = Keypair(create = True) @@ -206,8 +203,8 @@ class Hierarchy: def get_auth_info(self, xrn): hrn, type = urn_to_hrn(xrn) - sfa_logger().debug("Hierarchy: xrn=%s, getting authority for hrn=%s"%(xrn,hrn)) if not self.auth_exists(hrn): + logger.warning("Hierarchy: mising authority - xrn=%s, hrn=%s"%(xrn,hrn)) raise MissingAuthority(hrn) (directory, gid_filename, privkey_filename, dbinfo_filename) = \ @@ -232,15 +229,28 @@ class Hierarchy: # @param uuid the unique identifier to store in the GID # @param pkey the public key to store in the GID - def create_gid(self, xrn, uuid, pkey): + def create_gid(self, xrn, uuid, pkey, CA=False): hrn, type = urn_to_hrn(xrn) + parent_hrn = get_authority(hrn) # Using hrn_to_urn() here to make sure the urn is in the right format # If xrn was a hrn instead of a urn, then the gid's urn will be # of type None urn = hrn_to_urn(hrn, type) gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn) - parent_hrn = get_authority(hrn) + # is this a CA cert + if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn: + # root or sub authority + gid.set_intermediate_ca(True) + elif type and 'authority' in type: + # authority type + gid.set_intermediate_ca(True) + elif CA: + gid.set_intermediate_ca(True) + else: + gid.set_intermediate_ca(False) + + # set issuer if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion @@ -250,7 +260,6 @@ class Hierarchy: parent_auth_info = self.get_auth_info(parent_hrn) gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn) gid.set_parent(parent_auth_info.get_gid_object()) - gid.set_intermediate_ca(True) gid.set_pubkey(pkey) gid.encode()