From 5e2ff5fc5382f8ad0c3855e243386b358d5021a6 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Mon, 23 Nov 2009 03:51:59 +0000
Subject: [PATCH] initial checkin of request_key method

---
 sfa/methods/__init__.py            |  1 +
 sfa/methods/get_self_credential.py |  4 +-
 sfa/methods/request_key.py         | 63 ++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 sfa/methods/request_key.py

diff --git a/sfa/methods/__init__.py b/sfa/methods/__init__.py
index 1f621016..ea672014 100644
--- a/sfa/methods/__init__.py
+++ b/sfa/methods/__init__.py
@@ -15,6 +15,7 @@ get_trusted_certs
 list
 register
 register_peer_object
+request_key
 remove
 reset_slices
 resolve
diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index 21f7a129..eeac6d9d 100644
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -79,8 +79,8 @@ class get_self_credential(Method):
 
         # get the right of this record
         #caller_hrn = certificate.get_subject()    
-	# server.cert has subject 'registry'
-	caller_hrn=hrn
+        # server.cert has subject 'registry'
+        caller_hrn=hrn
         rights = self.api.auth.determine_user_rights(caller_hrn, record)
         if rights.is_empty():
             raise PermissionError(caller_hrn + " has no rights to " + record.get_name())
diff --git a/sfa/methods/request_key.py b/sfa/methods/request_key.py
new file mode 100644
index 00000000..07756007
--- /dev/null
+++ b/sfa/methods/request_key.py
@@ -0,0 +1,63 @@
+### $Id:  $
+### $URL:  $
+import os
+import tempfile
+from sfa.util.faults import *
+from sfa.util.misc import *
+from sfa.util.method import Method
+from sfa.util.parameter import Parameter, Mixed
+from sfa.trust.auth import Auth
+
+class request_key(Method):
+    """
+    Generate a new keypair and gid for requesting caller (component).     
+    @return 1 If successful  
+    """
+
+    interfaces = ['registry']
+    
+    accepts = []
+
+    returns = Parameter(int, "1 if successful, faults otherwise")
+    
+    def call(self):
+        # verify that the callers's ip address exist in the db and is an inteface
+        # for a node in the db
+        (ip, port) = self.api.remote_addr
+        interfaces = self.api.plshell(self.api.plauth, {'ip': ip}, ['node_id'])i
+        if not interfaces:
+            raise NonExistingRecord("no such ip %(ip)s" % locals())
+        nodes = self.api.plshell(self.api.plauth, [interfaces[0]['node_id']], ['node_id', 'hostname'])
+        if not nodes:
+            raise NonExistingRecord("no such node using ip %(ip)s" % locals())
+        node = nodes[0]
+       
+        # look up the sfa record
+        table = GeniTable()
+        records = table.find({'type': 'node', 'pointer': node['node_id']})
+        if not records:
+            raise raise RecordNotFound("pointer:" + str(node['node_id']))  
+        record = records[0]
+        
+        # generate a new keypair and gid
+        uuid = create_uuid()
+        pkey = Keypair(create=True)
+        gid_object = self.api.auth.hierarchy.create_gid(record['hrn'], uuid, pkey)
+        gid = gid_object.save_to_string(save_parents=True)
+        record['gid'] = gid
+        record.set_gid(gid)
+
+        # update the record
+        table.update(record)
+  
+        # attempt the scp the key
+        # this will only work for planetlab based compoenents
+        (fd, filename) = tempfile.mkstemp() 
+        pkey.save_to_file(filename)
+        host = node['hostname']
+        dest="/etc/sfa/%s.key" % record['hrn']
+        identity = "/etc/planetlab/root_ssh_key.pub"
+        os.system("scp -i %(identity)s %(filename)s root@%(host)s:%(dest)s" % locals()
+        os.remove(filename)
+
+        return 1 
-- 
2.43.0