--- /dev/null
+import time
+
+from PLC.Faults import *
+from PLC.Method import Method
+from PLC.Parameter import Parameter, Mixed
+from PLC.Slices import Slice, Slices
+from PLC.Auth import Auth
+from PLC.GPG import gpg_sign, gpg_verify
+
+from PLC.Methods.GetSlivers import get_slivers
+
+class GetSliceTicket(Method):
+ """
+ Returns a ticket for, or signed representation of, the specified
+ slice. Slice tickets may be used to manually instantiate or update
+ a slice on a node. Present this ticket to the local Node Manager
+ interface to redeem it.
+
+ If the slice has not been added to a node with AddSliceToNodes,
+ and the ticket is redeemed on that node, it will be deleted the
+ next time the Node Manager contacts the API.
+
+ Users may only obtain tickets for slices of which they are
+ members. PIs may obtain tickets for any of the slices at their
+ sites, or any slices of which they are members. Admins may obtain
+ tickets for any slice.
+
+ Returns 1 if successful, faults otherwise.
+ """
+
+ roles = ['admin', 'pi', 'user', 'peer']
+
+ accepts = [
+ Auth(),
+ Mixed(Slice.fields['slice_id'],
+ Slice.fields['name']),
+ ]
+
+ returns = Parameter(str, 'Signed slice ticket')
+
+ def call(self, auth, slice_id_or_name):
+ slices = Slices(self.api, [slice_id_or_name])
+ if not slices:
+ raise PLCInvalidArgument, "No such slice"
+ slice = slices[0]
+
+ # Allow peers to obtain tickets for their own slices
+ if slice['peer_id'] is not None:
+ if not isinstance(self.caller, Peer):
+ raise PLCInvalidArgument, "Not a local slice"
+ elif slice['peer_id'] != self.caller['peer_id']:
+ raise PLCInvalidArgument, "Only the authoritative peer may obtain tickets for that slice"
+
+ # Tickets are the canonicalized XML-RPC methodResponse
+ # representation of a partial GetSlivers() response, i.e.,
+
+ data = {
+ 'timestamp': int(time.time()),
+ 'slivers': get_slivers(self.api, [slice['slice_id']]),
+ }
+
+ # Sign ticket
+ signed_ticket = gpg_sign((data,),
+ self.api.config.PLC_ROOT_GPG_KEY,
+ self.api.config.PLC_ROOT_GPG_KEY_PUB,
+ methodresponse = True,
+ detach_sign = False)
+
+ # Verify ticket
+ gpg_verify(signed_ticket,
+ self.api.config.PLC_ROOT_GPG_KEY_PUB)
+
+ return signed_ticket