4 # SFA Certificate Signing and management
9 from optparse import OptionParser
10 from sfa.trust.certificate import Keypair, Certificate
11 from sfa.trust.gid import GID, create_uuid
12 from sfa.trust.hierarchy import Hierarchy
13 from sfa.util.config import Config
18 parser = OptionParser(usage="%(script_name)s [options]" % locals())
19 parser.add_option("-d", "--display", dest="display", default=None,
20 help="print contents of specified gid")
21 parser.add_option("-s", "--sign", dest="sign", default=None,
23 parser.add_option("-k", "--key", dest="key", default=None,
24 help="keyfile to use for signing")
25 parser.add_option("-i", "--import", dest="importgid", default=None,
26 help="gid file to import into the registry")
27 parser.add_option("-e", "--export", dest="export",
28 help="name of gid to export from registry")
29 parser.add_option("-o", "--outfile", dest="outfile",
30 help="where to write the exprted gid")
31 parser.add_option("-v", "--verbose", dest="verobse",
34 (options, args) = parser.parse_args()
41 elif options.importgid:
52 Display the sepcified GID
54 gidfile = os.path.abspath(options.display)
55 if not gidfile or not os.path.isfile(gidfile):
56 print "No such gid: %s" % gidfile
58 gid = GID(filename=gidfile)
59 gid.dump(dump_parents=True)
63 Sign the specified gid
65 hierarchy = Hierarchy()
67 parent_hrn = config.SFA_INTERFACE_HRN
68 auth_info = hierarchy.get_auth_info(parent_hrn)
71 gidfile = os.path.abspath(options.sign)
72 if not os.path.isfile(gidfile):
73 print "no such gid: %s" % gidfile
75 gid = GID(filename=gidfile)
77 # load the parent private key
78 pkeyfile = options.key
79 # if no pkey was specified, then use the this authority's key
81 pkeyfile = auth_info.privkey_filename
82 if not os.path.isfile(pkeyfile):
83 print "no such pkey: %s.\nPlease specify a valid private key" % pkeyfile
85 parent_key = Keypair(filename=pkeyfile)
88 parent_gid = auth_info.gid_object
91 outfile = options.outfile
93 outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn())
95 # check if gid already has a parent
98 gid.set_issuer(parent_key, parent_hrn)
99 gid.set_parent(parent_gid)
101 gid.save_to_file(outfile, save_parents=True)
104 def export_gid(options):
105 from sfa.util.table import SfaTable
106 # lookup the record for the specified hrn
109 # check sfa table first
111 records = table.find({'hrn': hrn, type: 'authority'})
113 # check the authorities hierarchy
114 hierarchy = Hierarchy()
116 auth_info = hierarchy.get_auth_info()
117 gid = auth_info.gid_object
119 print "Record: %s not found" % hrn
123 gid = GID(string=record['gid'])
126 outfile = options.outfile
128 outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
131 gid.save_to_file(outfile, save_parents=True)
133 def import_gid(options):
135 Import the specified gid into the registry (db and authorities
136 hierarchy) overwriting any previous gid.
138 from sfa.util.table import SfaTable
139 from sfa.util.record import SfaRecord
141 gidfile = os.path.abspath(options.importgid)
142 if not gidfile or not os.path.isfile(gidfile):
143 print "No such gid: %s" % gidfile
145 gid = GID(filename=gidfile)
147 # check if it exists within the hierarchy
148 hierarchy = Hierarchy()
149 if not hierarchy.auth_exists(gid.get_hrn()):
150 print "%s not found in hierarchy" % gid.get_hrn()
153 # check if record exists in db
155 records = table.find({'hrn': gid.get_hrn(), 'type': 'authority'})
157 print "%s not found in record database" % get.get_hrn()
160 # update the database record
162 record['gid'] = gid.save_to_string(save_parents=True)
165 # update the hierarchy
166 auth_info = hierarchy.get_auth_info(gid.get_hrn())
167 filename = auth_info.gid_filename
168 gid.save_to_file(filename, save_parents=True)
170 if __name__ == '__main__':