The gid Module

Implements GENI GID. GIDs are based on certificates, and the GID class is a descendant of the certificate class.

create_uuid() [#]

Create a new uuid. Returns the UUID as a string.

GID(create=False, subject=None, string=None, filename=None, uuid=None, hrn=None) (class) [#]

GID is a tuplie: (uuid, hrn, public_key) UUID is a unique identifier and is created by the python uuid module (or the utility function create_uuid() in gid.py).

For more information about this class, see The GID Class.

The GID Class

GID(create=False, subject=None, string=None, filename=None, uuid=None, hrn=None) (class) [#]

GID is a tuplie: (uuid, hrn, public_key) UUID is a unique identifier and is created by the python uuid module (or the utility function create_uuid() in gid.py). HRN is a human readable name. It is a dotted form similar to a backward domain name. For example, planetlab.us.arizona.bakers. PUBLIC_KEY is the public key of the principal identified by the UUID/HRN. It is a Keypair object as defined in the cert.py module. It is expected that there is a one-to-one pairing between UUIDs and HRN, but it is uncertain how this would be inforced or if it needs to be enforced. These fields are encoded using xmlrpc into the subjectAltName field of the x509 certificate. Note: Call encode() once the fields have been filled in to perform this encoding.

__init__(create=False, subject=None, string=None, filename=None, uuid=None, hrn=None) [#]

Create a new GID object

create
If true, create the X509 certificate
subject
If subject!=None, create the X509 cert and set the subject name
string
If string!=None, load the GID from a string
filename
If filename!=None, load the GID from a file

decode() [#]

Decode the subject-alt-name field of the X509 certificate into the fields of the GID. This is automatically called by the various get_*() functions in this class.

dump(indent=0, dump_parents=False) [#]

Dump the credential to stdout.

indent
specifies a number of spaces to indent the output
dump_parents
If true, also dump the parents of the GID

encode() [#]

Encode the GID fields and package them into the subject-alt-name field of the X509 certificate. This must be called prior to signing the certificate. It may only be called once per certificate.

verify_chain(trusted_certs=None) [#]

Verify the chain of authenticity of the GID. First perform the checks of the certificate class (verifying that each parent signs the child, etc). In addition, GIDs also confirm that the parent's HRN is a prefix of the child's HRN. Verifying these prefixes prevents a rogue authority from signing a GID for a principal that is not a member of that authority. For example, planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.