--- /dev/null
+import os
+
+from geniclient import *
+from cert import *
+from gid import *
+
+key_file = "dummyclient.key"
+cert_file = "dummyclient.cert"
+
+if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
+ key = Keypair(create=True)
+ key.save_to_file(key_file)
+
+ cert = Certificate(subject="dummyclient")
+ cert.set_pubkey(key)
+ cert.set_issuer(key=key, subject="dummyclient")
+ cert.sign()
+ cert.save_to_file(cert_file)
+
+c = GeniClient("https://localhost:12345/", key_file, cert_file)
+
+gid = c.get_gid("planetlab.smbaker.dummy.client")[0]
+gid.save_to_file("dummyclient.gid")
+
+print "gid: ", gid.get_subject(), "saved to dummyclient.gid"
+
+cred = c.get_self_credential("user", "planetlab.smbaker.dummy.client")
+cred.save_to_file("dummyclient.cred")
+
+print "cred: ", cred.get_subject(), "saved to dummyclient.cred"
+
+object_cred = c.get_credential(cred, "slice", "planetlab.smbaker.dummy.slice")
+object_cred.save_to_file("dummyslice.cred")
+
+print "cred: ", object_cred.get_subject(), "saved to dummyslice.cred"
--- /dev/null
+import tempfile
+import os
+
+from cert import *
+from gid import *
+from geniserver import *
+
+# DummyRegistry implements the security layer for a registry. It creates GIDs
+# by using the public key contained in client's certificate.
+
+
+class DummyRegistry(GeniServer):
+ gid_dict = {}
+
+ def __init__(self, ip, port, key_file, cert_file):
+ GeniServer.__init__(self, ip, port, key_file, cert_file)
+
+ def register_functions(self):
+ GeniServer.register_functions(self)
+ self.server.register_function(self.get_self_credential)
+ self.server.register_function(self.get_credential)
+ self.server.register_function(self.get_gid)
+
+ def resolve_gid(self, name):
+ gid = self.gid_dict.get(name, None)
+ if gid:
+ return [gid]
+
+ # assume the user is who he says he is, and create a GID for him
+ peer_cert = self.server.peer_cert
+ gid = GID(subject=name, uuid=create_uuid(), hrn=name)
+ gid.set_pubkey(peer_cert.get_pubkey())
+ gid.set_issuer(key=self.key, cert=self.cert)
+ gid.encode()
+ gid.sign()
+
+ self.gid_dict[name] = gid
+
+ return [gid]
+
+ def get_gid(self, name):
+ gid_list = self.resolve_gid(name)
+ gid_string_list = []
+ for gid in gid_list:
+ gid_string_list.append(gid.save_to_string())
+ return gid_string_list
+
+ def get_self_credential(self, type, name):
+ client_gid = self.resolve_gid(name)[0]
+ cred = Credential(subject = client_gid.get_subject())
+ cred.set_gid_caller(client_gid)
+ cred.set_issuer(key=self.key, cert=self.cert)
+ cred.set_pubkey(client_gid.get_pubkey())
+ cred.encode()
+ cred.sign()
+ return cred.save_to_string()
+
+ def get_credential(self, cred, type, name):
+ if not cred:
+ return get_self_credential(self, type, name)
+
+ self.decode_authentication(cred)
+
+ object_gid = self.resolve_gid(name)[0]
+ new_cred = Credential(subject = object_gid.get_subject())
+ new_cred.set_gid_caller(self.client_gid)
+ new_cred.set_gid_object(object_gid)
+ new_cred.set_issuer(key=self.key, cert=self.cert)
+ new_cred.set_pubkey(object_gid.get_pubkey())
+ new_cred.encode()
+ new_cred.sign()
+
+ return new_cred.save_to_string()
+
+if __name__ == "__main__":
+ key_file = "dummyserver.key"
+ cert_file = "dummyserver.cert"
+
+ # if no key is specified, then make one up
+ if (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
+ key = Keypair(create=True)
+ key_file = "dummyserver.key"
+ key.save_to_file(key_file)
+
+ cert = Certificate(subject="dummy")
+ cert.set_issuer(key=key, subject="dummy")
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(cert_file)
+
+ s = DummyRegistry("localhost", 12345, key_file, cert_file)
+ s.run()
+
git://git.onelab.eu / sfa.git / commitdiff