# Get key and certificate
key_file = self.get_key_file()
cert_file = self.get_cert_file(key_file)
+ self.key = Keypair(filename=key_file)
self.key_file = key_file
self.cert_file = cert_file
# Establish connection to server(s)
print "Writing self-signed certificate to", file
cert.save_to_file(file)
return file
-
+
+ def get_gid(self):
+ file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".gid")
+ if (os.path.isfile(file)):
+ gid = GID(filename=file)
+ return gid
+ else:
+ cert = Certificate(self.cert_file)
+ cert_str = cert.save_to_string(save_parents=True)
+ request_hash = self.key.compute_hash([cert_str, self.user, "user"])
+ gid_str = self.registry.get_gid(cert, self.user, "user", request_hash)
+ gid = GID(string=gid_str)
+ if self.options.verbose:
+ print "Writing user gid to", file
+ gid.save_to_file(file, save_parents=True)
+ return gid
+
def get_user_cred(self):
file = os.path.join(self.options.sfi_dir, self.get_leaf(self.user) + ".cred")
if (os.path.isfile(file)):
# Generate sub-command parser
#
def create_cmd_parser(self,command, additional_cmdargs = None):
- cmdargs = {"list": "name",
+ cmdargs = {"gid": "",
+ "list": "name",
"show": "name",
"remove": "name",
"add": "record",
# Generate command line parser
parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
- description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
+ description="Commands: gid,list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
parser.add_option("-r", "--registry", dest="registry",
help="root registry", metavar="URL", default=None)
parser.add_option("-s", "--slicemgr", dest="sm",
#
# Registry-related commands
#
-
+
+ def gid(self, opts, args):
+ gid = self.get_gid()
+ print "GID: %s" % (gid.save_to_string(save_parents=True))
+ return
+
# list entires in named authority registry
def list(self,opts, args):
user_cred = self.get_user_cred()
delete_slice
get_aggregates
get_credential
+get_gid
get_registries
get_resources
get_slices
--- /dev/null
+# * require certificate as an argument
+# * lookup gid in db
+# * get pubkey from gid
+# * if certifacate matches pubkey from gid, return gid, else raise exception
+# if not peer.is_pubkey(gid.get_pubkey()):
+# raise ConnectionKeyGIDMismatch(gid.get_subject())
+
+from sfa.util.faults import *
+from sfa.util.misc import *
+from sfa.util.method import Method
+from sfa.util.parameter import Parameter, Mixed
+from sfa.trust.auth import Auth
+from sfa.trust.gid import GID
+from sfa.trust.certificate import Certificate
+from sfa.util.genitable import GeniTable
+
+class get_gid(Method):
+ """
+ Returns the client's gid if one exists
+
+ @param cert certificate string
+ @return client gid
+ """
+
+ interfaces = ['registry']
+
+ accepts = [
+ Parameter(str, "Certificate string"),
+
+ Parameter(str, "Human readable name (hrn)")
+ ]
+
+ returns = [Parameter(dict, "Aggregate interface information")]
+
+ def call(self, cert, hrn, type, requestHash):
+
+ certificate = Certificate(string=cert)
+ table = GeniTable()
+ records = table.find({'hrn': hrn, 'type': type})
+ if not records:
+ raise RecordNotFound(hrn)
+ record = records[0]
+ gidStr = record['gid']
+ gid = GID(string=gidStr)
+
+ #if not certificate.is_pubkey(gid.get_pubkey()):
+ # raise ConnectionKeyGIDMismatch(gid.get_subject())
+
+ # authenticate the gid
+ self.api.auth.authenticateGid(gidStr, [cert, hrn, type], requestHash)
+
+ return gidStr
### $Id$
### $URL$
+from sfa.trust.certificate import *
from sfa.trust.gid import *
from sfa.trust.credential import *
from sfa.util.record import *
# @param protocol The ORPC protocol to use. Can be "soap" or "xmlrpc"
def __init__(self, url, key_file, cert_file, protocol="xmlrpc"):
- self.url = url
- self.key_file = key_file
- self.cert_file = cert_file
+ self.url = url
+ self.key_file = key_file
+ self.cert_file = cert_file
+ self.key = Keypair(filename = self.key_file)
+
- if (protocol=="xmlrpc"):
- import xmlrpcprotocol
- self.server = xmlrpcprotocol.get_server(self.url, self.key_file, self.cert_file)
- elif (protocol=="soap"):
- import soapprotocol
- self.server = soapprotocol.get_server(self.url, self.key_file, self.cert_file)
- else:
- raise Exception("Attempted use of undefined protocol %s"%protocol)
+ if (protocol=="xmlrpc"):
+ import xmlrpcprotocol
+ self.server = xmlrpcprotocol.get_server(self.url, self.key_file, self.cert_file)
+ elif (protocol=="soap"):
+ import soapprotocol
+ self.server = soapprotocol.get_server(self.url, self.key_file, self.cert_file)
+ else:
+ raise Exception("Attempted use of undefined protocol %s"%protocol)
# -------------------------------------------------------------------------
#
# @return a GID object
- def get_gid(self, name):
- gid_str_list = self.server.get_gid(name)
- gid_list = []
- for str in gid_str_list:
- gid_list.append(GID(string=str))
- return gid_list
+ #def get_gid(self, name):
+ # gid_str_list = self.server.get_gid(name)
+ # gid_list = []
+ # for str in gid_str_list:
+ # gid_list.append(GID(string=str))
+ # return gid_list
+
+ def get_gid(self, cert, hrn, type, request_hash):
+ cert_string = cert.save_to_string(save_parents=True)
+ gid_str = self.server.get_gid(cert_string, hrn, type, request_hash)
+ return GID(string=gid_str)
##
# Get_self_credential a degenerate version of get_credential used by a
# client to get his initial credential when he doesn't have one. This is