from sfa.util.rspec import RSpec
import sys
import pdb
-from sfa.util.xrn import urn_to_hrn, get_authority
+from sfa.util.xrn import urn_to_hrn, hrn_to_urn, get_authority
+from sfa.util.plxrn import hrn_to_pl_slicename
from sfa.util.plxrn import hrn_to_pl_slicename
from sfa.util.rspec import *
from sfa.util.specdict import *
registries = Registries(api)
registry = registries[api.hrn]
credential = api.getCredential()
- records = registry.resolve(credential, hrn)
+ urn = hrn_to_urn(hrn, 'slice')
+ records = registry.Resolve(urn, credential)
for record in records:
if record.get_type() in ['slice']:
slice = record.as_dict()
sites = api.plshell.GetSites(api.plauth, [login_base])
if not sites:
authority = get_authority(hrn)
- site_records = registry.resolve(credential, authority)
+ authority_urn = hrn_to_urn(authority, 'authority')
+ site_records = registry.Resolve(authority_urn, credential)
site_record = {}
if not site_records:
raise RecordNotFound(authority)
researchers = record.get('researcher', [])
for researcher in researchers:
person_record = {}
- person_records = registry.resolve(credential, researcher)
+ researcher_urn = hrn_to_urn(researcher, 'user')
+ person_records = registry.Resolve(researcher_urn, credential)
for record in person_records:
if record.get_type() in ['user']:
person_record = record
records = []
if registry_hrn != api.hrn:
credential = api.getCredential()
- record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
+ record_list = registries[registry_hrn].List(xrn, credential)
records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still have not found the record yet, try the local registry
#!/usr/bin/python
#
-# SFA Certificate Signing and management
-#
+# SFA Certificate Signing and management. Root authorities can use this script to sign
+# the certificate of another authority and become its parent.
+#
+# Example usage:
+#
+## sign a peer cert
+# sfa-ca.py --sign PEER_CERT_FILENAME -o OUTPUT_FILENAME
+#
+## import a cert and update the registry hierarchy
+# sfa-ca.py --import CERT_FILENAME
+#
+## display a cert
+# sfa-ca.py --display CERT_FILENAME
+
import os
import sys
def sign_gid(gid, parent_key, parent_gid):
gid.set_issuer(parent_key, parent_gid.get_hrn())
gid.set_parent(parent_gid)
+ gid.set_intermediate_ca(True)
+ gid.set_pubkey(gid.get_pubkey())
gid.sign()
return gid
# self.path
# provide either urn, or (hrn + type)
def __init__ (self, xrn=None, urn=None, hrn=None, type=None):
+ # user has specified xrn : guess if urn or hrn
if xrn is not None:
if xrn.startswith(Xrn.URN_PREFIX):
self.urn=xrn
self.hrn=xrn
self.type=type
self.hrn_to_urn()
+ # user has specified urn, let's use it
elif urn is not None:
self.urn=urn
self.urn_to_hrn()
+ # user has specified hrn and type
elif hrn is not None and type is not None:
self.hrn=hrn
self.type=type
self.hrn_to_urn()
+ # what should we do ?
else:
raise SfaAPIError,"Xrn.__init__"
# happens all the time ..