+++ /dev/null
-### $Id: get_ticket.py 15823 2009-11-20 19:45:52Z tmack $
-### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $
-import time
-from sfa.util.faults import *
-from sfa.util.method import Method
-from sfa.util.parameter import Parameter, Mixed
-from sfa.trust.auth import Auth
-from sfa.util.config import Config
-from sfa.trust.credential import Credential
-from sfa.util.genitable import GeniTable
-from sfa.util.sfaticket import SfaTicket
-from sfa.plc.slices import Slices
-
-class get_signed_ticket(Method):
- """
- Retrieve a ticket. This operation is currently implemented on PLC
- only (see SFA, engineering decisions); it is not implemented on
- components.
-
- The ticket is filled in with information from the PLC database. This
- information includes resources, and attributes such as user keys and
- initscripts.
-
- @param cred credential string
- @param hrn human readable name (hrn) of slice
- @param rspec resource specification string
- @param data extra data
-
- @return the string representation of a signed ticket object
- """
-
- interfaces = ['registry']
-
- accepts = [
- Parameter(str, "Credential string"),
- Parameter(str, "human readable name (hrn) of slice"),
- Parameter(str, "resource specification string"),
- Parameter(dict, "extra data"),
- Mixed(Parameter(str, "Request hash"),
- Parameter(None, "Request hash not specified"))
- ]
-
- returns = Parameter(str, "String represeneation of a signed ticket object")
-
- def call(self, cred, hrn, rspec, data, request_hash=None):
- self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
- self.api.auth.check(cred, "signticket")
- self.api.auth.verify_object_belongs_to_me(hrn)
- self.api.auth.verify_object_permission(hrn)
-
- # get the record info
- table = GeniTable()
- records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
- if not records:
- raise RecordNotFound(hrn)
- record = records[0]
- auth_hrn = record['authority']
- auth_info = self.api.auth.get_auth_info(auth_hrn)
- object_gid = record.get_gid_object()
- new_ticket = SfaTicket(subject = object_gid.get_subject())
- new_ticket.set_gid_caller(self.api.auth.client_gid)
- new_ticket.set_gid_object(object_gid)
- new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_ticket.set_pubkey(object_gid.get_pubkey())
- newticket.set_attributes(data)
- new_ticket.set_rspec(rspec)
- new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
- new_ticket.encode()
- new_ticket.sign()
-
- return new_ticket.save_to_string(save_parents=True)
-