From 510763490e86632a50496f611aa3dbc1a2eae924 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Fri, 1 Feb 2013 12:31:51 -0500 Subject: [PATCH] correctly include email in subjectAltName section of user certificates/gids --- sfa/importer/openstackimporter.py | 2 +- sfa/importer/plimporter.py | 3 +- sfa/managers/slice_manager.py | 55 ++----------------------------- sfa/trust/certificate.py | 4 ++- sfa/trust/gid.py | 4 +-- sfa/trust/hierarchy.py | 5 +-- 6 files changed, 13 insertions(+), 60 deletions(-) diff --git a/sfa/importer/openstackimporter.py b/sfa/importer/openstackimporter.py index 1f2af928..0cf729c3 100644 --- a/sfa/importer/openstackimporter.py +++ b/sfa/importer/openstackimporter.py @@ -73,7 +73,7 @@ class OpenstackImporter: else: self.logger.warn("OpenstackImporter: person %s does not have a PL public key"%hrn) pkey = Keypair(create=True) - user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey) + user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey, email=user.email) user_record = RegUser () user_record.type='user' user_record.hrn=hrn diff --git a/sfa/importer/plimporter.py b/sfa/importer/plimporter.py index 70fca69b..1fe64e8f 100644 --- a/sfa/importer/plimporter.py +++ b/sfa/importer/plimporter.py @@ -286,8 +286,7 @@ class PlImporter: plc_keys = keys_by_person_id.get(person['person_id'],[]) if not user_record: (pubkey,pkey) = init_person_key (person, plc_keys ) - person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey) - person_gid.set_email(person['email']) + person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey, email=person['email']) user_record = RegUser (hrn=person_hrn, gid=person_gid, pointer=person['person_id'], authority=get_authority(person_hrn), diff --git a/sfa/managers/slice_manager.py b/sfa/managers/slice_manager.py index b4dc531e..1c1c0622 100644 --- a/sfa/managers/slice_manager.py +++ b/sfa/managers/slice_manager.py @@ -483,53 +483,6 @@ class SliceManager: 'geni_slivers': geni_slivers } - def ListSlices(self, api, creds, options): - call_id = options.get('call_id') - if Callids().already_handled(call_id): return [] - - def _ListSlices(server, creds, options): - return server.ListSlices(creds, options) - - # look in cache first - # xxx is this really frequent enough that it is worth being cached ? - if self.cache: - slices = self.cache.get('slices') - if slices: - api.logger.debug("SliceManager.ListSlices returns from cache") - return slices - - # get the callers hrn - valid_cred = api.auth.checkCredentials(creds, 'listslices', None)[0] - caller_hrn = Credential(cred=valid_cred).get_gid_caller().get_hrn() - - # attempt to use delegated credential first - cred= api.getDelegatedCredential(creds) - if not cred: - cred = api.getCredential() - threads = ThreadManager() - # fetch from aggregates - for aggregate in api.aggregates: - # prevent infinite loop. Dont send request back to caller - # unless the caller is the aggregate's SM - if caller_hrn == aggregate and aggregate != api.hrn: - continue - interface = api.aggregates[aggregate] - server = api.server_proxy(interface, cred) - threads.run(_ListSlices, server, [cred], options) - - # combime results - results = [ReturnValue.get_value(result) for result in threads.get_results()] - slices = [] - for result in results: - slices.extend(result) - - # cache the result - if self.cache: - api.logger.debug("SliceManager.ListSlices caches value") - self.cache.add('slices', slices) - - return slices - def GetTicket(self, api, xrn, creds, rspec, users, options): slice_hrn, type = urn_to_hrn(xrn) @@ -597,11 +550,9 @@ class SliceManager: ticket.sign() return ticket.save_to_string(save_parents=True) - def start_slice(self, api, xrn, creds): - hrn, type = urn_to_hrn(xrn) - + def PerformOperationalAction(self, api, xrn, creds, action, options): # get the callers hrn - valid_cred = api.auth.checkCredentials(creds, 'startslice', hrn)[0] + valid_cred = api.auth.checkCredentials(creds, 'createsliver', xrn)[0] caller_hrn = Credential(cred=valid_cred).get_gid_caller().get_hrn() # attempt to use delegated credential first @@ -616,7 +567,7 @@ class SliceManager: continue interface = api.aggregates[aggregate] server = api.server_proxy(interface, cred) - threads.run(server.Start, xrn, cred) + threads.run(server.PerformOperationalAction, xrn, cred, action, options) threads.get_results() return 1 diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py index 59ec4427..015556e1 100644 --- a/sfa/trust/certificate.py +++ b/sfa/trust/certificate.py @@ -318,7 +318,7 @@ class Certificate: # @param filename If filename!=None, load the certficiate from the file. # @param isCA If !=None, set whether this cert is for a CA - def __init__(self, lifeDays=1825, create=False, subject=None, string=None, filename=None, isCA=None): + def __init__(self, lifeDays=1825, create=False, subject=None, string=None, filename=None, isCA=None, email=None): self.data = {} if create or subject: self.create(lifeDays) @@ -328,6 +328,8 @@ class Certificate: self.load_from_string(string) if filename: self.load_from_file(filename) + if email: + self.set_email(email) # Set the CA bit if a value was supplied if isCA != None: diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index 4f482707..96d375e7 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -80,9 +80,9 @@ class GID(Certificate): # @param filename If filename!=None, load the GID from a file # @param lifeDays life of GID in days - default is 1825==5 years - def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825): + def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): - Certificate.__init__(self, lifeDays, create, subject, string, filename) + Certificate.__init__(self, lifeDays, create, subject, string, filename, email=email) if subject: logger.debug("Creating GID for subject: %s" % subject) if uuid: diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py index cf330db2..4cf2fb90 100644 --- a/sfa/trust/hierarchy.py +++ b/sfa/trust/hierarchy.py @@ -222,7 +222,7 @@ class Hierarchy: # @param uuid the unique identifier to store in the GID # @param pkey the public key to store in the GID - def create_gid(self, xrn, uuid, pkey, CA=False): + def create_gid(self, xrn, uuid, pkey, CA=False, email=None): hrn, type = urn_to_hrn(xrn) if not type: type = 'authority' @@ -231,7 +231,8 @@ class Hierarchy: # If xrn was a hrn instead of a urn, then the gid's urn will be # of type None urn = hrn_to_urn(hrn, type) - gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn) + gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn, email=email) + # is this a CA cert if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn: # root or sub authority -- 2.43.0