From 5d79c38eada69c4cfdd270e9dfdda2c2e0756e63 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Sat, 19 Nov 2011 09:56:10 -0500
Subject: [PATCH] sfa-import-plc.py is not longer responsible for creating the
 top level authority keys and certs. This is now handled by
 sfa/server/sfa-start.py. Also, sfa-start no longer creates a random key/cert
 when it cant find the expected key/cert

---
 sfa/importer/sfaImport.py |  8 +---
 sfa/server/sfa-start.py   | 80 +++------------------------------------
 sfa/trust/hierarchy.py    | 29 +++++++++++++-
 3 files changed, 34 insertions(+), 83 deletions(-)

diff --git a/sfa/importer/sfaImport.py b/sfa/importer/sfaImport.py
index 4de6e1bd..4c5b5c7e 100644
--- a/sfa/importer/sfaImport.py
+++ b/sfa/importer/sfaImport.py
@@ -66,9 +66,8 @@ class sfaImport:
 
     def create_top_level_auth_records(self, hrn):
         """
-        Create top level records (includes root and sub authorities (local/remote)
+        Create top level db records (includes root and sub authorities (local/remote)
         """
-        urn = hrn_to_urn(hrn, 'authority')
         # make sure parent exists
         parent_hrn = get_authority(hrn)
         if not parent_hrn:
@@ -76,11 +75,6 @@ class sfaImport:
         if not parent_hrn == hrn:
             self.create_top_level_auth_records(parent_hrn)
 
-        # create the authority if it doesnt already exist 
-        if not self.AuthHierarchy.auth_exists(urn):
-            self.logger.info("Import: creating top level authorities")
-            self.AuthHierarchy.create_auth(urn)
-        
         # create the db record if it doesnt already exist    
         auth_info = self.AuthHierarchy.get_auth_info(hrn)
         table = SfaTable()
diff --git a/sfa/server/sfa-start.py b/sfa/server/sfa-start.py
index d4a3131d..abe8c007 100755
--- a/sfa/server/sfa-start.py
+++ b/sfa/server/sfa-start.py
@@ -64,77 +64,6 @@ def daemon():
     os.dup2(crashlog, 1)
     os.dup2(crashlog, 2)
 
-def init_server_key(server_key_file, server_cert_file, config, hierarchy):
-
-    hrn = config.SFA_INTERFACE_HRN.lower()
-    # check if the server's private key exists. If it doesnt,
-    # get the right one from the authorities directory. If it cant be
-    # found in the authorities directory, generate a random one
-    if not os.path.exists(server_key_file):
-        hrn = config.SFA_INTERFACE_HRN.lower()
-        hrn_parts = hrn.split(".")
-        rel_key_path = hrn
-        pkey_filename = hrn+".pkey"
-
-        # sub authority's have "." in their hrn. This must
-        # be converted to os.path separator
-        if len(hrn_parts) > 0:
-            rel_key_path = hrn.replace(".", os.sep)
-            pkey_filename= hrn_parts[-1]+".pkey"
-
-        key_file = os.sep.join([hierarchy.basedir, rel_key_path, pkey_filename])
-        if not os.path.exists(key_file):
-            # if it doesnt exist then this is probably a fresh interface
-            # with no records. Generate a random keypair for now
-            logger.debug("server's public key not found in %s" % key_file)
-
-            logger.debug("generating a random server key pair")
-            key = Keypair(create=True)
-            key.save_to_file(server_key_file)
-            init_server_cert(hrn, key, server_cert_file, self_signed=True)    
-
-        else:
-            # the pkey was found in the authorites directory. lets 
-            # copy it to where the server key should be and generate
-            # the cert
-            key = Keypair(filename=key_file)
-            key.save_to_file(server_key_file)
-            init_server_cert(hrn, key, server_cert_file)    
-
-    # If private key exists and cert doesnt, recreate cert
-    if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
-        key = Keypair(filename=server_key_file)
-        init_server_cert(hrn, key, server_cert_file)    
-
-
-def init_server_cert(hrn, key, server_cert_file, self_signed=False):
-    """
-    Setup the certificate for this server. Attempt to use gid before 
-    creating a self signed cert 
-    """
-    if self_signed:
-        init_self_signed_cert(hrn, key, server_cert_file)
-    else:
-        try:
-            # look for gid file
-            logger.debug("generating server cert from gid: %s"% hrn)
-            hierarchy = Hierarchy()
-            auth_info = hierarchy.get_auth_info(hrn)
-            gid = GID(filename=auth_info.gid_filename)
-            gid.save_to_file(filename=server_cert_file)
-        except:
-            # fall back to self signed cert
-            logger.debug("gid for %s not found" % hrn)
-            init_self_signed_cert(hrn, key, server_cert_file)        
-        
-def init_self_signed_cert(hrn, key, server_cert_file):
-    logger.debug("generating self signed cert")
-    # generate self signed certificate
-    cert = Certificate(subject=hrn)
-    cert.set_issuer(key=key, subject=hrn)
-    cert.set_pubkey(key)
-    cert.sign()
-    cert.save_to_file(server_cert_file)
 
 def install_peer_certs(server_key_file, server_cert_file):
     """
@@ -253,11 +182,12 @@ def main():
     
     config = Config()
     if config.SFA_API_DEBUG: pass
-    hierarchy = Hierarchy()
-    server_key_file = os.path.join(hierarchy.basedir, "server.key")
-    server_cert_file = os.path.join(hierarchy.basedir, "server.cert")
 
-    init_server_key(server_key_file, server_cert_file, config, hierarchy)
+    # ge the server's key and cert
+    hierarchy = Hierarchy()
+    auth_info = hierarchy.get_interface_auth_info() 
+    server_key_file = auth_info.get_privkey_filename()
+    server_cert_file = auth_info.get_gid_filename()
 
     if (options.daemon):  daemon()
     
diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py
index 9648c9d4..873c7668 100644
--- a/sfa/trust/hierarchy.py
+++ b/sfa/trust/hierarchy.py
@@ -112,8 +112,8 @@ class Hierarchy:
     # @param basedir the base directory to store the hierarchy in
 
     def __init__(self, basedir = None):
+        self.config = Config()
         if not basedir:
-            self.config = Config()
             basedir = os.path.join(self.config.SFA_DATA_DIR, "authorities")
         self.basedir = basedir
     ##
@@ -194,6 +194,33 @@ class Hierarchy:
         dbinfo_file.write(str(dbinfo))
         dbinfo_file.close()
 
+    def create_top_level_auth(self, hrn=None):
+        """
+        Create top level records (includes root and sub authorities (local/remote)
+        """
+        if not hrn:
+            hrn = self.config.SFA_INTERFACE_HRN
+        
+        # make sure parent exists
+        parent_hrn = get_authority(hrn)
+        if not parent_hrn:
+            parent_hrn = hrn
+        if not parent_hrn == hrn:
+            self.create_top_level_auth(parent_hrn)
+       
+        # create the authority if it doesnt alrady exist
+        if not self.auth_exists(hrn):
+            self.AuthHierarchy.create_auth(hrn)
+            
+        
+    def get_interface_auth_info(self, create=True):
+        hrn = self.config.SFA_INTERFACE_HRN
+        if not self.auth_exists(hrn):
+            if create==True:
+                self.create_top_level_auth(hrn) 
+            else:
+                raise MissingAuthority(hrn)
+        return self.get_auth_info(hrn)
     ##
     # Return the AuthInfo object for the specified authority. If the authority
     # does not exist, then an exception is thrown. As a side effect, disk files
-- 
2.43.0