def reserve_vms(self, slice_urn, reservation, expiration=None, users=list()):
# URNs of foreign RMs are not served
current_cm_hrn = self.__config.CM_HRN
cm_id = getattr(reservation, "get_component_manager_id")
if callable(cm_id):
cm_id = urn_to_hrn(cm_id())[0]
if current_cm_hrn != cm_id:
# No reservation is provided for URNs of other CMs
return None
# VMs are dynamic resource -> no collision will happen
slice_hrn, hrn_type = urn_to_hrn(slice_urn)
if not reservation.get_component_id() == None:
server_hrn, hrn_type = urn_to_hrn(reservation.get_component_id())
server_name = server_hrn.split(".")[-1]
else:
server_name = self.__get_best_server()
server_hrn = self.__config.CM_HRN + "." + server_name
server = VTServer.objects.get(name=server_name).getChildObject()
server_id = server.id
if reservation.get_id():
if Reservation.objects.filter(sliceName=slice_hrn, projectName=slice_hrn, name=reservation.get_id()) or VirtualMachine.objects.filter(sliceName=slice_hrn, projectName=slice_hrn, name=reservation.get_id()):
raise Exception("There is another VM with client id %s on this slice already <GENI PROVISIONED> or <GENI ALLOCATED>" %reservation.get_id())
reservation_name = reservation.get_id()
else:
reservation_name = str(random.randint(0,1000*1000))
if expiration == None:
expiration = datetime.utcnow() + timedelta(hours=1)
reserved_vm = Reservation()
#reserved_vm.reservation_id = random.randint(0,1000)
reserved_vm.server_id = server_id
reserved_vm.set_slice_name(slice_hrn)
reserved_vm.set_project_name(slice_hrn)
reserved_vm.set_name(reservation_name)
reserved_vm.set_valid_until(str(expiration))
reserved_vm.uuid = str(uuid.uuid4())
reserved_vm.save()
if not reservation.get_sliver():
reservation.set_sliver(Sliver())
# Set information for sliver
reservation.get_sliver().set_urn(hrn_to_urn(server_hrn+"." + slice_hrn.split(".")[-1] + "." +str(reservation_name), "sliver"))
reservation.get_sliver().set_allocation_status(self.GENI_ALLOCATED)
reservation.get_sliver().set_expiration(expiration)
reservation.get_sliver().set_operational_status(self.GENI_NOT_READY)
reservation.get_sliver().set_client_id(reservation_name)
reservation.set_allocation_status = self.GENI_ALLOCATED
#vm_params = self.__urn_to_vm_params(slice_urn)
#self.__store_user_keys(users, vm_params)
return reservation
def __init__(self,
create=False,
subject=None,
string=None,
filename=None,
uuid=None,
hrn=None,
urn=None,
lifeDays=1825,
email=None):
self.uuid = None
self.hrn = None
self.urn = None
self.email = None # for adding to the SubjectAltName
Certificate.__init__(self, lifeDays, create, subject, string, filename)
if subject:
pass
if uuid:
self.uuid = int(uuid)
if hrn:
self.hrn = hrn
self.urn = hrn_to_urn(hrn, 'unknown')
if urn:
self.urn = urn
self.hrn, type = urn_to_hrn(urn)
if email:
self.set_email(email)
def get_auth_ticket(self, xrn):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
ticket = SfaTicket(subject=hrn)
ticket.set_gid_caller(gid)
ticket.set_gid_object(gid)
ticket.set_delegate(True)
ticket.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
ticket.set_issuer(auth_info.get_pkey_object(), hrn)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
ticket.set_issuer(parent_auth_info.get_pkey_object(),
parent_auth_info.hrn)
ticket.set_parent(self.get_auth_cred(parent_hrn))
ticket.encode()
ticket.sign()
return ticket
def __vm_to_ssh_keys_params_list(self, vm, users=[]):
params_list = list()
params = {"project_uuid": vm.projectId,
"slice_uuid": vm.sliceId,
"vm_uuid": vm.uuid,
}
if not users:
params_list.append(params)
for user in users:
# Reuse "params" structure by operating on a new structure
params_user = copy.deepcopy(params)
# Retrieve user string from URN
user_id_key = "urn"
if user_id_key not in user:
# Get the other key that's not the user's keys
# Depending on client: "urn", "name", ...
user_id_key = set(user.keys()) - set(["keys"])
user_id_key = user_id_key.pop()
try:
user_name = urn_to_hrn(user[user_id_key])[0].split(".")[-1]
except:
user_name = user[user_id_key]
params_user.update({"user_name": user_name,})
for key in user["keys"]:
params_user_keys = copy.deepcopy(params_user)
params_user_keys.update({"ssh_key": key,})
params_list.append(params_user_keys)
return params_list
def get_auth_cred(self, xrn, kind="authority"):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
cred = Credential(subject=hrn)
cred.set_gid_caller(gid)
cred.set_gid_object(gid)
cred.set_privileges(kind)
cred.get_privileges().delegate_all_privileges(True)
#cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer_keys(auth_info.get_privkey_filename(),
auth_info.get_gid_filename())
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
cred.set_issuer_keys(parent_auth_info.get_privkey_filename(),
parent_auth_info.get_gid_filename())
cred.set_parent(self.get_auth_cred(parent_hrn, kind))
cred.encode()
cred.sign()
return cred
def get_auth_ticket(self, xrn):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
ticket = SfaTicket(subject=hrn)
ticket.set_gid_caller(gid)
ticket.set_gid_object(gid)
ticket.set_delegate(True)
ticket.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
ticket.set_issuer(auth_info.get_pkey_object(), hrn)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
ticket.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
ticket.set_parent(self.get_auth_cred(parent_hrn))
ticket.encode()
ticket.sign()
return ticket
def auth_exists(self, xrn):
hrn, type = urn_to_hrn(xrn)
(directory, gid_filename, privkey_filename) = \
self.get_auth_filenames(hrn)
print directory, gid_filename, privkey_filename
return os.path.exists(gid_filename) and os.path.exists(privkey_filename)
def get_auth_cred(self, xrn, kind="authority"):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
cred = Credential(subject=hrn)
cred.set_gid_caller(gid)
cred.set_gid_object(gid)
cred.set_privileges(kind)
cred.get_privileges().delegate_all_privileges(True)
#cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
cred.set_issuer_keys(parent_auth_info.get_privkey_filename(), parent_auth_info.get_gid_filename())
cred.set_parent(self.get_auth_cred(parent_hrn, kind))
cred.encode()
cred.sign()
return cred
def __vm_to_ssh_keys_params_list(self, vm, users=[]):
params_list = list()
params = {
"project_uuid": vm.projectId,
"slice_uuid": vm.sliceId,
"vm_uuid": vm.uuid,
}
if not users:
params_list.append(params)
for user in users:
# Reuse "params" structure by operating on a new structure
params_user = copy.deepcopy(params)
# Retrieve user string from URN
user_id_key = "urn"
if user_id_key not in user:
# Get the other key that's not the user's keys
# Depending on client: "urn", "name", ...
user_id_key = set(user.keys()) - set(["keys"])
user_id_key = user_id_key.pop()
try:
user_name = urn_to_hrn(user[user_id_key])[0].split(".")[-1]
except:
user_name = user[user_id_key]
params_user.update({
"user_name": user_name,
})
for key in user["keys"]:
params_user_keys = copy.deepcopy(params_user)
params_user_keys.update({
"ssh_key": key,
})
params_list.append(params_user_keys)
return params_list
def auth_exists(self, xrn):
hrn, type = urn_to_hrn(xrn)
(directory, gid_filename, privkey_filename) = \
self.get_auth_filenames(hrn)
print directory, gid_filename, privkey_filename
return os.path.exists(gid_filename) and os.path.exists(
privkey_filename)
def get_auth_filenames(self, xrn):
hrn, type = urn_to_hrn(xrn)
leaf = get_leaf(hrn)
parent_hrn = get_authority(hrn)
directory = os.path.join(self.basedir, hrn.replace(".", "/"))
gid_filename = os.path.join(directory, leaf+".gid")
privkey_filename = os.path.join(directory, leaf+".pkey")
return (directory, gid_filename, privkey_filename)
def get_auth_filenames(self, xrn):
hrn, type = urn_to_hrn(xrn)
leaf = get_leaf(hrn)
parent_hrn = get_authority(hrn)
directory = os.path.join(self.basedir, hrn.replace(".", "/"))
gid_filename = os.path.join(directory, leaf + ".gid")
privkey_filename = os.path.join(directory, leaf + ".pkey")
return (directory, gid_filename, privkey_filename)
def get_auth_info(self, xrn):
hrn, type = urn_to_hrn(xrn)
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
(directory, gid_filename, privkey_filename, ) = \
self.get_auth_filenames(hrn)
auth_info = AuthInfo(hrn, gid_filename, privkey_filename)
# check the GID and see if it needs to be refreshed
gid = auth_info.get_gid_object()
gid_refreshed = self.refresh_gid(gid)
if gid != gid_refreshed:
auth_info.update_gid_object(gid_refreshed)
return auth_info
def __urn_to_vm_params(self, urn):
#XXX For now, I prefer to have the same slice name as project name
hrn, hrn_type = urn_to_hrn(urn)
if hrn_type == "sliver":
value = hrn.split(".")[-1]
try:
# XXX Why the int() conversion in the "sliver_part"
return {"id": int(value)}
except:
# E.g. VMs from jFed
slice_name = hrn.split(".")[-2]
# Partial matching (RegEx...)
return {"name": value, "sliceName__iregex": slice_name}
elif hrn_type == "slice":
return {"projectName": hrn, "sliceName": hrn}
else:
return None
def get_auth_info(self, xrn):
hrn, type = urn_to_hrn(xrn)
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
(directory, gid_filename, privkey_filename, ) = \
self.get_auth_filenames(hrn)
auth_info = AuthInfo(hrn, gid_filename, privkey_filename)
# check the GID and see if it needs to be refreshed
gid = auth_info.get_gid_object()
gid_refreshed = self.refresh_gid(gid)
if gid != gid_refreshed:
auth_info.update_gid_object(gid_refreshed)
return auth_info
def __urn_to_vm_params(self, urn):
#XXX For now, I prefer to have the same slice name as project name
hrn, hrn_type = urn_to_hrn(urn)
if hrn_type == "sliver":
value = hrn.split(".")[-1]
try:
# XXX Why the int() conversion in the "sliver_part"
return {"id":int(value)}
except:
# E.g. VMs from jFed
slice_name = hrn.split(".")[-2]
# Partial matching (RegEx...)
return {"name":value, "sliceName__iregex":slice_name}
elif hrn_type == "slice":
return {"projectName":hrn, "sliceName":hrn}
else:
return None
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(str(xrn))
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
parent_urn = hrn_to_urn(parent_hrn, 'authority')
if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
self.create_auth(parent_urn, create_parents)
(directory, gid_filename, privkey_filename,) = \
self.get_auth_filenames(hrn)
# create the directory to hold the files
try:
os.makedirs(directory)
# if the path already exists then pass
except OSError, (errno, strerr):
if errno == 17:
pass
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(str(xrn))
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
parent_urn = hrn_to_urn(parent_hrn, 'authority')
if (parent_hrn) and (not self.auth_exists(parent_urn)) and (
create_parents):
self.create_auth(parent_urn, create_parents)
(directory, gid_filename, privkey_filename,) = \
self.get_auth_filenames(hrn)
# create the directory to hold the files
try:
os.makedirs(directory)
# if the path already exists then pass
except OSError, (errno, strerr):
if errno == 17:
pass
def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
hrn, type = urn_to_hrn(xrn)
if not type:
type = 'authority'
parent_hrn = get_authority(hrn)
# Using hrn_to_urn() here to make sure the urn is in the right format
# If xrn was a hrn instead of a urn, then the gid's urn will be
# of type None
urn = hrn_to_urn(hrn, type)
subject = self.get_subject(hrn)
if not subject:
subject = hrn
gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
# is this a CA cert
if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
# root or sub authority
gid.set_intermediate_ca(True)
elif type and 'authority' in type:
# authority type
gid.set_intermediate_ca(False)
elif CA:
gid.set_intermediate_ca(True)
else:
gid.set_intermediate_ca(False)
# set issuer
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, subject)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
parent_gid = parent_auth_info.get_gid_object()
gid.set_issuer(parent_auth_info.get_pkey_object(),
parent_gid.get_extended_subject())
gid.set_parent(parent_auth_info.get_gid_object())
gid.set_pubkey(pkey)
gid.encode()
gid.sign()
return gid
def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
self.uuid = None
self.hrn = None
self.urn = None
self.email = None # for adding to the SubjectAltName
Certificate.__init__(self, lifeDays, create, subject, string, filename)
if subject:
print "Creating GID for subject: %s" % subject
if uuid:
self.uuid = int(uuid)
if hrn:
self.hrn = hrn
self.urn = hrn_to_urn(hrn, 'unknown')
if urn:
self.urn = urn
self.hrn, type = urn_to_hrn(urn)
if email:
self.set_email(email)
def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
hrn, type = urn_to_hrn(xrn)
if not type:
type = 'authority'
parent_hrn = get_authority(hrn)
# Using hrn_to_urn() here to make sure the urn is in the right format
# If xrn was a hrn instead of a urn, then the gid's urn will be
# of type None
urn = hrn_to_urn(hrn, type)
subject = self.get_subject(hrn)
if not subject:
subject = hrn
gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
# is this a CA cert
if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
# root or sub authority
gid.set_intermediate_ca(True)
elif type and 'authority' in type:
# authority type
gid.set_intermediate_ca(False)
elif CA:
gid.set_intermediate_ca(True)
else:
gid.set_intermediate_ca(False)
# set issuer
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, subject)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
parent_gid = parent_auth_info.get_gid_object()
gid.set_issuer(parent_auth_info.get_pkey_object(), parent_gid.get_extended_subject())
gid.set_parent(parent_auth_info.get_gid_object())
gid.set_pubkey(pkey)
gid.encode()
gid.sign()
return gid
def decode(self):
data = self.get_data('subjectAltName')
dict = {}
if data:
if data.lower().startswith('uri:http://<params>'):
dict = xmlrpclib.loads(data[11:])[0][0]
else:
spl = data.split(', ')
for val in spl:
if val.lower().startswith('uri:urn:uuid:'):
dict['uuid'] = uuid.UUID(val[4:]).int
elif val.lower().startswith('uri:urn:publicid:idn+'):
dict['urn'] = val[4:]
elif val.lower().startswith('email:'):
# FIXME: Ensure there isn't cruft in that address...
# EG look for email:copy,....
dict['email'] = val[6:]
self.uuid = dict.get("uuid", None)
self.urn = dict.get("urn", None)
self.hrn = dict.get("hrn", None)
self.email = dict.get("email", None)
if self.urn:
self.hrn = urn_to_hrn(self.urn)[0]
def __init__(self, xrn, gid_filename, privkey_filename):
hrn, type = urn_to_hrn(xrn)
self.hrn = hrn
self.set_gid_filename(gid_filename)
self.privkey_filename = privkey_filename
def reserve_vms(self,
slice_urn,
reservation,
expiration=None,
users=list()):
# URNs of foreign RMs are not served
current_cm_hrn = self.__config.CM_HRN
cm_id = getattr(reservation, "get_component_manager_id")
if callable(cm_id):
cm_id = urn_to_hrn(cm_id())[0]
if current_cm_hrn != cm_id:
# No reservation is provided for URNs of other CMs
return None
# VMs are dynamic resource -> no collision will happen
slice_hrn, hrn_type = urn_to_hrn(slice_urn)
if not reservation.get_component_id() == None:
server_hrn, hrn_type = urn_to_hrn(reservation.get_component_id())
server_name = server_hrn.split(".")[-1]
else:
server_name = self.__get_best_server()
server_hrn = self.__config.CM_HRN + "." + server_name
server = VTServer.objects.get(name=server_name).getChildObject()
server_id = server.id
if reservation.get_id():
if Reservation.objects.filter(sliceName=slice_hrn,
projectName=slice_hrn,
name=reservation.get_id()
) or VirtualMachine.objects.filter(
sliceName=slice_hrn,
projectName=slice_hrn,
name=reservation.get_id()):
raise Exception(
"There is another VM with client id %s on this slice already <GENI PROVISIONED> or <GENI ALLOCATED>"
% reservation.get_id())
reservation_name = reservation.get_id()
else:
reservation_name = str(random.randint(0, 1000 * 1000))
if expiration == None:
expiration = datetime.utcnow() + timedelta(hours=1)
reserved_vm = Reservation()
#reserved_vm.reservation_id = random.randint(0,1000)
reserved_vm.server_id = server_id
reserved_vm.set_slice_name(slice_hrn)
reserved_vm.set_project_name(slice_hrn)
reserved_vm.set_name(reservation_name)
reserved_vm.set_valid_until(str(expiration))
reserved_vm.uuid = str(uuid.uuid4())
reserved_vm.save()
if not reservation.get_sliver():
reservation.set_sliver(Sliver())
# Set information for sliver
reservation.get_sliver().set_urn(
hrn_to_urn(
server_hrn + "." + slice_hrn.split(".")[-1] + "." +
str(reservation_name), "sliver"))
reservation.get_sliver().set_allocation_status(self.GENI_ALLOCATED)
reservation.get_sliver().set_expiration(expiration)
reservation.get_sliver().set_operational_status(self.GENI_NOT_READY)
reservation.get_sliver().set_client_id(reservation_name)
reservation.set_allocation_status = self.GENI_ALLOCATED
#vm_params = self.__urn_to_vm_params(slice_urn)
#self.__store_user_keys(users, vm_params)
return reservation
def get_type(self):
if not self.urn:
self.decode()
_, t = urn_to_hrn(self.urn)
return t
def __generate_sliver_urn_from_slice_urn(self, slice_urn):
hrn, urn_type = urn_to_hrn(slice_urn)
leaf = hrn.split(".")[-1]
return hrn_to_urn(self.__config.CM_HRN + "." + str(leaf), "sliver")
def __init__(self, xrn, gid_filename, privkey_filename):
hrn, type = urn_to_hrn(xrn)
self.hrn = hrn
self.set_gid_filename(gid_filename)
self.privkey_filename = privkey_filename
def __urn_to_fs_params(self, urn):
hrn, urn_type = urn_to_hrn(urn)
if urn_type == "sliver":
return {"slice_urn":urn}
elif urn_type == "slice":
return {"project_name":urn}
def set_urn(self, urn):
self.urn = urn
self.hrn, type = urn_to_hrn(urn)
def __urn_to_fs_params(self, urn):
hrn, urn_type = urn_to_hrn(urn)
if urn_type == "sliver":
return {"slice_urn":urn}
elif urn_type == "slice":
return {"project_name":urn}
def decode(self):
if not self.xml:
return
doc = parseString(self.xml)
sigs = []
signed_cred = doc.getElementsByTagName("signed-credential")
# Is this a signed-cred or just a cred?
if len(signed_cred) > 0:
creds = signed_cred[0].getElementsByTagName("credential")
signatures = signed_cred[0].getElementsByTagName("signatures")
if len(signatures) > 0:
sigs = signatures[0].getElementsByTagName("Signature")
else:
creds = doc.getElementsByTagName("credential")
if creds is None or len(creds) == 0:
# malformed cred file
raise CredentialNotVerifiable("Malformed XML: No credential tag found")
# Just take the first cred if there are more than one
cred = creds[0]
self.set_refid(cred.getAttribute("xml:id"))
self.set_expiration(utcparse(getTextNode(cred, "expires")))
# import traceback
# stack = traceback.extract_stack()
og = getTextNode(cred, "owner_gid")
# ABAC creds will have this be None and use this method
# if og is None:
# found = False
# for frame in stack:
# if 'super(ABACCredential, self).decode()' in frame:
# found = True
# break
# if not found:
# raise CredentialNotVerifiable("Malformed XML: No owner_gid found")
self.gidCaller = GID(string=og)
tg = getTextNode(cred, "target_gid")
# if tg is None:
# found = False
# for frame in stack:
# if 'super(ABACCredential, self).decode()' in frame:
# found = True
# break
# if not found:
# raise CredentialNotVerifiable("Malformed XML: No target_gid found")
self.gidObject = GID(string=tg)
# Process privileges
rlist = Rights()
priv_nodes = cred.getElementsByTagName("privileges")
if len(priv_nodes) > 0:
privs = priv_nodes[0]
for priv in privs.getElementsByTagName("privilege"):
kind = getTextNode(priv, "name")
deleg = str2bool(getTextNode(priv, "can_delegate"))
if kind == '*':
# Convert * into the default privileges for the credential's type
# Each inherits the delegatability from the * above
_ , type = urn_to_hrn(self.gidObject.get_urn())
rl = determine_rights(type, self.gidObject.get_urn())
for r in rl.rights:
r.delegate = deleg
rlist.add(r)
else:
rlist.add(Right(kind.strip(), deleg))
self.set_privileges(rlist)
# Is there a parent?
parent = cred.getElementsByTagName("parent")
if len(parent) > 0:
parent_doc = parent[0].getElementsByTagName("credential")[0]
parent_xml = parent_doc.toxml("utf-8")
if parent_xml is None or parent_xml.strip() == "":
raise CredentialNotVerifiable("Malformed XML: Had parent tag but it is empty")
self.parent = Credential(string=parent_xml)
self.updateRefID()
# Assign the signatures to the credentials
for sig in sigs:
Sig = Signature(string=sig.toxml("utf-8"))
for cur_cred in self.get_credential_list():
if cur_cred.get_refid() == Sig.get_refid():
cur_cred.set_signature(Sig)
def __generate_sliver_urn_from_slice_urn(self, slice_urn):
hrn, urn_type = urn_to_hrn(slice_urn)
leaf = hrn.split(".")[-1]
return hrn_to_urn(self.__config.CM_HRN + "." + str(leaf), "sliver")
