def user_cert_generate(request, user_id): """Create a new user certificate after confirmation. @param request: the request object @param user_id: the id of the user whose certificate we are generating. """ user = get_object_or_404(User, pk=user_id) must_have_permission(request.user, user, "can_change_user_cert") cert_fname = get_user_cert_fname(user) key_fname = get_user_key_fname(user) urn = get_user_urn(user.username) if request.method == "POST": create_x509_cert(urn, cert_fname, key_fname) DatedMessage.objects.post_message_to_user( "GCF Certificate for user %s successfully created." % user.username, user=request.user, msg_type=DatedMessage.TYPE_SUCCESS) return HttpResponseRedirect(reverse(user_cert_manage, args=[user.id])) return simple.direct_to_template( request, template="user_cert_generate.html", extra_context={ "curr_user": user, }, )
def user_cert_generate(request, user_id): """Create a new user certificate after confirmation. @param request: the request object @param user_id: the id of the user whose certificate we are generating. """ user = get_object_or_404(User, pk=user_id) must_have_permission(request.user, user, "can_change_user_cert") cert_fname = get_user_cert_fname(user) key_fname = get_user_key_fname(user) urn = get_user_urn(user.username) if request.method == "POST": create_x509_cert(urn, cert_fname, key_fname) DatedMessage.objects.post_message_to_user( "GCF Certificate for user %s successfully created." % user.username, user=request.user, msg_type=DatedMessage.TYPE_SUCCESS) return HttpResponseRedirect(reverse(user_cert_manage, args=[user.id])) return simple.direct_to_template( request, template=TEMPLATE_PATH + "/user_cert_generate.html", extra_context={ "curr_user": user, }, )
def create_expedient_certs(): """ Create the expedient certificate and keys for use in GENI API. """ urn = get_ch_urn() create_x509_cert( urn, settings.GCF_X509_CH_CERT, settings.GCF_X509_CH_KEY, True)
def create_null_slice_cred(): """Create a slice cred that can be used to list resources.""" slice_urn = create_slice_urn() slice_gid, _ = create_x509_cert(slice_urn) user_gid = GID(filename=settings.GCF_X509_CH_CERT) ucred = create_slice_credential(user_gid, slice_gid) ucred.save_to_file(settings.GCF_NULL_SLICE_CRED)
def get_am_cred(cls): """ Get the slice authority credentials to use for AM calls. @return: GENI credential string. """ slice_urn = create_slice_urn() slice_gid, _ = create_x509_cert(slice_urn) user_gid = GID(filename=settings.GCF_X509_CH_CERT) ucred = create_slice_credential(user_gid, slice_gid) return ucred.save_to_string()
def CreateSlice(user_cert, urn_req=None): # Is this user allowed to create a slice? # first get the user with this cert username = get_username_from_cert(user_cert) try: User.objects.get(username=username) except User.DoesNotExist: raise Exception("Unknown user %s." % username) if urn_req: # check the requested URN urn = URN(urn=urn_req) # make sure that we would generate the same urn if using the # same name (i.e. authority is the same...) urn_gen = get_slice_urn(urn.getName()) if urn_gen != urn_req: raise BadURNException( "The requested URN is not one that would be generated" " by this clearinghouse. Requested was %s, but generated" " is %s" % (urn_req, urn_gen) ) else: # Generate a unique URN for the slice urn_req = create_slice_urn() try: slice_gid = create_x509_cert(urn_req)[0] except Exception as exc: logger.error("Could not create slice. Error\n %s" % traceback.format_exc()) raise Exception("Failed to create slice %s." % urn_req) # Now get the user GID which will have permissions on this slice. # It doesnt have the chain but should be signed # by this CHs cert, which should also be a trusted # root at any federated AM. So everyone can verify it as is. # Note that if a user from a different CH (installed # as trusted by this CH for some reason) called this method, # that user would be used here - and can still get a valid slice try: user_gid = gid.GID(string=user_cert) except Exception, exc: logger.error("CreateSlice failed to create user_gid from SSL client cert: %s", traceback.format_exc()) raise Exception("Failed to create slice %s. Cant get user GID from SSL client certificate." % urn_req, exc)
def __init__(self, *args, **kwargs): urn = kwargs.setdefault("slice_urn", create_slice_urn()) kwargs.setdefault( "slice_gid", create_x509_cert(urn)[0].save_to_string()) super(GENISliceInfo, self).__init__(*args, **kwargs)
def setUp(self): """ Update settings, create DummyOMs and test models and login. """ # add the test application self.settings_manager.set( OPENFLOW_OTHER_RESOURCES=(("expedient.clearinghouse.resources", "Resource"), ), DEBUG_PROPAGATE_EXCEPTIONS=True, ) self.su = User.objects.create_superuser("superuser", "*****@*****.**", "password") self.test_user_password = "******" self.test_user = User.objects.create_user("test_user", "*****@*****.**", self.test_user_password) give_permission_to("can_add_aggregate", Aggregate, self.test_user) give_permission_to("can_create_project", Project, self.test_user) for i in range(NUM_DUMMY_OMS): om = DummyOM.objects.create() om.populate_links(NUM_SWITCHES_PER_AGG, NUM_LINKS_PER_AGG / 2) username = "******" % i password = "******" u = User.objects.create_user(username, "*****@*****.**", password) # Add the aggregate to the CH url = SCHEME + "://%s/dummyom/%s/xmlrpc/" % (HOST, om.id) proxy = PasswordXMLRPCServerProxy.objects.create( username=username, password=password, url=url, verify_certs=False, ) # test availability if not proxy.is_available(): raise Exception("Problem: Proxy not available") proxy.delete() # create user cert/keys self.user_urn = get_user_urn(self.test_user.username) self.user_cert, self.user_key = create_x509_cert(self.user_urn) # get slice creds self.slice_cred = clearinghouse.CreateSlice( self.user_cert.save_to_string()) self.slice_gid = credential.Credential( string=self.slice_cred).get_gid_object() # xmlrpc client self.rpc = xmlrpclib.ServerProxy( "http://testserver" + reverse("openflow_gapi"), transport=TestClientTransport(defaults={ "REMOTE_USER": self.user_cert.save_to_string(), "SSL_CLIENT_CERT": self.user_cert.save_to_string(), }, ), )
def __init__(self, *args, **kwargs): urn = kwargs.setdefault("slice_urn", create_slice_urn()) kwargs.setdefault("slice_gid", create_x509_cert(urn)[0].save_to_string()) super(GENISliceInfo, self).__init__(*args, **kwargs)
def setUp(self): """ Update settings, create DummyOMs and test models and login. """ # add the test application self.settings_manager.set( OPENFLOW_OTHER_RESOURCES=( ("expedient.clearinghouse.resources", "Resource"), ), DEBUG_PROPAGATE_EXCEPTIONS=True, ) self.su = User.objects.create_superuser( "superuser", "*****@*****.**", "password") self.test_user_password = "******" self.test_user = User.objects.create_user( "test_user", "*****@*****.**", self.test_user_password) give_permission_to("can_add_aggregate", Aggregate, self.test_user) give_permission_to("can_create_project", Project, self.test_user) for i in range(NUM_DUMMY_OMS): om = DummyOM.objects.create() om.populate_links(NUM_SWITCHES_PER_AGG, NUM_LINKS_PER_AGG/2) username = "******" % i password = "******" u = User.objects.create_user(username, "*****@*****.**", password) # Add the aggregate to the CH url = SCHEME + "://%s/dummyom/%s/xmlrpc/" % (HOST, om.id) proxy = PasswordXMLRPCServerProxy.objects.create( username=username, password=password, url=url, verify_certs=False, ) # test availability if not proxy.is_available(): raise Exception("Problem: Proxy not available") proxy.delete() # create user cert/keys self.user_urn = get_user_urn(self.test_user.username) self.user_cert, self.user_key = create_x509_cert(self.user_urn) # get slice creds self.slice_cred = clearinghouse.CreateSlice( self.user_cert.save_to_string()) self.slice_gid = credential.Credential( string=self.slice_cred).get_gid_object() # xmlrpc client self.rpc = xmlrpclib.ServerProxy( "http://testserver" + reverse("openflow_gapi"), transport=TestClientTransport( defaults={ "REMOTE_USER": self.user_cert.save_to_string(), "SSL_CLIENT_CERT": self.user_cert.save_to_string(), }, ), )