Example #1
0
def user_cert_generate(request, user_id):
    """Create a new user certificate after confirmation.
    
    @param request: the request object
    @param user_id: the id of the user whose certificate we are generating.
    """
    
    user = get_object_or_404(User, pk=user_id)
    
    must_have_permission(request.user, user, "can_change_user_cert")
    
    cert_fname = get_user_cert_fname(user)
    key_fname = get_user_key_fname(user)
    urn = get_user_urn(user.username)

    if request.method == "POST":
        create_x509_cert(urn, cert_fname, key_fname)
        DatedMessage.objects.post_message_to_user(
            "GCF Certificate for user %s successfully created." % user.username,
            user=request.user, msg_type=DatedMessage.TYPE_SUCCESS)
        return HttpResponseRedirect(reverse(user_cert_manage, args=[user.id]))
    
    return simple.direct_to_template(
        request,
        template="user_cert_generate.html",
        extra_context={
            "curr_user": user,
        },
    )
Example #2
0
def user_cert_generate(request, user_id):
    """Create a new user certificate after confirmation.
    
    @param request: the request object
    @param user_id: the id of the user whose certificate we are generating.
    """

    user = get_object_or_404(User, pk=user_id)

    must_have_permission(request.user, user, "can_change_user_cert")

    cert_fname = get_user_cert_fname(user)
    key_fname = get_user_key_fname(user)
    urn = get_user_urn(user.username)

    if request.method == "POST":
        create_x509_cert(urn, cert_fname, key_fname)
        DatedMessage.objects.post_message_to_user(
            "GCF Certificate for user %s successfully created." %
            user.username,
            user=request.user,
            msg_type=DatedMessage.TYPE_SUCCESS)
        return HttpResponseRedirect(reverse(user_cert_manage, args=[user.id]))

    return simple.direct_to_template(
        request,
        template=TEMPLATE_PATH + "/user_cert_generate.html",
        extra_context={
            "curr_user": user,
        },
    )
Example #3
0
def create_expedient_certs():
    """
    Create the expedient certificate and keys for use in GENI API.
    """
    urn = get_ch_urn()
    create_x509_cert(
        urn, settings.GCF_X509_CH_CERT, settings.GCF_X509_CH_KEY, True)
Example #4
0
def create_null_slice_cred():
    """Create a slice cred that can be used to list resources."""
    slice_urn = create_slice_urn()
    slice_gid, _ = create_x509_cert(slice_urn) 
    user_gid = GID(filename=settings.GCF_X509_CH_CERT)
    ucred = create_slice_credential(user_gid, slice_gid)
    ucred.save_to_file(settings.GCF_NULL_SLICE_CRED)
Example #5
0
 def get_am_cred(cls):
     """
     Get the slice authority credentials to use for AM calls.
     
     @return: GENI credential string.
     """
     slice_urn = create_slice_urn()
     slice_gid, _ = create_x509_cert(slice_urn) 
     user_gid = GID(filename=settings.GCF_X509_CH_CERT)
     ucred = create_slice_credential(user_gid, slice_gid)
     return ucred.save_to_string()
Example #6
0
 def get_am_cred(cls):
     """
     Get the slice authority credentials to use for AM calls.
     
     @return: GENI credential string.
     """
     slice_urn = create_slice_urn()
     slice_gid, _ = create_x509_cert(slice_urn)
     user_gid = GID(filename=settings.GCF_X509_CH_CERT)
     ucred = create_slice_credential(user_gid, slice_gid)
     return ucred.save_to_string()
Example #7
0
def CreateSlice(user_cert, urn_req=None):
    
    # Is this user allowed to create a slice?
    # first get the user with this cert
    username = get_username_from_cert(user_cert)
    try:
        User.objects.get(username=username)
    except User.DoesNotExist:
        raise Exception("Unknown user %s." % username)
    
    if urn_req:
        # check the requested URN
        urn = URN(urn=urn_req)
        
        # make sure that we would generate the same urn if using the
        # same name (i.e. authority is the same...)
        urn_gen = get_slice_urn(urn.getName())
        
        if urn_gen != urn_req:
            raise BadURNException(
                "The requested URN is not one that would be generated"
                " by this clearinghouse. Requested was %s, but generated"
                " is %s" % (urn_req, urn_gen)
            )
            
    else:
        # Generate a unique URN for the slice
        urn_req = create_slice_urn()
        
    try:
        slice_gid = create_x509_cert(urn_req)[0]
    except Exception as exc:
        logger.error("Could not create slice. Error\n %s"
                     % traceback.format_exc())
        raise Exception("Failed to create slice %s." % urn_req)

    # Now get the user GID which will have permissions on this slice.
    # It doesnt have the chain but should be signed
    # by this CHs cert, which should also be a trusted
    # root at any federated AM. So everyone can verify it as is.
    # Note that if a user from a different CH (installed
    # as trusted by this CH for some reason) called this method,
    # that user would be used here - and can still get a valid slice
    try:
        user_gid = gid.GID(string=user_cert)
    except Exception, exc:
        logger.error("CreateSlice failed to create user_gid from SSL client cert: %s", traceback.format_exc())
        raise Exception("Failed to create slice %s. Cant get user GID from SSL client certificate." % urn_req, exc)
Example #8
0
 def __init__(self, *args, **kwargs):
     urn = kwargs.setdefault("slice_urn", create_slice_urn())
     kwargs.setdefault(
         "slice_gid", create_x509_cert(urn)[0].save_to_string())
     super(GENISliceInfo, self).__init__(*args, **kwargs)
Example #9
0
    def setUp(self):
        """
        Update settings, create DummyOMs and test models and login.
        """
        # add the test application
        self.settings_manager.set(
            OPENFLOW_OTHER_RESOURCES=(("expedient.clearinghouse.resources",
                                       "Resource"), ),
            DEBUG_PROPAGATE_EXCEPTIONS=True,
        )
        self.su = User.objects.create_superuser("superuser", "*****@*****.**",
                                                "password")
        self.test_user_password = "******"
        self.test_user = User.objects.create_user("test_user", "*****@*****.**",
                                                  self.test_user_password)
        give_permission_to("can_add_aggregate", Aggregate, self.test_user)
        give_permission_to("can_create_project", Project, self.test_user)

        for i in range(NUM_DUMMY_OMS):
            om = DummyOM.objects.create()
            om.populate_links(NUM_SWITCHES_PER_AGG, NUM_LINKS_PER_AGG / 2)
            username = "******" % i
            password = "******"
            u = User.objects.create_user(username, "*****@*****.**", password)

            # Add the aggregate to the CH
            url = SCHEME + "://%s/dummyom/%s/xmlrpc/" % (HOST, om.id)

            proxy = PasswordXMLRPCServerProxy.objects.create(
                username=username,
                password=password,
                url=url,
                verify_certs=False,
            )

            # test availability
            if not proxy.is_available():
                raise Exception("Problem: Proxy not available")

            proxy.delete()

        # create user cert/keys
        self.user_urn = get_user_urn(self.test_user.username)
        self.user_cert, self.user_key = create_x509_cert(self.user_urn)

        # get slice creds
        self.slice_cred = clearinghouse.CreateSlice(
            self.user_cert.save_to_string())
        self.slice_gid = credential.Credential(
            string=self.slice_cred).get_gid_object()

        # xmlrpc client
        self.rpc = xmlrpclib.ServerProxy(
            "http://testserver" + reverse("openflow_gapi"),
            transport=TestClientTransport(defaults={
                "REMOTE_USER":
                self.user_cert.save_to_string(),
                "SSL_CLIENT_CERT":
                self.user_cert.save_to_string(),
            }, ),
        )
Example #10
0
 def __init__(self, *args, **kwargs):
     urn = kwargs.setdefault("slice_urn", create_slice_urn())
     kwargs.setdefault("slice_gid",
                       create_x509_cert(urn)[0].save_to_string())
     super(GENISliceInfo, self).__init__(*args, **kwargs)
Example #11
0
    def setUp(self):
        """
        Update settings, create DummyOMs and test models and login.
        """
        # add the test application
        self.settings_manager.set(
            OPENFLOW_OTHER_RESOURCES=(
                ("expedient.clearinghouse.resources", "Resource"),
            ),
            DEBUG_PROPAGATE_EXCEPTIONS=True,
        )
        self.su = User.objects.create_superuser(
            "superuser", "*****@*****.**", "password")
        self.test_user_password = "******"
        self.test_user = User.objects.create_user(
            "test_user", "*****@*****.**", self.test_user_password)
        give_permission_to("can_add_aggregate", Aggregate, self.test_user)
        give_permission_to("can_create_project", Project, self.test_user)
        
        for i in range(NUM_DUMMY_OMS):
            om = DummyOM.objects.create()
            om.populate_links(NUM_SWITCHES_PER_AGG, 
                              NUM_LINKS_PER_AGG/2)
            username = "******" % i
            password = "******"
            u = User.objects.create_user(username, "*****@*****.**", password)
    
            # Add the aggregate to the CH
            url = SCHEME + "://%s/dummyom/%s/xmlrpc/" % (HOST, om.id)
            
            proxy = PasswordXMLRPCServerProxy.objects.create(
                username=username, password=password,
                url=url, verify_certs=False,
            )
    
            # test availability
            if not proxy.is_available():
                raise Exception("Problem: Proxy not available")

            proxy.delete()
            
        # create user cert/keys
        self.user_urn = get_user_urn(self.test_user.username)
        self.user_cert, self.user_key = create_x509_cert(self.user_urn)
        
        # get slice creds
        self.slice_cred = clearinghouse.CreateSlice(
            self.user_cert.save_to_string())
        self.slice_gid = credential.Credential(
            string=self.slice_cred).get_gid_object()
        
        # xmlrpc client
        self.rpc = xmlrpclib.ServerProxy(
            "http://testserver" + reverse("openflow_gapi"),
            transport=TestClientTransport(
                defaults={
                    "REMOTE_USER": self.user_cert.save_to_string(),
                    "SSL_CLIENT_CERT": self.user_cert.save_to_string(),
                },
            ),
        )