def encode(self):
if self.urn:
urn = self.urn
else:
urn = hrn_to_urn(self.hrn, None)
str = "URI:" + urn
if self.uuid:
str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn
if self.email:
str += ", " + "email:" + self.email
self.set_data(str, 'subjectAltName')
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(str(xrn))
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
parent_urn = hrn_to_urn(parent_hrn, 'authority')
if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
self.create_auth(parent_urn, create_parents)
(directory, gid_filename, privkey_filename,) = \
self.get_auth_filenames(hrn)
# create the directory to hold the files
try:
os.makedirs(directory)
# if the path already exists then pass
except OSError, (errno, strerr):
if errno == 17:
pass
def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
hrn, type = urn_to_hrn(xrn)
if not type:
type = 'authority'
parent_hrn = get_authority(hrn)
# Using hrn_to_urn() here to make sure the urn is in the right format
# If xrn was a hrn instead of a urn, then the gid's urn will be
# of type None
urn = hrn_to_urn(hrn, type)
subject = self.get_subject(hrn)
if not subject:
subject = hrn
gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
# is this a CA cert
if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
# root or sub authority
gid.set_intermediate_ca(True)
elif type and 'authority' in type:
# authority type
gid.set_intermediate_ca(False)
elif CA:
gid.set_intermediate_ca(True)
else:
gid.set_intermediate_ca(False)
# set issuer
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, subject)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
parent_gid = parent_auth_info.get_gid_object()
gid.set_issuer(parent_auth_info.get_pkey_object(),
parent_gid.get_extended_subject())
gid.set_parent(parent_auth_info.get_gid_object())
gid.set_pubkey(pkey)
gid.encode()
gid.sign()
return gid
def create_auth(self, xrn, create_parents=False):
hrn, type = urn_to_hrn(str(xrn))
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
parent_urn = hrn_to_urn(parent_hrn, 'authority')
if (parent_hrn) and (not self.auth_exists(parent_urn)) and (
create_parents):
self.create_auth(parent_urn, create_parents)
(directory, gid_filename, privkey_filename,) = \
self.get_auth_filenames(hrn)
# create the directory to hold the files
try:
os.makedirs(directory)
# if the path already exists then pass
except OSError, (errno, strerr):
if errno == 17:
pass
def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
self.uuid = None
self.hrn = None
self.urn = None
self.email = None # for adding to the SubjectAltName
Certificate.__init__(self, lifeDays, create, subject, string, filename)
if subject:
print "Creating GID for subject: %s" % subject
if uuid:
self.uuid = int(uuid)
if hrn:
self.hrn = hrn
self.urn = hrn_to_urn(hrn, 'unknown')
if urn:
self.urn = urn
self.hrn, type = urn_to_hrn(urn)
if email:
self.set_email(email)
def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
hrn, type = urn_to_hrn(xrn)
if not type:
type = 'authority'
parent_hrn = get_authority(hrn)
# Using hrn_to_urn() here to make sure the urn is in the right format
# If xrn was a hrn instead of a urn, then the gid's urn will be
# of type None
urn = hrn_to_urn(hrn, type)
subject = self.get_subject(hrn)
if not subject:
subject = hrn
gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
# is this a CA cert
if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
# root or sub authority
gid.set_intermediate_ca(True)
elif type and 'authority' in type:
# authority type
gid.set_intermediate_ca(False)
elif CA:
gid.set_intermediate_ca(True)
else:
gid.set_intermediate_ca(False)
# set issuer
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, subject)
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
parent_gid = parent_auth_info.get_gid_object()
gid.set_issuer(parent_auth_info.get_pkey_object(), parent_gid.get_extended_subject())
gid.set_parent(parent_auth_info.get_gid_object())
gid.set_pubkey(pkey)
gid.encode()
gid.sign()
return gid
def to_pg_rspec(rspec, content_type = None):
if not isinstance(rspec, RSpec):
sfa_rspec = RSpec(rspec)
else:
sfa_rspec = rspec
if not content_type or content_type not in \
['ad', 'request', 'manifest']:
content_type = sfa_rspec.version.content_type
version_manager = VersionManager()
pg_version = version_manager._get_version('protogeni', '2', 'request')
pg_rspec = RSpec(version=pg_version)
# get networks
networks = sfa_rspec.version.get_networks()
for network in networks:
# get nodes
sfa_node_elements = sfa_rspec.version.get_node_elements(network=network)
for sfa_node_element in sfa_node_elements:
# create node element
node_attrs = {}
node_attrs['exclusive'] = 'false'
if 'component_manager_id' in sfa_node_element.attrib:
node_attrs['component_manager_id'] = sfa_node_element.attrib['component_manager_id']
else:
node_attrs['component_manager_id'] = hrn_to_urn(network, 'authority+cm')
if 'component_id' in sfa_node_element.attrib:
node_attrs['compoenent_id'] = sfa_node_element.attrib['component_id']
if sfa_node_element.find('hostname') != None:
hostname = sfa_node_element.find('hostname').text
node_attrs['component_name'] = hostname
node_attrs['client_id'] = hostname
node_element = pg_rspec.xml.add_element('node', node_attrs)
if content_type == 'request':
sliver_element = sfa_node_element.find('sliver')
sliver_type_elements = sfa_node_element.xpath('./sliver_type', namespaces=sfa_rspec.namespaces)
available_sliver_types = [element.attrib['name'] for element in sliver_type_elements]
valid_sliver_types = ['emulab-openvz', 'raw-pc']
# determine sliver type
requested_sliver_type = 'emulab-openvz'
for available_sliver_type in available_sliver_types:
if available_sliver_type in valid_sliver_types:
requested_sliver_type = available_sliver_type
if sliver_element != None:
pg_rspec.xml.add_element('sliver_type', {'name': requested_sliver_type}, parent=node_element)
else:
# create node_type element
for hw_type in ['plab-pc', 'pc']:
hdware_type_element = pg_rspec.xml.add_element('hardware_type', {'name': hw_type}, parent=node_element)
# create available element
pg_rspec.xml.add_element('available', {'now': 'true'}, parent=node_element)
# create locaiton element
# We don't actually associate nodes with a country.
# Set country to "unknown" until we figure out how to make
# sure this value is always accurate.
location = sfa_node_element.find('location')
if location != None:
location_attrs = {}
location_attrs['country'] = location.get('country', 'unknown')
location_attrs['latitude'] = location.get('latitude', 'None')
location_attrs['longitude'] = location.get('longitude', 'None')
pg_rspec.xml.add_element('location', location_attrs, parent=node_element)
return pg_rspec.toxml()
