def create_x509_cert(urn,
cert_fname=None,
key_fname=None,
is_self_signed=False):
"""Create a GCF certificate and store it in a file.
@param urn: The urn to use in the cert.
@type urn: C{str}
@keyword cert_fname: The filename to store the cert in.
If None (default), then don't store.
@type cert_fname: C{str}
@keyword key_fname: The filename to store the certificate key in.
If None (default), then don't store.
@type key_fname: C{str}
@keyword is_self_signed: should the certificate be self-signed? Otherwise
it will be signed by Expedient's CH certificate. Default False.
@type is_self_signed: C{bool}
@return: tuple (cert, keys)
@rtype: (C{sfa.trust.gid.GID}, C{sfa.trust.certificate.Keypair})
"""
if is_self_signed:
cert, keys = create_cert(urn, )
else:
cert, keys = create_cert(urn,
issuer_key=settings.GCF_X509_CH_KEY,
issuer_cert=settings.GCF_X509_CH_CERT)
cert.decode()
if cert_fname: cert.save_to_file(cert_fname)
if key_fname: keys.save_to_file(key_fname)
return cert, keys
def create_x509_cert(urn, cert_fname=None, key_fname=None, is_self_signed=False):
"""Create a GCF certificate and store it in a file.
@param urn: The urn to use in the cert.
@type urn: C{str}
@keyword cert_fname: The filename to store the cert in.
If None (default), then don't store.
@type cert_fname: C{str}
@keyword key_fname: The filename to store the certificate key in.
If None (default), then don't store.
@type key_fname: C{str}
@keyword is_self_signed: should the certificate be self-signed? Otherwise
it will be signed by Expedient's CH certificate. Default False.
@type is_self_signed: C{bool}
@return: tuple (cert, keys)
@rtype: (C{sfa.trust.gid.GID}, C{sfa.trust.certificate.Keypair})
"""
if is_self_signed:
cert, keys = create_cert(
urn,
)
else:
cert, keys = create_cert(
urn,
issuer_key=settings.GCF_X509_CH_KEY,
issuer_cert=settings.GCF_X509_CH_CERT
)
cert.decode()
if cert_fname: cert.save_to_file(cert_fname)
if key_fname: keys.save_to_file(key_fname)
return cert, keys
def CreateSlice(self, urn_req = None):
self.logger.info("Called CreateSlice URN REQ %r" % urn_req)
slice_gid = None
if urn_req and self.slices.has_key(urn_req):
# If the Slice has expired, treat this as
# a request to renew
slice_cred = self.slices[urn_req]
slice_exp = self._naiveUTC(slice_cred.expiration)
if slice_exp <= datetime.datetime.utcnow():
# Need to renew this slice
self.logger.info("CreateSlice on %r found existing cred that expired at %r - will renew", urn_req, slice_exp)
slice_gid = slice_cred.get_gid_object()
else:
self.logger.debug("Slice cred is still valid at %r until %r - return it", datetime.datetime.utcnow(), slice_exp)
return slice_cred.save_to_string()
# Create a random uuid for the slice
slice_uuid = uuid.uuid4()
# First ensure we have a slice_urn
if urn_req:
# Validate urn_req has the right form
# to be issued by this CH
if not urn_util.is_valid_urn(urn_req):
# FIXME: make sure it isnt empty, etc...
urn = urn_util.publicid_to_urn(urn_req)
else:
urn = urn_req
# Validate the urn meets name restrictions
if not urn_util.is_valid_urn_bytype(urn, 'slice', self.logger):
raise Exception("Cannot create slice with urn %s: URN is invalid" % urn)
else:
# Generate a unique URN for the slice
# based on this CH location and a UUID
# Where was the slice created?
(ipaddr, port) = self._server.socket._sock.getsockname()
# FIXME: Get public_id start from a properties file
# Create a unique name for the slice based on uuid
slice_name = slice_uuid.__str__()[4:12]
public_id = 'IDN %s slice %s//%s:%d' % (SLICE_AUTHORITY, slice_name,
ipaddr,
port)
# this func adds the urn:publicid:
# and converts spaces to +'s, and // to :
urn = urn_util.publicid_to_urn(public_id)
# Now create a GID for the slice (signed credential)
if slice_gid is None:
# FIXME: For APIv3 compliance, we need
# - slice email address
# - unique cert serial number
try:
slice_gid = cert_util.create_cert(urn, self.keyfile, self.certfile, uuidarg = slice_uuid)[0]
except Exception, exc:
self.logger.error("Cant create slice gid for slice urn %s: %s", urn, traceback.format_exc())
raise Exception("Failed to create slice %s. Cant create slice gid" % urn, exc)
def CreateSlice(self, urn_req=None):
self.logger.info("Called CreateSlice URN REQ %r" % urn_req)
slice_gid = None
if urn_req and self.slices.has_key(urn_req):
# If the Slice has expired, treat this as
# a request to renew
slice_cred = self.slices[urn_req]
if slice_cred.expiration <= datetime.datetime.utcnow():
# Need to renew this slice
self.logger.info(
"CreateSlice on %r found existing cred that expired at %r - will renew",
urn_req, slice_cred.expiration)
slice_gid = slice_cred.get_gid_object()
else:
self.logger.debug(
"Slice cred is still valid at %r until %r - return it",
datetime.datetime.utcnow(), slice_cred.expiration)
return slice_cred.save_to_string()
# First ensure we have a slice_urn
if urn_req:
# FIXME: Validate urn_req has the right form
# to be issued by this CH
if not urn_util.is_valid_urn(urn_req):
# FIXME: make sure it isnt empty, etc...
urn = urn_util.publicid_to_urn(urn_req)
else:
urn = urn_req
else:
# Generate a unique URN for the slice
# based on this CH location and a UUID
# Where was the slice created?
(ipaddr, port) = self._server.socket._sock.getsockname()
# FIXME: Get public_id start from a properties file
# Create a unique name for the slice based on uuid
slice_name = uuid.uuid4().__str__()[4:12]
public_id = 'IDN %s slice %s//%s:%d' % (SLICE_AUTHORITY,
slice_name, ipaddr, port)
# this func adds the urn:publicid:
# and converts spaces to +'s, and // to :
urn = urn_util.publicid_to_urn(public_id)
# Now create a GID for the slice (signed credential)
if slice_gid is None:
try:
slice_gid = cert_util.create_cert(urn, self.keyfile,
self.certfile)[0]
except Exception, exc:
self.logger.error("Cant create slice gid for slice urn %s: %s",
urn, traceback.format_exc())
raise Exception(
"Failed to create slice %s. Cant create slice gid" % urn,
exc)