Esempio n. 1
0
    def encode(self):
        if self.urn:
            urn = self.urn
        else:
            urn = hrn_to_urn(self.hrn, None)
            
        str = "URI:" + urn

        if self.uuid:
            str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn
        
        if self.email:
            str += ", " + "email:" + self.email

        self.set_data(str, 'subjectAltName')
Esempio n. 2
0
    def create_auth(self, xrn, create_parents=False):
        hrn, type = urn_to_hrn(str(xrn))

        # create the parent authority if necessary
        parent_hrn = get_authority(hrn)
        parent_urn = hrn_to_urn(parent_hrn, 'authority')
        if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
            self.create_auth(parent_urn, create_parents)
        (directory, gid_filename, privkey_filename,) = \
            self.get_auth_filenames(hrn)

        # create the directory to hold the files
        try:
            os.makedirs(directory)
        # if the path already exists then pass
        except OSError, (errno, strerr):
            if errno == 17:
                pass
Esempio n. 3
0
    def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
        hrn, type = urn_to_hrn(xrn)
        if not type:
            type = 'authority'
        parent_hrn = get_authority(hrn)
        # Using hrn_to_urn() here to make sure the urn is in the right format
        # If xrn was a hrn instead of a urn, then the gid's urn will be
        # of type None
        urn = hrn_to_urn(hrn, type)
        subject = self.get_subject(hrn)
        if not subject:
            subject = hrn
        gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
        # is this a CA cert
        if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
            # root or sub authority
            gid.set_intermediate_ca(True)
        elif type and 'authority' in type:
            # authority type
            gid.set_intermediate_ca(False)
        elif CA:
            gid.set_intermediate_ca(True)
        else:
            gid.set_intermediate_ca(False)

        # set issuer
        if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
            # if there is no parent hrn, then it must be self-signed. this
            # is where we terminate the recursion
            gid.set_issuer(pkey, subject)
        else:
            # we need the parent's private key in order to sign this GID
            parent_auth_info = self.get_auth_info(parent_hrn)
            parent_gid = parent_auth_info.get_gid_object()
            gid.set_issuer(parent_auth_info.get_pkey_object(),
                           parent_gid.get_extended_subject())
            gid.set_parent(parent_auth_info.get_gid_object())

        gid.set_pubkey(pkey)
        gid.encode()
        gid.sign()

        return gid
Esempio n. 4
0
    def create_auth(self, xrn, create_parents=False):
        hrn, type = urn_to_hrn(str(xrn))

        # create the parent authority if necessary
        parent_hrn = get_authority(hrn)
        parent_urn = hrn_to_urn(parent_hrn, 'authority')
        if (parent_hrn) and (not self.auth_exists(parent_urn)) and (
                create_parents):
            self.create_auth(parent_urn, create_parents)
        (directory, gid_filename, privkey_filename,) = \
            self.get_auth_filenames(hrn)

        # create the directory to hold the files
        try:
            os.makedirs(directory)
        # if the path already exists then pass
        except OSError, (errno, strerr):
            if errno == 17:
                pass
Esempio n. 5
0
 def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
     self.uuid = None
     self.hrn = None
     self.urn = None
     self.email = None # for adding to the SubjectAltName
     Certificate.__init__(self, lifeDays, create, subject, string, filename)
     
     if subject:
         print "Creating GID for subject: %s" % subject
     if uuid:
         self.uuid = int(uuid)
     if hrn:
         self.hrn = hrn
         self.urn = hrn_to_urn(hrn, 'unknown')
     if urn:
         self.urn = urn
         self.hrn, type = urn_to_hrn(urn)
     if email:
         self.set_email(email) 
Esempio n. 6
0
    def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
        hrn, type = urn_to_hrn(xrn)
        if not type:
            type = 'authority'
        parent_hrn = get_authority(hrn)
        # Using hrn_to_urn() here to make sure the urn is in the right format
        # If xrn was a hrn instead of a urn, then the gid's urn will be
        # of type None 
        urn = hrn_to_urn(hrn, type)
        subject = self.get_subject(hrn)
        if not subject:
            subject = hrn
        gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email)
        # is this a CA cert
        if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
            # root or sub authority  
            gid.set_intermediate_ca(True)
        elif type and 'authority' in type:
            # authority type
            gid.set_intermediate_ca(False)
        elif CA:
            gid.set_intermediate_ca(True)
        else:
            gid.set_intermediate_ca(False)

        # set issuer
        if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
            # if there is no parent hrn, then it must be self-signed. this
            # is where we terminate the recursion
            gid.set_issuer(pkey, subject)
        else:
            # we need the parent's private key in order to sign this GID
            parent_auth_info = self.get_auth_info(parent_hrn)
            parent_gid = parent_auth_info.get_gid_object()
            gid.set_issuer(parent_auth_info.get_pkey_object(), parent_gid.get_extended_subject())
            gid.set_parent(parent_auth_info.get_gid_object())

        gid.set_pubkey(pkey)
        gid.encode()
        gid.sign()

        return gid
    def to_pg_rspec(rspec, content_type = None):
        if not isinstance(rspec, RSpec):
            sfa_rspec = RSpec(rspec)
        else:
            sfa_rspec = rspec
  
        if not content_type or content_type not in \
          ['ad', 'request', 'manifest']:
            content_type = sfa_rspec.version.content_type
     
 
        version_manager = VersionManager()
        pg_version = version_manager._get_version('protogeni', '2', 'request')
        pg_rspec = RSpec(version=pg_version)
 
        # get networks
        networks = sfa_rspec.version.get_networks()
        
        for network in networks:
            # get nodes
            sfa_node_elements = sfa_rspec.version.get_node_elements(network=network)
            for sfa_node_element in sfa_node_elements:
                # create node element
                node_attrs = {}
                node_attrs['exclusive'] = 'false'
                if 'component_manager_id' in sfa_node_element.attrib:
                    node_attrs['component_manager_id'] = sfa_node_element.attrib['component_manager_id']
                else:
                    node_attrs['component_manager_id'] = hrn_to_urn(network, 'authority+cm')

                if 'component_id' in sfa_node_element.attrib:
                    node_attrs['compoenent_id'] = sfa_node_element.attrib['component_id']

                if sfa_node_element.find('hostname') != None:
                    hostname = sfa_node_element.find('hostname').text
                    node_attrs['component_name'] = hostname
                    node_attrs['client_id'] = hostname
                node_element = pg_rspec.xml.add_element('node', node_attrs)    
            
                if content_type == 'request':
                    sliver_element = sfa_node_element.find('sliver')
                    sliver_type_elements = sfa_node_element.xpath('./sliver_type', namespaces=sfa_rspec.namespaces)
                    available_sliver_types = [element.attrib['name'] for element in sliver_type_elements]
                    valid_sliver_types = ['emulab-openvz', 'raw-pc']
                   
                    # determine sliver type 
                    requested_sliver_type = 'emulab-openvz'
                    for available_sliver_type in available_sliver_types:
                        if available_sliver_type in valid_sliver_types:
                            requested_sliver_type = available_sliver_type
                                
                    if sliver_element != None:
                        pg_rspec.xml.add_element('sliver_type', {'name': requested_sliver_type}, parent=node_element) 
                else:
                    # create node_type element
                    for hw_type in ['plab-pc', 'pc']:
                        hdware_type_element = pg_rspec.xml.add_element('hardware_type', {'name': hw_type}, parent=node_element)
                    # create available element
                    pg_rspec.xml.add_element('available', {'now': 'true'}, parent=node_element)
                    # create locaiton element
                    # We don't actually associate nodes with a country. 
                    # Set country to "unknown" until we figure out how to make
                    # sure this value is always accurate.
                    location = sfa_node_element.find('location')
                    if location != None:
                        location_attrs = {}      
                        location_attrs['country'] =  location.get('country', 'unknown')
                        location_attrs['latitude'] = location.get('latitude', 'None')
                        location_attrs['longitude'] = location.get('longitude', 'None')
                        pg_rspec.xml.add_element('location', location_attrs, parent=node_element)

        return pg_rspec.toxml()