Esempi in Python per SfaAPI

Esempio n. 1

File: sfa-server.py Progetto: planetlab/sfa

def install_peer_certs(server_key_file, server_cert_file):
    """
    Attempt to install missing trusted gids and db records for 
    our federated interfaces
    """
    # Attempt to get any missing peer gids
    # There should be a gid file in /etc/sfa/trusted_roots for every
    # peer registry found in in the registries.xml config file. If there
    # are any missing gids, request a new one from the peer registry.
    api = SfaAPI(key_file=server_key_file, cert_file=server_cert_file)
    registries = Registries()
    aggregates = Aggregates()
    interfaces = dict(registries.items() + aggregates.items())
    gids_current = api.auth.trusted_cert_list
    hrns_current = [gid.get_hrn() for gid in gids_current]
    hrns_expected = set([hrn for hrn in interfaces])
    new_hrns = set(hrns_expected).difference(hrns_current)
    # gids = self.get_peer_gids(new_hrns) + gids_current
    peer_gids = []
    if not new_hrns:
        return

    trusted_certs_dir = api.config.get_trustedroots_dir()
    for new_hrn in new_hrns:
        if not new_hrn:
            continue
        # the gid for this interface should already be installed
        if new_hrn == api.config.SFA_INTERFACE_HRN:
            continue
        try:
            # get gid from the registry
            url = interfaces[new_hrn].get_url()
            interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
            # skip non sfa aggregates
            server_version = api.get_cached_server_version(interface)
            if "sfa" not in server_version:
                logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
                continue

            trusted_gids = interface.get_trusted_certs()
            if trusted_gids:
                # the gid we want should be the first one in the list,
                # but lets make sure
                for trusted_gid in trusted_gids:
                    # default message
                    message = "interface: %s\t" % (api.interface)
                    message += "unable to install trusted gid for %s" % (new_hrn)
                    gid = GID(string=trusted_gids[0])
                    peer_gids.append(gid)
                    if gid.get_hrn() == new_hrn:
                        gid_filename = os.path.join(trusted_certs_dir, "%s.gid" % new_hrn)
                        gid.save_to_file(gid_filename, save_parents=True)
                        message = "installed trusted cert for %s" % new_hrn
                    # log the message
                    api.logger.info(message)
        except:
            message = "interface: %s\tunable to install trusted gid for %s" % (api.interface, new_hrn)
            api.logger.log_exc(message)
    # doesnt matter witch one
    update_cert_records(peer_gids)

Esempio n. 2

File: sfa-clean-peer-records.py Progetto: planetlab/sfa

def main():
    config = Config()
    if not config.SFA_REGISTRY_ENABLED:
        sys.exit(0)

    # Get the path to the sfa server key/cert files from 
    # the sfa hierarchy object
    sfa_hierarchy = Hierarchy()
    sfa_key_path = sfa_hierarchy.basedir
    key_file = os.path.join(sfa_key_path, "server.key")
    cert_file = os.path.join(sfa_key_path, "server.cert")
    key = Keypair(filename=key_file) 

    # get a connection to our local sfa registry
    # and a valid credential
    authority = config.SFA_INTERFACE_HRN
    url = 'http://%s:%s/' %(config.SFA_REGISTRY_HOST, config.SFA_REGISTRY_PORT)
    registry = xmlrpcprotocol.get_server(url, key_file, cert_file)
    sfa_api = SfaAPI(key_file = key_file, cert_file = cert_file, interface='registry')
    credential = sfa_api.getCredential()

    # get peer registries
    registries = Registries(sfa_api)
    tree = prefixTree()
    tree.load(registries.keys())
    
    # get local peer records
    table = SfaTable()
    peer_records = table.find({'~peer_authority': None})
    found_records = []
    hrn_dict = {}
    for record in peer_records:
        registry_hrn = tree.best_match(record['hrn'])
        if registry_hrn not in hrn_dict:
            hrn_dict[registry_hrn] = []
        hrn_dict[registry_hrn].append(record['hrn'])

    # attempt to resolve the record at the authoritative interface 
    for registry_hrn in hrn_dict:
        if registry_hrn in registries:
            records = []
            target_hrns = hrn_dict[registry_hrn]    
            try:
                records = registries[registry_hrn].Resolve(target_hrns, credential)
                found_records.extend([record['hrn'] for record in records])
            except ServerException:
                # an exception will be thrown if the record doenst exist
                # if so remove the record from the local registry
                continue
            except:
                # this deosnt necessarily mean the records dont exist
                # lets give them the benefit of the doubt here (for now)
                found_records.extend(target_hrns)
                traceback.print_exc()

    # remove what wasnt found 
    for peer_record in peer_records:
        if peer_record['hrn'] not in found_records:
            registries[sfa_api.hrn].Remove(peer_record['hrn'], credential, peer_record['type'])

Esempio n. 3

File: server.py Progetto: planetlab/sfa

class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
    """Secure XML-RPC request handler class.

    It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
    """
    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)

    def do_POST(self):
        """Handles the HTTPS POST request.

        It was copied out from SimpleXMLRPCServer.py and modified to shutdown 
        the socket cleanly.
        """
        try:
            peer_cert = Certificate()
            peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
            self.api = SfaAPI(peer_cert = peer_cert, 
                              interface = self.server.interface, 
                              key_file = self.server.key_file, 
                              cert_file = self.server.cert_file,
                              cache = self.cache)
            # get arguments
            request = self.rfile.read(int(self.headers["content-length"]))
            remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
            self.api.remote_addr = remote_addr            
            response = self.api.handle(remote_addr, request, self.server.method_map)
        except Exception, fault:
            # This should only happen if the module is buggy
            # internal error, report as HTTP server error
            logger.log_exc("server.do_POST")
            response = self.api.prepare_response(fault)
            #self.send_response(500)
            #self.end_headers()
       
        # got a valid response
        self.send_response(200)
        self.send_header("Content-type", "text/xml")
        self.send_header("Content-length", str(len(response)))
        self.end_headers()
        self.wfile.write(response)

        # shut down the connection
        self.wfile.flush()
        self.connection.shutdown() # Modified here!

Esempio n. 4

File: server.py Progetto: planetlab/sfa

    def do_POST(self):
        """Handles the HTTPS POST request.

        It was copied out from SimpleXMLRPCServer.py and modified to shutdown 
        the socket cleanly.
        """
        try:
            peer_cert = Certificate()
            peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
            self.api = SfaAPI(peer_cert = peer_cert, 
                              interface = self.server.interface, 
                              key_file = self.server.key_file, 
                              cert_file = self.server.cert_file,
                              cache = self.cache)
            # get arguments
            request = self.rfile.read(int(self.headers["content-length"]))
            remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
            self.api.remote_addr = remote_addr            
            response = self.api.handle(remote_addr, request, self.server.method_map)
        except Exception, fault:
            # This should only happen if the module is buggy
            # internal error, report as HTTP server error
            logger.log_exc("server.do_POST")
            response = self.api.prepare_response(fault)