Esempio n. 1
0
    def get_auth_ticket(self, xrn):
        hrn, type = urn_to_hrn(xrn)
        auth_info = self.get_auth_info(hrn)
        gid = auth_info.get_gid_object()

        ticket = SfaTicket(subject=hrn)
        ticket.set_gid_caller(gid)
        ticket.set_gid_object(gid)
        ticket.set_delegate(True)
        ticket.set_pubkey(auth_info.get_gid_object().get_pubkey())

        parent_hrn = get_authority(hrn)
        if not parent_hrn:
            # if there is no parent hrn, then it must be self-signed. this
            # is where we terminate the recursion
            ticket.set_issuer(auth_info.get_pkey_object(), hrn)
        else:
            # we need the parent's private key in order to sign this GID
            parent_auth_info = self.get_auth_info(parent_hrn)
            ticket.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn)
            ticket.set_parent(self.get_auth_cred(parent_hrn))

        ticket.encode()
        ticket.sign()

        return ticket
Esempio n. 2
0
def get_ticket(api, xrn, creds, rspec, users):

    reg_objects = __get_registry_objects(xrn, creds, users)

    slice_hrn, type = urn_to_hrn(xrn)
    slices = Slices(api)
    peer = slices.get_peer(slice_hrn)
    sfa_peer = slices.get_sfa_peer(slice_hrn)

    # get the slice record
    registry = api.registries[api.hrn]
    credential = api.getCredential()
    records = registry.Resolve(xrn, credential)

    # similar to CreateSliver, we must verify that the required records exist
    # at this aggregate before we can issue a ticket
    site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn,
                                                 peer, sfa_peer, reg_objects)
    slice = slices.verify_slice(registry, credential, slice_hrn, site_id,
                                remote_site_id, peer, sfa_peer, reg_objects)

    # make sure we get a local slice record
    record = None
    for tmp_record in records:
        if tmp_record['type'] == 'slice' and \
           not tmp_record['peer_authority']:
            record = SliceRecord(dict=tmp_record)
    if not record:
        raise RecordNotFound(slice_hrn)

    # get sliver info
    slivers = Slices(api).get_slivers(slice_hrn)
    if not slivers:
        raise SliverDoesNotExist(slice_hrn)

    # get initscripts
    initscripts = []
    data = {
        'timestamp': int(time.time()),
        'initscripts': initscripts,
        'slivers': slivers
    }

    # create the ticket
    object_gid = record.get_gid_object()
    new_ticket = SfaTicket(subject = object_gid.get_subject())
    new_ticket.set_gid_caller(api.auth.client_gid)
    new_ticket.set_gid_object(object_gid)
    new_ticket.set_issuer(key=api.key, subject=api.hrn)
    new_ticket.set_pubkey(object_gid.get_pubkey())
    new_ticket.set_attributes(data)
    new_ticket.set_rspec(rspec)
    #new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn))
    new_ticket.encode()
    new_ticket.sign()

    return new_ticket.save_to_string(save_parents=True)