def CreateSlice(user_cert, urn_req=None): # Is this user allowed to create a slice? # first get the user with this cert username = get_username_from_cert(user_cert) try: User.objects.get(username=username) except User.DoesNotExist: raise Exception("Unknown user %s." % username) if urn_req: # check the requested URN urn = URN(urn=urn_req) # make sure that we would generate the same urn if using the # same name (i.e. authority is the same...) urn_gen = get_slice_urn(urn.getName()) if urn_gen != urn_req: raise BadURNException( "The requested URN is not one that would be generated" " by this clearinghouse. Requested was %s, but generated" " is %s" % (urn_req, urn_gen) ) else: # Generate a unique URN for the slice urn_req = create_slice_urn() try: slice_gid = create_x509_cert(urn_req)[0] except Exception as exc: logger.error("Could not create slice. Error\n %s" % traceback.format_exc()) raise Exception("Failed to create slice %s." % urn_req) # Now get the user GID which will have permissions on this slice. # It doesnt have the chain but should be signed # by this CHs cert, which should also be a trusted # root at any federated AM. So everyone can verify it as is. # Note that if a user from a different CH (installed # as trusted by this CH for some reason) called this method, # that user would be used here - and can still get a valid slice try: user_gid = gid.GID(string=user_cert) except Exception, exc: logger.error("CreateSlice failed to create user_gid from SSL client cert: %s", traceback.format_exc()) raise Exception("Failed to create slice %s. Cant get user GID from SSL client certificate." % urn_req, exc)
def CreateUserCredential(user_gid): '''Return string representation of a user credential issued by this CH with caller/object this user_gid (string) with user privileges''' username = get_username_from_cert(user_gid) try: User.objects.get(username=username) except User.DoesNotExist: raise Exception("Unknown user %s." % username) user_gid = gid.GID(string=user_gid) logger.info("Called CreateUserCredential for GID %s" % user_gid.get_hrn()) try: ucred = create_user_credential(user_gid) except Exception, exc: logger.error("Failed to create user credential for %s: %s", user_gid.get_hrn(), traceback.format_exc()) raise Exception("Failed to create user credential for %s" % user_gid.get_hrn(), exc)