def __set_domain_component_id(self, resource_cid): """ Retrieve domain URN from component ID. """ try: self.debug("Getting Domain info from resource-id: %s" % (resource_cid, )) # First part of the tuple resource_hrn = xrn.urn_to_hrn(resource_cid)[0] # Conversion from HRN to URN sometimes translates # "." by "\.". Corrected here resource_hrn = resource_hrn.replace("\.", ".") # Auth URN is already there #resource_auth = xrn.get_authority(resource_hrn) resource_auth = resource_hrn resource_cid = xrn.hrn_to_urn(resource_auth, "authority") self.domain_urn = resource_cid self.info("The URN is well-formed, update domain-urn: %s" % (self.domain_urn, )) except Exception as e: self.error("Malformed URN on resource_detector. Exception: %s" % str(e)) # XXX_FIXME_XXX: this is just a workaround. # We reuse the component-id as prefix of the "autority" string. # We also introduce "malformed" just to point out this case! self.domain_urn = resource_cid + "+malformed+" + "authority+sa" self.warning("Malformed Domain URN: %s" % (self.domain_urn, ))
def __set_domain_component_id(self, resource_cid): """ Retrieve domain URN from component ID. """ try: self.debug("Getting Domain info from resource-id: %s" % (resource_cid,)) # First part of the tuple resource_hrn = xrn.urn_to_hrn(resource_cid)[0] # Conversion from HRN to URN sometimes translates # "." by "\.". Corrected here resource_hrn = resource_hrn.replace("\.", ".") # Auth URN is already there #resource_auth = xrn.get_authority(resource_hrn) resource_auth = resource_hrn resource_cid = xrn.hrn_to_urn(resource_auth, "authority") self.domain_urn = resource_cid self.info("The URN is well-formed, update domain-urn: %s" % (self.domain_urn,)) except Exception as e: self.error("Malformed URN on resource_detector. Exception: %s" % str(e)) # XXX_FIXME_XXX: this is just a workaround. # We reuse the component-id as prefix of the "autority" string. # We also introduce "malformed" just to point out this case! self.domain_urn = resource_cid + "+malformed+" + "authority+sa" self.warning("Malformed Domain URN: %s" % (self.domain_urn,))
def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): self.uuid = None self.hrn = None self.urn = None self.email = None # for adding to the SubjectAltName Certificate.__init__(self, lifeDays, create, subject, string, filename) if subject: print "Creating GID for subject: %s" % subject if uuid: self.uuid = int(uuid) if hrn: self.hrn = hrn self.urn = hrn_to_urn(hrn, 'unknown') if urn: self.urn = urn self.hrn, type = urn_to_hrn(urn) if email: self.set_email(email)
def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825): Certificate.__init__(self, lifeDays, create, subject, string, filename) if subject: logger.debug("Creating GID for subject: %s" % subject) if uuid: self.uuid = int(uuid) if hrn: self.hrn = hrn self.urn = hrn_to_urn(hrn, 'unknown') if urn: self.urn = urn self.hrn, type = urn_to_hrn(urn)
def encode(self): if self.urn: urn = self.urn else: urn = hrn_to_urn(self.hrn, None) str = "URI:" + urn if self.uuid: str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn if self.email: str += ", " + "email:" + self.email self.set_data(str, 'subjectAltName')
def create_auth(self, xrn, create_parents=False): hrn, type = urn_to_hrn(str(xrn)) # create the parent authority if necessary parent_hrn = get_authority(hrn) parent_urn = hrn_to_urn(parent_hrn, 'authority') if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents): self.create_auth(parent_urn, create_parents) (directory, gid_filename, privkey_filename,) = \ self.get_auth_filenames(hrn) # create the directory to hold the files try: os.makedirs(directory) # if the path already exists then pass except OSError, (errno, strerr): if errno == 17: pass
def create_gid(self, xrn, uuid, pkey, CA=False, email=None): hrn, type = urn_to_hrn(xrn) if not type: type = 'authority' parent_hrn = get_authority(hrn) # Using hrn_to_urn() here to make sure the urn is in the right format # If xrn was a hrn instead of a urn, then the gid's urn will be # of type None urn = hrn_to_urn(hrn, type) subject = self.get_subject(hrn) if not subject: subject = hrn gid = GID(subject=subject, uuid=uuid, hrn=hrn, urn=urn, email=email) # is this a CA cert if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn: # root or sub authority gid.set_intermediate_ca(True) elif type and 'authority' in type: # authority type gid.set_intermediate_ca(False) elif CA: gid.set_intermediate_ca(True) else: gid.set_intermediate_ca(False) # set issuer if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion gid.set_issuer(pkey, subject) else: # we need the parent's private key in order to sign this GID parent_auth_info = self.get_auth_info(parent_hrn) parent_gid = parent_auth_info.get_gid_object() gid.set_issuer(parent_auth_info.get_pkey_object(), parent_gid.get_extended_subject()) gid.set_parent(parent_auth_info.get_gid_object()) gid.set_pubkey(pkey) gid.encode() gid.sign() return gid
def create_auth(self, xrn, create_parents=False): hrn, type = urn_to_hrn(str(xrn)) # create the parent authority if necessary parent_hrn = get_authority(hrn) parent_urn = hrn_to_urn(parent_hrn, 'authority') if (parent_hrn) and (not self.auth_exists(parent_urn)) and ( create_parents): self.create_auth(parent_urn, create_parents) (directory, gid_filename, privkey_filename,) = \ self.get_auth_filenames(hrn) # create the directory to hold the files try: os.makedirs(directory) # if the path already exists then pass except OSError, (errno, strerr): if errno == 17: pass