def get_auth_ticket(self, xrn): hrn, type = urn_to_hrn(xrn) auth_info = self.get_auth_info(hrn) gid = auth_info.get_gid_object() ticket = SfaTicket(subject=hrn) ticket.set_gid_caller(gid) ticket.set_gid_object(gid) ticket.set_delegate(True) ticket.set_pubkey(auth_info.get_gid_object().get_pubkey()) parent_hrn = get_authority(hrn) if not parent_hrn: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion ticket.set_issuer(auth_info.get_pkey_object(), hrn) else: # we need the parent's private key in order to sign this GID parent_auth_info = self.get_auth_info(parent_hrn) ticket.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn) ticket.set_parent(self.get_auth_cred(parent_hrn)) ticket.encode() ticket.sign() return ticket
def testGetTicket(self): slice_credential = self.client.GetCredential(self.slice['hrn'], 'slice') rspec = self.aggregate.get_resources(self.credential) ticket = self.aggregate.GetTicket(slice_credential, self.slice['hrn'], rspec) # will raise an exception if the ticket inst valid SfaTicket(string=ticket)
def check_ticket(self, ticket): """ Check if the tickt was signed by a trusted cert """ if self.trusted_cert_list: client_ticket = SfaTicket(string=ticket) client_ticket.verify_chain(self.trusted_cert_list) else: raise MissingTrustedRoots(self.config.get_trustedroots_dir()) return True
def redeem_ticket(api, ticket_string): ticket = SfaTicket(string=ticket_string) ticket.decode() hrn = ticket.attributes['slivers'][0]['hrn'] slicename = PlXrn (hrn).pl_slicename() if not api.sliver_exists(slicename): raise SliverDoesNotExist(slicename) # convert ticket to format nm is used to nm_ticket = xmlrpclib.dumps((ticket.attributes,), methodresponse=True) api.driver.nodemanager.AdminTicket(nm_ticket)