def make_ch_cert(dir, uuidArg=uuid.uuid4()):
'''Make a self-signed cert for the clearinghouse saved to
given directory and returned.'''
# Create a cert with urn like geni.net:gpo:gcf+authority+sa
urn = geni.URN(CERT_AUTHORITY, AUTHORITY_CERT_TYPE,
CH_CERT_SUBJ).urn_string()
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(ch_gid, ch_keys) = create_cert(urn, ca=True, uuidarg=uuidArg)
ch_gid.save_to_file(os.path.join(dir, CH_CERT_FILE))
ch_keys.save_to_file(os.path.join(dir, CH_KEY_FILE))
# Create the rootcadir / trusted_roots dir if necessary
rootcapath = getAbsPath(config['global']['rootcadir'])
if rootcapath is not None:
if not os.path.exists(rootcapath):
# Throws an exception on error
os.makedirs(rootcapath)
# copy the CH cert to the trusted_roots dir'
if '/' in CH_CERT_FILE:
fname = CH_CERT_FILE[CH_CERT_FILE.rfind('/') + 1:]
else:
fname = CH_CERT_FILE
ch_gid.save_to_file(
os.path.join(getAbsPath(config['global']['rootcadir']), fname))
print "Created CH cert/keys in %s/%s, %s, and in %s" % (
dir, CH_CERT_FILE, CH_KEY_FILE,
getAbsPath(config['global']['rootcadir']) + "/" + fname)
return (ch_keys, ch_gid)
def make_user_cert(dir, username, ch_keys, ch_gid, public_key=None, email=None, uuidArg=uuid.uuid4()):
"""Make a GID/Cert for given username signed by given CH GID/keys,
saved in given directory. Not returned."""
# Create a cert like PREFIX+TYPE+name
# ie geni.net:gpo:gcf+user+alice
urn = geni.URN(CERT_AUTHORITY, USER_CERT_TYPE, username).urn_string()
logging.basicConfig(level=logging.INFO)
if not is_valid_urn_bytype(urn, "user", logging.getLogger("gen-certs")):
sys.exit("Username %s invalid" % username)
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(alice_gid, alice_keys) = create_cert(
urn, issuer_key=ch_keys, issuer_cert=ch_gid, ca=False, public_key=public_key, email=email, uuidarg=uuidArg
)
alice_gid.save_to_file(os.path.join(dir, USER_CERT_FILE))
if public_key is None:
alice_keys.save_to_file(os.path.join(dir, USER_KEY_FILE))
# Make a Credential for Alice
# alice_cred = create_user_credential(alice_gid, CH_KEY_FILE, CH_CERT_FILE)
# alice_cred.save_to_file('../alice-user-cred.xml')
print "Created Experimenter %s certificate in %s" % (username, os.path.join(dir, USER_CERT_FILE))
if public_key is None:
print "Created Experimenter %s key in %s" % (username, os.path.join(dir, USER_KEY_FILE))
def make_ch_cert(dir, uuidArg=uuid.uuid4()):
"""Make a self-signed cert for the clearinghouse saved to
given directory and returned."""
# Create a cert with urn like geni.net:gpo:gcf+authority+sa
urn = geni.URN(CERT_AUTHORITY, AUTHORITY_CERT_TYPE, CH_CERT_SUBJ).urn_string()
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(ch_gid, ch_keys) = create_cert(urn, ca=True, uuidarg=uuidArg)
ch_gid.save_to_file(os.path.join(dir, CH_CERT_FILE))
ch_keys.save_to_file(os.path.join(dir, CH_KEY_FILE))
# Create the rootcadir / trusted_roots dir if necessary
rootcapath = getAbsPath(config["global"]["rootcadir"])
if rootcapath is not None:
if not os.path.exists(rootcapath):
# Throws an exception on error
os.makedirs(rootcapath)
# copy the CH cert to the trusted_roots dir'
if "/" in CH_CERT_FILE:
fname = CH_CERT_FILE[CH_CERT_FILE.rfind("/") + 1 :]
else:
fname = CH_CERT_FILE
ch_gid.save_to_file(os.path.join(getAbsPath(config["global"]["rootcadir"]), fname))
print "Created CH cert/keys in %s/%s, %s, and in %s" % (
dir,
CH_CERT_FILE,
CH_KEY_FILE,
getAbsPath(config["global"]["rootcadir"]) + "/" + fname,
)
return (ch_keys, ch_gid)
def make_am_cert(dir, ch_cert, ch_key, uuidArg=uuid.uuid4()):
"""Make a cert for the aggregate manager signed by given CH cert/key
and saved in given dir. NOT RETURNED.
AM publicid will be from gcf_config base_name//am-name"""
# Create a cert with urn like geni.net:gpo:gcf:am1+authority+am
auth_name = CERT_AUTHORITY + "//" + config["aggregate_manager"]["name"]
urn = geni.URN(auth_name, AUTHORITY_CERT_TYPE, AM_CERT_SUBJ).urn_string()
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(am_gid, am_keys) = create_cert(urn, ch_key, ch_cert, ca=True, uuidarg=uuidArg)
am_gid.save_to_file(os.path.join(dir, AM_CERT_FILE))
am_keys.save_to_file(os.path.join(dir, AM_KEY_FILE))
print "Created AM cert/keys in %s/%s and %s" % (dir, AM_CERT_FILE, AM_KEY_FILE)
def make_am_cert(dir, ch_cert, ch_key, uuidArg=uuid.uuid4()):
'''Make a cert for the aggregate manager signed by given CH cert/key
and saved in given dir. NOT RETURNED.
AM publicid will be from gcf_config base_name//am-name'''
# Create a cert with urn like geni.net:gpo:gcf:am1+authority+am
auth_name = CERT_AUTHORITY + "//" + config['aggregate_manager']['name']
urn = geni.URN(auth_name, AUTHORITY_CERT_TYPE, AM_CERT_SUBJ).urn_string()
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(am_gid, am_keys) = create_cert(urn,
ch_key,
ch_cert,
ca=True,
uuidarg=uuidArg)
am_gid.save_to_file(os.path.join(dir, AM_CERT_FILE))
am_keys.save_to_file(os.path.join(dir, AM_KEY_FILE))
print "Created AM cert/keys in %s/%s and %s" % (dir, AM_CERT_FILE,
AM_KEY_FILE)
def make_user_cert(dir,
username,
ch_keys,
ch_gid,
public_key=None,
email=None,
uuidArg=uuid.uuid4()):
'''Make a GID/Cert for given username signed by given CH GID/keys,
saved in given directory. Not returned.'''
# Create a cert like PREFIX+TYPE+name
# ie geni.net:gpo:gcf+user+alice
urn = geni.URN(CERT_AUTHORITY, USER_CERT_TYPE, username).urn_string()
logging.basicConfig(level=logging.INFO)
if not is_valid_urn_bytype(urn, 'user', logging.getLogger("gen-certs")):
sys.exit("Username %s invalid" % username)
if not uuidArg:
uuidArg = uuid.uuid4()
# add lifeDays arg to change # of days cert lasts
(alice_gid, alice_keys) = create_cert(urn,
issuer_key=ch_keys,
issuer_cert=ch_gid,
ca=False,
public_key=public_key,
email=email,
uuidarg=uuidArg)
alice_gid.save_to_file(os.path.join(dir, USER_CERT_FILE))
if public_key is None:
alice_keys.save_to_file(os.path.join(dir, USER_KEY_FILE))
# Make a Credential for Alice
#alice_cred = create_user_credential(alice_gid, CH_KEY_FILE, CH_CERT_FILE)
#alice_cred.save_to_file('../alice-user-cred.xml')
print "Created Experimenter %s certificate in %s" % (
username, os.path.join(dir, USER_CERT_FILE))
if public_key is None:
print "Created Experimenter %s key in %s" % (
username, os.path.join(dir, USER_KEY_FILE))
