def create_null_slice_cred():
"""Create a slice cred that can be used to list resources."""
slice_urn = create_slice_urn()
slice_gid, _ = create_x509_cert(slice_urn)
user_gid = GID(filename=settings.GCF_X509_CH_CERT)
ucred = create_slice_credential(user_gid, slice_gid)
ucred.save_to_file(settings.GCF_NULL_SLICE_CRED)
def create_null_slice_cred():
"""Create a slice cred that can be used to list resources."""
slice_urn = create_slice_urn()
slice_gid, _ = create_x509_cert(slice_urn)
user_gid = GID(filename=settings.GCF_X509_CH_CERT)
ucred = create_slice_credential(user_gid, slice_gid)
ucred.save_to_file(settings.GCF_NULL_SLICE_CRED)
def get_am_cred(cls):
"""
Get the slice authority credentials to use for AM calls.
@return: GENI credential string.
"""
slice_urn = create_slice_urn()
slice_gid, _ = create_x509_cert(slice_urn)
user_gid = GID(filename=settings.GCF_X509_CH_CERT)
ucred = create_slice_credential(user_gid, slice_gid)
return ucred.save_to_string()
def get_am_cred(cls):
"""
Get the slice authority credentials to use for AM calls.
@return: GENI credential string.
"""
slice_urn = create_slice_urn()
slice_gid, _ = create_x509_cert(slice_urn)
user_gid = GID(filename=settings.GCF_X509_CH_CERT)
ucred = create_slice_credential(user_gid, slice_gid)
return ucred.save_to_string()
def CreateSlice(user_cert, urn_req=None):
# Is this user allowed to create a slice?
# first get the user with this cert
username = get_username_from_cert(user_cert)
try:
User.objects.get(username=username)
except User.DoesNotExist:
raise Exception("Unknown user %s." % username)
if urn_req:
# check the requested URN
urn = URN(urn=urn_req)
# make sure that we would generate the same urn if using the
# same name (i.e. authority is the same...)
urn_gen = get_slice_urn(urn.getName())
if urn_gen != urn_req:
raise BadURNException(
"The requested URN is not one that would be generated"
" by this clearinghouse. Requested was %s, but generated"
" is %s" % (urn_req, urn_gen)
)
else:
# Generate a unique URN for the slice
urn_req = create_slice_urn()
try:
slice_gid = create_x509_cert(urn_req)[0]
except Exception as exc:
logger.error("Could not create slice. Error\n %s"
% traceback.format_exc())
raise Exception("Failed to create slice %s." % urn_req)
# Now get the user GID which will have permissions on this slice.
# It doesnt have the chain but should be signed
# by this CHs cert, which should also be a trusted
# root at any federated AM. So everyone can verify it as is.
# Note that if a user from a different CH (installed
# as trusted by this CH for some reason) called this method,
# that user would be used here - and can still get a valid slice
try:
user_gid = gid.GID(string=user_cert)
except Exception, exc:
logger.error("CreateSlice failed to create user_gid from SSL client cert: %s", traceback.format_exc())
raise Exception("Failed to create slice %s. Cant get user GID from SSL client certificate." % urn_req, exc)
def __init__(self, *args, **kwargs):
urn = kwargs.setdefault("slice_urn", create_slice_urn())
kwargs.setdefault("slice_gid",
create_x509_cert(urn)[0].save_to_string())
super(GENISliceInfo, self).__init__(*args, **kwargs)
def __init__(self, *args, **kwargs):
urn = kwargs.setdefault("slice_urn", create_slice_urn())
kwargs.setdefault(
"slice_gid", create_x509_cert(urn)[0].save_to_string())
super(GENISliceInfo, self).__init__(*args, **kwargs)
