def make_ch_cert(dir, uuidArg=uuid.uuid4()): '''Make a self-signed cert for the clearinghouse saved to given directory and returned.''' # Create a cert with urn like geni.net:gpo:gcf+authority+sa urn = geni.URN(CERT_AUTHORITY, AUTHORITY_CERT_TYPE, CH_CERT_SUBJ).urn_string() if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (ch_gid, ch_keys) = create_cert(urn, ca=True, uuidarg=uuidArg) ch_gid.save_to_file(os.path.join(dir, CH_CERT_FILE)) ch_keys.save_to_file(os.path.join(dir, CH_KEY_FILE)) # Create the rootcadir / trusted_roots dir if necessary rootcapath = getAbsPath(config['global']['rootcadir']) if rootcapath is not None: if not os.path.exists(rootcapath): # Throws an exception on error os.makedirs(rootcapath) # copy the CH cert to the trusted_roots dir' if '/' in CH_CERT_FILE: fname = CH_CERT_FILE[CH_CERT_FILE.rfind('/') + 1:] else: fname = CH_CERT_FILE ch_gid.save_to_file( os.path.join(getAbsPath(config['global']['rootcadir']), fname)) print "Created CH cert/keys in %s/%s, %s, and in %s" % ( dir, CH_CERT_FILE, CH_KEY_FILE, getAbsPath(config['global']['rootcadir']) + "/" + fname) return (ch_keys, ch_gid)
def make_user_cert(dir, username, ch_keys, ch_gid, public_key=None, email=None, uuidArg=uuid.uuid4()): """Make a GID/Cert for given username signed by given CH GID/keys, saved in given directory. Not returned.""" # Create a cert like PREFIX+TYPE+name # ie geni.net:gpo:gcf+user+alice urn = geni.URN(CERT_AUTHORITY, USER_CERT_TYPE, username).urn_string() logging.basicConfig(level=logging.INFO) if not is_valid_urn_bytype(urn, "user", logging.getLogger("gen-certs")): sys.exit("Username %s invalid" % username) if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (alice_gid, alice_keys) = create_cert( urn, issuer_key=ch_keys, issuer_cert=ch_gid, ca=False, public_key=public_key, email=email, uuidarg=uuidArg ) alice_gid.save_to_file(os.path.join(dir, USER_CERT_FILE)) if public_key is None: alice_keys.save_to_file(os.path.join(dir, USER_KEY_FILE)) # Make a Credential for Alice # alice_cred = create_user_credential(alice_gid, CH_KEY_FILE, CH_CERT_FILE) # alice_cred.save_to_file('../alice-user-cred.xml') print "Created Experimenter %s certificate in %s" % (username, os.path.join(dir, USER_CERT_FILE)) if public_key is None: print "Created Experimenter %s key in %s" % (username, os.path.join(dir, USER_KEY_FILE))
def make_ch_cert(dir, uuidArg=uuid.uuid4()): """Make a self-signed cert for the clearinghouse saved to given directory and returned.""" # Create a cert with urn like geni.net:gpo:gcf+authority+sa urn = geni.URN(CERT_AUTHORITY, AUTHORITY_CERT_TYPE, CH_CERT_SUBJ).urn_string() if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (ch_gid, ch_keys) = create_cert(urn, ca=True, uuidarg=uuidArg) ch_gid.save_to_file(os.path.join(dir, CH_CERT_FILE)) ch_keys.save_to_file(os.path.join(dir, CH_KEY_FILE)) # Create the rootcadir / trusted_roots dir if necessary rootcapath = getAbsPath(config["global"]["rootcadir"]) if rootcapath is not None: if not os.path.exists(rootcapath): # Throws an exception on error os.makedirs(rootcapath) # copy the CH cert to the trusted_roots dir' if "/" in CH_CERT_FILE: fname = CH_CERT_FILE[CH_CERT_FILE.rfind("/") + 1 :] else: fname = CH_CERT_FILE ch_gid.save_to_file(os.path.join(getAbsPath(config["global"]["rootcadir"]), fname)) print "Created CH cert/keys in %s/%s, %s, and in %s" % ( dir, CH_CERT_FILE, CH_KEY_FILE, getAbsPath(config["global"]["rootcadir"]) + "/" + fname, ) return (ch_keys, ch_gid)
def make_am_cert(dir, ch_cert, ch_key, uuidArg=uuid.uuid4()): """Make a cert for the aggregate manager signed by given CH cert/key and saved in given dir. NOT RETURNED. AM publicid will be from gcf_config base_name//am-name""" # Create a cert with urn like geni.net:gpo:gcf:am1+authority+am auth_name = CERT_AUTHORITY + "//" + config["aggregate_manager"]["name"] urn = geni.URN(auth_name, AUTHORITY_CERT_TYPE, AM_CERT_SUBJ).urn_string() if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (am_gid, am_keys) = create_cert(urn, ch_key, ch_cert, ca=True, uuidarg=uuidArg) am_gid.save_to_file(os.path.join(dir, AM_CERT_FILE)) am_keys.save_to_file(os.path.join(dir, AM_KEY_FILE)) print "Created AM cert/keys in %s/%s and %s" % (dir, AM_CERT_FILE, AM_KEY_FILE)
def make_am_cert(dir, ch_cert, ch_key, uuidArg=uuid.uuid4()): '''Make a cert for the aggregate manager signed by given CH cert/key and saved in given dir. NOT RETURNED. AM publicid will be from gcf_config base_name//am-name''' # Create a cert with urn like geni.net:gpo:gcf:am1+authority+am auth_name = CERT_AUTHORITY + "//" + config['aggregate_manager']['name'] urn = geni.URN(auth_name, AUTHORITY_CERT_TYPE, AM_CERT_SUBJ).urn_string() if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (am_gid, am_keys) = create_cert(urn, ch_key, ch_cert, ca=True, uuidarg=uuidArg) am_gid.save_to_file(os.path.join(dir, AM_CERT_FILE)) am_keys.save_to_file(os.path.join(dir, AM_KEY_FILE)) print "Created AM cert/keys in %s/%s and %s" % (dir, AM_CERT_FILE, AM_KEY_FILE)
def make_user_cert(dir, username, ch_keys, ch_gid, public_key=None, email=None, uuidArg=uuid.uuid4()): '''Make a GID/Cert for given username signed by given CH GID/keys, saved in given directory. Not returned.''' # Create a cert like PREFIX+TYPE+name # ie geni.net:gpo:gcf+user+alice urn = geni.URN(CERT_AUTHORITY, USER_CERT_TYPE, username).urn_string() logging.basicConfig(level=logging.INFO) if not is_valid_urn_bytype(urn, 'user', logging.getLogger("gen-certs")): sys.exit("Username %s invalid" % username) if not uuidArg: uuidArg = uuid.uuid4() # add lifeDays arg to change # of days cert lasts (alice_gid, alice_keys) = create_cert(urn, issuer_key=ch_keys, issuer_cert=ch_gid, ca=False, public_key=public_key, email=email, uuidarg=uuidArg) alice_gid.save_to_file(os.path.join(dir, USER_CERT_FILE)) if public_key is None: alice_keys.save_to_file(os.path.join(dir, USER_KEY_FILE)) # Make a Credential for Alice #alice_cred = create_user_credential(alice_gid, CH_KEY_FILE, CH_CERT_FILE) #alice_cred.save_to_file('../alice-user-cred.xml') print "Created Experimenter %s certificate in %s" % ( username, os.path.join(dir, USER_CERT_FILE)) if public_key is None: print "Created Experimenter %s key in %s" % ( username, os.path.join(dir, USER_KEY_FILE))