本文整理汇总了Python中sfa.trust.gid.GID类的典型用法代码示例。如果您正苦于以下问题:Python GID类的具体用法?Python GID怎么用?Python GID使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了GID类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_cert_file
def get_cert_file(self, key_file):
cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
if (os.path.isfile(cert_file)):
# we'd perfer to use Registry issued certs instead of self signed certs.
# if this is a Registry cert (GID) then we are done
gid = GID(filename=cert_file)
if gid.get_urn():
return cert_file
# generate self signed certificate
k = Keypair(filename=key_file)
cert = Certificate(subject=self.user)
cert.set_pubkey(k)
cert.set_issuer(k, self.user)
cert.sign()
self.logger.info("Writing self-signed certificate to %s"%cert_file)
cert.save_to_file(cert_file)
self.cert = cert
# try to get registry issued cert
try:
self.logger.info("Getting Registry issued cert")
self.read_config()
# *hack. need to set registyr before _get_gid() is called
self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug)
gid = self._get_gid(type='user')
self.registry = None
self.logger.info("Writing certificate to %s"%cert_file)
gid.save_to_file(cert_file)
except:
self.logger.info("Failed to download Registry issued cert")
return cert_file
示例2: delegate
def delegate(self, delegee_gidfile, caller_keyfile, caller_gidfile):
"""
Return a delegated copy of this credential, delegated to the
specified gid's user.
"""
# get the gid of the object we are delegating
object_gid = self.get_gid_object()
object_hrn = object_gid.get_hrn()
# the hrn of the user who will be delegated to
delegee_gid = GID(filename=delegee_gidfile)
delegee_hrn = delegee_gid.get_hrn()
#user_key = Keypair(filename=keyfile)
#user_hrn = self.get_gid_caller().get_hrn()
subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
dcred = Credential(subject=subject_string)
dcred.set_gid_caller(delegee_gid)
dcred.set_gid_object(object_gid)
dcred.set_parent(self)
dcred.set_expiration(self.get_expiration())
dcred.set_privileges(self.get_privileges())
dcred.get_privileges().delegate_all_privileges(True)
#dcred.set_issuer_keys(keyfile, delegee_gidfile)
dcred.set_issuer_keys(caller_keyfile, caller_gidfile)
dcred.encode()
dcred.sign()
return dcred
示例3: export_gid
def export_gid(options):
from sfa.util.table import SfaTable
# lookup the record for the specified hrn
hrn = options.export
type = options.type
# check sfa table first
filter = {'hrn': hrn}
if type:
filter['type'] = type
table = SfaTable()
records = table.find(filter)
if not records:
# check the authorities hierarchy
hierarchy = Hierarchy()
try:
auth_info = hierarchy.get_auth_info()
gid = auth_info.gid_object
except:
print "Record: %s not found" % hrn
sys.exit(1)
else:
record = records[0]
gid = GID(string=record['gid'])
# get the outfile
outfile = options.outfile
if not outfile:
outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
# save it
if options.verbose:
print "Writing %s gid to %s" % (gid.get_hrn(), outfile)
gid.save_to_file(outfile, save_parents=True)
示例4: _get_gid
def _get_gid(self, hrn=None, type=None):
"""
git_gid helper. Retrive the gid from the registry and save it to file.
"""
if not hrn:
hrn = self.user
gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
gid = self.get_cached_gid(gidfile)
if not gid:
user_cred = self.get_user_cred()
records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
if not records:
raise RecordNotFound(args[0])
record = records[0]
if type:
record=None
for rec in records:
if type == rec['type']:
record = rec
if not record:
raise RecordNotFound(args[0])
gid = GID(string=record['gid'])
self.logger.info("Writing gid to %s"%gidfile)
gid.save_to_file(filename=gidfile)
return gid
示例5: install_peer_certs
def install_peer_certs(server_key_file, server_cert_file):
"""
Attempt to install missing trusted gids and db records for
our federated interfaces
"""
# Attempt to get any missing peer gids
# There should be a gid file in /etc/sfa/trusted_roots for every
# peer registry found in in the registries.xml config file. If there
# are any missing gids, request a new one from the peer registry.
api = SfaAPI(key_file=server_key_file, cert_file=server_cert_file)
registries = Registries()
aggregates = Aggregates()
interfaces = dict(registries.items() + aggregates.items())
gids_current = api.auth.trusted_cert_list
hrns_current = [gid.get_hrn() for gid in gids_current]
hrns_expected = set([hrn for hrn in interfaces])
new_hrns = set(hrns_expected).difference(hrns_current)
# gids = self.get_peer_gids(new_hrns) + gids_current
peer_gids = []
if not new_hrns:
return
trusted_certs_dir = api.config.get_trustedroots_dir()
for new_hrn in new_hrns:
if not new_hrn:
continue
# the gid for this interface should already be installed
if new_hrn == api.config.SFA_INTERFACE_HRN:
continue
try:
# get gid from the registry
url = interfaces[new_hrn].get_url()
interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
# skip non sfa aggregates
server_version = api.get_cached_server_version(interface)
if "sfa" not in server_version:
logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
continue
trusted_gids = interface.get_trusted_certs()
if trusted_gids:
# the gid we want should be the first one in the list,
# but lets make sure
for trusted_gid in trusted_gids:
# default message
message = "interface: %s\t" % (api.interface)
message += "unable to install trusted gid for %s" % (new_hrn)
gid = GID(string=trusted_gids[0])
peer_gids.append(gid)
if gid.get_hrn() == new_hrn:
gid_filename = os.path.join(trusted_certs_dir, "%s.gid" % new_hrn)
gid.save_to_file(gid_filename, save_parents=True)
message = "installed trusted cert for %s" % new_hrn
# log the message
api.logger.info(message)
except:
message = "interface: %s\tunable to install trusted gid for %s" % (api.interface, new_hrn)
api.logger.log_exc(message)
# doesnt matter witch one
update_cert_records(peer_gids)
示例6: getCredential
def getCredential(self):
"""
Get our credential from a remote registry
"""
path = self.config.SFA_DATA_DIR
config_dir = self.config.config_path
cred_filename = path + os.sep + 'node.cred'
try:
credential = Credential(filename = cred_filename)
return credential.save_to_string(save_parents=True)
except IOError:
node_pkey_file = config_dir + os.sep + "node.key"
node_gid_file = config_dir + os.sep + "node.gid"
cert_filename = path + os.sep + 'server.cert'
if not os.path.exists(node_pkey_file) or \
not os.path.exists(node_gid_file):
self.get_node_key()
# get node's hrn
gid = GID(filename=node_gid_file)
hrn = gid.get_hrn()
# get credential from registry
cert_str = Certificate(filename=cert_filename).save_to_string(save_parents=True)
registry = self.get_registry()
cred = registry.GetSelfCredential(cert_str, hrn, 'node')
# xxx credfile is undefined
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred
示例7: check_gid
def check_gid(self, xrn=None, type=None, all=None, verbose=None):
"""Check the correspondance between the GID and the PubKey"""
# db records
from sfa.storage.model import RegRecord
db_query = self.api.dbsession().query(RegRecord).filter_by(type=type)
if xrn and not all:
hrn = Xrn(xrn).get_hrn()
db_query = db_query.filter_by(hrn=hrn)
elif all and xrn:
print "Use either -a or -x <xrn>, not both !!!"
sys.exit(1)
elif not all and not xrn:
print "Use either -a or -x <xrn>, one of them is mandatory !!!"
sys.exit(1)
records = db_query.all()
if not records:
print "No Record found"
sys.exit(1)
OK = []
NOK = []
ERROR = []
NOKEY = []
for record in records:
# get the pubkey stored in SFA DB
if record.reg_keys:
db_pubkey_str = record.reg_keys[0].key
try:
db_pubkey_obj = convert_public_key(db_pubkey_str)
except:
ERROR.append(record.hrn)
continue
else:
NOKEY.append(record.hrn)
continue
# get the pubkey from the gid
gid_str = record.gid
gid_obj = GID(string = gid_str)
gid_pubkey_obj = gid_obj.get_pubkey()
# Check if gid_pubkey_obj and db_pubkey_obj are the same
check = gid_pubkey_obj.is_same(db_pubkey_obj)
if check :
OK.append(record.hrn)
else:
NOK.append(record.hrn)
if not verbose:
print "Users NOT having a PubKey: %s\n\
Users having a non RSA PubKey: %s\n\
Users having a GID/PubKey correpondence OK: %s\n\
Users having a GID/PubKey correpondence Not OK: %s\n"%(len(NOKEY), len(ERROR), len(OK), len(NOK))
else:
print "Users NOT having a PubKey: %s and are: \n%s\n\n\
Users having a non RSA PubKey: %s and are: \n%s\n\n\
Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"%(len(NOKEY),NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)
示例8: get_username_from_cert
def get_username_from_cert(cert_string):
try:
gid = GID(string=cert_string)
# extract the URN in the subjectAltName
urn_str = gid.get_urn()
logger.debug("URN: %s" % urn_str)
except:
logger.warn("Failed to get certificate from string.")
logger.warn(traceback.format_exc())
return cert_string
try:
urn = URN(urn=str(urn_str))
except ValueError:
return cert_string
# check if this user is one of ours
home_urn = get_user_urn(urn.getName())
if home_urn == urn.urn_string():
username = urn.getName()
else:
username = urn_to_username(urn.urn_string())
logger.debug("Returning username %s" % username)
return username
示例9: GetCredential
def GetCredential(self, api, xrn, type, caller_xrn=None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = api.auth.get_auth_info(auth_hrn)
# get record info
record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first()
if not record:
raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
# get the callers gid
# if caller_xrn is not specified assume the caller is the record
# object itself.
if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_hrn, caller_type = urn_to_hrn(caller_xrn)
if caller_type:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn,type=caller_type).first()
else:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first()
if not caller_record:
raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
caller_gid = GID(string=caller_record.gid)i
object_hrn = record.get_gid_object().get_hrn()
# call the builtin authorization/credential generation engine
rights = api.auth.determine_user_rights(caller_hrn, record)
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError("%s has no rights to %s (%s)" % \
(caller_hrn, object_hrn, xrn))
object_gid = GID(string=record.gid)
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if hasattr(record,'expires'):
date = utcparse(record.expires)
expires = datetime_to_epoch(date)
new_cred.set_expiration(int(expires))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
示例10: display
def display(self, gidfile):
"""Print contents of a GID file"""
gid_path = os.path.abspath(gidfile)
if not gid_path or not os.path.isfile(gid_path):
print "No such gid file: %s" % gidfile
sys.exit(1)
gid = GID(filename=gid_path)
gid.dump(dump_parents=True)
示例11: get_credential
def get_credential(api, xrn, type, is_self=False):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
# get record info
auth_info = api.auth.get_auth_info(auth_hrn)
table = SfaTable()
records = table.findObjects({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
record = records[0]
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
if record['type']=='user':
if not record['enabled']:
raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
if is_self:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_gid = api.auth.client_cred.get_gid_caller()
caller_hrn = caller_gid.get_hrn()
object_hrn = record.get_gid_object().get_hrn()
rights = api.auth.determine_user_rights(caller_hrn, record)
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError(caller_hrn + " has no rights to " + record['name'])
object_gid = GID(string=record['gid'])
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if 'expires' in record:
new_cred.set_expiration(int(record['expires']))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
示例12: display
def display(options):
"""
Display the sepcified GID
"""
gidfile = os.path.abspath(options.display)
if not gidfile or not os.path.isfile(gidfile):
print "No such gid: %s" % gidfile
sys.exit(1)
gid = GID(filename=gidfile)
gid.dump(dump_parents=True)
示例13: UploadCertForm
class UploadCertForm(forms.Form):
"""Form to upload a certificate and its corresponding key."""
key_file = forms.FileField(
help_text="Select the file that contains the key for the "\
"certificate to upload.")
cert_file = forms.FileField(
help_text="Select the file that contains the "\
"certificate to upload. The certificate must be signed "\
"with the uploaded key.")
clean_key_file = _clean_x_file_factory("key")
clean_cert_file = _clean_x_file_factory("cert")
def clean(self):
"""Check that the cert file is signed by the key file and is trusted."""
logger.debug("cleaned_data %s" % self.cleaned_data)
if self.files:
self.key = Keypair(string=self.files["key_file"].read())
self.cert = GID(string=self.files["cert_file"].read())
cert_pubkey = self.cert.get_pubkey().get_pubkey_string()
if cert_pubkey != self.key.get_pubkey_string():
raise forms.ValidationError(
"Error: The certificate was not signed "
"by the uploaded key. Please use a key "
"that matches the certificate.")
try:
certs = [GID(filename=f) for f in get_trusted_cert_filenames()]
self.cert.verify_chain(certs)
except Exception as e:
logger.error(traceback.format_exc())
raise forms.ValidationError(
"Could not verify that the uploaded certificate is "
"trusted. This could be because none of the certificate's "
"ancestors have been installed as trusted. The error was: "
"%s" % e
)
return self.cleaned_data
def save(self, user):
"""Write the key and cert into files.
@param user: the user to save the cert and key for.
@type user: C{django.contrib.auth.models.User}
"""
key_fname = get_user_key_fname(user)
cert_fname = get_user_cert_fname(user)
self.key.save_to_file(key_fname)
self.cert.save_to_file(cert_fname)
示例14: get_trusted_certs
def get_trusted_certs(self, opts, args):
"""
return uhe trusted certs at this interface
"""
trusted_certs = self.registry.get_trusted_certs()
for trusted_cert in trusted_certs:
gid = GID(string=trusted_cert)
gid.dump()
cert = Certificate(string=trusted_cert)
self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject())
return
示例15: install_gids
def install_gids(api, slivers):
# install node gid
node_gid_file = api.config.config_path + os.sep + "node.gid"
node_gid = GID(filename=node_gid_file)
node_gid_str = node_gid.save_to_string(save_parents=True)
node_hrn = node_gid.get_hrn()
# get currently installed slice and node gids
interface_hrn = api.config.SFA_INTERFACE_HRN
slice_gids = {}
node_gids = {}
for slicename in slivers:
slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
if os.path.isfile(slice_gid_filename):
gid_file = open(slice_gid_filename, 'r')
slice_gids[sliver] = gid_file.read()
gid_file.close()
if os.path.isfile(node_gid_filename):
gid_file = open(node_gid_filename, 'r')
node_gids[sliver] = gid_file.read()
gid_file.close()
# convert slicenames to hrns
hrns = [slicename_to_hrn(interface_hrn, slicename) \
for slicename in slivers]
# get current gids from registry
cred = api.getCredential()
registry = api.get_registry()
#records = registry.GetGids(cred, hrns)
records = registry.get_gids(cred, hrns)
for record in records:
# skip if this isnt a slice record
if not record['type'] == 'slice':
continue
vserver_path = "/vservers/%(slicename)s" % locals()
# skip if the slice isnt instantiated
if not os.path.exists(vserver_path):
continue
# install slice gid if it doesnt already exist or has changed
slice_gid_str = record['gid']
slicename = hrn_to_pl_slicename(record['hrn'])
if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
# install slice gid if it doesnt already exist or has changed
if slicename not in node_gids or node_gids[slicename] != node_gid_str:
gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True)