GeniAuthority.pm.in 6.7 KB
Newer Older
Leigh Stoller's avatar
Leigh Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniAuthority;

#
# Some simple ticket stuff.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
Leigh Stoller's avatar
Leigh Stoller committed
22
use GeniRegistry;
Leigh Stoller's avatar
Leigh Stoller committed
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
use libtestbed;
use libdb qw(TBGetUniqueIndex);
use English;
use overload ('""' => 'Stringify');
use XML::Simple;

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
my $SIGNCRED	   = "$TB/sbin/signgenicred";
my $VERIFYCRED	   = "$TB/sbin/verifygenicred";

# Cache of instances to avoid regenerating them.
my %authorities    = ();

#
# Lookup by idx, or uuid.
#
sub Lookup($$)
{
    my ($class, $token) = @_;
    my $query_result;
    my $idx;

    if ($token =~ /^\d+$/) {
	$idx = $token;
    }
    elsif ($token =~ /^\w+\-\w+\-\w+\-\w+\-\w+$/) {
	$query_result =
56
	    DBQueryWarn("select idx from geni_authorities ".
Leigh Stoller's avatar
Leigh Stoller committed
57 58 59 60 61 62
			"where uuid='$token'");
	    return undef
		if (! $query_result || !$query_result->numrows);

	    ($idx) = $query_result->fetchrow_array();
    }
63 64 65 66 67 68
    elsif ($token =~ /^\d+$/) {
	$idx = $token;
    }
    elsif ($token =~ /^P([\w]+)$/) {
	return GeniAuthority->LookupByPrefix($1);
    }
69 70 71 72 73 74 75 76 77
    elsif ($token =~ /^[\w\.]*$/) {
	$query_result =
	    DBQueryWarn("select idx from geni_authorities ".
			"where hrn='$token'");
	    return undef
		if (! $query_result || !$query_result->numrows);

	    ($idx) = $query_result->fetchrow_array();
    }
Leigh Stoller's avatar
Leigh Stoller committed
78 79 80 81 82 83 84 85
    else {
	return undef;
    }
    # Look in cache first
    return $authorities{"$idx"}
        if (exists($authorities{"$idx"}));

    $query_result =
86
	DBQueryWarn("select * from geni_authorities where idx='$idx'");
Leigh Stoller's avatar
Leigh Stoller committed
87 88 89 90 91 92 93 94 95 96 97 98
    
    return undef
	if (!$query_result || !$query_result->numrows);

    my $self              = {};
    $self->{'AUTHORITY'}  = $query_result->fetchrow_hashref();
    bless($self, $class);

    #
    # Grab the certificate, since we will probably want it.
    #
    my $uuid = $self->{'AUTHORITY'}->{'uuid'};
99 100
    my $certificate = GeniCertificate->Lookup($uuid);
    if (!defined($certificate)) {
Leigh Stoller's avatar
Leigh Stoller committed
101 102 103
	print STDERR "Could not find certificate for authority $idx\n";
	return undef;
    }
104
    $self->{'CERT'} = $certificate;
Leigh Stoller's avatar
Leigh Stoller committed
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
    
    # Add to cache. 
    $authorities{$self->{'AUTHORITY'}->{'idx'}} = $self;
    
    return $self;
}

#
# Stringify for output.
#
sub Stringify($)
{
    my ($self) = @_;
    
    my $uuid = $self->uuid();
    my $idx  = $self->idx();

    return "[GeniAuthority: $uuid, IDX: $idx]";
}

#
# Create a Geni authority in the DB.
#
Leigh Stoller's avatar
Leigh Stoller committed
128
sub Create($$$$)
Leigh Stoller's avatar
Leigh Stoller committed
129
{
130
    my ($class, $certificate, $url, $type) = @_;
Leigh Stoller's avatar
Leigh Stoller committed
131 132 133

    my @insert_data = ();
    my $idx = TBGetUniqueIndex('next_authority', 1);
134
    my ($prefix) = ($certificate->uuid() =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/);
Leigh Stoller's avatar
Leigh Stoller committed
135

136
    my $safe_hrn    = DBQuoteSpecial($certificate->hrn());
Leigh Stoller's avatar
Leigh Stoller committed
137
    my $safe_url    = DBQuoteSpecial($url);
138
    my $safe_uuid   = DBQuoteSpecial($certificate->uuid());
Leigh Stoller's avatar
Leigh Stoller committed
139
    my $safe_prefix = DBQuoteSpecial($prefix);
140
    my $safe_type   = DBQuoteSpecial($type);
Leigh Stoller's avatar
Leigh Stoller committed
141 142 143 144 145 146 147
    
    # Now tack on other stuff we need.
    push(@insert_data, "created=now()");
    push(@insert_data, "idx='$idx'");
    push(@insert_data, "hrn=$safe_hrn");
    push(@insert_data, "url=$safe_url");
    push(@insert_data, "uuid=$safe_uuid");
Leigh Stoller's avatar
Leigh Stoller committed
148
    push(@insert_data, "uuid_prefix=$safe_prefix");
149
    push(@insert_data, "type=$safe_type");
Leigh Stoller's avatar
Leigh Stoller committed
150

151 152
    if ($certificate->Store() != 0) {
	print STDERR "Could not store certificate for new user.\n";
Leigh Stoller's avatar
Leigh Stoller committed
153 154 155
	return undef;
    }

156 157 158 159 160
    # Insert into DB.
    return undef
	if (!DBQueryWarn("replace into geni_authorities set " .
			 join(",", @insert_data)));

Leigh Stoller's avatar
Leigh Stoller committed
161 162 163 164 165 166 167 168 169
    return GeniAuthority->Lookup($idx);
}
# accessors
sub field($$) { return ((! ref($_[0])) ? -1 : $_[0]->{'AUTHORITY'}->{$_[1]}); }
sub idx($)		{ return field($_[0], "idx"); }
sub uuid($)		{ return field($_[0], "uuid"); }
sub uuid_prefix($)	{ return field($_[0], "uuid_prefix"); }
sub url($)		{ return field($_[0], "url"); }
sub hrn($)		{ return field($_[0], "hrn"); }
170 171 172
sub type($)		{ return field($_[0], "type"); }
sub cert($)		{ return $_[0]->{'CERT'}->cert(); }
sub GetCertificate($)   { return $_[0]->{'CERT'}; }
Leigh Stoller's avatar
Leigh Stoller committed
173

Leigh Stoller's avatar
Leigh Stoller committed
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207
#
# Check to see if there is an existing authority with the same prefix.
#
sub CheckExisting($$$$)
{
    my ($class, $type, $uuid, $hrn) = @_;

    my ($prefix) = ($certificate->uuid() =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/);

    my $query_result =
	DBQueryWarn("select uuid,type from geni_authorities ".
		    "where uuid_prefix='$prefix'");

    return -1
	if (!$query_result);
    return 0
	if (!$query_result->numrows);

    while (my ($DBuuid,$DBtype) = $query_result->fetchrow_array()) {
	# Look for an exact match, which means its just a replacement.
	next
	    if ($uuid eq $DBuuid && $type eq $DBtype);

	# Same uuid, different type.
	return 1
	    if ($uuid eq $DBuuid && $type ne $DBtype);

	# Different uuid, same type.
	return 1
	    if ($uuid ne $DBuuid && $type eq $DBtype);
    }
    return 0;
}

208 209 210 211 212 213 214
#
# Create authority from the ClearingHouse, by looking up the info.
#
sub CreateFromRegistry($$$)
{
    my ($class, $type, $uuid) = @_;

Leigh Stoller's avatar
Leigh Stoller committed
215 216 217 218
    my $clearinghouse = GeniRegistry::ClearingHouse->Create();
    return undef
	if (!defined($clearinghouse));

219 220
    my $blob;
    return undef
Leigh Stoller's avatar
Leigh Stoller committed
221
	if ($clearinghouse->Resolve($uuid, $type, \$blob) != 0);
222 223 224 225 226 227 228 229 230 231 232 233 234 235

    my $certificate = GeniCertificate->LoadFromString($blob->{'gid'});
    return undef
	if (!defined($certificate));

    my $authority = GeniAuthority->Create($certificate,
					  $blob->{'url'},
					  $blob->{'type'});
    $certificate->Delete()
	if (!defined($authority));

    return $authority;
}

236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254
#
# Does the uuid prefix match.
#
sub PrefixMatch($$)
{
    my ($self, $uuid) = @_;

    return 0
	if (!ref($self));

    my $uuid_prefix = $self->uuid_prefix();

    if ($uuid =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/) {
	return 1
	    if ("$uuid_prefix" eq "$1");
    }
    return 0;
}

255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286
#
# Find an authority by looking for the prefix. This will eventually go
# away when we switch top chains.
#
sub LookupByPrefix($$)
{
    my ($class, $uuid) = @_;
    my $prefix;
    
    if ($uuid =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/) {
	$prefix = $1;
    }
    elsif ($uuid =~ /^(\w+)$/) {
	$prefix = $1;
    }
    else {
	print STDERR "Could no parse uuid for prefix\n";
	return undef;
    }
    
    my $query_result =
	DBQueryWarn("select idx from geni_authorities ".
		    "where uuid_prefix='$prefix'");

    return undef
	if (! $query_result || !$query_result->numrows);

    my ($idx) = $query_result->fetchrow_array();

    return GeniAuthority->Lookup($idx);
}

Leigh Stoller's avatar
Leigh Stoller committed
287 288 289
# _Always_ make sure that this 1 is at the end of the file...
1;