genadmincredential.in 2.9 KB
Newer Older
1 2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2008-2011 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
# 
# {{{GENIPUBLIC-LICENSE
# 
# GENI Public License
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
# 
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
# 
# }}}
29 30 31
#
use strict;
use lib '@prefix@/lib';
32 33 34 35 36 37
use English;
use Getopt::Std;

# Do this early so that we talk to the right DB.
use vars qw($GENI_DBNAME);
BEGIN { $GENI_DBNAME = "geni"; }
38 39 40 41 42 43 44

use GeniCredential;
use GeniCertificate;
use GeniAuthority;
use GeniHRN;
use GeniResponse;
use GeniUser;
45 46 47 48 49 50
use GeniRegistry;

# Configure ...
my $TB		  = "@prefix@";
my $SACERT	  = "$TB/etc/genisa.pem";
my $CMCERT	  = "$TB/etc/genicm.pem";
51

52 53 54 55 56 57
#
# This script is used to generate an admin credential for the local
# authority (CM or SA), which you can then delegate to a user (see
# the delegate script). 
#
sub usage()
58
{
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
    print STDERR "Usage: $0 -s | -m\n";
    exit(-1);
}
my $optlist   = "sm";
my $THECERT;

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"s"})) {
    $THECERT = $SACERT;
}
if (defined($options{"m"})) {
    $THECERT = $CMCERT;
}
usage()
    if (@ARGV || !defined($THECERT));

#
# Load the cert to act as caller context.
#
my $certificate = GeniCertificate->LoadFromFile($THECERT);
if (!defined($certificate)) {
    fatal("Could not load certificate from $THECERT\n");
}
Genixmlrpc->SetContext(Genixmlrpc->Context($certificate));

my $me = GeniAuthority->Lookup($certificate->urn());
if (!defined($me)) {
    fatal("Could not find myself in the DB!");
}
my $credential = GeniCredential->Create($me, $me);
if (!defined($credential)) {
    fatal("Could not create credential\n");
}
$credential->SetExpiration(time() + (24 * 24 * 60 * 90));
if ($credential->Sign($certificate) != 0) {
    fatal("Could not sign credential");
110
}
111 112
print $credential->asString();
exit(0);