7 from argparse import ArgumentParser
9 from sfa.util.sfalogging import logger
10 # , ChildRightsNotSubsetOfParent
11 from sfa.util.faults import CredentialNotVerifiable, CertMissingParent
13 from sfa.trust.certificate import Certificate
14 from sfa.trust.credential import Credential
15 from sfa.trust.gid import GID
17 from sfa.storage.record import Record
20 def determine_sfa_filekind(fn):
22 if fn.endswith('.gid'):
24 elif fn.endswith('.cert'):
26 elif fn.endswith('cred'):
30 cred = Credential(filename=fn)
36 gid = GID(filename=fn)
43 cert = Certificate(filename=fn)
49 # if "gidCaller" in dict:
60 lastpart = hrn.split(".")[-1]
61 filename = lastpart + ".gid"
63 if os.path.exists(filename):
64 print(filename, ": already exists... skipping")
67 print(filename, ": extracting gid of", hrn)
69 gid.save_to_file(filename, save_parents=True)
72 def extract_gids(cred, extract_parents):
73 gidCaller = cred.get_gid_caller()
77 gidObject = cred.get_gid_object()
78 if gidObject and ((gidCaller == None) or (gidCaller.get_hrn() != gidObject.get_hrn())):
81 # no such method Credential.get_parent
83 # parent = cred.get_parent()
85 # extract_gids(parent, extract_parents)
88 def verify_input_object(obj, kind, options):
89 if options.trusted_roots:
90 print("CHECKING...", end=' ')
91 message = "against [" + (" + ".join(options.trusted_roots)) + "]"
93 if kind == 'credential':
94 print("verify", message, end=' ')
95 obj.verify(options.trusted_roots)
96 elif kind in ('certificate', 'gid'):
97 print("verify_chain", message, end=' ')
98 obj.verify_chain(options.trusted_roots)
100 except Exception as inst:
101 print("--> KO", type(inst).__name__)
104 def handle_input(filename, options):
105 kind = determine_sfa_filekind(filename)
107 # dump methods current do 'print' so let's go this road for now
108 if kind == "certificate":
109 cert = Certificate(filename=filename)
110 print('--------------------', filename, 'IS A', kind)
111 cert.dump(show_extensions=options.show_extensions)
112 verify_input_object(cert, kind, options)
113 elif kind == "credential":
114 cred = Credential(filename=filename)
115 print('--------------------', filename, 'IS A', kind)
116 cred.dump(dump_parents=options.dump_parents, show_xml=options.show_xml)
117 if options.extract_gids:
118 print('--------------------', filename, 'embedded GIDs')
119 extract_gids(cred, extract_parents=options.dump_parents)
120 verify_input_object(cred, kind, options)
122 gid = GID(filename=filename)
123 print('--------------------', filename, 'IS A', kind)
124 gid.dump(dump_parents=options.dump_parents)
125 verify_input_object(gid, kind, options)
127 print("%s: unknown filekind '%s'" % (filename, kind))
131 usage = """%(prog)s file1 [ .. filen]
132 display info on input files"""
133 parser = ArgumentParser(usage=usage)
135 parser.add_argument("-g", "--extract-gids", action="store_true", dest="extract_gids",
136 default=False, help="Extract GIDs from credentials")
137 parser.add_argument("-p", "--dump-parents", action="store_true", dest="dump_parents",
138 default=False, help="Show parents")
139 parser.add_argument("-e", "--extensions", action="store_true",
140 dest="show_extensions", default="False",
141 help="Show certificate extensions")
142 parser.add_argument("-v", "--verbose", action='count',
143 dest='verbose', default=0, help="More and more verbose")
144 parser.add_argument("-x", "--xml", action='store_true',
145 dest='show_xml', default=False, help="dumps xml tree (cred. only)")
146 parser.add_argument("-c", "--check", action='append', dest='trusted_roots',
147 help="cumulative list of trusted GIDs - "
148 "when provided, the input is verify'ed against these")
149 parser.add_argument("filenames", metavar='F', nargs='+',
150 help="filenames to dump")
151 options = parser.parse_args()
153 logger.setLevelFromOptVerbose(options.verbose)
154 for filename in options.filenames:
155 handle_input(filename, options)
157 if __name__ == "__main__":