1 # * require certificate as an argument
3 # * get pubkey from gid
4 # * if certifacate matches pubkey from gid, return gid, else raise exception
5 # if not peer.is_pubkey(gid.get_pubkey()):
6 # raise ConnectionKeyGIDMismatch(gid.get_subject())
8 from sfa.util.faults import *
9 from sfa.util.namespace import *
10 from sfa.util.method import Method
11 from sfa.util.parameter import Parameter, Mixed
12 from sfa.trust.auth import Auth
13 from sfa.trust.gid import GID
14 from sfa.trust.certificate import Certificate
16 class get_gid(Method):
18 Returns the client's gid if one exists
20 @param cert certificate string
21 @param xrn human readable name (hrn or urn)
22 @param type object type
26 interfaces = ['registry']
29 Parameter(str, "Certificate string"),
30 Parameter(str, "Human readable name (hrn or urn)"),
31 Parameter(str, "Object type")
34 returns = Parameter(str, "GID string")
36 def call(self, cert, xrn, type):
40 hrn = urn_to_hrn(xrn)[0]
42 hrn, type = urn_to_hrn(xrn)
44 self.api.auth.verify_object_belongs_to_me(hrn)
47 manager_base = 'sfa.managers'
48 mgr_type = self.api.config.SFA_REGISTRY_TYPE
49 manager_module = manager_base + ".registry_manager_%s" % mgr_type
50 manager = __import__(manager_module, fromlist=[manager_base])
51 records = manager.resolve(self.api, xrn, type, origin_hrn=hrn)
53 raise RecordNotFound(hrn)
56 # make sure client's certificate is the gid's pub key
57 gid = GID(string=record['gid'])
58 certificate = Certificate(string=cert)
59 if not certificate.is_pubkey(gid.get_pubkey()):
60 raise ConnectionKeyGIDMismatch(gid.get_subject())