if not self.gidObject:
self.decode()
obj = self.gidObject.get_printable_subject()
caller = self.gidCaller.get_printable_subject()
exp = self.get_expiration()
# Summarize the rights too? The issuer?
if not self.gidObject:
self.decode()
obj = self.gidObject.get_printable_subject()
caller = self.gidCaller.get_printable_subject()
exp = self.get_expiration()
# Summarize the rights too? The issuer?
xmlschema = etree.XMLSchema(schema_doc)
if not xmlschema.validate(tree):
error = xmlschema.error_log.last_error
xmlschema = etree.XMLSchema(schema_doc)
if not xmlschema.validate(tree):
error = xmlschema.error_log.last_error
# make sure it is not expired
if self.get_expiration() < datetime.datetime.utcnow():
raise CredentialNotVerifiable("Credential %s expired at %s" % \
# make sure it is not expired
if self.get_expiration() < datetime.datetime.utcnow():
raise CredentialNotVerifiable("Credential %s expired at %s" % \
msg = verified[mstart:mend]
logger.warning("Credential.verify - failed - xmlsec1 returned {}".format(verified.strip()))
raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s" % \
msg = verified[mstart:mend]
logger.warning("Credential.verify - failed - xmlsec1 returned {}".format(verified.strip()))
raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s" % \
# make sure my expiry time is <= my parent's
if not parent_cred.get_expiration() >= self.get_expiration():
raise CredentialNotVerifiable("Delegated credential %s expires after parent %s" % \
# make sure my expiry time is <= my parent's
if not parent_cred.get_expiration() >= self.get_expiration():
raise CredentialNotVerifiable("Delegated credential %s expires after parent %s" % \
# make sure my signer is the parent's caller
if not parent_cred.get_gid_caller().save_to_string(False) == \
self.get_signature().get_issuer_gid().save_to_string(False):
raise CredentialNotVerifiable("Delegated credential %s not signed by parent %s's caller" % \
# make sure my signer is the parent's caller
if not parent_cred.get_gid_caller().save_to_string(False) == \
self.get_signature().get_issuer_gid().save_to_string(False):
raise CredentialNotVerifiable("Delegated credential %s not signed by parent %s's caller" % \
# else this looks like a delegated credential, and the real caller is the issuer
else:
actual_caller_hrn=issuer_hrn
# else this looks like a delegated credential, and the real caller is the issuer
else:
actual_caller_hrn=issuer_hrn
- logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"%(caller_hrn,issuer_hrn,actual_caller_hrn))
+ logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"
+ %(caller_hrn,issuer_hrn,actual_caller_hrn))