do not depend on types.StringTypes anymore

[sfa.git] / sfa / trust / credential.py
diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py

index 59623f4..f03e135 100644 (file)
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -26,14 +26,17 @@
  # Credentials are signed XML files that assign a subject gid privileges to an object gid
  ##
  
  # Credentials are signed XML files that assign a subject gid privileges to an object gid
  ##
  
+from __future__ import print_function
+
  import os, os.path
  import subprocess
  import os, os.path
  import subprocess
-from types import StringTypes
  import datetime
  from StringIO import StringIO
  from tempfile import mkstemp
  from xml.dom.minidom import Document, parseString
  
  import datetime
  from StringIO import StringIO
  from tempfile import mkstemp
  from xml.dom.minidom import Document, parseString
  
+from sfa.util.py23 import StringType
+
  HAVELXML = False
  try:
      from lxml import etree
  HAVELXML = False
  try:
      from lxml import etree
@@ -181,21 +184,27 @@ class Signature(object):
          self.gid = gid
  
      def decode(self):
          self.gid = gid
  
      def decode(self):
+        # Helper function to pull characters off the front of a string if present
+        def remove_prefix(text, prefix):
+            if text and prefix and text.startswith(prefix):
+                return text[len(prefix):]
+            return text
+
          try:
              doc = parseString(self.xml)
          try:
              doc = parseString(self.xml)
-        except ExpatError,e:
+        except ExpatError as e:
              logger.log_exc ("Failed to parse credential, %s"%self.xml)
              raise
          sig = doc.getElementsByTagName("Signature")[0]
          ## This code until the end of function rewritten by Aaron Helsinger
              logger.log_exc ("Failed to parse credential, %s"%self.xml)
              raise
          sig = doc.getElementsByTagName("Signature")[0]
          ## This code until the end of function rewritten by Aaron Helsinger
-        ref_id = sig.getAttribute("xml:id").strip().strip("Sig_")
+        ref_id = remove_prefix(sig.getAttribute("xml:id").strip(), "Sig_")
          # The xml:id tag is optional, and could be in a 
          # Reference xml:id or Reference UID sub element instead
          if not ref_id or ref_id == '':
              reference = sig.getElementsByTagName('Reference')[0]
          # The xml:id tag is optional, and could be in a 
          # Reference xml:id or Reference UID sub element instead
          if not ref_id or ref_id == '':
              reference = sig.getElementsByTagName('Reference')[0]
-            ref_id = reference.getAttribute('xml:id').strip().strip('Sig_')
+            ref_id = remove_prefix(reference.getAttribute('xml:id').strip(), "Sig_")
              if not ref_id or ref_id == '':
              if not ref_id or ref_id == '':
-                ref_id = reference.getAttribute('URI').strip().strip('#')
+                ref_id = remove_prefix(reference.getAttribute('URI').strip(), "#")
          self.set_refid(ref_id)
          keyinfos = sig.getElementsByTagName("X509Data")
          gids = None
          self.set_refid(ref_id)
          keyinfos = sig.getElementsByTagName("X509Data")
          gids = None
@@ -277,7 +286,7 @@ class Credential(object):
          self.version = None
  
          if cred:
          self.version = None
  
          if cred:
-            if isinstance(cred, StringTypes):
+            if isinstance(cred, StringType):
                  string = cred
                  self.type = Credential.SFA_CREDENTIAL_TYPE
                  self.version = '3'
                  string = cred
                  self.type = Credential.SFA_CREDENTIAL_TYPE
                  self.version = '3'
@@ -293,22 +302,31 @@ class Credential(object):
                  str = file(filename).read()
                  
              # if this is a legacy credential, write error and bail out
                  str = file(filename).read()
                  
              # if this is a legacy credential, write error and bail out
-            if isinstance (str, StringTypes) and str.strip().startswith("-----"):
+            if isinstance (str, StringType) and str.strip().startswith("-----"):
                  logger.error("Legacy credentials not supported any more - giving up with %s..."%str[:10])
                  return
              else:
                  self.xml = str
                  self.decode()
                  logger.error("Legacy credentials not supported any more - giving up with %s..."%str[:10])
                  return
              else:
                  self.xml = str
                  self.decode()
-
-        # Find an xmlsec1 path
-        self.xmlsec_path = ''
-        paths = ['/usr/bin','/usr/local/bin','/bin','/opt/bin','/opt/local/bin']
-        for path in paths:
-            if os.path.isfile(path + '/' + 'xmlsec1'):
-                self.xmlsec_path = path + '/' + 'xmlsec1'
-                break
-        if not self.xmlsec_path:
-            logger.warn("Could not locate binary for xmlsec1 - SFA will be unable to sign stuff !!")
+        # not strictly necessary but won't hurt either
+        self.get_xmlsec1_path()
+
+    @staticmethod
+    def get_xmlsec1_path():
+        if not getattr(Credential, 'xmlsec1_path', None):
+            # Find a xmlsec1 binary path
+            Credential.xmlsec1_path = ''
+            paths = ['/usr/bin', '/usr/local/bin', '/bin', '/opt/bin', '/opt/local/bin']
+            try:     paths += os.getenv('PATH').split(':')
+            except:  pass
+            for path in paths:
+                xmlsec1 = os.path.join(path, 'xmlsec1')
+                if os.path.isfile(xmlsec1):
+                    Credential.xmlsec1_path = xmlsec1
+                    break
+        if not Credential.xmlsec1_path:
+            logger.error("Could not locate required binary 'xmlsec1' - SFA will be unable to sign stuff !!")
+        return Credential.xmlsec1_path
  
      def get_subject(self):
          if not self.gidObject:
  
      def get_subject(self):
          if not self.gidObject:
@@ -683,8 +701,11 @@ class Credential(object):
          # Call out to xmlsec1 to sign it
          ref = 'Sig_%s' % self.get_refid()
          filename = self.save_to_random_tmp_file()
          # Call out to xmlsec1 to sign it
          ref = 'Sig_%s' % self.get_refid()
          filename = self.save_to_random_tmp_file()
-        command='%s --sign --node-id "%s" --privkey-pem %s,%s %s' \
-            % (self.xmlsec_path, ref, self.issuer_privkey, ",".join(gid_files), filename)
+        xmlsec1 = self.get_xmlsec1_path()
+        if not xmlsec1:
+            raise Exception("Could not locate required 'xmlsec1' program")
+        command = '%s --sign --node-id "%s" --privkey-pem %s,%s %s' \
+            % (xmlsec1, ref, self.issuer_privkey, ",".join(gid_files), filename)
  #        print 'command',command
          signed = os.popen(command).read()
          os.remove(filename)
  #        print 'command',command
          signed = os.popen(command).read()
          os.remove(filename)
@@ -710,7 +731,7 @@ class Credential(object):
          doc = None
          try:
              doc = parseString(self.xml)
          doc = None
          try:
              doc = parseString(self.xml)
-        except ExpatError,e:
+        except ExpatError as e:
              raise CredentialNotVerifiable("Malformed credential")
          doc = parseString(self.xml)
          sigs = []
              raise CredentialNotVerifiable("Malformed credential")
          doc = parseString(self.xml)
          sigs = []
@@ -840,7 +861,7 @@ class Credential(object):
                      # or non PEM files
                      trusted_cert_objects.append(GID(filename=f))
                      ok_trusted_certs.append(f)
                      # or non PEM files
                      trusted_cert_objects.append(GID(filename=f))
                      ok_trusted_certs.append(f)
-                except Exception, exc:
+                except Exception as exc:
                      logger.error("Failed to load trusted cert from %s: %r"%( f, exc))
              trusted_certs = ok_trusted_certs
  
                      logger.error("Failed to load trusted cert from %s: %r"%( f, exc))
              trusted_certs = ok_trusted_certs
  
@@ -881,7 +902,10 @@ class Credential(object):
              #cert_args = " ".join(['--trusted-pem %s' % x for x in trusted_certs])
              #command = '{} --verify --node-id "{}" {} {} 2>&1'.\
              #          format(self.xmlsec_path, ref, cert_args, filename)
              #cert_args = " ".join(['--trusted-pem %s' % x for x in trusted_certs])
              #command = '{} --verify --node-id "{}" {} {} 2>&1'.\
              #          format(self.xmlsec_path, ref, cert_args, filename)
-            command = [ self.xmlsec_path, '--verify', '--node-id', ref ]
+            xmlsec1 = self.get_xmlsec1_path()
+            if not xmlsec1:
+                raise Exception("Could not locate required 'xmlsec1' program")
+            command = [ xmlsec1, '--verify', '--node-id', ref ]
              for trusted in trusted_certs:
                  command += ["--trusted-pem", trusted ]
              command += [ filename ]
              for trusted in trusted_certs:
                  command += ["--trusted-pem", trusted ]
              command += [ filename ]
@@ -1133,7 +1157,7 @@ class Credential(object):
      #
      # @param dump_parents If true, also dump the parent certificates
      def dump (self, *args, **kwargs):
      #
      # @param dump_parents If true, also dump the parent certificates
      def dump (self, *args, **kwargs):
-        print self.dump_string(*args, **kwargs)
+        print(self.dump_string(*args, **kwargs))
  
      # SFA code ignores show_xml and disables printing the cred xml
      def dump_string(self, dump_parents=False, show_xml=False):
  
      # SFA code ignores show_xml and disables printing the cred xml
      def dump_string(self, dump_parents=False, show_xml=False):
@@ -1176,7 +1200,7 @@ class Credential(object):
                  result += "\nEnd XML\n"
              except:
                  import traceback
                  result += "\nEnd XML\n"
              except:
                  import traceback
-                print "exc. Credential.dump_string / XML"
+                print("exc. Credential.dump_string / XML")
                  traceback.print_exc()
  
          return result
                  traceback.print_exc()
  
          return result