# Below throws InUse exception if we forgot to clone the attribute first
oldAttr = signed_cred.setAttributeNode(attr.cloneNode(True))
if oldAttr and oldAttr.value != attr.value:
- msg = "Delegating cred from owner %s to %s over %s replaced attribute %s value '%s' with '%s'" % (self.parent.gidCaller.get_urn(), self.gidCaller.get_urn(), self.gidObject.get_urn(), oldAttr.name, oldAttr.value, attr.value)
+ msg = "Delegating cred from owner %s to %s over %s:\n - Replaced attribute %s value '%s' with '%s'" % (self.parent.gidCaller.get_urn(), self.gidCaller.get_urn(), self.gidObject.get_urn(), oldAttr.name, oldAttr.value, attr.value)
logger.warn(msg)
#raise CredentialNotVerifiable("Can't encode new valid delegated credential: %s" % msg)
trusted_cert_objects.append(GID(filename=f))
ok_trusted_certs.append(f)
except Exception, exc:
- logger.error("Failed to load trusted cert from %s: %r", f, exc)
+ logger.error("Failed to load trusted cert from %s: %r"%( f, exc))
trusted_certs = ok_trusted_certs
# Use legacy verification if this is a legacy credential
def get_filename(self):
return getattr(self,'filename',None)
+ # a helper function used by some methods to find out who really is the caller
+ # using a heuristic to identify a delegated credential
+ # this admittedly is a bit of a hack, please USE IN LAST RESORT
+ #
+ def actual_caller_hrn (self):
+ caller_hrn = self.get_gid_caller().get_hrn()
+ issuer_hrn = self.get_signature().get_issuer_gid().get_hrn()
+ subject_hrn = self.get_gid_object().get_hrn()
+ # if we find that the caller_hrn is an immediate descendant of the issuer, then
+ # this seems to be a 'regular' credential
+ if caller_hrn.startswith(issuer_hrn):
+ actual_caller_hrn=caller_hrn
+ # else this looks like a delegated credential, and the real caller is the issuer
+ else:
+ actual_caller_hrn=issuer_hrn
+ logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"%(caller_hrn,issuer_hrn,actual_caller_hrn))
+ return actual_caller_hrn
+
##
# Dump the contents of a credential to stdout in human-readable format
#
def dump (self, *args, **kwargs):
print self.dump_string(*args, **kwargs)
-
- def dump_string(self, dump_parents=False):
+ # show_xml is ignored
+ def dump_string(self, dump_parents=False, show_xml=None):
result=""
result += "CREDENTIAL %s\n" % self.get_subject()
filename=self.get_filename()