\r
from sfa.trust.certificate import Certificate\r
\r
-from sfa.util.faults import *\r
+from sfa.util.faults import GidInvalidParentHrn, GidParentHrn\r
from sfa.util.sfalogging import logger\r
from sfa.util.xrn import hrn_to_urn, urn_to_hrn, hrn_authfor_hrn\r
\r
uuid = None\r
hrn = None\r
urn = None\r
+ email = None # for adding to the SubjectAltName\r
\r
##\r
# Create a new GID object\r
\r
def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825):\r
\r
- #Certificate.__init__(self, lifeDays, create, subject, string, filename)\r
- Certificate.__init__(self, create, subject, string, filename)\r
+ Certificate.__init__(self, lifeDays, create, subject, string, filename)\r
if subject:\r
logger.debug("Creating GID for subject: %s" % subject)\r
if uuid:\r
self.decode()\r
return self.urn \r
\r
+ # Will be stuffed into subjectAltName\r
+ def set_email(self, email):\r
+ self.email = email\r
+\r
+ def get_email(self):\r
+ if not self.email:\r
+ self.decode()\r
+ return self.email\r
+\r
def get_type(self):\r
if not self.urn:\r
self.decode()\r
if self.uuid:\r
str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn\r
\r
+ if self.email:\r
+ str += ", " + "email:" + self.email\r
+\r
self.set_data(str, 'subjectAltName')\r
\r
\r
dict['uuid'] = uuid.UUID(val[4:]).int\r
elif val.lower().startswith('uri:urn:publicid:idn+'):\r
dict['urn'] = val[4:]\r
+ elif val.lower().startswith('email:'):\r
+ # FIXME: Ensure there isn't cruft in that address...\r
+ # EG look for email:copy,....\r
+ dict['email'] = val[6:]\r
\r
self.uuid = dict.get("uuid", None)\r
self.urn = dict.get("urn", None)\r
- self.hrn = dict.get("hrn", None) \r
+ self.hrn = dict.get("hrn", None)\r
+ self.email = dict.get("email", None)\r
if self.urn:\r
self.hrn = urn_to_hrn(self.urn)[0]\r
\r
result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n"\r
result += " "*indent + "urn:" + str(self.get_urn()) +"\n"\r
result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n"\r
+ if self.get_email() is not None:\r
+ result += " "*indent + "email:" + str(self.get_email()) + "\n"\r
filename=self.get_filename()\r
if filename: result += "Filename %s\n"%filename\r
\r
if self.parent:\r
# make sure the parent's hrn is a prefix of the child's hrn\r
if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):\r
- raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))\r
+ raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))\r
\r
# Parent must also be an authority (of some type) to sign a GID\r
# There are multiple types of authority - accept them all here\r