# descendant of the certificate class.
##
-### $Id$
-### $URL$
import xmlrpclib
import uuid
+
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Certificate
-from sfa.util.namespace import *
-from sfa.util.sfalogging import logger
+from sfa.util.xrn import hrn_to_urn, urn_to_hrn
##
# Create a new uuid. Returns the UUID as a string.
Certificate.__init__(self, create, subject, string, filename)
if subject:
- logger.info("subject: %s" % subject)
+ sfa_logger().debug("Creating GID for subject: %s" % subject)
if uuid:
self.uuid = int(uuid)
if hrn:
# @param indent specifies a number of spaces to indent the output
# @param dump_parents If true, also dump the parents of the GID
- def dump(self, indent=0, dump_parents=False):
- print " "*indent, " hrn:", self.get_hrn()
- print " "*indent, " urn:", self.get_urn()
- print " "*indent, "uuid:", self.get_uuid()
+ def dump(self, *args, **kwargs):
+ print self.dump_string(*args,**kwargs)
+
+ def dump_string(self, indent=0, dump_parents=False):
+ result="GID\n"
+ result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n"
+ result += " "*indent + "urn:" + str(self.get_urn()) +"\n"
+ result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n"
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
if self.parent and dump_parents:
- print " "*indent, "parent:"
- self.parent.dump(indent+4, dump_parents)
+ result += " "*indent + "parent:\n"
+ result += self.parent.dump_string(indent+4, dump_parents)
+ return result
##
# Verify the chain of authenticity of the GID. First perform the checks
def verify_chain(self, trusted_certs = None):
# do the normal certificate verification stuff
trusted_root = Certificate.verify_chain(self, trusted_certs)
-
- test_gid = None
+
if self.parent:
- test_gid = self.parent
+ # make sure the parent's hrn is a prefix of the child's hrn
+ if not self.get_hrn().startswith(self.parent.get_hrn()):
+ raise GidParentHrn("This cert HRN %s doesnt start with parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))
else:
- test_gid = GID(string=trusted_root.save_to_string())
-
- test_type = test_gid.get_type()
- test_hrn = test_gid.get_hrn()
- if test_type == 'authority':
- # Could add a check for type == 'authority'
- test_hrn = test_hrn[:test_hrn.rindex('.')]
- cur_hrn = self.get_hrn()
- if not self.get_hrn().startswith(test_hrn):
- GidParentHrn(test_hrn + " " + self.get_hrn())
+ # make sure that the trusted root's hrn is a prefix of the child's
+ trusted_gid = GID(string=trusted_root.save_to_string())
+ trusted_type = trusted_gid.get_type()
+ trusted_hrn = trusted_gid.get_hrn()
+ #if trusted_type == 'authority':
+ # trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
+ cur_hrn = self.get_hrn()
+ if not self.get_hrn().startswith(trusted_hrn):
+ raise GidParentHrn("Trusted roots HRN %s isnt start of this cert %s" % (trusted_hrn, cur_hrn))
return
-
-
-
-
-