+#----------------------------------------------------------------------
+# Copyright (c) 2008 Board of Trustees, Princeton University
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and/or hardware specification (the "Work") to
+# deal in the Work without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Work, and to permit persons to whom the Work
+# is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Work.
+#
+# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
+# IN THE WORK.
+#----------------------------------------------------------------------
##
# Implements SFA GID. GIDs are based on certificates, and the GID class is a
# descendant of the certificate class.
##
-### $Id$
-### $URL$
-
import xmlrpclib
import uuid
+
+from sfa.util.sfalogging import sfa_logger
from sfa.trust.certificate import Certificate
-from sfa.util.namespace import *
-from sfa.util.sfalogging import logger
+from sfa.util.xrn import hrn_to_urn, urn_to_hrn
##
# Create a new uuid. Returns the UUID as a string.
Certificate.__init__(self, create, subject, string, filename)
if subject:
- logger.info("subject: %s" % subject)
+ sfa_logger().debug("Creating GID for subject: %s" % subject)
if uuid:
self.uuid = int(uuid)
if hrn:
# @param indent specifies a number of spaces to indent the output
# @param dump_parents If true, also dump the parents of the GID
- def dump(self, indent=0, dump_parents=False):
- print " "*indent, " hrn:", self.get_hrn()
- print " "*indent, " urn:", self.get_urn()
- print " "*indent, "uuid:", self.get_uuid()
+ def dump(self, *args, **kwargs):
+ print self.dump_string(*args,**kwargs)
+
+ def dump_string(self, indent=0, dump_parents=False):
+ result="GID\n"
+ result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n"
+ result += " "*indent + "urn:" + str(self.get_urn()) +"\n"
+ result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n"
+ filename=self.get_filename()
+ if filename: result += "Filename %s\n"%filename
if self.parent and dump_parents:
- print " "*indent, "parent:"
- self.parent.dump(indent+4, dump_parents)
+ result += " "*indent + "parent:\n"
+ result += self.parent.dump_string(indent+4, dump_parents)
+ return result
##
# Verify the chain of authenticity of the GID. First perform the checks
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not self.get_hrn().startswith(self.parent.get_hrn()):
- raise GidParentHrn(self.parent.get_subject())
+ raise GidParentHrn("This cert HRN %s doesnt start with parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))
else:
# make sure that the trusted root's hrn is a prefix of the child's
trusted_gid = GID(string=trusted_root.save_to_string())
+ trusted_type = trusted_gid.get_type()
trusted_hrn = trusted_gid.get_hrn()
+ #if trusted_type == 'authority':
+ # trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
cur_hrn = self.get_hrn()
if not self.get_hrn().startswith(trusted_hrn):
- raise GidParentHrn(trusted_hrn + " " + self.get_hrn())
+ raise GidParentHrn("Trusted roots HRN %s isnt start of this cert %s" % (trusted_hrn, cur_hrn))
return
-
-
-
-
-