X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2FGetSelfCredential.py;h=385d501fce511eb8751cfef6a6e23ce963080f20;hb=04a3f20dc71bf8b3f96b1e3172623aa346a638a7;hp=073ae94e55c08a397b5cc9d502fed1bc6096b13e;hpb=2cf6d0e7089437ec8ad8e5fdfac26760e0c7a331;p=sfa.git diff --git a/sfa/methods/GetSelfCredential.py b/sfa/methods/GetSelfCredential.py index 073ae94e..385d501f 100644 --- a/sfa/methods/GetSelfCredential.py +++ b/sfa/methods/GetSelfCredential.py @@ -1,4 +1,3 @@ - from sfa.util.faults import RecordNotFound, ConnectionKeyGIDMismatch from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method @@ -7,6 +6,7 @@ from sfa.trust.certificate import Certificate from sfa.storage.parameter import Parameter, Mixed + class GetSelfCredential(Method): """ Retrive a credential for an object @@ -18,13 +18,13 @@ class GetSelfCredential(Method): """ interfaces = ['registry'] - + accepts = [ Parameter(str, "certificate"), Parameter(str, "Human readable name (hrn or urn)"), Mixed(Parameter(str, "Record type"), Parameter(None, "Type not specified")), - ] + ] returns = Parameter(str, "String representation of a credential object") @@ -47,28 +47,28 @@ class GetSelfCredential(Method): if type: hrn = urn_to_hrn(xrn)[0] else: - hrn, type = urn_to_hrn(xrn) + hrn, type = urn_to_hrn(xrn) self.api.auth.verify_object_belongs_to_me(hrn) origin_hrn = Certificate(string=cert).get_subject() - self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - - - ### authenticate the gid + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s" % + (self.api.interface, origin_hrn, hrn, self.name)) + + # authenticate the gid # import here so we can load this module at build-time for sfa2wsdl #from sfa.storage.alchemy import dbsession from sfa.storage.model import RegRecord - # xxx-local - the current code runs Resolve, which would forward to + # xxx-local - the current code runs Resolve, which would forward to # another registry if needed - # I wonder if this is truly the intention, or shouldn't we instead + # I wonder if this is truly the intention, or shouldn't we instead # only look in the local db ? - records = self.api.manager.Resolve(self.api, xrn, type) + records = self.api.manager.Resolve(self.api, xrn, type, details=False) if not records: raise RecordNotFound(hrn) - record_obj = RegRecord (dict=records[0]) - # xxx-local the local-only version would read + record_obj = RegRecord(dict=records[0]) + # xxx-local the local-only version would read #record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first() #if not record_obj: raise RecordNotFound(hrn) gid = record_obj.get_gid_object() @@ -77,11 +77,14 @@ class GetSelfCredential(Method): # authenticate the certificate against the gid in the db certificate = Certificate(string=cert) if not certificate.is_pubkey(gid.get_pubkey()): - for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]: - self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s"%(name,obj.get_pubkey().get_pubkey_string())) - self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s"%(name,obj.dump_string())) - if hasattr (obj,'filename'): - self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename)) + for (obj, name) in [(certificate, "CERT"), (gid, "GID"), ]: + self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s" % ( + name, obj.get_pubkey().get_pubkey_string())) + self.api.logger.debug( + "ConnectionKeyGIDMismatch, %s dump: %s" % (name, obj.dump_string())) + if hasattr(obj, 'filename'): + self.api.logger.debug( + "ConnectionKeyGIDMismatch, %s filename: %s" % (name, obj.filename)) raise ConnectionKeyGIDMismatch(gid.get_subject()) - - return self.api.manager.GetCredential(self.api, xrn, type, is_self=True) + + return self.api.manager.GetCredential(self.api, xrn, type)