X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_self_credential.py;h=49bad017c72ffe39a162c2ea3da6094e0397dedd;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=bccee168cef96a906c2e75d3231335f8f75b5345;hpb=135b6031efddad09d705e9b1013477e11facf105;p=sfa.git diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py index bccee168..49bad017 100644 --- a/sfa/methods/get_self_credential.py +++ b/sfa/methods/get_self_credential.py @@ -6,10 +6,7 @@ from sfa.trust.rights import * from sfa.util.faults import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed -from sfa.trust.auth import Auth -from sfa.trust.gid import GID -from sfa.util.record import GeniRecord -from sfa.util.genitable import * +from sfa.util.record import SfaRecord from sfa.util.debug import log class get_self_credential(Method): @@ -27,12 +24,13 @@ class get_self_credential(Method): accepts = [ Parameter(str, "certificate"), Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String representation of a credential object") - def call(self, cert, type, hrn, request_hash): + def call(self, cert, type, hrn, request_hash=None): """ get_self_credential a degenerate version of get_credential used by a client to get his initial credential when de doesnt have one. This is the same as @@ -49,51 +47,24 @@ class get_self_credential(Method): @return string representation of a credential object """ self.api.auth.verify_object_belongs_to_me(hrn) - auth_hrn = self.api.auth.get_authority(hrn) - - # if this is a root or sub authority get_authority will return - # an empty string - if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN: - auth_hrn = hrn - - auth_info = self.api.auth.get_auth_info(auth_hrn) + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) - # find a record that matches - record = None - table = GeniTable() - records = table.findObjects({'type': type, 'hrn': hrn}) + # authenticate the gid + records = manager.resolve(self.api, hrn, type) if not records: raise RecordNotFound(hrn) - record = records[0] - - # get the right of this record - rights = self.api.auth.determine_user_rights(None, record) - if rights.is_empty(): - raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name()) - - # authenticate the gid + record = SfaRecord(dict=records[0]) gid = record.get_gid_object() gid_str = gid.save_to_string(save_parents=True) self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) - - # authenticate the certificate + # authenticate the certificate against the gid in the db certificate = Certificate(string=cert) if not certificate.is_pubkey(gid.get_pubkey()): raise ConnectionKeyGIDMismatch(gid.get_subject()) - - # create the credential - gid = record.get_gid_object() - cred = Credential(subject = gid.get_subject()) - cred.set_gid_caller(gid) - cred.set_gid_object(gid) - cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - cred.set_pubkey(gid.get_pubkey()) - cred.set_privileges(rights) - cred.set_delegate(True) - - auth_kind = "authority,sa,ma" - cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) - - cred.encode() - cred.sign() - return cred.save_to_string(save_parents=True) + + return manager.get_credential(self.api, hrn, type, is_self=True)