X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_self_credential.py;h=97e705204da70a99da0cb5df656c7eb4320b4d11;hb=0cf0d31c313a366e3f272f830bdb4f2a7308e11f;hp=bccee168cef96a906c2e75d3231335f8f75b5345;hpb=135b6031efddad09d705e9b1013477e11facf105;p=sfa.git diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py index bccee168..97e70520 100644 --- a/sfa/methods/get_self_credential.py +++ b/sfa/methods/get_self_credential.py @@ -4,20 +4,20 @@ from sfa.trust.credential import * from sfa.trust.rights import * from sfa.util.faults import * +from sfa.util.namespace import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed -from sfa.trust.auth import Auth -from sfa.trust.gid import GID -from sfa.util.record import GeniRecord -from sfa.util.genitable import * -from sfa.util.debug import log +from sfa.util.record import SfaRecord +from sfa.methods.GetSelfCredential import GetSelfCredential -class get_self_credential(Method): +class get_self_credential(GetSelfCredential): """ + Deprecated. Use GetSelfCredential instead. + Retrive a credential for an object @param cert certificate string @param type type of object (user | slice | sa | ma | node) - @param hrn human readable name of object + @param hrn human readable name of object (hrn or urn) @return the string representation of a credential object """ @@ -25,14 +25,15 @@ class get_self_credential(Method): interfaces = ['registry'] accepts = [ + Parameter(str, "Human readable name (hrn or urn)"), Parameter(str, "certificate"), - Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String representation of a credential object") - def call(self, cert, type, hrn, request_hash): + def call(self, cert, type, xrn, origin_hrn=None): """ get_self_credential a degenerate version of get_credential used by a client to get his initial credential when de doesnt have one. This is the same as @@ -48,52 +49,4 @@ class get_self_credential(Method): @param hrn human readable name of authority to list @return string representation of a credential object """ - self.api.auth.verify_object_belongs_to_me(hrn) - auth_hrn = self.api.auth.get_authority(hrn) - - # if this is a root or sub authority get_authority will return - # an empty string - if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN: - auth_hrn = hrn - - auth_info = self.api.auth.get_auth_info(auth_hrn) - - # find a record that matches - record = None - table = GeniTable() - records = table.findObjects({'type': type, 'hrn': hrn}) - if not records: - raise RecordNotFound(hrn) - record = records[0] - - # get the right of this record - rights = self.api.auth.determine_user_rights(None, record) - if rights.is_empty(): - raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name()) - - # authenticate the gid - gid = record.get_gid_object() - gid_str = gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) - - # authenticate the certificate - certificate = Certificate(string=cert) - if not certificate.is_pubkey(gid.get_pubkey()): - raise ConnectionKeyGIDMismatch(gid.get_subject()) - - # create the credential - gid = record.get_gid_object() - cred = Credential(subject = gid.get_subject()) - cred.set_gid_caller(gid) - cred.set_gid_object(gid) - cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - cred.set_pubkey(gid.get_pubkey()) - cred.set_privileges(rights) - cred.set_delegate(True) - - auth_kind = "authority,sa,ma" - cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) - - cred.encode() - cred.sign() - return cred.save_to_string(save_parents=True) + return GetSelfCredential.call(self, cert, xrn, type)