X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_self_credential.py;h=e0ac56927411b92ef32188b555baf60cacef22d6;hb=fd14e60f36944dc5c6cd938806d7590d846d5cd2;hp=21f7a1295a621e31dc1a0cc1b406b5accf6a9cfc;hpb=14fd4204ed582acc4da0541628dd910ad812926d;p=sfa.git

diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index 21f7a129..e0ac5692 100644
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -4,12 +4,10 @@
 from sfa.trust.credential import *
 from sfa.trust.rights import *
 from sfa.util.faults import *
+from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
-from sfa.trust.auth import Auth
-from sfa.trust.gid import GID
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import *
+from sfa.util.record import SfaRecord
 from sfa.util.debug import log
 
 class get_self_credential(Method):
@@ -17,7 +15,7 @@ class get_self_credential(Method):
     Retrive a credential for an object
     @param cert certificate string 
     @param type type of object (user | slice | sa | ma | node)
-    @param hrn human readable name of object
+    @param hrn human readable name of object (hrn or urn)
 
     @return the string representation of a credential object  
     """
@@ -26,14 +24,14 @@ class get_self_credential(Method):
     
     accepts = [
         Parameter(str, "certificate"),
-        Parameter(str, "Human readable name (hrn)"),
+        Parameter(str, "Human readable name (hrn or urn)"),
         Mixed(Parameter(str, "Request hash"),
               Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cert, type, hrn, request_hash=None):
+    def call(self, cert, type, xrn, origin_hrn=None):
         """
         get_self_credential a degenerate version of get_credential used by a client
         to get his initial credential when de doesnt have one. This is the same as
@@ -49,55 +47,34 @@ class get_self_credential(Method):
         @param hrn human readable name of authority to list
         @return string representation of a credential object
         """
+        if type:
+            hrn = urn_to_hrn(xrn)[0]
+        else:
+            hrn, type = urn_to_hrn(xrn) 
         self.api.auth.verify_object_belongs_to_me(hrn)
-        auth_hrn = self.api.auth.get_authority(hrn)
-         
-        # if this is a root or sub authority get_authority will return
-        # an empty string
-        if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
-            auth_hrn = hrn
 
-        auth_info = self.api.auth.get_auth_info(auth_hrn)
+	#log the call
+        if not origin_hrn:
+            origin_hrn = hrn
+	self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+        
+        # send the call to the right manager
+        manager_base = 'sfa.managers'
+        mgr_type = self.api.config.SFA_REGISTRY_TYPE
+        manager_module = manager_base + ".registry_manager_%s" % mgr_type
+        manager = __import__(manager_module, fromlist=[manager_base])
 
-        # find a record that matches
-        record = None
-        table = GeniTable()
-        records = table.findObjects({'type': type, 'hrn':  hrn})
+        # authenticate the gid
+        records = manager.resolve(self.api, xrn, type)
         if not records:
             raise RecordNotFound(hrn)
-        record = records[0]
-        
-        # authenticate the gid
+        record = SfaRecord(dict=records[0])
         gid = record.get_gid_object()
         gid_str = gid.save_to_string(save_parents=True)
-        self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
-        
+        self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
         # authenticate the certificate against the gid in the db
         certificate = Certificate(string=cert)
         if not certificate.is_pubkey(gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
-
-        # get the right of this record
-        #caller_hrn = certificate.get_subject()    
-	# server.cert has subject 'registry'
-	caller_hrn=hrn
-        rights = self.api.auth.determine_user_rights(caller_hrn, record)
-        if rights.is_empty():
-            raise PermissionError(caller_hrn + " has no rights to " + record.get_name())
-
-        # create the credential
-        gid = record.get_gid_object()
-        cred = Credential(subject = gid.get_subject())
-        cred.set_gid_caller(gid)
-        cred.set_gid_object(gid)
-        cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-        cred.set_pubkey(gid.get_pubkey())
-        cred.set_privileges(rights)
-        cred.set_delegate(True)
-
-        auth_kind = "authority,sa,ma"
-        cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
-
-        cred.encode()
-        cred.sign()
-        return cred.save_to_string(save_parents=True)
+        
+        return manager.get_credential(self.api, xrn, type, is_self=True)