X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_self_credential.py;h=e0ac56927411b92ef32188b555baf60cacef22d6;hb=fd14e60f36944dc5c6cd938806d7590d846d5cd2;hp=b5840230e258b72839aff57e0ff0b52f66ec8bd7;hpb=0617bf203bd582103e7f45633cd320b1f80d1fb0;p=sfa.git

diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index b5840230..e0ac5692 100644
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -4,12 +4,10 @@
 from sfa.trust.credential import *
 from sfa.trust.rights import *
 from sfa.util.faults import *
+from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
-from sfa.trust.auth import Auth
-from sfa.trust.gid import GID
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import *
+from sfa.util.record import SfaRecord
 from sfa.util.debug import log
 
 class get_self_credential(Method):
@@ -17,7 +15,7 @@ class get_self_credential(Method):
     Retrive a credential for an object
     @param cert certificate string 
     @param type type of object (user | slice | sa | ma | node)
-    @param hrn human readable name of object
+    @param hrn human readable name of object (hrn or urn)
 
     @return the string representation of a credential object  
     """
@@ -26,14 +24,14 @@ class get_self_credential(Method):
     
     accepts = [
         Parameter(str, "certificate"),
-        Parameter(str, "Human readable name (hrn)"),
+        Parameter(str, "Human readable name (hrn or urn)"),
         Mixed(Parameter(str, "Request hash"),
               Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cert, type, hrn, request_hash=None):
+    def call(self, cert, type, xrn, origin_hrn=None):
         """
         get_self_credential a degenerate version of get_credential used by a client
         to get his initial credential when de doesnt have one. This is the same as
@@ -49,53 +47,34 @@ class get_self_credential(Method):
         @param hrn human readable name of authority to list
         @return string representation of a credential object
         """
+        if type:
+            hrn = urn_to_hrn(xrn)[0]
+        else:
+            hrn, type = urn_to_hrn(xrn) 
         self.api.auth.verify_object_belongs_to_me(hrn)
-        auth_hrn = self.api.auth.get_authority(hrn)
-         
-        # if this is a root or sub authority get_authority will return
-        # an empty string
-        if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
-            auth_hrn = hrn
 
-        auth_info = self.api.auth.get_auth_info(auth_hrn)
+	#log the call
+        if not origin_hrn:
+            origin_hrn = hrn
+	self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+        
+        # send the call to the right manager
+        manager_base = 'sfa.managers'
+        mgr_type = self.api.config.SFA_REGISTRY_TYPE
+        manager_module = manager_base + ".registry_manager_%s" % mgr_type
+        manager = __import__(manager_module, fromlist=[manager_base])
 
-        # find a record that matches
-        record = None
-        table = GeniTable()
-        records = table.findObjects({'type': type, 'hrn':  hrn})
+        # authenticate the gid
+        records = manager.resolve(self.api, xrn, type)
         if not records:
             raise RecordNotFound(hrn)
-        record = records[0]
-        
-        # get the right of this record    
-        rights = self.api.auth.determine_user_rights(None, record)
-        if rights.is_empty():
-            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
-       
-        # authenticate the gid
-        if request_hash:
-            gid = record.get_gid_object()
-            gid_str = gid.save_to_string(save_parents=True)
-            self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
-        
-        # authenticate the certificate
+        record = SfaRecord(dict=records[0])
+        gid = record.get_gid_object()
+        gid_str = gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
+        # authenticate the certificate against the gid in the db
         certificate = Certificate(string=cert)
         if not certificate.is_pubkey(gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
-
-        # create the credential
-        gid = record.get_gid_object()
-        cred = Credential(subject = gid.get_subject())
-        cred.set_gid_caller(gid)
-        cred.set_gid_object(gid)
-        cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-        cred.set_pubkey(gid.get_pubkey())
-        cred.set_privileges(rights)
-        cred.set_delegate(True)
-
-        auth_kind = "authority,sa,ma"
-        cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
-
-        cred.encode()
-        cred.sign()
-        return cred.save_to_string(save_parents=True)
+        
+        return manager.get_credential(self.api, xrn, type, is_self=True)