X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fsfaapi.py;h=2510ec4e866016152bf751dda5201931ae563cfa;hb=862dfa7f7b8cce8c17e80c42aedd8d500ea86cb6;hp=3bd89687d09c27a15de3976c4ff6852e41d4df4e;hpb=efd5d7736f4d07356ff2ebb53c1123335007fa8e;p=sfa.git

diff --git a/sfa/server/sfaapi.py b/sfa/server/sfaapi.py
index 3bd89687..2510ec4e 100644
--- a/sfa/server/sfaapi.py
+++ b/sfa/server/sfaapi.py
@@ -1,12 +1,12 @@
 import os, os.path
 import datetime
 
-from sfa.util.faults import SfaFault, SfaAPIError
+from sfa.util.faults import SfaFault, SfaAPIError, RecordNotFound
 from sfa.util.genicode import GENICODE
 from sfa.util.config import Config
 from sfa.util.cache import Cache
-from sfa.trust.auth import Auth
 
+from sfa.trust.auth import Auth
 from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.credential import Credential
 from sfa.trust.rights import determine_rights
@@ -91,9 +91,9 @@ class SfaApi (XmlrpcApi):
         return server
                
         
-    def getCredential(self):
+    def getCredential(self, minimumExpiration=0):
         """
-        Return a valid credential for this interface. 
+        Return a valid credential for this interface.
         """
         type = 'authority'
         path = self.config.SFA_DATA_DIR
@@ -104,14 +104,14 @@ class SfaApi (XmlrpcApi):
             cred = Credential(filename = cred_filename)
             # make sure cred isnt expired
             if not cred.get_expiration or \
-               datetime.datetime.utcnow() < cred.get_expiration():    
+               datetime.datetime.utcnow() + datetime.timedelta(seconds=minimumExpiration) < cred.get_expiration():
                 return cred.save_to_string(save_parents=True)
 
         # get a new credential
         if self.interface in ['registry']:
-            cred =  self.__getCredentialRaw()
+            cred =  self._getCredentialRaw()
         else:
-            cred =  self.__getCredential()
+            cred =  self._getCredential()
         cred.save_to_file(cred_filename, save_parents=True)
 
         return cred.save_to_string(save_parents=True)
@@ -134,7 +134,7 @@ class SfaApi (XmlrpcApi):
                 break
         return delegated_cred
  
-    def __getCredential(self):
+    def _getCredential(self):
         """ 
         Get our credential from a remote registry 
         """
@@ -148,7 +148,7 @@ class SfaApi (XmlrpcApi):
         cred = registry.GetCredential(self_cred, self.hrn, 'authority')
         return Credential(string=cred)
 
-    def __getCredentialRaw(self):
+    def _getCredentialRaw(self):
         """
         Get our current credential directly from the local registry.
         """
@@ -160,15 +160,12 @@ class SfaApi (XmlrpcApi):
         if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
             auth_hrn = hrn
         auth_info = self.auth.get_auth_info(auth_hrn)
-        # xxx thgen fixme - use SfaTable hardwired for now 
-        # thgen xxx fixme this is wrong all right, but temporary, will use generic
-        from sfa.storage.table import SfaTable
-        table = SfaTable()
-        records = table.findObjects({'hrn': hrn, 'type': 'authority+sa'})
-        if not records:
-            raise RecordNotFound
-        record = records[0]
-        type = record['type']
+        from sfa.storage.alchemy import dbsession
+        from sfa.storage.model import RegRecord
+        record = dbsession.query(RegRecord).filter_by(type='authority+sa', hrn=hrn).first()
+        if not record:
+            raise RecordNotFound(hrn)
+        type = record.type
         object_gid = record.get_gid_object()
         new_cred = Credential(subject = object_gid.get_subject())
         new_cred.set_gid_caller(object_gid)