X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;h=135d8170c0b4cb956bb7c52e4e3a6adb250aa015;hb=5f5f29e2bc00befe5b7b601806ef5a7e44349b75;hp=c4e6982d303624c8fefb41ad1d6a32025b336ed1;hpb=04255538dbacfa52a45e8439b9c9ea590a82dc47;p=sfa.git diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index c4e6982d..135d8170 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -272,11 +272,13 @@ class Credential(object): if os.path.isfile(path + '/' + 'xmlsec1'): self.xmlsec_path = path + '/' + 'xmlsec1' break + if not self.xmlsec_path: + logger.warn("Could not locate binary for xmlsec1 - SFA will be unable to sign stuff !!") def get_subject(self): if not self.gidObject: self.decode() - return self.gidObject.get_printable_subject() + return self.gidObject.get_subject() # sounds like this should be __repr__ instead ?? def get_summary_tostring(self): @@ -364,8 +366,6 @@ class Credential(object): if not self.gidObject: self.decode() return self.gidObject - - ## # Expiration: an absolute UTC time of expiration (as either an int or string or datetime) @@ -404,8 +404,7 @@ class Credential(object): if isinstance(privs, str): self.privileges = Rights(string = privs) else: - self.privileges = privs - + self.privileges = privs ## # return the privileges as a Rights object @@ -629,7 +628,11 @@ class Credential(object): # you have loaded an existing signed credential, do not call encode() or sign() on it. def sign(self): - if not self.issuer_privkey or not self.issuer_gid: + if not self.issuer_privkey: + logger.warn("Cannot sign credential (no private key)") + return + if not self.issuer_gid: + logger.warn("Cannot sign credential (no issuer gid)") return doc = parseString(self.get_xml()) sigs = doc.getElementsByTagName("signatures")[0] @@ -658,8 +661,10 @@ class Credential(object): # Call out to xmlsec1 to sign it ref = 'Sig_%s' % self.get_refid() filename = self.save_to_random_tmp_file() - signed = os.popen('%s --sign --node-id "%s" --privkey-pem %s,%s %s' \ - % (self.xmlsec_path, ref, self.issuer_privkey, ",".join(gid_files), filename)).read() + command='%s --sign --node-id "%s" --privkey-pem %s,%s %s' \ + % (self.xmlsec_path, ref, self.issuer_privkey, ",".join(gid_files), filename) +# print 'command',command + signed = os.popen(command).read() os.remove(filename) for gid_file in gid_files: @@ -1038,7 +1043,7 @@ class Credential(object): print self.dump_string(*args, **kwargs) - def dump_string(self, dump_parents=False): + def dump_string(self, dump_parents=False, show_xml=False): result="" result += "CREDENTIAL %s\n" % self.get_subject() filename=self.get_filename() @@ -1053,6 +1058,9 @@ class Credential(object): print " gidIssuer:" self.get_signature().get_issuer_gid().dump(8, dump_parents) + if self.expiration: + print " expiration:", self.expiration.isoformat() + gidObject = self.get_gid_object() if gidObject: result += " gidObject:\n" @@ -1062,4 +1070,16 @@ class Credential(object): result += "\nPARENT" result += self.parent.dump_string(True) + if show_xml: + try: + tree = etree.parse(StringIO(self.xml)) + aside = etree.tostring(tree, pretty_print=True) + result += "\nXML\n" + result += aside + result += "\nEnd XML\n" + except: + import traceback + print "exc. Credential.dump_string / XML" + traceback.print_exc() + return result