X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;h=4256673aed528c2c7dc290c0f03b76a7b4c331dd;hb=86b6e643edae0daff5bd41ad70af09f43f71ac25;hp=cb02d8644c79a09651bc3f6be3c01a407a12f1b2;hpb=7fcb8153bd74ce00f9f0d43c8aa090e0b70e345f;p=sfa.git diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index cb02d864..4256673a 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -237,7 +237,7 @@ class Credential(object): # @param string If string!=None, load the credential from the string # @param filename If filename!=None, load the credential from the file # FIXME: create and subject are ignored! - def __init__(self, create=False, subject=None, string=None, filename=None): + def __init__(self, create=False, subject=None, string=None, filename=None, cred=None): self.gidCaller = None self.gidObject = None self.expiration = None @@ -250,6 +250,19 @@ class Credential(object): self.xml = None self.refid = None self.legacy = None + self.type = None + self.version = None + + if cred: + if isinstance(cred, StringTypes): + string = cred + self.type = 'geni_sfa' + self.version = '1.0' + elif isinstance(cred, dict): + string = cred['geni_value'] + self.type = cred['geni_type'] + self.version = cred['geni_version'] + # Check if this is a legacy credential, translate it if so if string or filename: @@ -272,13 +285,14 @@ class Credential(object): if os.path.isfile(path + '/' + 'xmlsec1'): self.xmlsec_path = path + '/' + 'xmlsec1' break - if not self.xmlsec_path: - logger.warn("Could not locate binary for xmlsec1 - SFA will be unable to sign stuff !!") def get_subject(self): + subject = "" if not self.gidObject: self.decode() - return self.gidObject.get_subject() + if self.gidObject: + subject = self.gidObject.get_printable_subject() + return subject # sounds like this should be __repr__ instead ?? def get_summary_tostring(self): @@ -527,7 +541,7 @@ class Credential(object): # Below throws InUse exception if we forgot to clone the attribute first oldAttr = signed_cred.setAttributeNode(attr.cloneNode(True)) if oldAttr and oldAttr.value != attr.value: - msg = "Delegating cred from owner %s to %s over %s replaced attribute %s value '%s' with '%s'" % (self.parent.gidCaller.get_urn(), self.gidCaller.get_urn(), self.gidObject.get_urn(), oldAttr.name, oldAttr.value, attr.value) + msg = "Delegating cred from owner %s to %s over %s:\n - Replaced attribute %s value '%s' with '%s'" % (self.parent.gidCaller.get_urn(), self.gidCaller.get_urn(), self.gidObject.get_urn(), oldAttr.name, oldAttr.value, attr.value) logger.warn(msg) #raise CredentialNotVerifiable("Can't encode new valid delegated credential: %s" % msg) @@ -628,11 +642,7 @@ class Credential(object): # you have loaded an existing signed credential, do not call encode() or sign() on it. def sign(self): - if not self.issuer_privkey: - logger.warn("Cannot sign credential (no private key)") - return - if not self.issuer_gid: - logger.warn("Cannot sign credential (no issuer gid)") + if not self.issuer_privkey or not self.issuer_gid: return doc = parseString(self.get_xml()) sigs = doc.getElementsByTagName("signatures")[0] @@ -686,6 +696,12 @@ class Credential(object): def decode(self): if not self.xml: return + + doc = None + try: + doc = parseString(self.xml) + except ExpatError,e: + raise CredentialNotVerifiable("Malformed credential") doc = parseString(self.xml) sigs = [] signed_cred = doc.getElementsByTagName("signed-credential") @@ -810,7 +826,7 @@ class Credential(object): trusted_cert_objects.append(GID(filename=f)) ok_trusted_certs.append(f) except Exception, exc: - logger.error("Failed to load trusted cert from %s: %r", f, exc) + logger.error("Failed to load trusted cert from %s: %r"%( f, exc)) trusted_certs = ok_trusted_certs # Use legacy verification if this is a legacy credential @@ -1041,12 +1057,16 @@ class Credential(object): print self.dump_string(*args, **kwargs) - def dump_string(self, dump_parents=False, show_xml=False): + def dump_string(self, dump_parents=False): result="" result += "CREDENTIAL %s\n" % self.get_subject() filename=self.get_filename() if filename: result += "Filename %s\n"%filename - result += " privs: %s\n" % self.get_privileges().save_to_string() + privileges = self.get_privileges() + if privileges: + result += " privs: %s\n" % privileges.save_to_string() + else: + result += " privs: \n" gidCaller = self.get_gid_caller() if gidCaller: result += " gidCaller:\n" @@ -1056,6 +1076,9 @@ class Credential(object): print " gidIssuer:" self.get_signature().get_issuer_gid().dump(8, dump_parents) + if self.expiration: + print " expiration:", self.expiration.isoformat() + gidObject = self.get_gid_object() if gidObject: result += " gidObject:\n" @@ -1065,16 +1088,4 @@ class Credential(object): result += "\nPARENT" result += self.parent.dump_string(True) - if show_xml: - try: - tree = etree.parse(StringIO(self.xml)) - aside = etree.tostring(tree, pretty_print=True) - result += "\nXML\n" - result += aside - result += "\nEnd XML\n" - except: - import traceback - print "exc. Credential.dump_string / XML" - traceback.print_exc() - return result