X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;h=cda6a09af69df899436312753ac74e36ca11e24a;hb=27e30f7854884928bd4850afa3c6ce5c7f93f7f4;hp=109a529011f65f4552165bfa9107b3279a863da7;hpb=82d0355774b73966cbe0c838c611808dfd2f1c7a;p=sfa.git diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index 109a5290..cda6a09a 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -293,14 +293,14 @@ class Credential(object): return subject # sounds like this should be __repr__ instead ?? - def get_summary_tostring(self): + def pretty_cred(self): if not self.gidObject: self.decode() obj = self.gidObject.get_printable_subject() caller = self.gidCaller.get_printable_subject() exp = self.get_expiration() # Summarize the rights too? The issuer? - return "[ Grant %s rights on %s until %s ]" % (caller, obj, exp) + return "[ Grant {caller} rights on {obj} until {exp} ]".format(**locals()) def get_signature(self): if not self.signature: @@ -776,7 +776,7 @@ class Credential(object): xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error - message = "%s: %s (line %s)" % (self.get_summary_tostring(), error.message, error.line) + message = "%s: %s (line %s)" % (self.pretty_cred(), error.message, error.line) raise CredentialNotVerifiable(message) if trusted_certs_required and trusted_certs is None: @@ -801,7 +801,7 @@ class Credential(object): # make sure it is not expired if self.get_expiration() < datetime.datetime.utcnow(): raise CredentialNotVerifiable("Credential %s expired at %s" % \ - (self.get_summary_tostring(), + (self.pretty_cred(), self.expiration.strftime(SFATIME_FORMAT))) # Verify the signatures @@ -856,7 +856,7 @@ class Credential(object): msg = verified[mstart:mend] logger.warning("Credential.verify - failed - xmlsec1 returned {}".format(verified.strip())) raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s" % \ - (self.get_summary_tostring(), ref, msg)) + (self.pretty_cred(), ref, msg)) os.remove(filename) # Verify the parents (delegation) @@ -983,13 +983,13 @@ class Credential(object): # make sure my expiry time is <= my parent's if not parent_cred.get_expiration() >= self.get_expiration(): raise CredentialNotVerifiable("Delegated credential %s expires after parent %s" % \ - (self.get_summary_tostring(), parent_cred.get_summary_tostring())) + (self.pretty_cred(), parent_cred.pretty_cred())) # make sure my signer is the parent's caller if not parent_cred.get_gid_caller().save_to_string(False) == \ self.get_signature().get_issuer_gid().save_to_string(False): raise CredentialNotVerifiable("Delegated credential %s not signed by parent %s's caller" % \ - (self.get_summary_tostring(), parent_cred.get_summary_tostring())) + (self.pretty_cred(), parent_cred.pretty_cred())) # Recurse if parent_cred.parent: @@ -1052,7 +1052,8 @@ class Credential(object): # else this looks like a delegated credential, and the real caller is the issuer else: actual_caller_hrn=issuer_hrn - logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"%(caller_hrn,issuer_hrn,actual_caller_hrn)) + logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s" + %(caller_hrn,issuer_hrn,actual_caller_hrn)) return actual_caller_hrn ##