X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;h=e4d5e999177cdbf318afbf367065e0bc3c6d6aa1;hb=c1c136b3042a24604823c6da135308b7c031c234;hp=ee3f7325477a8478a7a197b46f9e20f9c1f61638;hpb=dfafd9825fecddbbd1ea4c7093766c386f660c29;p=sfa.git diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index ee3f7325..e4d5e999 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -34,8 +34,7 @@ import datetime from tempfile import mkstemp from xml.dom.minidom import Document, parseString -from sfa.util.py23 import StringType -from sfa.util.py23 import StringIO +from sfa.util.py23 import PY3, StringType, StringIO HAVELXML = False try: @@ -579,12 +578,16 @@ class Credential(object): f = filep else: f = open(filename, "w") + if PY3 and isinstance(self.xml, bytes): + self.xml = self.xml.decode() f.write(self.xml) f.close() def save_to_string(self, save_parents=True): if not self.xml: self.encode() + if PY3 and isinstance(self.xml, bytes): + self.xml = self.xml.decode() return self.xml def get_refid(self): @@ -1057,9 +1060,9 @@ class Credential(object): message = "Delegated credential {} not signed by parent {}'s caller"\ .format(self.pretty_cred(), parent_cred.pretty_cred()) logger.error(message) - logger.error("compare1 parent {}".format(parent_cred.get_gid_caller().pretty_cred())) + logger.error("compare1 parent {}".format(parent_cred.get_gid_caller().pretty_cert())) logger.error("compare1 parent details {}".format(parent_cred.get_gid_caller().save_to_string())) - logger.error("compare2 self {}".format(self.get_signature().get_issuer_gid().pretty_cred())) + logger.error("compare2 self {}".format(self.get_signature().get_issuer_gid().pretty_crert())) logger.error("compare2 self details {}".format(self.get_signature().get_issuer_gid().save_to_string())) raise CredentialNotVerifiable(message) @@ -1103,29 +1106,36 @@ class Credential(object): return getattr(self,'filename',None) def actual_caller_hrn(self): - """a helper method used by some API calls like e.g. Allocate + """ + a helper method used by some API calls like e.g. Allocate to try and find out who really is the original caller This admittedly is a bit of a hack, please USE IN LAST RESORT This code uses a heuristic to identify a delegated credential - A first known restriction if for traffic that gets through a slice manager - in this case the hrn reported is the one from the last SM in the call graph - which is not at all what is meant here""" + A first known restriction if for traffic that gets through a + slice manager in this case the hrn reported is the one from + the last SM in the call graph which is not at all what is + meant here + """ - caller_hrn = self.get_gid_caller().get_hrn() - issuer_hrn = self.get_signature().get_issuer_gid().get_hrn() + caller_hrn, caller_type = urn_to_hrn(self.get_gid_caller().get_urn()) + issuer_hrn, issuer_type = urn_to_hrn(self.get_signature().get_issuer_gid().get_urn()) subject_hrn = self.get_gid_object().get_hrn() + # if the caller is a user and the issuer is not + # it's probably the former + if caller_type == "user" and issuer_type != "user": + actual_caller_hrn = caller_hrn # if we find that the caller_hrn is an immediate descendant of the issuer, then # this seems to be a 'regular' credential - if caller_hrn.startswith(issuer_hrn): - actual_caller_hrn=caller_hrn + elif caller_hrn.startswith(issuer_hrn): + actual_caller_hrn = caller_hrn # else this looks like a delegated credential, and the real caller is the issuer else: - actual_caller_hrn=issuer_hrn + actual_caller_hrn = issuer_hrn logger.info("actual_caller_hrn: caller_hrn={}, issuer_hrn={}, returning {}" - .format(caller_hrn,issuer_hrn,actual_caller_hrn)) + .format(caller_hrn, issuer_hrn, actual_caller_hrn)) return actual_caller_hrn ##