X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fgid.py;h=470757bd997e443168a666462f22490c3248e080;hb=fc0adf576957e4c11f3609283bb772d5e96750a7;hp=b327c0cbe6659d68765cfed20d4d0b6d68df5645;hpb=e9d461cda3aed2821d46fe18a51d9e20f31b4bd1;p=sfa.git diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index b327c0cb..470757bd 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -30,7 +30,7 @@ import uuid from sfa.trust.certificate import Certificate -from sfa.util.faults import * +from sfa.util.faults import GidInvalidParentHrn, GidParentHrn from sfa.util.sfalogging import logger from sfa.util.xrn import hrn_to_urn, urn_to_hrn, hrn_authfor_hrn @@ -69,6 +69,7 @@ class GID(Certificate): uuid = None hrn = None urn = None + email = None # for adding to the SubjectAltName ## # Create a new GID object @@ -121,6 +122,15 @@ class GID(Certificate): self.decode() return self.urn + # Will be stuffed into subjectAltName + def set_email(self, email): + self.email = email + + def get_email(self): + if not self.email: + self.decode() + return self.email + def get_type(self): if not self.urn: self.decode() @@ -143,6 +153,9 @@ class GID(Certificate): if self.uuid: str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn + if self.email: + str += ", " + "email:" + self.email + self.set_data(str, 'subjectAltName') @@ -166,10 +179,15 @@ class GID(Certificate): dict['uuid'] = uuid.UUID(val[4:]).int elif val.lower().startswith('uri:urn:publicid:idn+'): dict['urn'] = val[4:] + elif val.lower().startswith('email:'): + # FIXME: Ensure there isn't cruft in that address... + # EG look for email:copy,.... + dict['email'] = val[6:] self.uuid = dict.get("uuid", None) self.urn = dict.get("urn", None) - self.hrn = dict.get("hrn", None) + self.hrn = dict.get("hrn", None) + self.email = dict.get("email", None) if self.urn: self.hrn = urn_to_hrn(self.urn)[0] @@ -187,6 +205,8 @@ class GID(Certificate): result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n" result += " "*indent + "urn:" + str(self.get_urn()) +"\n" result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n" + if self.get_email() is not None: + result += " "*indent + "email:" + str(self.get_email()) + "\n" filename=self.get_filename() if filename: result += "Filename %s\n"%filename @@ -212,7 +232,7 @@ class GID(Certificate): if self.parent: # make sure the parent's hrn is a prefix of the child's hrn if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()): - raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn())) + raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn())) # Parent must also be an authority (of some type) to sign a GID # There are multiple types of authority - accept them all here