X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fgid.py;h=6e668faee0482b510f3efd5c718ecc05ca3de7e3;hb=ff0fa25ca4bf7483fe90bd281c917fac1bdad3df;hp=3d74d56428a8b98b720878227afb130039dbcba7;hpb=f6502672a9fc4809fc49c8d9b9334ef127f6e563;p=sfa.git diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index 3d74d564..6e668fae 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -74,13 +74,16 @@ class GID(Certificate): # @param string If string!=None, load the GID from a string # @param filename If filename!=None, load the GID from a file # @param lifeDays life of GID in days - default is 1825==5 years + # @param email Email address to put in subjectAltName - default is None - def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): + def __init__(self, create=False, subject=None, string=None, filename=None, + uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): self.uuid = None self.hrn = None self.urn = None self.email = None # for adding to the SubjectAltName Certificate.__init__(self, lifeDays, create, subject, string, filename) + if subject: logger.debug("Creating GID for subject: %s" % subject) if uuid: @@ -91,7 +94,9 @@ class GID(Certificate): if urn: self.urn = urn self.hrn, type = urn_to_hrn(urn) + if email: + logger.debug("Creating GID for subject using email: %s" % email) self.set_email(email) def set_uuid(self, uuid): @@ -230,12 +235,16 @@ class GID(Certificate): if self.parent: # make sure the parent's hrn is a prefix of the child's hrn if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()): - raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn())) + raise GidParentHrn( + "This cert HRN {} isn't in the namespace for parent HRN {}" + .format(self.get_hrn(), self.parent.get_hrn())) # Parent must also be an authority (of some type) to sign a GID # There are multiple types of authority - accept them all here if not self.parent.get_type().find('authority') == 0: - raise GidInvalidParentHrn("This cert %s's parent %s is not an authority (is a %s)" % (self.get_hrn(), self.parent.get_hrn(), self.parent.get_type())) + raise GidInvalidParentHrn( + "This cert {}'s parent {} is not an authority (is a %{})" + .format(self.get_hrn(), self.parent.get_hrn(), self.parent.get_type())) # Then recurse up the chain - ensure the parent is a trusted # root or is in the namespace of a trusted root @@ -249,10 +258,12 @@ class GID(Certificate): # trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')] cur_hrn = self.get_hrn() if not hrn_authfor_hrn(trusted_hrn, cur_hrn): - raise GidParentHrn("Trusted root with HRN %s isn't a namespace authority for this cert: %s" % (trusted_hrn, cur_hrn)) + raise GidParentHrn( + "Trusted root with HRN {} isn't a namespace authority for this cert: {}" + .format(trusted_hrn, cur_hrn)) # There are multiple types of authority - accept them all here if not trusted_type.find('authority') == 0: - raise GidInvalidParentHrn("This cert %s's trusted root signer %s is not an authority (is a %s)" % (self.get_hrn(), trusted_hrn, trusted_type)) - - return + raise GidInvalidParentHrn( + "This cert {}'s trusted root signer {} is not an authority (is a {})" + .format(self.get_hrn(), trusted_hrn, trusted_type))