X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fgid.py;h=bab4357e0d7f24a78a80cb9af444b766acafa75c;hb=8ebb53ace5f9319da63a67fc644486e58a94b18f;hp=15ad6bffbe3411b5747f4ee5f1536f1efe28cc32;hpb=f6f1bf872dd9700136c54d5b14fc3e3aa9b18b7d;p=sfa.git diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index 15ad6bff..bab4357e 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -30,7 +30,7 @@ import uuid from sfa.trust.certificate import Certificate -from sfa.util.faults import * +from sfa.util.faults import GidInvalidParentHrn, GidParentHrn from sfa.util.sfalogging import logger from sfa.util.xrn import hrn_to_urn, urn_to_hrn, hrn_authfor_hrn @@ -66,10 +66,6 @@ def create_uuid(): class GID(Certificate): - uuid = None - hrn = None - urn = None - ## # Create a new GID object # @@ -79,9 +75,13 @@ class GID(Certificate): # @param filename If filename!=None, load the GID from a file # @param lifeDays life of GID in days - default is 1825==5 years - def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825): - + def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): + self.uuid = None + self.hrn = None + self.urn = None + self.email = None # for adding to the SubjectAltName Certificate.__init__(self, lifeDays, create, subject, string, filename) + if subject: logger.debug("Creating GID for subject: %s" % subject) if uuid: @@ -92,6 +92,8 @@ class GID(Certificate): if urn: self.urn = urn self.hrn, type = urn_to_hrn(urn) + if email: + self.set_email(email) def set_uuid(self, uuid): if isinstance(uuid, str): @@ -121,6 +123,15 @@ class GID(Certificate): self.decode() return self.urn + # Will be stuffed into subjectAltName + def set_email(self, email): + self.email = email + + def get_email(self): + if not self.email: + self.decode() + return self.email + def get_type(self): if not self.urn: self.decode() @@ -143,9 +154,10 @@ class GID(Certificate): if self.uuid: str += ", " + "URI:" + uuid.UUID(int=self.uuid).urn - self.set_data(str, 'subjectAltName') + if self.email: + str += ", " + "email:" + self.email - + self.set_data(str, 'subjectAltName') ## @@ -166,10 +178,15 @@ class GID(Certificate): dict['uuid'] = uuid.UUID(val[4:]).int elif val.lower().startswith('uri:urn:publicid:idn+'): dict['urn'] = val[4:] + elif val.lower().startswith('email:'): + # FIXME: Ensure there isn't cruft in that address... + # EG look for email:copy,.... + dict['email'] = val[6:] self.uuid = dict.get("uuid", None) self.urn = dict.get("urn", None) - self.hrn = dict.get("hrn", None) + self.hrn = dict.get("hrn", None) + self.email = dict.get("email", None) if self.urn: self.hrn = urn_to_hrn(self.urn)[0] @@ -187,6 +204,8 @@ class GID(Certificate): result += " "*indent + "hrn:" + str(self.get_hrn()) +"\n" result += " "*indent + "urn:" + str(self.get_urn()) +"\n" result += " "*indent + "uuid:" + str(self.get_uuid()) + "\n" + if self.get_email() is not None: + result += " "*indent + "email:" + str(self.get_email()) + "\n" filename=self.get_filename() if filename: result += "Filename %s\n"%filename @@ -231,7 +250,7 @@ class GID(Certificate): # trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')] cur_hrn = self.get_hrn() if not hrn_authfor_hrn(trusted_hrn, cur_hrn): - raise GidParentHrn("Trusted root with HRN %s isn't a namespace authority for this cert %s" % (trusted_hrn, cur_hrn)) + raise GidParentHrn("Trusted root with HRN %s isn't a namespace authority for this cert: %s" % (trusted_hrn, cur_hrn)) # There are multiple types of authority - accept them all here if not trusted_type.find('authority') == 0: