X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fspeaksfor_util.py;fp=sfa%2Ftrust%2Fspeaksfor_util.py;h=eaeecf0f15853c6f851a1fcffea9c6eeca24a4ed;hb=27e30f7854884928bd4850afa3c6ce5c7f93f7f4;hp=2c56a47c4cc940aaff14274ec6466bda26d24251;hpb=1401aaebffc6b1fdac213ede293dc60d81c65496;p=sfa.git diff --git a/sfa/trust/speaksfor_util.py b/sfa/trust/speaksfor_util.py index 2c56a47c..eaeecf0f 100644 --- a/sfa/trust/speaksfor_util.py +++ b/sfa/trust/speaksfor_util.py @@ -131,26 +131,26 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, # Credential has not expired if cred.expiration and cred.expiration < datetime.datetime.utcnow(): - return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring()) + return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.pretty_cred()) # Must be ABAC if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE: return False, None, "Credential not of type ABAC but %s" % cred.get_cred_type if cred.signature is None or cred.signature.gid is None: - return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.get_summary_tostring() + return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.pretty_cred() user_gid = cred.signature.gid user_urn = user_gid.get_urn() # URN of signer from cert must match URN of 'speaking-for' argument if user_urn != speaking_for_urn: return False, None, "User URN from cred doesn't match speaking_for URN: %s != %s (cred %s)" % \ - (user_urn, speaking_for_urn, cred.get_summary_tostring()) + (user_urn, speaking_for_urn, cred.pretty_cred()) tails = cred.get_tails() if len(tails) != 1: return False, None, "Invalid ABAC-SF credential: Need exactly 1 tail element, got %d (%s)" % \ - (len(tails), cred.get_summary_tostring()) + (len(tails), cred.pretty_cred()) user_keyid = get_cert_keyid(user_gid) tool_keyid = get_cert_keyid(tool_gid) @@ -188,7 +188,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, if user_keyid != principal_keyid or \ tool_keyid != subject_keyid or \ role != ('speaks_for_%s' % user_keyid): - return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.get_summary_tostring() + return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.pretty_cred() # If schema provided, validate against schema if HAVELXML and schema and os.path.exists(schema): @@ -198,7 +198,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error - message = "%s: %s (line %s)" % (cred.get_summary_tostring(), error.message, error.line) + message = "%s: %s (line %s)" % (cred.pretty_cred(), error.message, error.line) return False, None, ("XML Credential schema invalid: %s" % message) if trusted_roots: @@ -252,7 +252,7 @@ def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trus if not isinstance(cred_value, ABACCredential): cred = CredentialFactory.createCred(cred_value) -# print "Got a cred to check speaksfor for: %s" % cred.get_summary_tostring() +# print "Got a cred to check speaksfor for: %s" % cred.pretty_cred() # #cred.dump(True, True) # print "Caller: %s" % caller_gid.dump_string(2, True) # See if this is a valid speaks_for @@ -304,7 +304,7 @@ def create_sign_abaccred(tool_gid, user_gid, ma_gid, user_key_file, cred_filenam # Save it cred.save_to_file(cred_filename) print "Created ABAC credential: '%s' in file %s" % \ - (cred.get_summary_tostring(), cred_filename) + (cred.pretty_cred(), cred_filename) # FIXME: Assumes xmlsec1 is on path # FIXME: Assumes signer is itself signed by an 'ma_gid' that can be trusted