From: Josh Karlin <jkarlin@bbn.com>
Date: Tue, 13 Apr 2010 20:43:02 +0000 (+0000)
Subject: Added warnings to encode() and sign()
X-Git-Tag: geni-apiv1-totrunk~62
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=407f648e93cffa292c800c3cf7dff1bec0dccff0;p=sfa.git

Added warnings to encode() and sign()
---

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 4c396a95..0b76372f 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -92,6 +92,7 @@ def append_sub(doc, parent, element, text):
 ##
 # Signature contains information about an xmlsec1 signature
 # for a signed-credential
+#
 
 class Signature(object):
     refid = None
@@ -146,6 +147,11 @@ class Signature(object):
 # Credentials are encoded in one of two ways.  The legacy style places
 # it in the subjectAltName of an X509 certificate.  The new credentials
 # are placed in signed XML.
+#
+# WARNING:
+# In general, a signed credential obtained externally should
+# not be changed else the signature is no longer valid.  So, once
+# you have loaded an existing signed credential, do not call encode() or sign() on it.
 
 
 class Credential(object):
@@ -326,6 +332,10 @@ class Credential(object):
     ##
     # Encode the attributes of the credential into an XML string    
     # This should be done immediately before signing the credential.    
+    # WARNING:
+    # In general, a signed credential obtained externally should
+    # not be changed else the signature is no longer valid.  So, once
+    # you have loaded an existing signed credential, do not call encode() or sign() on it.
 
     def encode(self):
         p_sigs = None
@@ -454,6 +464,14 @@ class Credential(object):
             self.encode()
         return self.xml
 
+    ##
+    # Sign the XML file created by encode()
+    #
+    # WARNING:
+    # In general, a signed credential obtained externally should
+    # not be changed else the signature is no longer valid.  So, once
+    # you have loaded an existing signed credential, do not call encode() or sign() on it.
+
     def sign(self):
         if not self.issuer_privkey or not self.issuer_gid:
             return
diff --git a/tests/testCred.py b/tests/testCred.py
index 2a694b53..4a6efde2 100755
--- a/tests/testCred.py
+++ b/tests/testCred.py
@@ -167,7 +167,7 @@ class TestCred(unittest.TestCase):
       except CredentialNotVerifiable:
          pass      
       
-      
+      # Test that * gets translated properly
 
 if __name__ == "__main__":
     unittest.main()