From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 29 Oct 2009 18:16:42 +0000 (+0000)
Subject: get_self_credential has become its own call, move out of get_credential
X-Git-Tag: sfa-0.9-6~86
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=93240d7a86ad9f4c0880eddea25856f5713671b7;p=sfa.git

get_self_credential has become its own call, move out of get_credential
---

diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py
index 347e63b4..6835708f 100644
--- a/sfa/methods/get_credential.py
+++ b/sfa/methods/get_credential.py
@@ -37,8 +37,6 @@ class get_credential(Method):
     returns = Parameter(str, "String representation of a credential object")
 
     def call(self, cred, type, hrn, request_hash=None):
-        if not cred:
-            return self.get_self_credential(type, hrn, request_hash)
 
         self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, 'getcredential')
@@ -83,61 +81,3 @@ class get_credential(Method):
 
         return new_cred.save_to_string(save_parents=True)
 
-    def get_self_credential(self, type, hrn, request_hash):
-        """
-        get_self_credential a degenerate version of get_credential used by a client
-        to get his initial credential when de doesnt have one. This is the same as
-        get_credetial(..., cred = None, ...)
-
-        The registry ensures that the client is the principal that is named by
-        (type, name) by comparing the public key in the record's  GID to the
-        private key used to encrypt the client side of the HTTPS connection. Thus
-        it is impossible for one principal to retrive another principal's
-        credential without having the appropriate private key.
-
-        @param type type of object (user | slice | sa | ma | node)
-        @param hrn human readable name of authority to list
-        @return string representation of a credential object
-        """
-        self.api.auth.verify_object_belongs_to_me(hrn)
-        auth_hrn = self.api.auth.get_authority(hrn)
-         
-        # if this is a root or sub authority get_authority will return
-        # an empty string
-        if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
-            auth_hrn = hrn
-
-        auth_info = self.api.auth.get_auth_info(auth_hrn)
-
-        # find a record that matches
-        record = None
-        table = GeniTable()
-        records = table.findObjects({'type': type, 'hrn':  hrn})
-        if not records:
-            raise RecordNotFound(hrn)
-        record = records[0]
-        gid = record.get_gid_object()
-        rights = self.api.auth.determine_user_rights(None, record)
-        if rights.is_empty():
-            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
-       
-        # authenticate the gid
-        gid_str = gid.save_to_string(save_parents=True)
-        self.api.auth.authenticateGid(gid_str, [None, type, hrn], request_hash)
-
-        # create the credential
-        gid = record.get_gid_object()
-        cred = Credential(subject = gid.get_subject())
-        cred.set_gid_caller(gid)
-        cred.set_gid_object(gid)
-        cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-        cred.set_pubkey(gid.get_pubkey())
-        cred.set_privileges(rights)
-        cred.set_delegate(True)
-
-        auth_kind = "authority,sa,ma"
-        cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
-
-        cred.encode()
-        cred.sign()
-        return cred.save_to_string(save_parents=True)