From: Tony Mack Date: Thu, 20 Aug 2009 17:33:58 +0000 (+0000) Subject: fix some bugs regarding sub authority implementaiton X-Git-Tag: sfa-0.9-1~53 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=de68461a2dd24ecba761c3a897812d13bd456745;p=sfa.git fix some bugs regarding sub authority implementaiton --- diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py index 4e7a7903..ff5c1a2a 100644 --- a/sfa/methods/get_credential.py +++ b/sfa/methods/get_credential.py @@ -39,7 +39,9 @@ class get_credential(Method): self.api.auth.check(cred, 'getcredential') self.api.auth.verify_object_belongs_to_me(hrn) auth_hrn = self.api.auth.get_authority(hrn) - if not auth_hrn: + + # Is this a root or sub authority + if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN: auth_hrn = hrn auth_info = self.api.auth.get_auth_info(auth_hrn) table = self.api.auth.get_auth_table(auth_hrn) @@ -91,10 +93,12 @@ class get_credential(Method): @return string representation of a credential object """ self.api.auth.verify_object_belongs_to_me(hrn) - auth_hrn = self.api.auth.get_authority(hrn) - if not auth_hrn: + + # is this a root or sub authority + if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN: auth_hrn = hrn + auth_info = self.api.auth.get_auth_info(auth_hrn) # find a record that matches diff --git a/sfa/plc/api.py b/sfa/plc/api.py index 46bf239b..2ac66e94 100644 --- a/sfa/plc/api.py +++ b/sfa/plc/api.py @@ -18,7 +18,6 @@ from sfa.util.debug import * from sfa.trust.rights import * from sfa.trust.credential import * from sfa.util.misc import * - from sfa.util.sfalogging import * # See "2.2 Characters" in the XML specification: @@ -189,7 +188,9 @@ class GeniAPI: hrn = self.hrn auth_hrn = self.auth.get_authority(hrn) - if not auth_hrn: + + # is this a root or sub authority + if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN: auth_hrn = hrn auth_info = self.auth.get_auth_info(auth_hrn) table = self.auth.get_auth_table(auth_hrn) diff --git a/sfa/plc/sfa-import-plc.py b/sfa/plc/sfa-import-plc.py index 260a743b..9b12379c 100755 --- a/sfa/plc/sfa-import-plc.py +++ b/sfa/plc/sfa-import-plc.py @@ -58,18 +58,18 @@ def main(): level1_auth = None print "Import: creating top level authorities" - sfaImporter.create_top_level_auth_records(root_auth) - if level1_auth: + if not level1_auth: + sfaImporter.create_top_level_auth_records(root_auth) + import_auth = root_auth + else: if not AuthHierarchy.auth_exists(level1_auth): AuthHierarchy.create_auth(level1_auth) sfaImporter.create_top_level_auth_records(level1_auth) import_auth = level1_auth - else: - import_auth = root_auth - print "Import: adding", root_auth, "to trusted list" - root = AuthHierarchy.get_auth_info(root_auth) - TrustedRoots.add_gid(root.get_gid_object()) + print "Import: adding", import_auth, "to trusted list" + authority = AuthHierarchy.get_auth_info(import_auth) + TrustedRoots.add_gid(authority.get_gid_object()) sites = shell.GetSites(plc_auth, {'peer_id': None}) # create a fake internet2 site first diff --git a/sfa/plc/sfaImport.py b/sfa/plc/sfaImport.py index 8a567d77..71fbce75 100644 --- a/sfa/plc/sfaImport.py +++ b/sfa/plc/sfaImport.py @@ -102,20 +102,22 @@ class sfaImport: def create_top_level_auth_records(self, hrn): AuthHierarchy = self.AuthHierarchy - # if root doesnt exist, create it + # if auth records for this hrn dont exist, create it if not AuthHierarchy.auth_exists(hrn): AuthHierarchy.create_auth(hrn) - # get the parent hrn - parent_hrn = get_authority(hrn) - if not parent_hrn: - parent_hrn = hrn # get the auth info of the newly created root auth (parent) # or level1_auth if it exists - auth_info = AuthHierarchy.get_auth_info(parent_hrn) if self.level1_auth: auth_info = AuthHierarchy.get_auth_info(hrn) + parent_hrn = hrn + else: + parent_hrn = get_authority(hrn) + if not parent_hrn: + parent_hrn = hrn + auth_info = AuthHierarchy.get_auth_info(parent_hrn) + table = self.get_auth_table(parent_hrn) auth_record = table.resolve("authority", hrn) diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 3b0af02a..34cbddcc 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -118,7 +118,7 @@ class Auth: @param name human readable name of object """ auth_name = self.get_authority(name) - if not auth_name: + if not auth_name or name == self.config.SFA_INTERFACE_HRN: # the root authority belongs to the registry by default? # TODO: is this true? return diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py index c73d858e..8f4f9fce 100644 --- a/sfa/trust/hierarchy.py +++ b/sfa/trust/hierarchy.py @@ -110,8 +110,8 @@ class Hierarchy: def __init__(self, basedir = None): if not basedir: - config = Config() - basedir = os.path.join(config.SFA_BASE_DIR, "authorities") + self.config = Config() + basedir = os.path.join(self.config.SFA_BASE_DIR, "authorities") self.basedir = basedir ## # Given a hrn, return the filenames of the GID, private key, and dbinfo @@ -226,7 +226,7 @@ class Hierarchy: gid = GID(subject=hrn, uuid=uuid, hrn=hrn) parent_hrn = get_authority(hrn) - if not parent_hrn: + if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion gid.set_issuer(pkey, hrn) @@ -289,7 +289,7 @@ class Hierarchy: cred.set_pubkey(auth_info.get_gid_object().get_pubkey()) parent_hrn = get_authority(hrn) - if not parent_hrn: + if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion cred.set_issuer(auth_info.get_pkey_object(), hrn)