From 833ca5e7d87366497f1ed015d31fc03dc6a1bdbb Mon Sep 17 00:00:00 2001
From: Josh Karlin <jkarlin@bbn.com>
Date: Thu, 29 Apr 2010 20:35:25 +0000
Subject: [PATCH] Fixed up URNs in GID creation

---
 sfa/managers/registry_manager_pl.py | 9 +++++----
 sfa/plc/sfa-import-plc.py           | 2 +-
 sfa/trust/certificate.py            | 1 +
 sfa/trust/credential.py             | 2 ++
 sfa/trust/gid.py                    | 4 ++--
 sfa/trust/hierarchy.py              | 5 +++--
 6 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py
index 423cb1cc..63827fca 100644
--- a/sfa/managers/registry_manager_pl.py
+++ b/sfa/managers/registry_manager_pl.py
@@ -183,7 +183,7 @@ def list(api, xrn, origin_hrn=None):
 def register(api, record):
 
     hrn, type = record['hrn'], record['type']
-
+    urn = hrn_to_urn(hrn,type)
     # validate the type
     if type not in ['authority', 'slice', 'node', 'user']:
         raise UnknownSfaType(type) 
@@ -212,7 +212,7 @@ def register(api, record):
                 pub_key = record['key']
             pkey = convert_public_key(pub_key)
 
-        gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+        gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
         gid = gid_object.save_to_string(save_parents=True)
         record['gid'] = gid
         record.set_gid(gid)
@@ -220,7 +220,7 @@ def register(api, record):
     if type in ["authority"]:
         # update the tree
         if not api.auth.hierarchy.auth_exists(hrn):
-            api.auth.hierarchy.create_auth(hrn)
+            api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
 
         # get the GID from the newly created authority
         gid = auth_info.get_gid_object()
@@ -293,6 +293,7 @@ def update(api, record_dict):
     new_record = SfaRecord(dict = record_dict)
     type = new_record['type']
     hrn = new_record['hrn']
+    urn = hrn_to_urn(hrn,type)
     api.auth.verify_object_permission(hrn)
     table = SfaTable()
     # make sure the record exists
@@ -357,7 +358,7 @@ def update(api, record_dict):
             # update the openssl key and gid
             pkey = convert_public_key(new_key)
             uuid = create_uuid()
-            gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+            gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
             gid = gid_object.save_to_string(save_parents=True)
             record['gid'] = gid
             record = SfaRecord(dict=record)
diff --git a/sfa/plc/sfa-import-plc.py b/sfa/plc/sfa-import-plc.py
index 235877c9..46593c77 100755
--- a/sfa/plc/sfa-import-plc.py
+++ b/sfa/plc/sfa-import-plc.py
@@ -94,7 +94,7 @@ def main():
         import_auth = root_auth
     else:
         if not AuthHierarchy.auth_exists(level1_auth):
-            AuthHierarchy.create_auth(level1_auth)
+            AuthHierarchy.create_auth(hrn_to_urn(level1_auth,'authority'))
         sfaImporter.create_top_level_auth_records(level1_auth)
         import_auth = level1_auth
 
diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index ce8597ed..6a5ee2df 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -23,6 +23,7 @@ from OpenSSL import crypto
 import M2Crypto
 from M2Crypto import X509
 from tempfile import mkstemp
+from sfa.util.sfalogging import logger
 
 from sfa.util.faults import *
 
diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index aeac9de3..1ab34a88 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -657,6 +657,8 @@ class Credential(object):
             refs.append("Sig_%s" % ref)
 
         for ref in refs:
+            logger.info('%s --verify --node-id "%s" %s %s 2>&1' \
+                            % (self.xmlsec_path, ref, cert_args, filename))
             verified = os.popen('%s --verify --node-id "%s" %s %s 2>&1' \
                             % (self.xmlsec_path, ref, cert_args, filename)).read()
             if not verified.strip().startswith("OK"):
diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py
index 72d657c1..e51b3288 100644
--- a/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@ -177,12 +177,12 @@ class GID(Certificate):
 
     def verify_chain(self, trusted_certs = None):
         # do the normal certificate verification stuff
-        Certificate.verify_chain(self, trusted_certs)
-
+        Certificate.verify_chain(self, trusted_certs)        
         if self.parent:
             # make sure the parent's hrn is a prefix of the child's hrn
             if not self.get_hrn().startswith(self.parent.get_hrn()):
                 raise GidParentHrn(self.parent.get_subject())
+                
 
         return
 
diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py
index e73e5bd6..e277ec51 100644
--- a/sfa/trust/hierarchy.py
+++ b/sfa/trust/hierarchy.py
@@ -165,8 +165,9 @@ class Hierarchy:
 
         # create the parent authority if necessary
         parent_hrn = get_authority(hrn)
-        if (parent_hrn) and (not self.auth_exists(parent_hrn)) and (create_parents):
-            self.create_auth(parent_hrn, create_parents)
+        parent_urn = hrn_to_urn(parent_hrn, 'authority')
+        if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
+            self.create_auth(parent_urn, create_parents)
 
         (directory, gid_filename, privkey_filename, dbinfo_filename) = \
             self.get_auth_filenames(hrn)
-- 
2.47.0