2 from __future__ import with_statement
7 from types import StringTypes, ListType
8 from argparse import ArgumentParser
10 from sfa.util.sfalogging import logger
11 from sfa.util.faults import CredentialNotVerifiable, CertMissingParent #, ChildRightsNotSubsetOfParent
13 from sfa.trust.certificate import Certificate
14 from sfa.trust.credential import Credential
15 from sfa.trust.gid import GID
17 from sfa.storage.record import Record
19 def determine_sfa_filekind(fn):
21 if fn.endswith('.gid'): return 'gid'
22 elif fn.endswith('.cert'): return 'certificate'
23 elif fn.endswith('cred'): return 'credential'
26 cred=Credential(filename=fn)
32 if gid.uuid: return 'gid'
36 cert = Certificate(filename = fn)
41 # if "gidCaller" in dict:
51 lastpart = hrn.split(".")[-1]
52 filename = lastpart + ".gid"
54 if os.path.exists(filename):
55 print filename, ": already exists... skipping"
58 print filename, ": extracting gid of", hrn
60 gid.save_to_file(filename, save_parents = True)
62 def extract_gids(cred, extract_parents):
63 gidCaller = cred.get_gid_caller()
67 gidObject = cred.get_gid_object()
68 if gidObject and ((gidCaller == None) or (gidCaller.get_hrn() != gidObject.get_hrn())):
71 # no such method Credential.get_parent
73 # parent = cred.get_parent()
75 # extract_gids(parent, extract_parents)
77 def verify_input_object (obj, kind, options):
78 if options.trusted_roots:
80 message= "against [" + (" + ".join(options.trusted_roots)) + "]"
82 if kind=='credential':
83 print "verify",message,
84 obj.verify(options.trusted_roots)
85 elif kind in ['certificate','gid']:
86 print "verify_chain",message,
87 obj.verify_chain(options.trusted_roots)
89 except Exception as inst:
90 print "--> KO",type(inst).__name__
92 def handle_input (filename, options):
93 kind = determine_sfa_filekind(filename)
95 # dump methods current do 'print' so let's go this road for now
96 if kind=="certificate":
97 cert=Certificate (filename=filename)
98 print '--------------------',filename,'IS A',kind
99 cert.dump(show_extensions=options.show_extensions)
100 verify_input_object (cert, kind, options)
101 elif kind=="credential":
102 cred = Credential(filename = filename)
103 print '--------------------',filename,'IS A',kind
104 cred.dump(dump_parents = options.dump_parents, show_xml=options.show_xml)
105 if options.extract_gids:
106 print '--------------------',filename,'embedded GIDs'
107 extract_gids(cred, extract_parents = options.dump_parents)
108 verify_input_object (cred, kind, options)
110 gid = GID(filename = filename)
111 print '--------------------',filename,'IS A',kind
112 gid.dump(dump_parents = options.dump_parents)
113 verify_input_object (gid, kind, options)
115 print "%s: unknown filekind '%s'"% (filename,kind)
118 usage = """%(prog)s file1 [ .. filen]
119 display info on input files"""
120 parser = ArgumentParser(usage=usage)
122 parser.add_argument("-g", "--extract-gids", action="store_true", dest="extract_gids",
123 default=False, help="Extract GIDs from credentials")
124 parser.add_argument("-p", "--dump-parents", action="store_true", dest="dump_parents",
125 default=False, help="Show parents")
126 parser.add_argument("-e", "--extensions", action="store_true",
127 dest="show_extensions", default="False", help="Show certificate extensions")
128 parser.add_argument("-v", "--verbose", action='count',
129 dest='verbose', default=0, help="More and more verbose")
130 parser.add_argument("-x", "--xml", action='store_true',
131 dest='show_xml', default=False, help="dumps xml tree (cred. only)")
132 parser.add_argument("-c", "--check", action='append', dest='trusted_roots',
133 help="cumulative list of trusted GIDs - when provided, the input is verify'ed against these")
134 parser.add_argument("filenames",metavar='F',nargs='+',help="filenames to dump")
135 options = parser.parse_args()
137 logger.setLevelFromOptVerbose(options.verbose)
138 for filename in options.filenames:
139 handle_input(filename,options)
141 if __name__=="__main__":
git://git.onelab.eu / sfa.git / blob