1 # * require certificate as an argument
3 # * get pubkey from gid
4 # * if certifacate matches pubkey from gid, return gid, else raise exception
5 # if not peer.is_pubkey(gid.get_pubkey()):
6 # raise ConnectionKeyGIDMismatch(gid.get_subject())
8 from sfa.util.faults import *
9 from sfa.util.method import Method
10 from sfa.util.parameter import Parameter, Mixed
11 from sfa.trust.auth import Auth
12 from sfa.trust.gid import GID
13 from sfa.trust.certificate import Certificate
14 from sfa.util.genitable import GeniTable
16 class get_gid(Method):
18 Returns the client's gid if one exists
20 @param cert certificate string
24 interfaces = ['registry']
27 Parameter(str, "Certificate string"),
28 Parameter(str, "Human readable name (hrn)"),
29 Parameter(str, "Object type")
32 returns = Parameter(str, "GID string")
34 def call(self, cert, hrn, type):
36 self.api.auth.verify_object_belongs_to_me(hrn)
39 manager_base = 'sfa.managers'
40 mgr_type = self.api.config.SFA_REGISTRY_TYPE
41 manager_module = manager_base + ".registry_manager_%s" % mgr_type
42 manager = __import__(manager_module, fromlist=[manager_base])
43 records = manager.resolve(self.api, hrn, type, origin_hrn=hrn)
45 raise RecordNotFound(hrn)
48 # make sure client's certificate is the gid's pub key
49 gid = GID(string=record['gid'])
50 certificate = Certificate(string=cert)
51 if not certificate.is_pubkey(gid.get_pubkey()):
52 raise ConnectionKeyGIDMismatch(gid.get_subject())