1 # * require certificate as an argument
3 # * get pubkey from gid
4 # * if certifacate matches pubkey from gid, return gid, else raise exception
5 # if not peer.is_pubkey(gid.get_pubkey()):
6 # raise ConnectionKeyGIDMismatch(gid.get_subject())
8 from sfa.util.faults import *
9 from sfa.util.method import Method
10 from sfa.util.parameter import Parameter, Mixed
11 from sfa.trust.auth import Auth
12 from sfa.trust.gid import GID
13 from sfa.trust.certificate import Certificate
15 class get_gid(Method):
17 Returns the client's gid if one exists
19 @param cert certificate string
23 interfaces = ['registry']
26 Parameter(str, "Certificate string"),
27 Parameter(str, "Human readable name (hrn)"),
28 Parameter(str, "Object type")
31 returns = Parameter(str, "GID string")
33 def call(self, cert, hrn, type):
35 self.api.auth.verify_object_belongs_to_me(hrn)
38 manager_base = 'sfa.managers'
39 mgr_type = self.api.config.SFA_REGISTRY_TYPE
40 manager_module = manager_base + ".registry_manager_%s" % mgr_type
41 manager = __import__(manager_module, fromlist=[manager_base])
42 records = manager.resolve(self.api, hrn, type, origin_hrn=hrn)
44 raise RecordNotFound(hrn)
47 # make sure client's certificate is the gid's pub key
48 gid = GID(string=record['gid'])
49 certificate = Certificate(string=cert)
50 if not certificate.is_pubkey(gid.get_pubkey()):
51 raise ConnectionKeyGIDMismatch(gid.get_subject())