import os, os.path
import tempfile
from types import StringTypes, ListType
-from optparse import OptionParser
+from argparse import ArgumentParser
from sfa.util.sfalogging import logger
+from sfa.util.faults import CredentialNotVerifiable, CertMissingParent #, ChildRightsNotSubsetOfParent
from sfa.trust.certificate import Certificate
from sfa.trust.credential import Credential
from sfa.trust.gid import GID
-from sfa.storage.record import SfaRecord
+from sfa.storage.record import Record
def determine_sfa_filekind(fn):
# if parent:
# extract_gids(parent, extract_parents)
+def verify_input_object (obj, kind, options):
+ if options.trusted_roots:
+ print "CHECKING...",
+ message= "against [" + (" + ".join(options.trusted_roots)) + "]"
+ try:
+ if kind=='credential':
+ print "verify",message,
+ obj.verify(options.trusted_roots)
+ elif kind in ['certificate','gid']:
+ print "verify_chain",message,
+ obj.verify_chain(options.trusted_roots)
+ print "--> OK"
+ except Exception as inst:
+ print "--> KO",type(inst).__name__
+
def handle_input (filename, options):
kind = determine_sfa_filekind(filename)
- handle_input_kind (filename,options,kind)
-
-def handle_input_kind (filename, options, kind):
-
-# dump methods current do 'print' so let's go this road for now
+ # dump methods current do 'print' so let's go this road for now
if kind=="certificate":
cert=Certificate (filename=filename)
print '--------------------',filename,'IS A',kind
cert.dump(show_extensions=options.show_extensions)
+ verify_input_object (cert, kind, options)
elif kind=="credential":
cred = Credential(filename = filename)
print '--------------------',filename,'IS A',kind
- cred.dump(dump_parents = options.dump_parents)
+ cred.dump(dump_parents = options.dump_parents, show_xml=options.show_xml)
if options.extract_gids:
- print '--------------------',filename,'embedded GIDS'
+ print '--------------------',filename,'embedded GIDs'
extract_gids(cred, extract_parents = options.dump_parents)
+ verify_input_object (cred, kind, options)
elif kind=="gid":
gid = GID(filename = filename)
print '--------------------',filename,'IS A',kind
gid.dump(dump_parents = options.dump_parents)
+ verify_input_object (gid, kind, options)
else:
print "%s: unknown filekind '%s'"% (filename,kind)
def main():
- usage = """%prog file1 [ .. filen]
+ usage = """%(prog)s file1 [ .. filen]
display info on input files"""
- parser = OptionParser(usage=usage)
-
- parser.add_option("-g", "--extract-gids", action="store_true", dest="extract_gids", default=False, help="Extract GIDs from credentials")
- parser.add_option("-p", "--dump-parents", action="store_true", dest="dump_parents", default=False, help="Show parents")
- parser.add_option("-e", "--extensions", action="store_true", dest="show_extensions", default="False", help="Show certificate extensions")
- parser.add_option("-v", "--verbose", action='count', dest='verbose', default=0)
- (options, args) = parser.parse_args()
+ parser = ArgumentParser(usage=usage)
+
+ parser.add_argument("-g", "--extract-gids", action="store_true", dest="extract_gids",
+ default=False, help="Extract GIDs from credentials")
+ parser.add_argument("-p", "--dump-parents", action="store_true", dest="dump_parents",
+ default=False, help="Show parents")
+ parser.add_argument("-e", "--extensions", action="store_true",
+ dest="show_extensions", default="False", help="Show certificate extensions")
+ parser.add_argument("-v", "--verbose", action='count',
+ dest='verbose', default=0, help="More and more verbose")
+ parser.add_argument("-x", "--xml", action='store_true',
+ dest='show_xml', default=False, help="dumps xml tree (cred. only)")
+ parser.add_argument("-c", "--check", action='append', dest='trusted_roots',
+ help="cumulative list of trusted GIDs - when provided, the input is verify'ed against these")
+ parser.add_argument("filenames",metavar='F',nargs='+',help="filenames to dump")
+ options = parser.parse_args()
logger.setLevelFromOptVerbose(options.verbose)
- if len(args) <= 0:
- parser.print_help()
- sys.exit(1)
- for f in args:
- handle_input(f,options)
+ for filename in options.filenames:
+ handle_input(filename,options)
if __name__=="__main__":
main()
git://git.onelab.eu / sfa.git / blobdiff