git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
removed another bunch of references to geni
[sfa.git] / sfa / methods / get_self_credential.py
diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index 8859082..49bad01 100644 (file)
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -6,10 +6,7 @@ from sfa.trust.rights import *
 from sfa.util.faults import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
-from sfa.trust.auth import Auth
-from sfa.trust.gid import GID
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import *
+from sfa.util.record import SfaRecord
 from sfa.util.debug import log
 
 class get_self_credential(Method):
@@ -50,52 +47,24 @@ class get_self_credential(Method):
         @return string representation of a credential object
         """
         self.api.auth.verify_object_belongs_to_me(hrn)
-        auth_hrn = self.api.auth.get_authority(hrn)
-         
-        # if this is a root or sub authority get_authority will return
-        # an empty string
-        if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
-            auth_hrn = hrn
-
-        auth_info = self.api.auth.get_auth_info(auth_hrn)
+        
+        # send the call to the right manager
+        manager_base = 'sfa.managers'
+        mgr_type = self.api.config.SFA_REGISTRY_TYPE
+        manager_module = manager_base + ".registry_manager_%s" % mgr_type
+        manager = __import__(manager_module, fromlist=[manager_base])
 
-        # find a record that matches
-        record = None
-        table = GeniTable()
-        records = table.findObjects({'type': type, 'hrn':  hrn})
+        # authenticate the gid
+        records = manager.resolve(self.api, hrn, type)
         if not records:
             raise RecordNotFound(hrn)
-        record = records[0]
-        
-        # authenticate the gid
+        record = SfaRecord(dict=records[0])
         gid = record.get_gid_object()
         gid_str = gid.save_to_string(save_parents=True)
         self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
-        
         # authenticate the certificate against the gid in the db
         certificate = Certificate(string=cert)
         if not certificate.is_pubkey(gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
-
-        # get the right of this record
-        caller_hrn = certificate.get_subject()    
-        rights = self.api.auth.determine_user_rights(caller_hrn, record)
-        if rights.is_empty():
-            raise PermissionError(caller_hrn + " has no rights to " + record.get_name())
-
-        # create the credential
-        gid = record.get_gid_object()
-        cred = Credential(subject = gid.get_subject())
-        cred.set_gid_caller(gid)
-        cred.set_gid_object(gid)
-        cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-        cred.set_pubkey(gid.get_pubkey())
-        cred.set_privileges(rights)
-        cred.set_delegate(True)
-
-        auth_kind = "authority,sa,ma"
-        cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
-
-        cred.encode()
-        cred.sign()
-        return cred.save_to_string(save_parents=True)
+        
+        return manager.get_credential(self.api, hrn, type, is_self=True)
sfa