X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=blobdiff_plain;f=clientbin%2Fsfadump.py;h=f42615b24b4497d17772929bb568228d1330325b;hp=b366aec3769d18f24edefeff79afdc5c71844ca8;hb=HEAD;hpb=7c97b4323a2ee8c49cf250eb39a36c7609f2b468 diff --git a/clientbin/sfadump.py b/clientbin/sfadump.py index b366aec3..f42615b2 100755 --- a/clientbin/sfadump.py +++ b/clientbin/sfadump.py @@ -1,13 +1,14 @@ -#! /usr/bin/env python -from __future__ import with_statement +#!/usr/bin/env python3 import sys -import os, os.path +import os +import os.path import tempfile -from types import StringTypes, ListType -from optparse import OptionParser +from argparse import ArgumentParser from sfa.util.sfalogging import logger +# , ChildRightsNotSubsetOfParent +from sfa.util.faults import CredentialNotVerifiable, CertMissingParent from sfa.trust.certificate import Certificate from sfa.trust.credential import Credential @@ -15,26 +16,34 @@ from sfa.trust.gid import GID from sfa.storage.record import Record + def determine_sfa_filekind(fn): - if fn.endswith('.gid'): return 'gid' - elif fn.endswith('.cert'): return 'certificate' - elif fn.endswith('cred'): return 'credential' + if fn.endswith('.gid'): + return 'gid' + elif fn.endswith('.cert'): + return 'certificate' + elif fn.endswith('cred'): + return 'credential' try: - cred=Credential(filename=fn) + cred = Credential(filename=fn) return 'credential' - except: pass + except: + pass - try: - gid=GID(filename=fn) - if gid.uuid: return 'gid' - except: pass + try: + gid = GID(filename=fn) + if gid.uuid: + return 'gid' + except: + pass try: - cert = Certificate(filename = fn) + cert = Certificate(filename=fn) return 'certificate' - except: pass + except: + pass # to be completed # if "gidCaller" in dict: @@ -45,77 +54,105 @@ def determine_sfa_filekind(fn): return "unknown" + def save_gid(gid): - hrn = gid.get_hrn() - lastpart = hrn.split(".")[-1] - filename = lastpart + ".gid" + hrn = gid.get_hrn() + lastpart = hrn.split(".")[-1] + filename = lastpart + ".gid" + + if os.path.exists(filename): + print(filename, ": already exists... skipping") + return - if os.path.exists(filename): - print filename, ": already exists... skipping" - return + print(filename, ": extracting gid of", hrn) - print filename, ": extracting gid of", hrn + gid.save_to_file(filename, save_parents=True) - gid.save_to_file(filename, save_parents = True) def extract_gids(cred, extract_parents): - gidCaller = cred.get_gid_caller() - if gidCaller: - save_gid(gidCaller) + gidCaller = cred.get_gid_caller() + if gidCaller: + save_gid(gidCaller) - gidObject = cred.get_gid_object() - if gidObject and ((gidCaller == None) or (gidCaller.get_hrn() != gidObject.get_hrn())): - save_gid(gidObject) + gidObject = cred.get_gid_object() + if gidObject and ((gidCaller == None) or (gidCaller.get_hrn() != gidObject.get_hrn())): + save_gid(gidObject) - # no such method Credential.get_parent + # no such method Credential.get_parent # if extract_parents: # parent = cred.get_parent() # if parent: # extract_gids(parent, extract_parents) -def handle_input (filename, options): - kind = determine_sfa_filekind(filename) - handle_input_kind (filename,options,kind) -def handle_input_kind (filename, options, kind): - +def verify_input_object(obj, kind, options): + if options.trusted_roots: + print("CHECKING...", end=' ') + message = "against [" + (" + ".join(options.trusted_roots)) + "]" + try: + if kind == 'credential': + print("verify", message, end=' ') + obj.verify(options.trusted_roots) + elif kind in ('certificate', 'gid'): + print("verify_chain", message, end=' ') + obj.verify_chain(options.trusted_roots) + print("--> OK") + except Exception as inst: + print("--> KO", type(inst).__name__) -# dump methods current do 'print' so let's go this road for now - if kind=="certificate": - cert=Certificate (filename=filename) - print '--------------------',filename,'IS A',kind + +def handle_input(filename, options): + kind = determine_sfa_filekind(filename) + + # dump methods current do 'print' so let's go this road for now + if kind == "certificate": + cert = Certificate(filename=filename) + print('--------------------', filename, 'IS A', kind) cert.dump(show_extensions=options.show_extensions) - elif kind=="credential": - cred = Credential(filename = filename) - print '--------------------',filename,'IS A',kind - cred.dump(dump_parents = options.dump_parents) + verify_input_object(cert, kind, options) + elif kind == "credential": + cred = Credential(filename=filename) + print('--------------------', filename, 'IS A', kind) + cred.dump(dump_parents=options.dump_parents, show_xml=options.show_xml) if options.extract_gids: - print '--------------------',filename,'embedded GIDS' - extract_gids(cred, extract_parents = options.dump_parents) - elif kind=="gid": - gid = GID(filename = filename) - print '--------------------',filename,'IS A',kind - gid.dump(dump_parents = options.dump_parents) + print('--------------------', filename, 'embedded GIDs') + extract_gids(cred, extract_parents=options.dump_parents) + verify_input_object(cred, kind, options) + elif kind == "gid": + gid = GID(filename=filename) + print('--------------------', filename, 'IS A', kind) + gid.dump(dump_parents=options.dump_parents) + verify_input_object(gid, kind, options) else: - print "%s: unknown filekind '%s'"% (filename,kind) + print("%s: unknown filekind '%s'" % (filename, kind)) + def main(): - usage = """%prog file1 [ .. filen] + usage = """%(prog)s file1 [ .. filen] display info on input files""" - parser = OptionParser(usage=usage) - - parser.add_option("-g", "--extract-gids", action="store_true", dest="extract_gids", default=False, help="Extract GIDs from credentials") - parser.add_option("-p", "--dump-parents", action="store_true", dest="dump_parents", default=False, help="Show parents") - parser.add_option("-e", "--extensions", action="store_true", dest="show_extensions", default="False", help="Show certificate extensions") - parser.add_option("-v", "--verbose", action='count', dest='verbose', default=0) - (options, args) = parser.parse_args() + parser = ArgumentParser(usage=usage) + + parser.add_argument("-g", "--extract-gids", action="store_true", dest="extract_gids", + default=False, help="Extract GIDs from credentials") + parser.add_argument("-p", "--dump-parents", action="store_true", dest="dump_parents", + default=False, help="Show parents") + parser.add_argument("-e", "--extensions", action="store_true", + dest="show_extensions", default="False", + help="Show certificate extensions") + parser.add_argument("-v", "--verbose", action='count', + dest='verbose', default=0, help="More and more verbose") + parser.add_argument("-x", "--xml", action='store_true', + dest='show_xml', default=False, help="dumps xml tree (cred. only)") + parser.add_argument("-c", "--check", action='append', dest='trusted_roots', + help="cumulative list of trusted GIDs - " + "when provided, the input is verify'ed against these") + parser.add_argument("filenames", metavar='F', nargs='+', + help="filenames to dump") + options = parser.parse_args() logger.setLevelFromOptVerbose(options.verbose) - if len(args) <= 0: - parser.print_help() - sys.exit(1) - for f in args: - handle_input(f,options) - -if __name__=="__main__": - main() + for filename in options.filenames: + handle_input(filename, options) + +if __name__ == "__main__": + main()