#! /usr/bin/env python
- from __future__ import with_statement
import sys
-import os, os.path
+import os
+import os.path
import tempfile
from argparse import ArgumentParser
server = self.sliceapi()
# set creds
- creds = [self.my_credential]
+ creds = [self.my_credential_string]
if options.delegate:
- creds.append(self.delegate_cred(cred, get_authority(self.authority)))
+ creds.append(self.delegate_cred(
+ cred, get_authority(self.authority)))
if options.show_credential:
show_credentials(creds)
if debug_verify_chain:
logger.debug("verify_chain: NO. Cert {} is signed by trusted_cert {}, "
"but that signer is expired..."
- .format(self.pretty_name(),trusted_cert.pretty_name()))
+ .format(self.pretty_cert(), trusted_cert.pretty_cert()))
raise CertExpired("{} signer trusted_cert {}"
- .format(self.pretty_cert(), trusted_cert.pretty_cert()))
+ .format(self.pretty_name(), trusted_cert.pretty_name()))
+ else:
+ logger.debug("verify_chain: not a direct descendant of a trusted root".
+ format(self.pretty_name(), trusted_cert))
# if there is no parent, then no way to verify the chain
if not self.parent:
# for a principal that is not a member of that authority. For example,
# planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
- def verify_chain(self, trusted_certs = None):
+ def verify_chain(self, trusted_certs=None):
+ logger.debug("GID.verify_chain with {} trusted certs".format(len(trusted_certs)))
# do the normal certificate verification stuff
- trusted_root = Certificate.verify_chain(self, trusted_certs)
-
+ trusted_root = Certificate.verify_chain(self, trusted_certs)
+
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):