Success! PG cert/cred able to call ListResources and GetVersion using sfi.py

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index 9070bdb..b280c26 100755 (executable)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -24,7 +24,7 @@ import zlib
 
 # utility methods here
 # display methods
-def display_rspec(rspec, format = 'rspec'):
+def display_rspec(rspec, format='rspec'):
     if format in ['dns']:
         spec = RSpec()
         spec.parseString(rspec)
@@ -57,12 +57,12 @@ def display_list(results):
         print result
 
 
-def display_records(recordList, dump = False):
+def display_records(recordList, dump=False):
     ''' Print all fields in the record'''
     for record in recordList:
         display_record(record, dump)
 
-def display_record(record, dump = False):
+def display_record(record, dump=False):
     if dump:
         record.dump()
     else:
@@ -92,7 +92,7 @@ def save_rspec_to_file(rspec, filename):
 def save_records_to_file(filename, recordList):
     index = 0
     for record in recordList:
-        if index>0:
+        if index > 0:
             save_record_to_file(filename + "." + str(index), record)
         else:
             save_record_to_file(filename, record)
@@ -100,15 +100,15 @@ def save_records_to_file(filename, recordList):
 
 def save_record_to_file(filename, record):
     if record['type'] in ['user']:
-        record = UserRecord(dict = record)
+        record = UserRecord(dict=record)
     elif record['type'] in ['slice']:
-        record = SliceRecord(dict = record)
+        record = SliceRecord(dict=record)
     elif record['type'] in ['node']:
-        record = NodeRecord(dict = record)
+        record = NodeRecord(dict=record)
     elif record['type'] in ['authority', 'ma', 'sa']:
-        record = AuthorityRecord(dict = record)
+        record = AuthorityRecord(dict=record)
     else:
-        record = SfaRecord(dict = record)
+        record = SfaRecord(dict=record)
     str = record.save_to_string()
     file(filename, "w").write(str)
     return
@@ -132,7 +132,7 @@ class Sfi:
     options = None
     hashrequest = False
    
-    def create_cmd_parser(self,command, additional_cmdargs = None):
+    def create_cmd_parser(self, command, additional_cmdargs=None):
         cmdargs = {"gid": "",
                   "list": "name",
                   "show": "name",
@@ -146,7 +146,7 @@ class Sfi:
                   "create": "name rspec",
                   "get_trusted_certs": "cred",
                   "get_ticket": "name rspec",
-                  "redeem_ticket": "ticket",  
+                  "redeem_ticket": "ticket",
                   "delete": "name",
                   "reset": "name",
                   "start": "name",
@@ -165,7 +165,7 @@ class Sfi:
             print "Invalid command\n"
             print "Commands: ",
             for key in cmdargs.keys():
-                print key+",",
+                print key + ",",
             print ""
             sys.exit(2)
 
@@ -173,24 +173,24 @@ class Sfi:
                                      % (command, cmdargs[command]))
 
         if command in ("resources"):
-            parser.add_option("-f", "--format", dest="format",type="choice",
-                             help="display format ([xml]|dns|ip)",default="xml",
-                             choices=("xml","dns","ip"))
+            parser.add_option("-f", "--format", dest="format", type="choice",
+                             help="display format ([xml]|dns|ip)", default="xml",
+                             choices=("xml", "dns", "ip"))
             parser.add_option("-a", "--aggregate", dest="aggregate",
                              default=None, help="aggregate hrn")
 
         if command in ("create", "get_ticket"):
-            parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
+            parser.add_option("-a", "--aggregate", dest="aggregate", default=None,
                              help="aggregate hrn")
 
         if command in ("start", "stop", "reset", "delete", "slices"):
-            parser.add_option("-c", "--component", dest="component",default=None,
+            parser.add_option("-c", "--component", dest="component", default=None,
                              help="component hrn")
             
         if command in ("list", "show", "remove"):
-            parser.add_option("-t", "--type", dest="type",type="choice",
+            parser.add_option("-t", "--type", dest="type", type="choice",
                             help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
-                            choices=("all","user","slice","sa","ma","node","aggregate"),
+                            choices=("all", "user", "slice", "sa", "ma", "node", "aggregate"),
                             default="all")
 
         if command in ("resources", "show", "list"):
@@ -199,8 +199,8 @@ class Sfi:
         
         if command in ("show", "list"):
            parser.add_option("-f", "--format", dest="format", type="choice",
-                             help="display format ([text]|xml)",default="text",
-                             choices=("text","xml"))
+                             help="display format ([text]|xml)", default="text",
+                             choices=("text", "xml"))
 
         if command in ("delegate"):
            parser.add_option("-u", "--user",
@@ -223,10 +223,10 @@ class Sfi:
                          help="root registry", metavar="URL", default=None)
         parser.add_option("-s", "--slicemgr", dest="sm",
                          help="slice manager", metavar="URL", default=None)
-        default_sfi_dir=os.path.expanduser("~/.sfi/")
+        default_sfi_dir = os.path.expanduser("~/.sfi/")
         parser.add_option("-d", "--dir", dest="sfi_dir",
                          help="config & working directory - default is " + default_sfi_dir,
-                         metavar="PATH", default = default_sfi_dir)
+                         metavar="PATH", default=default_sfi_dir)
         parser.add_option("-u", "--user", dest="user",
                          help="user name", metavar="HRN", default=None)
         parser.add_option("-a", "--auth", dest="auth",
@@ -253,7 +253,7 @@ class Sfi:
        try:
           config = Config (config_file)
        except:
-          print "Failed to read configuration file",config_file
+          print "Failed to read configuration file", config_file
           print "Make sure to remove the export clauses and to add quotes"
           if not self.options.verbose:
              print "Re-run with -v for more details"
@@ -261,48 +261,48 @@ class Sfi:
              traceback.print_exc()
           sys.exit(1)
     
-       errors=0
+       errors = 0
        # Set SliceMgr URL
        if (self.options.sm is not None):
           sm_url = self.options.sm
-       elif hasattr(config,"SFI_SM"):
+       elif hasattr(config, "SFI_SM"):
           sm_url = config.SFI_SM
        else:
-          print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_SM='http://your.slicemanager.url:12347/' in %s" % config_file
+          errors += 1 
     
        # Set Registry URL
        if (self.options.registry is not None):
           reg_url = self.options.registry
-       elif hasattr(config,"SFI_REGISTRY"):
+       elif hasattr(config, "SFI_REGISTRY"):
           reg_url = config.SFI_REGISTRY
        else:
-          print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file
+          errors += 1 
           
 
        if (self.options.geni_am is not None):
            geni_am_url = self.options.geni_am
-       elif hasattr(config,"SFI_GENI_AM"):
+       elif hasattr(config, "SFI_GENI_AM"):
            geni_am_url = config.SFI_GENI_AM
            
        # Set user HRN
        if (self.options.user is not None):
           self.user = self.options.user
-       elif hasattr(config,"SFI_USER"):
+       elif hasattr(config, "SFI_USER"):
           self.user = config.SFI_USER
        else:
-          print "You need to set e.g. SFI_USER='plc.princeton.username' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file
+          errors += 1 
     
        # Set authority HRN
        if (self.options.auth is not None):
           self.authority = self.options.auth
-       elif hasattr(config,"SFI_AUTH"):
+       elif hasattr(config, "SFI_AUTH"):
           self.authority = config.SFI_AUTH
        else:
-          print "You need to set e.g. SFI_AUTH='plc.princeton' in %s"%config_file
-          errors +=1 
+          print "You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file
+          errors += 1 
     
        if errors:
           sys.exit(1)
@@ -339,7 +339,7 @@ class Sfi:
     
     
     def get_key_file(self):
-       file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
+       file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
        #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
        if (os.path.isfile(file)):
           return file
@@ -348,14 +348,14 @@ class Sfi:
           sys.exit(-1)
        return
     
-    def get_cert_file(self,key_file):
+    def get_cert_file(self, key_file):
     
        #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
-       file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
+       file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
        if (os.path.isfile(file)):
           return file
        else:
-          k = Keypair(filename = key_file)
+          k = Keypair(filename=key_file)
           cert = Certificate(subject=self.user)
           cert.set_pubkey(k)
           cert.set_issuer(k, self.user)
@@ -367,7 +367,7 @@ class Sfi:
    
     def get_gid(self):
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
-        file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid")
+        file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid")
         if (os.path.isfile(file)):
             gid = GID(filename=file)
             return gid
@@ -382,17 +382,17 @@ class Sfi:
  
     def get_user_cred(self):
         #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
-        file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
+        file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
         if (os.path.isfile(file)):
             user_cred = Credential(filename=file)
             return user_cred
         else:
             # bootstrap user credential
             cert_string = self.cert.save_to_string(save_parents=True)
-            user_name=self.user.replace(self.authority+".", '')
+            user_name = self.user.replace(self.authority + ".", '')
             if user_name.count(".") > 0:
                 user_name = user_name.replace(".", '_')
-                self.user=self.authority + "." + user_name
+                self.user = self.authority + "." + user_name
 
             user_cred = self.registry.get_self_credential(cert_string, "user", self.user)
             if user_cred:
@@ -410,7 +410,7 @@ class Sfi:
             print "no authority specified. Use -a or set SF_AUTH"
             sys.exit(-1)
     
-        file = os.path.join(self.options.sfi_dir, get_leaf("authority") +".cred")
+        file = os.path.join(self.options.sfi_dir, get_leaf("authority") + ".cred")
         if (os.path.isfile(file)):
             auth_cred = Credential(filename=file)
             return auth_cred
@@ -428,7 +428,7 @@ class Sfi:
                 print "Failed to get authority credential"
                 sys.exit(-1)
     
-    def get_slice_cred(self,name):
+    def get_slice_cred(self, name):
         file = os.path.join(self.options.sfi_dir, "slice_" + get_leaf(name) + ".cred")
         if (os.path.isfile(file)):
             slice_cred = Credential(filename=file)
@@ -448,7 +448,7 @@ class Sfi:
                 print "Failed to get slice credential"
                 sys.exit(-1)
     
-    def delegate_cred(self,cred, hrn, type = 'authority'):
+    def delegate_cred(self, cred, hrn, type='authority'):
         # the gid and hrn of the object we are delegating
         user_cred = Credential(string=cred)
         object_gid = user_cred.get_gid_object()
@@ -470,7 +470,7 @@ class Sfi:
         delegee_hrn = delegee_gid.get_hrn()
         
         # the key and hrn of the user who will be delegating
-        user_key = Keypair(filename = self.get_key_file())
+        user_key = Keypair(filename=self.get_key_file())
         user_hrn = user_cred.get_gid_caller().get_hrn()
     
         dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
@@ -481,7 +481,7 @@ class Sfi:
         
 
         # Save the issuer's gid to a file
-        fname = self.options.sfi_dir + os.sep + "gid_%d" % random.randint(0,999999999)
+        fname = self.options.sfi_dir + os.sep + "gid_%d" % random.randint(0, 999999999)
         f = open(fname, "w")
         f.write(user_cred.get_gid_caller().save_to_string())
         f.close()
@@ -494,7 +494,7 @@ class Sfi:
     
         return dcred.save_to_string(save_parents=True)
     
-    def get_rspec_file(self,rspec):
+    def get_rspec_file(self, rspec):
        if (os.path.isabs(rspec)):
           file = rspec
        else:
@@ -505,7 +505,7 @@ class Sfi:
           print "No such rspec file", rspec
           sys.exit(1)
     
-    def get_record_file(self,record):
+    def get_record_file(self, record):
        if (os.path.isabs(record)):
           file = record
        else:
@@ -516,8 +516,8 @@ class Sfi:
           print "No such registry record file", record
           sys.exit(1)
     
-    def load_publickey_string(self,fn):
-       f = file(fn,"r")
+    def load_publickey_string(self, fn):
+       f = file(fn, "r")
        key_string = f.read()
     
        # if the filename is a private key file, then extract the public key
@@ -549,8 +549,8 @@ class Sfi:
     # Registry-related commands
     #
   
-    def dispatch(self,command, cmd_opts, cmd_args):
-        getattr(self,command)(cmd_opts, cmd_args)
+    def dispatch(self, command, cmd_opts, cmd_args):
+        getattr(self, command)(cmd_opts, cmd_args)
  
     def gid(self, opts, args):
         gid = self.get_gid()
@@ -558,7 +558,7 @@ class Sfi:
         return   
  
     # list entires in named authority registry
-    def list(self,opts, args):
+    def list(self, opts, args):
         user_cred = self.get_user_cred().save_to_string(save_parents=True)
         hrn = args[0]
         try:
@@ -579,7 +579,7 @@ class Sfi:
         return
     
     # show named registry record
-    def show(self,opts, args):
+    def show(self, opts, args):
         user_cred = self.get_user_cred().save_to_string(save_parents=True)
         hrn = args[0]
         records = self.registry.resolve(user_cred, hrn)
@@ -588,16 +588,16 @@ class Sfi:
             print "No record of type", opts.type
         for record in records:
             if record['type'] in ['user']:
-                record = UserRecord(dict = record)
+                record = UserRecord(dict=record)
             elif record['type'] in ['slice']:
-                record = SliceRecord(dict = record)
+                record = SliceRecord(dict=record)
             elif record['type'] in ['node']:
-                record = NodeRecord(dict = record)
+                record = NodeRecord(dict=record)
             elif record['type'] in ['authority', 'ma', 'sa']:
-                record = AuthorityRecord(dict = record)
+                record = AuthorityRecord(dict=record)
             else:
-                record = SfaRecord(dict = record)
-            if (opts.format=="text"): 
+                record = SfaRecord(dict=record)
+            if (opts.format == "text"): 
                 record.dump()  
             else:
                 print record.save_to_string() 
@@ -609,7 +609,7 @@ class Sfi:
             save_records_to_file(file, records)
         return
     
-    def delegate(self,opts, args):
+    def delegate(self, opts, args):
        user_cred = self.get_user_cred()
        if opts.delegate_user:
            object_cred = user_cred
@@ -639,7 +639,7 @@ class Sfi:
        delegee_hrn = delegee_gid.get_hrn()
    
        # the key and hrn of the user who will be delegating
-       user_key = Keypair(filename = self.get_key_file())
+       user_key = Keypair(filename=self.get_key_file())
        user_hrn = user_cred.get_gid_caller().get_hrn()
        subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
        dcred = Credential(subject=subject_string)
@@ -661,13 +661,13 @@ class Sfi:
            dest_fn = os.path_join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_" 
                                   + get_leaf(object_hrn) + ".cred")
     
-       dcred.save_to_file(dest_fn, save_parents = True)
+       dcred.save_to_file(dest_fn, save_parents=True)
     
        print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
     
     # removed named registry record
     #   - have to first retrieve the record to be removed
-    def remove(self,opts, args):
+    def remove(self, opts, args):
         auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
         hrn = args[0]
         type = opts.type 
@@ -676,7 +676,7 @@ class Sfi:
         return self.registry.remove(auth_cred, type, hrn)
     
     # add named registry record
-    def add(self,opts, args):
+    def add(self, opts, args):
         auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
         record_filepath = args[0]
         rec_file = self.get_record_file(record_filepath)
@@ -684,7 +684,7 @@ class Sfi:
         return self.registry.register(auth_cred, record)
     
     # update named registry entry
-    def update(self,opts, args):
+    def update(self, opts, args):
         user_cred = self.get_user_cred()
         rec_file = self.get_record_file(args[0])
         record = load_record_from_file(rec_file)
@@ -769,7 +769,7 @@ class Sfi:
     # list available nodes -- use 'resources' w/ no argument instead
 
     # list instantiated slices
-    def slices(self,opts, args):
+    def slices(self, opts, args):
         user_cred = self.get_user_cred().save_to_string(save_parents=True)
         server = self.slicemgr
         # direct connection to the nodes component manager interface
@@ -780,7 +780,7 @@ class Sfi:
         return
     
     # show rspec for named slice
-    def resources(self,opts, args):
+    def resources(self, opts, args):
         user_cred = self.get_user_cred().save_to_string(save_parents=True)
         server = self.slicemgr
         if opts.aggregate:
@@ -810,12 +810,12 @@ class Sfi:
         return
     
     # created named slice with given rspec
-    def create(self,opts, args):
+    def create(self, opts, args):
         slice_hrn = args[0]
         user_cred = self.get_user_cred()
         slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
         rspec_file = self.get_rspec_file(args[1])
-        rspec=open(rspec_file).read()
+        rspec = open(rspec_file).read()
         server = self.slicemgr
         if opts.aggregate:
             aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
@@ -832,7 +832,7 @@ class Sfi:
         user_cred = self.get_user_cred()
         slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
         rspec_file = self.get_rspec_file(rspec_path) 
-        rspec=open(rspec_file).read()
+        rspec = open(rspec_file).read()
         server = self.slicemgr
         if opts.aggregate:
             aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
@@ -854,7 +854,7 @@ class Sfi:
         # use this to get the right slice credential 
         ticket = SfaTicket(filename=ticket_file)
         ticket.decode()
-       slice_hrn=ticket.gidObject.get_hrn()
+       slice_hrn = ticket.gidObject.get_hrn()
         #slice_hrn = ticket.attributes['slivers'][0]['hrn']
         user_cred = self.get_user_cred()
         slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
@@ -872,7 +872,7 @@ class Sfi:
             try:
                 cm_port = "12346" 
                 url = "https://%(hostname)s:%(cm_port)s" % locals() 
-                print "Calling redeem_ticket at %(url)s " % locals(),  
+                print "Calling redeem_ticket at %(url)s " % locals(),
                 cm = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
                 cm.redeem_ticket(slice_cred, ticket.save_to_string(save_parents=True))
                 print "Success"
@@ -885,7 +885,7 @@ class Sfi:
         return
  
     # delete named slice
-    def delete(self,opts, args):
+    def delete(self, opts, args):
         slice_hrn = args[0]
         server = self.slicemgr
         # direct connection to the nodes component manager interface
@@ -896,7 +896,7 @@ class Sfi:
         return server.delete_slice(slice_cred, slice_hrn)
     
     # start named slice
-    def start(self,opts, args):
+    def start(self, opts, args):
         slice_hrn = args[0]
         server = self.slicemgr
         # direct connection to the nodes component manager interface
@@ -907,7 +907,7 @@ class Sfi:
         return server.start_slice(slice_cred, slice_hrn)
     
     # stop named slice
-    def stop(self,opts, args):
+    def stop(self, opts, args):
         slice_hrn = args[0]
         server = self.slicemgr
         # direct connection to the nodes component manager interface
@@ -918,7 +918,7 @@ class Sfi:
         return server.stop_slice(slice_cred, slice_hrn)
     
     # reset named slice
-    def reset(self,opts, args):
+    def reset(self, opts, args):
         slice_hrn = args[0]
         server = self.slicemgr
         # direct connection to the nodes component manager interface
@@ -930,11 +930,11 @@ class Sfi:
 
     # GENI AM related calls
 
-    def GetVersion(self,opts,args):
+    def GetVersion(self, opts, args):
         server = self.geni_am
         print server.GetVersion()
 
-    def ListResources(self,opts,args):
+    def ListResources(self, opts, args):
         user_cred = self.get_user_cred().save_to_string(save_parents=True)
         server = self.geni_am
         call_options = {'geni_compressed': True}
@@ -951,7 +951,7 @@ class Sfi:
         rspec = zlib.decompress(rspec.decode('base64'))
         print rspec
         
-    def CreateSliver(self,opts,args):
+    def CreateSliver(self, opts, args):
         slice_xrn = args[0]
         user_cred = self.get_user_cred()
         slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
@@ -968,11 +968,11 @@ class Sfi:
         self.options = options
    
         if options.hashrequest:
-            self.hashrequest=True
+            self.hashrequest = True
  
         if len(args) <= 0:
             print "No command given. Use -h for help."
-            return -1
+            return - 1
     
         command = args[0]
         (cmd_opts, cmd_args) = self.create_cmd_parser(command).parse_args(args[1:])
@@ -980,12 +980,12 @@ class Sfi:
             print "Registry %s, sm %s, dir %s, user %s, auth %s" % (options.registry, options.sm,
                                                                    options.sfi_dir, options.user,
                                                                    options.auth)
-            print "Command %s" %command
+            print "Command %s" % command
             if command in ("resources"):
-                print "resources cmd_opts %s" %cmd_opts.format
-            elif command in ("list","show","remove"):
-                print "cmd_opts.type %s" %cmd_opts.type
-            print "cmd_args %s" %cmd_args
+                print "resources cmd_opts %s" % cmd_opts.format
+            elif command in ("list", "show", "remove"):
+                print "cmd_opts.type %s" % cmd_opts.type
+            print "cmd_args %s" % cmd_args
     
         self.set_servers()
     
@@ -998,5 +998,5 @@ class Sfi:
     
         return
     
-if __name__=="__main__":
+if __name__ == "__main__":
    Sfi().main()

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 06f490d..1358547 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -5,17 +5,15 @@
 ### $URL$
 #
 
-import time
 
 from sfa.trust.credential import Credential
 from sfa.trust.trustedroot import TrustedRootList
-from sfa.trust.rights import RightList
 from sfa.util.faults import *
 from sfa.trust.hierarchy import Hierarchy
 from sfa.util.config import *
 from sfa.util.namespace import *
-from sfa.trust.gid import GID
 from sfa.util.sfaticket import *
+from sfa.util.sfalogging import logger
 
 class Auth:
     """
@@ -62,7 +60,7 @@ class Auth:
             self.client_cred.verify(self.trusted_cert_file_list)
         else:
            raise MissingTrustedRoots(self.config.get_trustedroots_dir())
-
+       
         return True
 
     def check_ticket(self, ticket):

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index c0d1a07..7089bd5 100644 (file)
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -267,11 +267,16 @@ class Certificate:
 
    def load_from_string(self, string):
        # if it is a chain of multiple certs, then split off the first one and
-       # load it (support for the ---parent--- tag as well as normal chained certs)
-
-       string = string.strip()
+       # load it (support for the ---parent--- tag as well as normal chained certs)       
 
+       string = string.strip()       
+       
+       
+       if not string.startswith('-----'):
+           string = '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----' % string
+           
        parts = []
+       
        if string.count('-----BEGIN CERTIFICATE-----') > 1 and \
               string.count(Certificate.separator) == 0:
            parts = string.split('-----END CERTIFICATE-----',1)
@@ -290,7 +295,7 @@ class Certificate:
    ##
    # Load the certificate from a file
 
-   def load_from_file(self, filename):
+   def load_from_file(self, filename):     
        file = open(filename)
        string = file.read()
        self.load_from_string(string)

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 0b76372..71325b4 100644 (file)
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -7,18 +7,16 @@
 ### $Id$
 ### $URL$
 
-import xmlrpclib
 import os
 import datetime
 from random import randint
 from xml.dom.minidom import Document, parseString
-from lxml import etree
 
 from sfa.trust.credential_legacy import CredentialLegacy
-from sfa.trust.certificate import Certificate
 from sfa.trust.rights import *
 from sfa.trust.gid import *
 from sfa.util.faults import *
+
 from sfa.util.sfalogging import logger
 
 
@@ -95,11 +93,12 @@ def append_sub(doc, parent, element, text):
 #
 
 class Signature(object):
-    refid = None
-    issuer_gid = None
-    xml = None
+
     
     def __init__(self, string=None):
+        self.refid = None
+        self.issuer_gid = None
+        self.xml = None
         if string:
             self.xml = string
             self.decode()
@@ -155,18 +154,7 @@ class Signature(object):
 
 
 class Credential(object):
-    gidCaller = None
-    gidObject = None
-    expiration = None
-    privileges = None
-    issuer_privkey = None
-    issuer_gid = None
-    issuer_pubkey = None
-    parent = None
-    signature = None
-    xml = None
-    refid = None
-    legacy = None
+
 
     ##
     # Create a Credential object
@@ -177,6 +165,19 @@ class Credential(object):
     # @param filename If filename!=None, load the credential from the file
 
     def __init__(self, create=False, subject=None, string=None, filename=None):
+        self.gidCaller = None
+        self.gidObject = None
+        self.expiration = None
+        self.privileges = None
+        self.issuer_privkey = None
+        self.issuer_gid = None
+        self.issuer_pubkey = None
+        self.parent = None
+        self.signature = None
+        self.xml = None
+        self.refid = None
+        self.legacy = None
+
 
         # Check if this is a legacy credential, translate it if so
         if string or filename:
@@ -338,8 +339,6 @@ class Credential(object):
     # you have loaded an existing signed credential, do not call encode() or sign() on it.
 
     def encode(self):
-        p_sigs = None
-
         # Create the XML document
         doc = Document()
         signed_cred = doc.createElement("signed-credential")
@@ -561,9 +560,9 @@ class Credential(object):
             deleg = str2bool(getTextNode(priv, "can_delegate"))
             if kind == '*':
                 # Convert * into the default privileges for the credential's type                
-                _ , type = urn_to_hrn(self.gidObject)
-                rl = rlist.determine_rights(type, urn)
-                for r in rlist.rights:
+                _ , type = urn_to_hrn(self.gidObject.get_urn())
+                rl = rlist.determine_rights(type, self.gidObject.get_urn())
+                for r in rl.rights:
                     rlist.add(r)
             else:
                 rlist.add(Right(kind.strip(), deleg))
@@ -619,10 +618,6 @@ class Credential(object):
         if not self.xml:
             self.decode()        
 
-        # Check for schema conformance
-        
-        
-
         trusted_cert_objects = [GID(filename=f) for f in trusted_certs]
 
         # Use legacy verification if this is a legacy credential
@@ -661,16 +656,13 @@ class Credential(object):
                             % (ref, cert_args, filename)).read()
             if not verified.strip().startswith("OK"):
                 raise CredentialNotVerifiable("xmlsec1 error: " + verified)
-
         os.remove(filename)
 
         # Verify the parents (delegation)
         if self.parent:
             self.verify_parent(self.parent)
-
         # Make sure the issuer is the target's authority
         self.verify_issuer()
-
         return True
 
         
@@ -679,9 +671,9 @@ class Credential(object):
     def verify_issuer(self):        
         target_authority = get_authority(self.get_gid_object().get_urn())
 
+        
         # Find the root credential's signature
         cur_cred = self
-        root_refid = None
         while cur_cred:            
             if cur_cred.parent:
                 cur_cred = cur_cred.parent
@@ -689,10 +681,11 @@ class Credential(object):
                 root_issuer = cur_cred.get_signature().get_issuer_gid().get_urn()
                 cur_cred = None
 
-                
         # Ensure that the signer of the root credential is the target_authority
         target_authority = hrn_to_urn(target_authority, 'authority')
 
+        logger.info( "%s %s" % (root_issuer, target_authority))
+
         if root_issuer != target_authority:
             raise CredentialNotVerifiable("issuer (%s) != authority of target (%s)" \
                                           % (root_issuer, target_authority))
@@ -752,6 +745,6 @@ class Credential(object):
 
 
         if self.parent and dump_parents:
-           print "PARENT",
-           self.parent.dump_parents()
+            print "PARENT",
+            self.parent.dump_parents()
 

diff --git a/sfa/util/namespace.py b/sfa/util/namespace.py
index ebc8146..d2006e5 100644 (file)
--- a/sfa/util/namespace.py
+++ b/sfa/util/namespace.py
@@ -89,7 +89,10 @@ def hrn_to_urn(hrn, type=None):
 
     authority = get_authority(hrn)
     name = get_leaf(hrn)
-    urn = "+".join([unicode(part).replace('.', ':') \
-                    for part in ['',authority,type,name]])
-
+    
+    if authority.startswith("plc"):
+        urn = "+".join(['',authority.replace('.',':'),type,name])
+    else:
+        urn = "+".join(['',authority,type,name])
+        
     return URN_PREFIX + urn