def register(api, record):
hrn, type = record['hrn'], record['type']
-
+ urn = hrn_to_urn(hrn,type)
# validate the type
if type not in ['authority', 'slice', 'node', 'user']:
raise UnknownSfaType(type)
pub_key = record['key']
pkey = convert_public_key(pub_key)
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
if type in ["authority"]:
# update the tree
if not api.auth.hierarchy.auth_exists(hrn):
- api.auth.hierarchy.create_auth(hrn)
+ api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
new_record = SfaRecord(dict = record_dict)
type = new_record['type']
hrn = new_record['hrn']
+ urn = hrn_to_urn(hrn,type)
api.auth.verify_object_permission(hrn)
table = SfaTable()
# make sure the record exists
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record = SfaRecord(dict=record)
import_auth = root_auth
else:
if not AuthHierarchy.auth_exists(level1_auth):
- AuthHierarchy.create_auth(level1_auth)
+ AuthHierarchy.create_auth(hrn_to_urn(level1_auth,'authority'))
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
import M2Crypto
from M2Crypto import X509
from tempfile import mkstemp
+from sfa.util.sfalogging import logger
from sfa.util.faults import *
refs.append("Sig_%s" % ref)
for ref in refs:
+ logger.info('%s --verify --node-id "%s" %s %s 2>&1' \
+ % (self.xmlsec_path, ref, cert_args, filename))
verified = os.popen('%s --verify --node-id "%s" %s %s 2>&1' \
% (self.xmlsec_path, ref, cert_args, filename)).read()
if not verified.strip().startswith("OK"):
def verify_chain(self, trusted_certs = None):
# do the normal certificate verification stuff
- Certificate.verify_chain(self, trusted_certs)
-
+ Certificate.verify_chain(self, trusted_certs)
if self.parent:
# make sure the parent's hrn is a prefix of the child's hrn
if not self.get_hrn().startswith(self.parent.get_hrn()):
raise GidParentHrn(self.parent.get_subject())
+
return
# create the parent authority if necessary
parent_hrn = get_authority(hrn)
- if (parent_hrn) and (not self.auth_exists(parent_hrn)) and (create_parents):
- self.create_auth(parent_hrn, create_parents)
+ parent_urn = hrn_to_urn(parent_hrn, 'authority')
+ if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents):
+ self.create_auth(parent_urn, create_parents)
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
self.get_auth_filenames(hrn)