correctly include email in subjectAltName section of user certificates/gids

diff --git a/sfa/importer/plimporter.py b/sfa/importer/plimporter.py
index 94854ae..7994c8c 100644 (file)
--- a/sfa/importer/plimporter.py
+++ b/sfa/importer/plimporter.py
@@ -297,8 +297,7 @@ class PlImporter:
                     plc_keys = keys_by_person_id.get(person['person_id'],[])
                     if not user_record:
                         (pubkey,pkey) = init_person_key (person, plc_keys )
-                        person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey)
-                        person_gid.set_email(person['email'])
+                        person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey, email=person['email'])
                         user_record = RegUser (hrn=person_hrn, gid=person_gid, 
                                                pointer=person['person_id'], 
                                                authority=get_authority(person_hrn),

diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py
index 4f48270..bab4357 100644 (file)
--- a/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@ -66,11 +66,6 @@ def create_uuid():
 
 
 class GID(Certificate):
-    uuid = None
-    hrn = None
-    urn = None
-    email = None # for adding to the SubjectAltName
-
     ##
     # Create a new GID object
     #
@@ -80,9 +75,13 @@ class GID(Certificate):
     # @param filename If filename!=None, load the GID from a file
     # @param lifeDays life of GID in days - default is 1825==5 years
 
-    def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825):
-        
+    def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
+        self.uuid = None
+        self.hrn = None
+        self.urn = None
+        self.email = None # for adding to the SubjectAltName
         Certificate.__init__(self, lifeDays, create, subject, string, filename)
+        
         if subject:
             logger.debug("Creating GID for subject: %s" % subject)
         if uuid:
@@ -93,6 +92,8 @@ class GID(Certificate):
         if urn:
             self.urn = urn
             self.hrn, type = urn_to_hrn(urn)
+        if email:
+            self.set_email(email) 
 
     def set_uuid(self, uuid):
         if isinstance(uuid, str):

diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py
index cf330db..8c2daf2 100644 (file)
--- a/sfa/trust/hierarchy.py
+++ b/sfa/trust/hierarchy.py
@@ -222,7 +222,7 @@ class Hierarchy:
     # @param uuid the unique identifier to store in the GID
     # @param pkey the public key to store in the GID
 
-    def create_gid(self, xrn, uuid, pkey, CA=False):
+    def create_gid(self, xrn, uuid, pkey, CA=False, email=None):
         hrn, type = urn_to_hrn(xrn)
         if not type:
             type = 'authority'
@@ -231,7 +231,7 @@ class Hierarchy:
         # If xrn was a hrn instead of a urn, then the gid's urn will be
         # of type None 
         urn = hrn_to_urn(hrn, type)
-        gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn)
+        gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn, email=email)
         # is this a CA cert
         if hrn == self.config.SFA_INTERFACE_HRN or not parent_hrn:
             # root or sub authority