self.api.auth.check(cred, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # Is this a root or sub authority
+ if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.api.auth.get_auth_info(auth_hrn)
table = self.api.auth.get_auth_table(auth_hrn)
@return string representation of a credential object
"""
self.api.auth.verify_object_belongs_to_me(hrn)
-
auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # is this a root or sub authority
+ if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
+
auth_info = self.api.auth.get_auth_info(auth_hrn)
# find a record that matches
from sfa.trust.rights import *
from sfa.trust.credential import *
from sfa.util.misc import *
-
from sfa.util.sfalogging import *
# See "2.2 Characters" in the XML specification:
hrn = self.hrn
auth_hrn = self.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # is this a root or sub authority
+ if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.auth.get_auth_info(auth_hrn)
table = self.auth.get_auth_table(auth_hrn)
level1_auth = None
print "Import: creating top level authorities"
- sfaImporter.create_top_level_auth_records(root_auth)
- if level1_auth:
+ if not level1_auth:
+ sfaImporter.create_top_level_auth_records(root_auth)
+ import_auth = root_auth
+ else:
if not AuthHierarchy.auth_exists(level1_auth):
AuthHierarchy.create_auth(level1_auth)
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
- else:
- import_auth = root_auth
- print "Import: adding", root_auth, "to trusted list"
- root = AuthHierarchy.get_auth_info(root_auth)
- TrustedRoots.add_gid(root.get_gid_object())
+ print "Import: adding", import_auth, "to trusted list"
+ authority = AuthHierarchy.get_auth_info(import_auth)
+ TrustedRoots.add_gid(authority.get_gid_object())
sites = shell.GetSites(plc_auth, {'peer_id': None})
# create a fake internet2 site first
def create_top_level_auth_records(self, hrn):
AuthHierarchy = self.AuthHierarchy
- # if root doesnt exist, create it
+ # if auth records for this hrn dont exist, create it
if not AuthHierarchy.auth_exists(hrn):
AuthHierarchy.create_auth(hrn)
- # get the parent hrn
- parent_hrn = get_authority(hrn)
- if not parent_hrn:
- parent_hrn = hrn
# get the auth info of the newly created root auth (parent)
# or level1_auth if it exists
- auth_info = AuthHierarchy.get_auth_info(parent_hrn)
if self.level1_auth:
auth_info = AuthHierarchy.get_auth_info(hrn)
+ parent_hrn = hrn
+ else:
+ parent_hrn = get_authority(hrn)
+ if not parent_hrn:
+ parent_hrn = hrn
+ auth_info = AuthHierarchy.get_auth_info(parent_hrn)
+
table = self.get_auth_table(parent_hrn)
auth_record = table.resolve("authority", hrn)
@param name human readable name of object
"""
auth_name = self.get_authority(name)
- if not auth_name:
+ if not auth_name or name == self.config.SFA_INTERFACE_HRN:
# the root authority belongs to the registry by default?
# TODO: is this true?
return
def __init__(self, basedir = None):
if not basedir:
- config = Config()
- basedir = os.path.join(config.SFA_BASE_DIR, "authorities")
+ self.config = Config()
+ basedir = os.path.join(self.config.SFA_BASE_DIR, "authorities")
self.basedir = basedir
##
# Given a hrn, return the filenames of the GID, private key, and dbinfo
gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
parent_hrn = get_authority(hrn)
- if not parent_hrn:
+ if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, hrn)
cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
- if not parent_hrn:
+ if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer(auth_info.get_pkey_object(), hrn)