From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Fri, 13 Jan 2017 12:14:17 +0000 (+0100)
Subject: Merge branch 'geni-v3' into pep8
X-Git-Tag: sfa-3.1-21~4
X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=0a9902d2a55a0a9ac03601345c4284293669012b

Merge branch 'geni-v3' into pep8

* geni-v3:
  more, and more legible, debug messages in the cert verification area
  sfax509 will run openssl x509 on all parts of a gid
  ignore html and pdf files when doing stuff like make tags
  bugfix in sfi when running the discover subcommand

# Conflicts:
#	sfa/trust/certificate.py
#	sfa/trust/gid.py
---

0a9902d2a55a0a9ac03601345c4284293669012b
diff --cc clientbin/sfadump.py
index 4a9316d9,d325bdd1..c87d1935
--- a/clientbin/sfadump.py
+++ b/clientbin/sfadump.py
@@@ -1,9 -1,7 +1,8 @@@
  #! /usr/bin/env python
- from __future__ import with_statement
  
  import sys
 -import os, os.path
 +import os
 +import os.path
  import tempfile
  from argparse import ArgumentParser
  
diff --cc sfa/client/sfi.py
index c32669c9,bfff3d3f..b94dcf62
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@@ -1261,10 -1186,9 +1261,10 @@@ use this if you mean an authority inste
  
          server = self.sliceapi()
          # set creds
-         creds = [self.my_credential]
+         creds = [self.my_credential_string]
          if options.delegate:
 -            creds.append(self.delegate_cred(cred, get_authority(self.authority)))
 +            creds.append(self.delegate_cred(
 +                cred, get_authority(self.authority)))
          if options.show_credential:
              show_credentials(creds)
  
diff --cc sfa/trust/certificate.py
index 55d46d3f,5c0a2785..9e0f82b8
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@@ -809,9 -809,12 +831,12 @@@ class Certificate
                      if debug_verify_chain:
                          logger.debug("verify_chain: NO. Cert {} is signed by trusted_cert {}, "
                                       "but that signer is expired..."
 -                                     .format(self.pretty_name(),trusted_cert.pretty_name()))
 +                                     .format(self.pretty_cert(), trusted_cert.pretty_cert()))
                      raise CertExpired("{} signer trusted_cert {}"
-                                       .format(self.pretty_cert(), trusted_cert.pretty_cert()))
+                                       .format(self.pretty_name(), trusted_cert.pretty_name()))
+             else:
+                 logger.debug("verify_chain: not a direct descendant of a trusted root".
+                              format(self.pretty_name(), trusted_cert))
  
          # if there is no parent, then no way to verify the chain
          if not self.parent:
diff --cc sfa/trust/gid.py
index b4900603,ad991c12..5d7ce578
--- a/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@@ -231,10 -230,11 +231,11 @@@ class GID(Certificate)
      # for a principal that is not a member of that authority. For example,
      # planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
  
 -    def verify_chain(self, trusted_certs = None):
 +    def verify_chain(self, trusted_certs=None):
+         logger.debug("GID.verify_chain with {} trusted certs".format(len(trusted_certs)))
          # do the normal certificate verification stuff
 -        trusted_root = Certificate.verify_chain(self, trusted_certs)        
 -       
 +        trusted_root = Certificate.verify_chain(self, trusted_certs)
 +
          if self.parent:
              # make sure the parent's hrn is a prefix of the child's hrn
              if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):