From: Thierry Parmentelat Date: Tue, 14 Apr 2015 09:27:51 +0000 (+0200) Subject: rename get_summary_tostring into pretty_cred X-Git-Tag: sfa-3.1-15~13 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=27e30f7854884928bd4850afa3c6ce5c7f93f7f4 rename get_summary_tostring into pretty_cred --- diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 6f5f64df..3699d555 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -96,14 +96,14 @@ def filter_records(type, records): def credential_printable (cred): - credential=Credential(cred=cred) + credential = Credential(cred=cred) result="" - result += credential.get_summary_tostring() + result += credential.pretty_cred() result += "\n" rights = credential.get_privileges() result += "type=%s\n" % credential.type result += "version=%s\n" % credential.version - result += "rights=%s\n"%rights + result += "rights=%s\n" % rights return result def show_credentials (cred_s): diff --git a/sfa/trust/abac_credential.py b/sfa/trust/abac_credential.py index 407f405f..f454d18a 100644 --- a/sfa/trust/abac_credential.py +++ b/sfa/trust/abac_credential.py @@ -185,7 +185,7 @@ class ABACCredential(Credential): # sounds like this should be __repr__ instead ?? # Produce the ABAC assertion. Something like [ABAC cred: Me.role<-You] or similar - def get_summary_tostring(self): + def pretty_cred(self): result = "[ABAC cred: " + str(self.get_head()) for tail in self.get_tails(): result += "<-%s" % str(tail) diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 2120a80d..2c5a4470 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -136,7 +136,7 @@ class Auth: cred = Credential(cred=credential) self.client_cred = cred logger.debug("Auth.check: handling hrn=%s and credential=%s"%\ - (hrn,cred.get_summary_tostring())) + (hrn,cred.pretty_cred())) if cred.type not in ['geni_sfa']: raise CredentialNotVerifiable(cred.type, "%s not supported" % cred.type) diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py index 4e9fa29c..cb1d95b4 100644 --- a/sfa/trust/certificate.py +++ b/sfa/trust/certificate.py @@ -761,9 +761,9 @@ class Certificate: ### more introspection def get_extensions(self): # pyOpenSSL does not have a way to get extensions - triples=[] + triples = [] m2x509 = X509.load_cert_string(self.save_to_string()) - nb_extensions=m2x509.get_ext_count() + nb_extensions = m2x509.get_ext_count() logger.debug("X509 had %d extensions"%nb_extensions) for i in range(nb_extensions): ext=m2x509.get_ext_at(i) @@ -774,7 +774,7 @@ class Certificate: return self.data.keys() def get_all_datas (self): - triples=self.get_extensions() + triples = self.get_extensions() for name in self.get_data_names(): triples.append( (name,self.get_data(name),'data',) ) return triples @@ -793,9 +793,9 @@ class Certificate: filename=self.get_filename() if filename: result += "Filename %s\n"%filename if show_extensions: - all_datas=self.get_all_datas() + all_datas = self.get_all_datas() result += " has %d extensions/data attached"%len(all_datas) - for (n,v,c) in all_datas: + for (n, v, c) in all_datas: if c=='data': result += " data: %s=%s\n"%(n,v) else: diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index 109a5290..cda6a09a 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -293,14 +293,14 @@ class Credential(object): return subject # sounds like this should be __repr__ instead ?? - def get_summary_tostring(self): + def pretty_cred(self): if not self.gidObject: self.decode() obj = self.gidObject.get_printable_subject() caller = self.gidCaller.get_printable_subject() exp = self.get_expiration() # Summarize the rights too? The issuer? - return "[ Grant %s rights on %s until %s ]" % (caller, obj, exp) + return "[ Grant {caller} rights on {obj} until {exp} ]".format(**locals()) def get_signature(self): if not self.signature: @@ -776,7 +776,7 @@ class Credential(object): xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error - message = "%s: %s (line %s)" % (self.get_summary_tostring(), error.message, error.line) + message = "%s: %s (line %s)" % (self.pretty_cred(), error.message, error.line) raise CredentialNotVerifiable(message) if trusted_certs_required and trusted_certs is None: @@ -801,7 +801,7 @@ class Credential(object): # make sure it is not expired if self.get_expiration() < datetime.datetime.utcnow(): raise CredentialNotVerifiable("Credential %s expired at %s" % \ - (self.get_summary_tostring(), + (self.pretty_cred(), self.expiration.strftime(SFATIME_FORMAT))) # Verify the signatures @@ -856,7 +856,7 @@ class Credential(object): msg = verified[mstart:mend] logger.warning("Credential.verify - failed - xmlsec1 returned {}".format(verified.strip())) raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s" % \ - (self.get_summary_tostring(), ref, msg)) + (self.pretty_cred(), ref, msg)) os.remove(filename) # Verify the parents (delegation) @@ -983,13 +983,13 @@ class Credential(object): # make sure my expiry time is <= my parent's if not parent_cred.get_expiration() >= self.get_expiration(): raise CredentialNotVerifiable("Delegated credential %s expires after parent %s" % \ - (self.get_summary_tostring(), parent_cred.get_summary_tostring())) + (self.pretty_cred(), parent_cred.pretty_cred())) # make sure my signer is the parent's caller if not parent_cred.get_gid_caller().save_to_string(False) == \ self.get_signature().get_issuer_gid().save_to_string(False): raise CredentialNotVerifiable("Delegated credential %s not signed by parent %s's caller" % \ - (self.get_summary_tostring(), parent_cred.get_summary_tostring())) + (self.pretty_cred(), parent_cred.pretty_cred())) # Recurse if parent_cred.parent: @@ -1052,7 +1052,8 @@ class Credential(object): # else this looks like a delegated credential, and the real caller is the issuer else: actual_caller_hrn=issuer_hrn - logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"%(caller_hrn,issuer_hrn,actual_caller_hrn)) + logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s" + %(caller_hrn,issuer_hrn,actual_caller_hrn)) return actual_caller_hrn ## diff --git a/sfa/trust/gid.py b/sfa/trust/gid.py index 6f39989c..1835418e 100644 --- a/sfa/trust/gid.py +++ b/sfa/trust/gid.py @@ -76,7 +76,8 @@ class GID(Certificate): # @param lifeDays life of GID in days - default is 1825==5 years # @param email Email address to put in subjectAltName - default is None - def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): + def __init__(self, create=False, subject=None, string=None, filename=None, + uuid=None, hrn=None, urn=None, lifeDays=1825, email=None): self.uuid = None self.hrn = None self.urn = None diff --git a/sfa/trust/speaksfor_util.py b/sfa/trust/speaksfor_util.py index 2c56a47c..eaeecf0f 100644 --- a/sfa/trust/speaksfor_util.py +++ b/sfa/trust/speaksfor_util.py @@ -131,26 +131,26 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, # Credential has not expired if cred.expiration and cred.expiration < datetime.datetime.utcnow(): - return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring()) + return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.pretty_cred()) # Must be ABAC if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE: return False, None, "Credential not of type ABAC but %s" % cred.get_cred_type if cred.signature is None or cred.signature.gid is None: - return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.get_summary_tostring() + return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.pretty_cred() user_gid = cred.signature.gid user_urn = user_gid.get_urn() # URN of signer from cert must match URN of 'speaking-for' argument if user_urn != speaking_for_urn: return False, None, "User URN from cred doesn't match speaking_for URN: %s != %s (cred %s)" % \ - (user_urn, speaking_for_urn, cred.get_summary_tostring()) + (user_urn, speaking_for_urn, cred.pretty_cred()) tails = cred.get_tails() if len(tails) != 1: return False, None, "Invalid ABAC-SF credential: Need exactly 1 tail element, got %d (%s)" % \ - (len(tails), cred.get_summary_tostring()) + (len(tails), cred.pretty_cred()) user_keyid = get_cert_keyid(user_gid) tool_keyid = get_cert_keyid(tool_gid) @@ -188,7 +188,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, if user_keyid != principal_keyid or \ tool_keyid != subject_keyid or \ role != ('speaks_for_%s' % user_keyid): - return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.get_summary_tostring() + return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.pretty_cred() # If schema provided, validate against schema if HAVELXML and schema and os.path.exists(schema): @@ -198,7 +198,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn, xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error - message = "%s: %s (line %s)" % (cred.get_summary_tostring(), error.message, error.line) + message = "%s: %s (line %s)" % (cred.pretty_cred(), error.message, error.line) return False, None, ("XML Credential schema invalid: %s" % message) if trusted_roots: @@ -252,7 +252,7 @@ def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trus if not isinstance(cred_value, ABACCredential): cred = CredentialFactory.createCred(cred_value) -# print "Got a cred to check speaksfor for: %s" % cred.get_summary_tostring() +# print "Got a cred to check speaksfor for: %s" % cred.pretty_cred() # #cred.dump(True, True) # print "Caller: %s" % caller_gid.dump_string(2, True) # See if this is a valid speaks_for @@ -304,7 +304,7 @@ def create_sign_abaccred(tool_gid, user_gid, ma_gid, user_key_file, cred_filenam # Save it cred.save_to_file(cred_filename) print "Created ABAC credential: '%s' in file %s" % \ - (cred.get_summary_tostring(), cred_filename) + (cred.pretty_cred(), cred_filename) # FIXME: Assumes xmlsec1 is on path # FIXME: Assumes signer is itself signed by an 'ma_gid' that can be trusted