From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Tue, 19 Oct 2010 11:01:54 +0000 (+0300)
Subject: Merge branch 'master' of ssh://git.onelab.eu/git/sfa
X-Git-Tag: sfa-1.0-5~11
X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=ba2aaa438f939a4b5c697052e37b1c3218901319;hp=06b330f0ee047bdb107e43e82b1d7356c876bc15

Merge branch 'master' of ssh://git.onelab.eu/git/sfa

Conflicts:
	sfa/managers/aggregate_manager_max.py
	sfa/util/xrn.py
---

diff --git a/sfa/managers/aggregate_manager_max.py b/sfa/managers/aggregate_manager_max.py
index 2a46cb5a..e586ffb9 100644
--- a/sfa/managers/aggregate_manager_max.py
+++ b/sfa/managers/aggregate_manager_max.py
@@ -3,7 +3,8 @@
 from sfa.util.rspec import RSpec
 import sys
 import pdb
-from sfa.util.xrn import urn_to_hrn, get_authority
+from sfa.util.xrn import urn_to_hrn, hrn_to_urn, get_authority
+from sfa.util.plxrn import hrn_to_pl_slicename
 from sfa.util.plxrn import hrn_to_pl_slicename
 from sfa.util.rspec import *
 from sfa.util.specdict import *
@@ -147,7 +148,8 @@ def create_slice_max_aggregate(api, hrn, nodes):
     registries = Registries(api)
     registry = registries[api.hrn]
     credential = api.getCredential()
-    records = registry.resolve(credential, hrn)
+    urn = hrn_to_urn(hrn, 'slice')
+    records = registry.Resolve(urn, credential)
     for record in records:
         if record.get_type() in ['slice']:
             slice = record.as_dict()
@@ -164,7 +166,8 @@ def create_slice_max_aggregate(api, hrn, nodes):
         sites = api.plshell.GetSites(api.plauth, [login_base])
         if not sites:
             authority = get_authority(hrn)
-            site_records = registry.resolve(credential, authority)
+            authority_urn = hrn_to_urn(authority, 'authority')
+            site_records = registry.Resolve(authority_urn, credential)
             site_record = {}
             if not site_records:
                 raise RecordNotFound(authority)
@@ -193,7 +196,8 @@ def create_slice_max_aggregate(api, hrn, nodes):
     researchers = record.get('researcher', [])
     for researcher in researchers:
         person_record = {}
-        person_records = registry.resolve(credential, researcher)
+        researcher_urn = hrn_to_urn(researcher, 'user')
+        person_records = registry.Resolve(researcher_urn, credential)
         for record in person_records:
             if record.get_type() in ['user']:
                 person_record = record
diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py
index 3835873a..28f91986 100644
--- a/sfa/managers/registry_manager_pl.py
+++ b/sfa/managers/registry_manager_pl.py
@@ -159,7 +159,7 @@ def list(api, xrn, origin_hrn=None):
     records = []    
     if registry_hrn != api.hrn:
         credential = api.getCredential()
-        record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
+        record_list = registries[registry_hrn].List(xrn, credential)
         records = [SfaRecord(dict=record).as_dict() for record in record_list]
     
     # if we still have not found the record yet, try the local registry
diff --git a/sfa/server/sfa-ca.py b/sfa/server/sfa-ca.py
index c76b9857..ad2488f0 100755
--- a/sfa/server/sfa-ca.py
+++ b/sfa/server/sfa-ca.py
@@ -1,8 +1,20 @@
 #!/usr/bin/python
 
 #
-# SFA Certificate Signing and management 
-#   
+# SFA Certificate Signing and management. Root authorities can use this script to sign
+# the certificate of another authority and become its parent.     
+# 
+# Example usage: 
+#
+## sign a peer cert
+# sfa-ca.py --sign PEER_CERT_FILENAME -o OUTPUT_FILENAME 
+#
+## import a cert and update the registry hierarchy
+# sfa-ca.py --import CERT_FILENAME   
+#
+## display a cert
+# sfa-ca.py --display CERT_FILENAME
+
 
 import os
 import sys
@@ -64,6 +76,8 @@ def display(options):
 def sign_gid(gid, parent_key, parent_gid):
     gid.set_issuer(parent_key, parent_gid.get_hrn())
     gid.set_parent(parent_gid)
+    gid.set_intermediate_ca(True)
+    gid.set_pubkey(gid.get_pubkey())
     gid.sign()
     return gid 
 
diff --git a/sfa/util/xrn.py b/sfa/util/xrn.py
index eb0d39e4..a503e713 100644
--- a/sfa/util/xrn.py
+++ b/sfa/util/xrn.py
@@ -61,6 +61,7 @@ class Xrn:
     # self.path
     # provide either urn, or (hrn + type)
     def __init__ (self, xrn=None, urn=None, hrn=None, type=None):
+        # user has specified xrn : guess if urn or hrn
         if xrn is not None:
             if xrn.startswith(Xrn.URN_PREFIX):
                 self.urn=xrn
@@ -69,13 +70,16 @@ class Xrn:
                 self.hrn=xrn
                 self.type=type
                 self.hrn_to_urn()
+        # user has specified urn, let's use it
         elif urn is not None: 
             self.urn=urn
             self.urn_to_hrn()
+        # user has specified hrn and type
         elif hrn is not None and type is not None: 
             self.hrn=hrn
             self.type=type
             self.hrn_to_urn()
+        # what should we do ?
         else:
             raise SfaAPIError,"Xrn.__init__"
 # happens all the time ..