rename get_summary_tostring into pretty_cred
Thierry Parmentelat [Tue, 14 Apr 2015 09:27:51 +0000 (11:27 +0200)]
sfa/client/sfi.py
sfa/trust/abac_credential.py
sfa/trust/auth.py
sfa/trust/certificate.py
sfa/trust/credential.py
sfa/trust/gid.py
sfa/trust/speaksfor_util.py

index 6f5f64d..3699d55 100644 (file)
@@ -96,14 +96,14 @@ def filter_records(type, records):
 
 
 def credential_printable (cred):
-    credential=Credential(cred=cred)
+    credential = Credential(cred=cred)
     result=""
-    result += credential.get_summary_tostring()
+    result += credential.pretty_cred()
     result += "\n"
     rights = credential.get_privileges()
     result += "type=%s\n" % credential.type    
     result += "version=%s\n" % credential.version    
-    result += "rights=%s\n"%rights
+    result += "rights=%s\n" % rights
     return result
 
 def show_credentials (cred_s):
index 407f405..f454d18 100644 (file)
@@ -185,7 +185,7 @@ class ABACCredential(Credential):
 
     # sounds like this should be __repr__ instead ??
     # Produce the ABAC assertion. Something like [ABAC cred: Me.role<-You] or similar
-    def get_summary_tostring(self):
+    def pretty_cred(self):
         result = "[ABAC cred: " + str(self.get_head())
         for tail in self.get_tails():
             result += "<-%s" % str(tail)
index 2120a80..2c5a447 100644 (file)
@@ -136,7 +136,7 @@ class Auth:
         cred = Credential(cred=credential)    
         self.client_cred = cred
         logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
-                         (hrn,cred.get_summary_tostring()))
+                         (hrn,cred.pretty_cred()))
 
         if cred.type not in ['geni_sfa']:
             raise CredentialNotVerifiable(cred.type, "%s not supported" % cred.type)
index 4e9fa29..cb1d95b 100644 (file)
@@ -761,9 +761,9 @@ class Certificate:
     ### more introspection
     def get_extensions(self):
         # pyOpenSSL does not have a way to get extensions
-        triples=[]
+        triples = []
         m2x509 = X509.load_cert_string(self.save_to_string())
-        nb_extensions=m2x509.get_ext_count()
+        nb_extensions = m2x509.get_ext_count()
         logger.debug("X509 had %d extensions"%nb_extensions)
         for i in range(nb_extensions):
             ext=m2x509.get_ext_at(i)
@@ -774,7 +774,7 @@ class Certificate:
         return self.data.keys()
 
     def get_all_datas (self):
-        triples=self.get_extensions()
+        triples = self.get_extensions()
         for name in self.get_data_names():
             triples.append( (name,self.get_data(name),'data',) )
         return triples
@@ -793,9 +793,9 @@ class Certificate:
         filename=self.get_filename()
         if filename: result += "Filename %s\n"%filename
         if show_extensions:
-            all_datas=self.get_all_datas()
+            all_datas = self.get_all_datas()
             result += " has %d extensions/data attached"%len(all_datas)
-            for (n,v,c) in all_datas:
+            for (n, v, c) in all_datas:
                 if c=='data':
                     result += "   data: %s=%s\n"%(n,v)
                 else:
index 109a529..cda6a09 100644 (file)
@@ -293,14 +293,14 @@ class Credential(object):
         return subject
 
     # sounds like this should be __repr__ instead ??
-    def get_summary_tostring(self):
+    def pretty_cred(self):
         if not self.gidObject:
             self.decode()
         obj = self.gidObject.get_printable_subject()
         caller = self.gidCaller.get_printable_subject()
         exp = self.get_expiration()
         # Summarize the rights too? The issuer?
-        return "[ Grant %s rights on %s until %s ]" % (caller, obj, exp)
+        return "[ Grant {caller} rights on {obj} until {exp} ]".format(**locals())
 
     def get_signature(self):
         if not self.signature:
@@ -776,7 +776,7 @@ class Credential(object):
                 xmlschema = etree.XMLSchema(schema_doc)
                 if not xmlschema.validate(tree):
                     error = xmlschema.error_log.last_error
-                    message = "%s: %s (line %s)" % (self.get_summary_tostring(), error.message, error.line)
+                    message = "%s: %s (line %s)" % (self.pretty_cred(), error.message, error.line)
                     raise CredentialNotVerifiable(message)
 
         if trusted_certs_required and trusted_certs is None:
@@ -801,7 +801,7 @@ class Credential(object):
         # make sure it is not expired
         if self.get_expiration() < datetime.datetime.utcnow():
             raise CredentialNotVerifiable("Credential %s expired at %s" % \
-                                          (self.get_summary_tostring(),
+                                          (self.pretty_cred(),
                                            self.expiration.strftime(SFATIME_FORMAT)))
 
         # Verify the signatures
@@ -856,7 +856,7 @@ class Credential(object):
                     msg = verified[mstart:mend]
                 logger.warning("Credential.verify - failed - xmlsec1 returned {}".format(verified.strip()))
                 raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s" % \
-                                              (self.get_summary_tostring(), ref, msg))
+                                              (self.pretty_cred(), ref, msg))
         os.remove(filename)
 
         # Verify the parents (delegation)
@@ -983,13 +983,13 @@ class Credential(object):
         # make sure my expiry time is <= my parent's
         if not parent_cred.get_expiration() >= self.get_expiration():
             raise CredentialNotVerifiable("Delegated credential %s expires after parent %s" % \
-                                          (self.get_summary_tostring(), parent_cred.get_summary_tostring()))
+                                          (self.pretty_cred(), parent_cred.pretty_cred()))
 
         # make sure my signer is the parent's caller
         if not parent_cred.get_gid_caller().save_to_string(False) == \
            self.get_signature().get_issuer_gid().save_to_string(False):
             raise CredentialNotVerifiable("Delegated credential %s not signed by parent %s's caller" % \
-                                          (self.get_summary_tostring(), parent_cred.get_summary_tostring()))
+                                          (self.pretty_cred(), parent_cred.pretty_cred()))
                 
         # Recurse
         if parent_cred.parent:
@@ -1052,7 +1052,8 @@ class Credential(object):
         # else this looks like a delegated credential, and the real caller is the issuer
         else:
             actual_caller_hrn=issuer_hrn
-        logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"%(caller_hrn,issuer_hrn,actual_caller_hrn))
+        logger.info("actual_caller_hrn: caller_hrn=%s, issuer_hrn=%s, returning %s"
+                    %(caller_hrn,issuer_hrn,actual_caller_hrn))
         return actual_caller_hrn
             
     ##
index 6f39989..1835418 100644 (file)
@@ -76,7 +76,8 @@ class GID(Certificate):
     # @param lifeDays life of GID in days - default is 1825==5 years
     # @param email Email address to put in subjectAltName - default is None
 
-    def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
+    def __init__(self, create=False, subject=None, string=None, filename=None,
+                 uuid=None, hrn=None, urn=None, lifeDays=1825, email=None):
         self.uuid = None
         self.hrn = None
         self.urn = None
index 2c56a47..eaeecf0 100644 (file)
@@ -131,26 +131,26 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
 
     # Credential has not expired
     if cred.expiration and cred.expiration < datetime.datetime.utcnow():
-        return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring())
+        return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.pretty_cred())
 
     # Must be ABAC
     if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE:
         return False, None, "Credential not of type ABAC but %s" % cred.get_cred_type
 
     if cred.signature is None or cred.signature.gid is None:
-        return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.get_summary_tostring()
+        return False, None, "Credential malformed: missing signature or signer cert. Cred: %s" % cred.pretty_cred()
     user_gid = cred.signature.gid
     user_urn = user_gid.get_urn()
 
     # URN of signer from cert must match URN of 'speaking-for' argument
     if user_urn != speaking_for_urn:
         return False, None, "User URN from cred doesn't match speaking_for URN: %s != %s (cred %s)" % \
-            (user_urn, speaking_for_urn, cred.get_summary_tostring())
+            (user_urn, speaking_for_urn, cred.pretty_cred())
 
     tails = cred.get_tails()
     if len(tails) != 1: 
         return False, None, "Invalid ABAC-SF credential: Need exactly 1 tail element, got %d (%s)" % \
-            (len(tails), cred.get_summary_tostring())
+            (len(tails), cred.pretty_cred())
 
     user_keyid = get_cert_keyid(user_gid)
     tool_keyid = get_cert_keyid(tool_gid)
@@ -188,7 +188,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
     if user_keyid != principal_keyid or \
             tool_keyid != subject_keyid or \
             role != ('speaks_for_%s' % user_keyid):
-        return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.get_summary_tostring()
+        return False, None, "ABAC statement doesn't assert U.speaks_for(U)<-T (%s)" % cred.pretty_cred()
 
     # If schema provided, validate against schema
     if HAVELXML and schema and os.path.exists(schema):
@@ -198,7 +198,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
         xmlschema = etree.XMLSchema(schema_doc)
         if not xmlschema.validate(tree):
             error = xmlschema.error_log.last_error
-            message = "%s: %s (line %s)" % (cred.get_summary_tostring(), error.message, error.line)
+            message = "%s: %s (line %s)" % (cred.pretty_cred(), error.message, error.line)
             return False, None, ("XML Credential schema invalid: %s" % message)
 
     if trusted_roots:
@@ -252,7 +252,7 @@ def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trus
             if not isinstance(cred_value, ABACCredential):
                 cred = CredentialFactory.createCred(cred_value)
 
-#            print "Got a cred to check speaksfor for: %s" % cred.get_summary_tostring()
+#            print "Got a cred to check speaksfor for: %s" % cred.pretty_cred()
 #            #cred.dump(True, True)
 #            print "Caller: %s" % caller_gid.dump_string(2, True)
             # See if this is a valid speaks_for
@@ -304,7 +304,7 @@ def create_sign_abaccred(tool_gid, user_gid, ma_gid, user_key_file, cred_filenam
     # Save it
     cred.save_to_file(cred_filename)
     print "Created ABAC credential: '%s' in file %s" % \
-            (cred.get_summary_tostring(), cred_filename)
+            (cred.pretty_cred(), cred_filename)
 
 # FIXME: Assumes xmlsec1 is on path
 # FIXME: Assumes signer is itself signed by an 'ma_gid' that can be trusted