Commit 46e16fab authored by Leigh Stoller's avatar Leigh Stoller

Continue switch to URNs, further deprecating UUIDs. Add urn argument

to all of the API functions, and prefer that to any UUID argument.
There are a lot of little changes.

At this point, the CH and SA will no longer accept certificates that
do not have URNs in them. The CH will send email to the email address
listed in the certificate.
parent ee615600
......@@ -26,6 +26,7 @@ use emutil qw(TBGetUniqueIndex);
use English;
use overload ('""' => 'Stringify');
use XML::Simple;
use Date::Parse;
# Configure variables
my $TB = "@prefix@";
......@@ -63,11 +64,6 @@ sub Lookup($$)
elsif ($token =~ /^\w+\-\w+\-\w+\-\w+\-\w+$/) {
$uuid = $token;
}
elsif ($token =~ /^P([\w]+)$/) {
# Only SAs are looked up this way.
# This will be flushed after URNs are fully pushed out.
return GeniAuthority->LookupByPrefix($1);
}
elsif ($token =~ /^[\w\.]*$/) {
$query_result =
DBQueryWarn("select uuid from geni_authorities ".
......@@ -180,6 +176,22 @@ sub version($) { return field($_[0], "version"); }
sub cert($) { return $_[0]->{'CERT'}->cert(); }
sub GetCertificate($) { return $_[0]->{'CERT'}; }
#
# Expired?
#
sub IsExpired($)
{
my ($self) = @_;
my $expires = $self->expires();
return 1
if (!defined($expires) || $expires eq "");
my $when = strptime($expires);
return ($when < time());
}
#
# Delete from the DB.
#
......@@ -205,36 +217,39 @@ sub Delete($)
}
#
# Check to see if there is an existing authority with the same prefix.
# Check to see if there is an existing authority with the same urn.
#
sub CheckExisting($$$$)
sub CheckExisting($$)
{
my ($class, $type, $uuid, $hrn) = @_;
my ($class, $certificate) = @_;
my $urn = $certificate->urn();
my ($prefix) = ($uuid =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/);
$type = lc($type);
my (undef, undef, $type) = GeniHRN::Parse($urn);
return -1
if (!defined($type));
my $safe_urn = DBQuoteSpecial($urn);
my $query_result =
DBQueryWarn("select uuid,type from geni_authorities ".
"where uuid_prefix='$prefix'");
DBQueryWarn("select urn,type from geni_authorities ".
"where urn=$safe_urn");
return -1
if (!$query_result);
return 0
if (!$query_result->numrows);
while (my ($DBuuid,$DBtype) = $query_result->fetchrow_array()) {
while (my ($DBurn,$DBtype) = $query_result->fetchrow_array()) {
# Look for an exact match, which means its just a replacement.
next
if ($uuid eq $DBuuid && $type eq $DBtype);
if ($urn eq $DBurn && $type eq $DBtype);
# Same uuid, different type.
# Same urn, different type.
return 1
if ($uuid eq $DBuuid && $type ne $DBtype);
if ($urn eq $DBurn && $type ne $DBtype);
# Different uuid, same type.
# Different urn, same type.
return 1
if ($uuid ne $DBuuid && $type eq $DBtype);
if ($urn ne $DBurn && $type eq $DBtype);
}
return 0;
}
......@@ -312,56 +327,20 @@ sub Version($)
}
#
# Does the uuid prefix match.
# Check that the authority is the issuer of the given certificate.
# This check is not quite complete yet.
#
sub PrefixMatch($$)
sub CheckValidIssuer($$)
{
my ($self, $uuid) = @_;
my ($self, $certificate) = @_;
my ($hisauthority, undef, undef) = GeniHRN::Parse($self->urn());
my ($herauthority, undef, undef) = GeniHRN::Parse($certificate->urn());
return 0
if (!ref($self));
my $uuid_prefix = $self->uuid_prefix();
if ($uuid =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/) {
return 1
if ("$uuid_prefix" eq "$1");
}
return 0;
}
#
# Find an authority by looking for the prefix. This will eventually go
# away when we fully switch to URNs
#
# Note tha only SAs are looked up this way.
#
sub LookupByPrefix($$)
{
my ($class, $uuid) = @_;
my $prefix;
if ($uuid =~ /^\w+\-\w+\-\w+\-\w+\-(\w+)$/) {
$prefix = $1;
}
elsif ($uuid =~ /^(\w+)$/) {
$prefix = $1;
}
else {
print STDERR "Could no parse uuid for prefix\n";
return undef;
}
my $query_result =
DBQueryWarn("select uuid from geni_authorities ".
"where uuid_prefix='$prefix' and type='sa'");
return undef
if (! $query_result || !$query_result->numrows);
($uuid) = $query_result->fetchrow_array();
if (! (defined($hisauthority) && defined($herauthority) &&
$hisauthority eq $herauthority));
return GeniAuthority->Lookup($uuid);
return 1;
}
#
......
This diff is collapsed.
......@@ -167,7 +167,7 @@ sub Resolve($)
# In this implementation, the caller must hold a valid slice
# credential for the slice being looked up.
#
if (! ($admin || $slice->uuid() eq $credential->target_uuid())) {
if (! ($admin || $slice->urn() eq $credential->target_urn())) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN());
}
# Return a blob.
......@@ -191,7 +191,7 @@ sub Resolve($)
# or sliver credential for the slice being looked up.
#
if (! ($admin ||
$sliver->uuid() eq $credential->target_uuid() ||
$sliver->urn() eq $credential->target_urn() ||
$sliver->slice_uuid() eq $credential->target_uuid())) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN);
}
......@@ -212,18 +212,18 @@ sub Resolve($)
# In this implementation, the caller must hold a valid slice
# or sliver credential to get the ticket.
#
my $slice = GeniSlice->Lookup($ticket->slice_uuid());
my $slice = GeniSlice->Lookup($ticket->slice_urn());
if (!defined($slice)) {
print STDERR "Could not find slice for $ticket\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
if (! ($admin || $slice->uuid() eq $credential->target_uuid())) {
if (! ($admin || $slice->urn() eq $credential->target_urn())) {
#
# See if its the sliver credential.
#
my $aggregate = GeniAggregate->SliceAggregate($slice);
if (!defined($aggregate) ||
$aggregate->uuid() ne $credential->target_uuid()) {
$aggregate->urn() ne $credential->target_urn()) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN());
}
}
......@@ -318,7 +318,7 @@ sub CreateSliver($)
# up by the daemon. This is mostly cause I am reaching into
# the V1 code, and its messy.
#
my $slice = GeniSlice->Lookup($credential->target_uuid());
my $slice = GeniSlice->Lookup($credential->target_urn());
if ($slice->Lock() != 0) {
print STDERR "CreateSliver: Could not lock $slice before delete\n";
return $response;
......@@ -330,7 +330,7 @@ sub CreateSliver($)
#
# Leave the slice intact on error, so we can go look at it.
#
$slice = GeniSlice->Lookup($credential->target_uuid());
$slice = GeniSlice->Lookup($credential->target_urn());
if (!defined($slice)) {
print STDERR "CreateSliver: Could not find slice for $credential\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
......@@ -394,7 +394,7 @@ sub DeleteSliver($)
#
my $authority = GeniCertificate->LoadFromFile($EMULAB_PEMFILE);
if (!defined($authority)) {
print STDERR " Could not get uuid from $EMULAB_PEMFILE\n";
print STDERR " Could not load $EMULAB_PEMFILE\n";
return GeniResponse->Create(GENIRESPONSE_ERROR);
}
......@@ -1050,7 +1050,7 @@ sub UpdateTicket($)
#
# Make sure the ticket was issued to the caller.
#
if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
if ($ticket->owner_urn() ne $ENV{'GENIURN'}) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your ticket");
}
......@@ -1058,7 +1058,7 @@ sub UpdateTicket($)
return GeniResponse->Create(GENIRESPONSE_REFUSED(), undef,
"Not an active ticket");
}
if ($ticket->slice_uuid() ne $slice->uuid()) {
if ($ticket->slice_urn() ne $slice->urn()) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"This ticket is for another slice");
}
......@@ -1182,7 +1182,7 @@ sub RedeemTicket($)
#
# Make sure the ticket was issued to the caller.
#
if ($ticket->owner_uuid() ne $ENV{'GENIUUID'}) {
if ($ticket->owner_urn() ne $ENV{'GENIURN'}) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your ticket");
}
......@@ -1311,7 +1311,7 @@ sub ReleaseTicket($)
# And of course, the ticket has to be for the slice indicated
# by the provided credential.
#
if ($ticket->slice_uuid() ne $slice->uuid()) {
if ($ticket->slice_urn() ne $slice->urn()) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"This ticket is for another slice");
}
......@@ -1367,10 +1367,20 @@ sub CheckCredentials($)
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create credential object");
}
#
# Well formed credentials must now have URNs.
#
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Malformed credentials; missing URNs")
if (! (defined($credential->owner_urn()) &&
defined($credential->target_urn()) &&
GeniHRN::IsValid($credential->owner_urn()) &&
GeniHRN::IsValid($credential->target_urn())));
#
# Make sure the credential was issued to the caller.
#
if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
if ($credential->owner_urn() ne $ENV{'GENIURN'}) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your credential");
}
......@@ -1384,10 +1394,20 @@ sub CheckCredential($)
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create credential object");
}
#
# Well formed credentials must now have URNs.
#
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Malformed credentials; missing URNs")
if (! (defined($credential->owner_urn()) &&
defined($credential->target_urn()) &&
GeniHRN::IsValid($credential->owner_urn()) &&
GeniHRN::IsValid($credential->target_urn())));
#
# Make sure the credential was issued to the caller.
#
if ($credential->owner_uuid() ne $ENV{'GENIUUID'}) {
if ($credential->owner_urn() ne $ENV{'GENIURN'}) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"This is not your credential");
}
......
......@@ -28,6 +28,7 @@ use emutil qw(TBGetUniqueIndex);
use English;
use overload ('""' => 'Stringify');
use XML::Simple;
use Date::Parse;
# Configure variables
my $TB = "@prefix@";
......@@ -178,6 +179,22 @@ sub cert($) { return $_[0]->{'CERT'}->cert(); }
sub GetCertificate($) { return $_[0]->{'CERT'}; }
sub GetManager($) { return $_[0]->{'MANAGER'}; }
#
# Expired?
#
sub IsExpired($)
{
my ($self) = @_;
my $expires = $self->expires();
return 1
if (!defined($expires) || $expires eq "");
my $when = strptime($expires);
return ($when < time());
}
#
# Return the URN. This is complicated by the fact that the DB does not
# store the urn, but is in the certificate. Further, it might be a
......
......@@ -20,6 +20,7 @@ use GeniDB;
use GeniCertificate;
use GeniUtil;
use GeniXML;
use GeniHRN;
use emutil qw(TBGetUniqueIndex);
use English;
use XML::Simple;
......@@ -332,6 +333,10 @@ sub CreateFromSigned($$;$)
print STDERR "Invalid hrn in credential\n";
return undef;
}
if (!GeniHRN::IsValid($target_certificate->urn())) {
print STDERR "Invalid urn in target certificate of credential\n";
return undef;
}
# Dig out the owner certificate.
($cert_node) = $doc->getElementsByTagName("owner_gid");
......@@ -351,6 +356,10 @@ sub CreateFromSigned($$;$)
print STDERR "Invalid hrn in credential\n";
return undef;
}
if (!GeniHRN::IsValid($owner_certificate->urn())) {
print STDERR "Invalid urn in owner certificate of credential\n";
return undef;
}
my $self = {};
$self->{'capabilities'} = undef;
......@@ -542,7 +551,13 @@ sub Sign($$)
$certificate = "-c $TB/etc/genicm.pem";
}
elsif ($how == $LOCALMA_FLAG) {
$certificate = "-c $TB/etc/genich.pem";
if (defined($main::GENI_CHPEMFILE)) {
# See xmlrpc/protogeni-ch.pl.in
$certificate = "-c $main::GENI_CHPEMFILE";
}
else {
$certificate = "-c $TB/etc/genich.pem";
}
}
else {
print STDERR "Invalid 'how' argument to Sign()\n";
......
......@@ -101,7 +101,7 @@ sub RegisterExperiment($$)
# Create and register the slice. Slice is returned locked
#
print STDERR "Creating new slice for $experiment\n";
$slice = GeniSlice->CreateFromLocal($experiment, $user);
$slice = GeniSlice->CreateFromLocal($experiment, $geniuser);
if (!defined($slice)) {
print STDERR "Could not create local slice from $experiment\n";
return -1;
......
......@@ -123,6 +123,7 @@ sub idx($) { return field($_[0], "idx"); }
sub hrn($) { return field($_[0], "hrn"); }
sub uuid($) { return field($_[0], "uuid"); }
sub creator_uuid($) { return field($_[0], "creator_uuid"); }
sub creator_urn($) { return field($_[0], "creator_urn"); }
sub created($) { return field($_[0], "created"); }
sub shutdown($) { return field($_[0], "shutdown"); }
sub expires($) { return field($_[0], "expires"); }
......@@ -138,7 +139,7 @@ sub LOCKED($) { return $_[0]->{'LOCKED'}; }
#
sub Create($$$$;$$)
{
my ($class, $certificate, $creator_uuid, $authority, $exptidx, $lock) = @_;
my ($class, $certificate, $creator, $authority, $exptidx, $lock) = @_;
my @insert_data = ();
# Every slice gets a new unique index.
......@@ -162,10 +163,12 @@ sub Create($$$$;$$)
my $safe_hrn = DBQuoteSpecial($certificate->hrn());
my $safe_uuid = DBQuoteSpecial($certificate->uuid());
my $safe_cuuid = DBQuoteSpecial($creator_uuid);
my $safe_cuuid = DBQuoteSpecial($creator->uuid());
my $safe_curn = DBQuoteSpecial($creator->urn());
push(@insert_data, "hrn=$safe_hrn");
push(@insert_data, "uuid=$safe_uuid");
push(@insert_data, "creator_uuid=$safe_cuuid");
push(@insert_data, "creator_urn=$safe_curn");
if ($certificate->Store() != 0) {
print STDERR "Could not store certificate for new slice.\n";
......@@ -202,24 +205,20 @@ sub Delete($)
}
#
# Class method to check for an existing user that has the same
# uid/email. Lets not allow this for now. Return the number of
# users that match or -1 if an error.
# Return the URN. This is complicated by the fact that the DB does
# not store the urn, but is in the certificate. Further, it might
# be a slice from an SA not doing URNs yet, in which case set it to
# the uuid and hope for the best.
#
sub CheckExisting($$$)
sub urn($)
{
my ($class, $hrn, $uuid) = @_;
my $safe_hrn = DBQuoteSpecial($hrn);
my $safe_uuid = DBQuoteSpecial($uuid);
my ($self) = @_;
my $urn = $self->GetCertificate()->urn();
my $query_result =
DBQueryFatal("select idx from geni_slices ".
"where hrn=$safe_hrn or uuid=$safe_uuid");
return -1
if (!defined($query_result));
return $urn
if (defined($urn) && $urn ne "");
return $query_result->numrows;
return $self->uuid();
}
#
......@@ -560,6 +559,9 @@ sub Resolve($$$$)
if ($token =~ /^\w+\-\w+\-\w+\-\w+\-\w+$/) {
$which = "uuid";
}
elsif (GeniHRN::IsValid($token)) {
$which = "urn";
}
else {
$which = "hrn";
}
......@@ -588,9 +590,9 @@ sub Resolve($$$$)
#
sub LookupUser($$$)
{
my ($self, $uuid, $pref) = @_;
my ($self, $urn, $pref) = @_;
return $self->Resolve($uuid, "User", $pref);
return $self->Resolve($urn, "User", $pref);
}
#
......@@ -598,9 +600,9 @@ sub LookupUser($$$)
#
sub LookupSlice($$$)
{
my ($self, $uuid, $pref) = @_;
my ($self, $urn, $pref) = @_;
return $self->Resolve($uuid, "Slice", $pref);
return $self->Resolve($urn, "Slice", $pref);
}
#
......@@ -649,9 +651,9 @@ sub RegisterUser($$$$$)
#
sub RegisterSlice($$$$)
{
my ($self, $creator_uuid, $cert, $bindings) = @_;
my ($self, $creator_urn, $cert, $bindings) = @_;
my $info = { "creator_uuid" => $creator_uuid,
my $info = { "creator_urn" => $creator_urn,
"userbindings" => $bindings };
return $self->Register("Slice", $cert, $info);
......@@ -662,7 +664,7 @@ sub RegisterSlice($$$$)
#
sub Remove($$$)
{
my ($self, $type, $uuid) = @_;
my ($self, $type, $urn) = @_;
my $response =
Genixmlrpc::CallMethod($self->authority(),
......@@ -670,7 +672,7 @@ sub Remove($$$)
"Remove",
{ "credential" => $self->credential(),
"type" => $type,
"uuid" => $uuid });
"urn" => $urn });
return -1
if (!defined($response));
......@@ -687,9 +689,9 @@ sub Remove($$$)
#
sub RemoveSlice($$)
{
my ($self, $uuid) = @_;
my ($self, $urn) = @_;
return $self->Remove("Slice", $uuid);
return $self->Remove("Slice", $urn);
}
#
......@@ -826,8 +828,7 @@ sub Create($;$$)
{
my ($class, $context, $credential) = @_;
my $EMULAB_PEMFILE1 = "@prefix@/etc/genima.pem";
my $EMULAB_PEMFILE2 = "@prefix@/etc/genich.pem";
my $EMULAB_PEMFILE1 = "@prefix@/etc/genich.pem";
my $url;
if (!defined($credential)) {
......@@ -836,9 +837,6 @@ sub Create($;$$)
if (-e $EMULAB_PEMFILE1) {
$pemfile = $EMULAB_PEMFILE1
}
elsif (-e $EMULAB_PEMFILE2) {
$pemfile = $EMULAB_PEMFILE2;
}
else {
print STDERR "Cannot find the pem file for the clearinghouse!\n";
return undef;
......@@ -880,26 +878,28 @@ sub Create($;$$)
#
# Get a credential from the clearinghouse, as for bootstrapping.
#
sub GetCredential($;$)
sub GetCredential($;$$)
{
my ($class, $context) = @_;
my ($class, $context, $certfile) = @_;
$context = Genixmlrpc->GetContext()
if (!defined($context));
my $EMULAB_PEMFILE = "@prefix@/etc/genich.pem";
if (!defined($EMULAB_PEMFILE)) {
print STDERR "$EMULAB_PEMFILE needed to talk to the clearinghouse\n";
return undef;
if (!defined($certfile)) {
$certfile = "@prefix@/etc/genich.pem";
if (! -e $certfile) {
print STDERR "$certfile does not exist!\n";
return undef;
}
}
my $certificate = GeniCertificate->LoadFromFile($EMULAB_PEMFILE);
my $certificate = GeniCertificate->LoadFromFile($certfile);
if (!defined($certificate)) {
print STDERR "Could not load CH certificate from $EMULAB_PEMFILE\n";
print STDERR "Could not load CH certificate from $certfile\n";
return undef;
}
my $url = $certificate->URL();
if (!defined($url)) {
print STDERR "No URI extension in $EMULAB_PEMFILE\n";
print STDERR "No URI extension in $certificate\n";
return undef;
}
my $response =
......@@ -907,9 +907,13 @@ sub GetCredential($;$)
{"gid" => $context->certificate()->cert()});
return undef
if (!defined($response) ||
$response->code() != GENIRESPONSE_SUCCESS());
if (!defined($response));
if ($response->IsError()) {
print STDERR "GeniRegistry::ClearingHouse->GetCredential: " .
$response->Dump() . "\n";
return undef;
}
return GeniCredential->CreateFromSigned($response->value(), 1);
}
......
This diff is collapsed.
......@@ -18,6 +18,7 @@ use GeniAuthority;
use GeniCredential;
use GeniCertificate;
use GeniAggregate;
use GeniUser;
use GeniHRN;
use English;
use Date::Parse;
......@@ -88,9 +89,9 @@ sub Lookup($$)
#
sub Create($$$$;$$)
{
my ($class, $certificate, $creator_uuid, $authority, $exptidx, $lock) = @_;
my ($class, $certificate, $creator, $authority, $exptidx, $lock) = @_;
my $slice = GeniRegistry::GeniSlice->Create($certificate, $creator_uuid,
my $slice = GeniRegistry::GeniSlice->Create($certificate, $creator,
$authority, $exptidx, $lock);
return undef
......@@ -245,7 +246,7 @@ sub UnLock($)
#
sub CreateFromLocal($$$)
{
my ($class, $experiment, $user) = @_;
my ($class, $experiment, $geniuser) = @_;
#
# So we know who/what we are acting as.
......@@ -277,14 +278,14 @@ sub CreateFromLocal($$$)
# Generate a certificate.
#
$certificate = GeniCertificate->Create("slice", $urn, $hrn,
$user->email());
$geniuser->email());
if (!defined($certificate)) {
print STDERR "GeniSlice::CreateFromLocal: ".
"Could not generate new certificate $experiment\n";
return undef;
}
# Create the slice as locked.
my $slice = GeniSlice->Create($certificate, $user->uuid(),
my $slice = GeniSlice->Create($certificate, $geniuser,
$authority, $experiment->idx(), 1);
$certificate->Delete()
if (!defined($slice));
......@@ -306,8 +307,12 @@ sub Register($)
return -1
if (!defined($clearinghouse));
return $clearinghouse->RegisterSlice($self->creator_uuid(),
$self->cert(), {});
my $creator = GeniUser->Lookup($self->creator_uuid(), 1);
if (!defined($creator)) {
print STDERR "Could not find creator for $self\n";
return -1;
}
return $clearinghouse->RegisterSlice($creator->urn(), $self->cert(), {});
}
#
......@@ -324,7 +329,7 @@ sub UnRegister($)
return -1
if (!defined($clearinghouse));
return $clearinghouse->RemoveSlice($self->uuid());
return $clearinghouse->RemoveSlice($self->urn());
}
#
......
......@@ -161,9 +161,11 @@ sub Create($$$$)
$self->{'ticket_uuid'} = undef;
$self->{'owner_uuid'} = $owner->uuid();
$self->{'owner_hrn'} = $owner->hrn();
$self->{'owner_urn'} = $owner->urn();
$self->{'owner_cert'} = $owner->GetCertificate();
$self->{'target_uuid'} = $target->uuid();
$self->{'target_hrn'} = $target->hrn();
$self->{'target_urn'} = $target->urn();
$self->{'target_cert'} = $target->GetCertificate();
$self->{'seqno'} = $seqno;
$self->{'ticket_string'} = undef;
......@@ -199,6 +201,8 @@ sub target_uuid($) { return field($_[0], "target_uuid"); }
sub owner_uuid($) { return field($_[0], "owner_uuid"); }
sub target_hrn($) { return field($_[0], "target_hrn"); }
sub owner_hrn($) { return field($_[0], "owner_hrn"); }
sub target_urn($) { return field($_[0], "target_urn"); }
sub owner_urn($) { return field($_[0], "owner_urn"); }
sub target_cert($) { return field($_[0], "target_cert"); }
sub owner_cert($) { return field($_[0], "owner_cert"); }
sub uuid($) { return field($_[0], "ticket_uuid"); }
......@@ -399,6 +403,8 @@ sub CreateFromSignedTicket($$;$$)
$self->{'owner_uuid'} = $owner_certificate->uuid();
$self->{'target_hrn'} = $target_certificate->hrn();
$self->{'owner_hrn'} = $owner_certificate->hrn();
$self->{'target_urn'} = $target_certificate->urn();
$self->{'owner_urn'} = $owner_certificate->urn();
$self->{'target_cert'} = $target_certificate;
$self->{'owner_cert'} = $owner_certificate;
$self->{'ticket_string'} = $ticket_string;
......
#!/usr/bin/perl -wT
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2009 University of Utah and the Flux Group.
# Copyright (c) 2008-2010 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniUser;
......@@ -251,16 +251,16 @@ sub urn($)
# uid/email. Lets not allow this for now. Return the number of
# users that match or -1 if an error.
#
sub CheckExisting($$$)
sub CheckConflict($$)
{
my ($class, $hrn, $email) = @_;
my ($class, $certificate) = @_;
my $safe_hrn = DBQuoteSpecial($hrn);
my $safe_email = DBQuoteSpecial($email);