git://git.onelab.eu / sfa.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
added classes for gid & credentials
[sfa.git] / util / credential.py
1 from cert import *
2 from rights import *
3 from gid import *
4 import xmlrpclib
5
6 # Credential is a tuple:
7 #     (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
8
9 class Credential(Certificate):
10     uuid = None
11     hrn = None
12
13     gidCaller = None
14     gidObject = None
15     lifeTime = None
16     privileges = None
17     delegate = False
18
19     def __init__(self, create=False, subject=None, string=None, filename=None):
20         Certificate.__init__(self, create, subject, string, filename)
21
22     def set_gid_caller(self, gid):
23         self.gidCaller = gid
24
25     def get_gid_caller(self):
26         if not self.gidCaller:
27             self.decode()
28         return self.gidCaller
29
30     def set_gid_object(self, gid):
31         self.gidObject = gid
32
33     def get_gid_object(self):
34         if not self.gidObject:
35             self.decode()
36         return self.gidObject
37
38     def set_lifetime(self, lifeTime):
39         self.lifeTime = lifeTime
40
41     def get_lifetime(self):
42         if not self.lifeTime:
43             self.decode()
44         return self.lifeTime
45
46     def set_delegate(self, delegate):
47         self.delegate = delegate
48
49     def get_delegate(self):
50         if not self.delegate:
51             self.decode()
52         return self.delegate
53
54     def set_privileges(self, privs):
55         if isinstance(privs, str):
56             self.privileges = RightList(string = privs)
57         else:
58             self.privileges = privs
59
60     def get_privileges(self):
61         if not self.privileges:
62             self.decode()
63         return self.privileges
64
65     def can_perform(self, op_name):
66         rights = self.get_privileges()
67         if not rights:
68             return False
69         return rights.can_perform(op_name)
70
71     def encode(self):
72         dict = {"gidCaller": None,
73                 "gidObject": None,
74                 "lifeTime": self.lifeTime,
75                 "privileges": None,
76                 "delegate": self.delegate}
77         if self.gidCaller:
78             dict["gidCaller"] = self.gidCaller.save_to_string()
79         if self.gidObject:
80             dict["gidObject"] = self.gidObject.save_to_string()
81         if self.privileges:
82             dict["privileges"] = self.privileges.save_to_string()
83         str = xmlrpclib.dumps((dict,), allow_none=True)
84         self.set_data(str)
85
86     def decode(self):
87         data = self.get_data()
88         if data:
89             dict = xmlrpclib.loads(self.get_data())[0][0]
90         else:
91             dict = {}
92
93         self.lifeTime = dict.get("lifeTime", None)
94         self.delegate = dict.get("delegate", None)
95
96         privStr = dict.get("privileges", None)
97         if privStr:
98             self.privileges = RightList(string = privStr)
99         else:
100             self.privileges = None
101
102         gidCallerStr = dict.get("gidCaller", None)
103         if gidCallerStr:
104             self.gidCaller = GID(string=gidCallerStr)
105         else:
106             self.gidCaller = None
107
108         gidObjectStr = dict.get("gidObject", None)
109         if gidObjectStr:
110             self.gidObject = GID(string=gidObjectStr)
111         else:
112             self.gidObject = None
113
114     def verify_chain(self, trusted_certs = None):
115         # do the normal certificate verification stuff
116         if not Certificate.verify_chain(self, trusted_certs):
117             return False
118
119         if parent:
120             # make sure the parent delegated rights to the child
121             if not parent.delegate:
122                 return False
123
124             # XXX todo: make sure child rights are a subset of parent rights
125
126         return True
127
128
129
130
sfa