3 # implements GENI credentials
5 # Credentials are layered on top of certificates, and are essentially a
6 # certificate that stores a tuple of parameters.
13 # Credential is a tuple:
14 # (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
16 # These fields are encoded using xmlrpc into the subjectAltName field of the
17 # x509 certificate. Note: Call encode() once the fields have been filled in
18 # to perform this encoding.
20 class Credential(Certificate):
27 def __init__(self, create=False, subject=None, string=None, filename=None):
28 Certificate.__init__(self, create, subject, string, filename)
30 def set_gid_caller(self, gid):
33 def get_gid_caller(self):
34 if not self.gidCaller:
38 def set_gid_object(self, gid):
41 def get_gid_object(self):
42 if not self.gidObject:
46 def set_lifetime(self, lifeTime):
47 self.lifeTime = lifeTime
49 def get_lifetime(self):
54 def set_delegate(self, delegate):
55 self.delegate = delegate
57 def get_delegate(self):
62 def set_privileges(self, privs):
63 if isinstance(privs, str):
64 self.privileges = RightList(string = privs)
66 self.privileges = privs
68 def get_privileges(self):
69 if not self.privileges:
71 return self.privileges
73 def can_perform(self, op_name):
74 rights = self.get_privileges()
77 return rights.can_perform(op_name)
80 dict = {"gidCaller": None,
82 "lifeTime": self.lifeTime,
84 "delegate": self.delegate}
86 dict["gidCaller"] = self.gidCaller.save_to_string()
88 dict["gidObject"] = self.gidObject.save_to_string()
90 dict["privileges"] = self.privileges.save_to_string()
91 str = xmlrpclib.dumps((dict,), allow_none=True)
95 data = self.get_data()
97 dict = xmlrpclib.loads(self.get_data())[0][0]
101 self.lifeTime = dict.get("lifeTime", None)
102 self.delegate = dict.get("delegate", None)
104 privStr = dict.get("privileges", None)
106 self.privileges = RightList(string = privStr)
108 self.privileges = None
110 gidCallerStr = dict.get("gidCaller", None)
112 self.gidCaller = GID(string=gidCallerStr)
114 self.gidCaller = None
116 gidObjectStr = dict.get("gidObject", None)
118 self.gidObject = GID(string=gidObjectStr)
120 self.gidObject = None
122 def verify_chain(self, trusted_certs = None):
123 # do the normal certificate verification stuff
124 Certificate.verify_chain(self, trusted_certs)
127 # make sure the parent delegated rights to the child
128 if not parent.delegate:
129 raise MissingDelegateBit(self.get_subject())
131 # XXX todo: make sure child rights are a subset of parent rights
136 print "CREDENTIAL", self.get_subject()
138 print " privs:", self.get_privileges().save_to_string()
141 gidCaller = self.get_gid_caller()
143 gidCaller.dump(indent=8)
146 gidObject = self.get_gid_object()
148 gidObject.dump(indent=8)
150 print " delegate:", self.get_delegate()