Implements Geni Credentials Credentials are layered on top of certificates, and are essentially a certificate that stores a tuple of parameters.
Credential is a tuple: (GIDCaller, GIDObject, LifeTime, Privileges, Delegate) These fields are encoded using xmlrpc into the subjectAltName field of the x509 certificate.
For more information about this class, see The Credential Class.
Credential is a tuple: (GIDCaller, GIDObject, LifeTime, Privileges, Delegate) These fields are encoded using xmlrpc into the subjectAltName field of the x509 certificate. Note: Call encode() once the fields have been filled in to perform this encoding.
Create a Credential object
determine whether the credential allows a particular operation to be performed
Retrieve the attributes of the credential from the alt-subject-name field of the X509 certificate. This is automatically done by the various get_* methods of this class and should not need to be called explicitly.
Dump the contents of a credential to stdout in human-readable format
Encode the attributes of the credential into a string and store that string in the alt-subject-name field of the X509 object. This should be done immediately before signing the credential.
get the delegate bit
get the GID of the object
get the GID of the object
get the lifetime of the credential
return the privileges as a RightList object
set the delegate bit
set the GID of the caller
set the GID of the object
set the lifetime of this credential
set the privileges
Verify that a chain of credentials is valid (see cert.py:verify). In addition to the checks for ordinary certificates, verification also ensures that the delegate bit was set by each parent in the chain. If a delegate bit was not set, then an exception is thrown. Each credential must be a subset of the rights of the parent.