started API documentation. more to be checked in later
[sfa.git] / docs / pythondoc-credential.html
diff --git a/docs/pythondoc-credential.html b/docs/pythondoc-credential.html
new file mode 100644 (file)
index 0000000..4db3039
--- /dev/null
@@ -0,0 +1,157 @@
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The credential Module</title>
+</head>
+<body>
+<h1>The credential Module</h1>
+<p>Implements Geni Credentials
+
+Credentials are layered on top of certificates, and are essentially a
+certificate that stores a tuple of parameters.</p>
+<dl>
+<dt><b>Credential(create=False, subject=None, string=None, filename=None)</b> (class) [<a href='#credential.Credential-class'>#</a>]</dt>
+<dd>
+<p>Credential is a tuple:
+    (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
+
+These fields are encoded using xmlrpc into the subjectAltName field of the
+x509 certificate.</p>
+<p>For more information about this class, see <a href='#credential.Credential-class'><i>The Credential Class</i></a>.</p>
+</dd>
+</dl>
+<h2><a id='credential.Credential-class' name='credential.Credential-class'>The Credential Class</a></h2>
+<dl>
+<dt><b>Credential(create=False, subject=None, string=None, filename=None)</b> (class) [<a href='#credential.Credential-class'>#</a>]</dt>
+<dd>
+<p>Credential is a tuple:
+    (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
+
+These fields are encoded using xmlrpc into the subjectAltName field of the
+x509 certificate. Note: Call encode() once the fields have been filled in
+to perform this encoding.</p>
+</dd>
+<dt><a id='credential.Credential.__init__-method' name='credential.Credential.__init__-method'><b>__init__(create=False, subject=None, string=None, filename=None)</b></a> [<a href='#credential.Credential.__init__-method'>#</a>]</dt>
+<dd>
+<p>Create a Credential object</p>
+<dl>
+<dt><i>create</i></dt>
+<dd>
+If true, create a blank x509 certificate</dd>
+<dt><i>subject</i></dt>
+<dd>
+If subject!=None, create an x509 cert with the subject name</dd>
+<dt><i>string</i></dt>
+<dd>
+If string!=None, load the credential from the string</dd>
+<dt><i>filename</i></dt>
+<dd>
+If filename!=None, load the credential from the file</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.can_perform-method' name='credential.Credential.can_perform-method'><b>can_perform(op_name)</b></a> [<a href='#credential.Credential.can_perform-method'>#</a>]</dt>
+<dd>
+<p>determine whether the credential allows a particular operation to be
+performed</p>
+<dl>
+<dt><i>op_name</i></dt>
+<dd>
+string specifying name of operation (&quot;lookup&quot;, &quot;update&quot;, etc)</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.decode-method' name='credential.Credential.decode-method'><b>decode()</b></a> [<a href='#credential.Credential.decode-method'>#</a>]</dt>
+<dd>
+<p>Retrieve the attributes of the credential from the alt-subject-name field
+of the X509 certificate. This is automatically done by the various
+get_* methods of this class and should not need to be called explicitly.</p>
+</dd>
+<dt><a id='credential.Credential.dump-method' name='credential.Credential.dump-method'><b>dump(dump_parents=False)</b></a> [<a href='#credential.Credential.dump-method'>#</a>]</dt>
+<dd>
+<p>Dump the contents of a credential to stdout in human-readable format</p>
+<dl>
+<dt><i>dump_parents</i></dt>
+<dd>
+If true, also dump the parent certificates</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.encode-method' name='credential.Credential.encode-method'><b>encode()</b></a> [<a href='#credential.Credential.encode-method'>#</a>]</dt>
+<dd>
+<p>Encode the attributes of the credential into a string and store that
+string in the alt-subject-name field of the X509 object. This should be
+done immediately before signing the credential.</p>
+</dd>
+<dt><a id='credential.Credential.get_delegate-method' name='credential.Credential.get_delegate-method'><b>get_delegate()</b></a> [<a href='#credential.Credential.get_delegate-method'>#</a>]</dt>
+<dd>
+<p>get the delegate bit</p>
+</dd>
+<dt><a id='credential.Credential.get_gid_caller-method' name='credential.Credential.get_gid_caller-method'><b>get_gid_caller()</b></a> [<a href='#credential.Credential.get_gid_caller-method'>#</a>]</dt>
+<dd>
+<p>get the GID of the object</p>
+</dd>
+<dt><a id='credential.Credential.get_gid_object-method' name='credential.Credential.get_gid_object-method'><b>get_gid_object()</b></a> [<a href='#credential.Credential.get_gid_object-method'>#</a>]</dt>
+<dd>
+<p>get the GID of the object</p>
+</dd>
+<dt><a id='credential.Credential.get_lifetime-method' name='credential.Credential.get_lifetime-method'><b>get_lifetime()</b></a> [<a href='#credential.Credential.get_lifetime-method'>#</a>]</dt>
+<dd>
+<p>get the lifetime of the credential</p>
+</dd>
+<dt><a id='credential.Credential.get_privileges-method' name='credential.Credential.get_privileges-method'><b>get_privileges()</b></a> [<a href='#credential.Credential.get_privileges-method'>#</a>]</dt>
+<dd>
+<p>return the privileges as a RightList object</p>
+</dd>
+<dt><a id='credential.Credential.set_delegate-method' name='credential.Credential.set_delegate-method'><b>set_delegate(delegate)</b></a> [<a href='#credential.Credential.set_delegate-method'>#</a>]</dt>
+<dd>
+<p>set the delegate bit</p>
+<dl>
+<dt><i>delegate</i></dt>
+<dd>
+boolean (True or False)</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.set_gid_caller-method' name='credential.Credential.set_gid_caller-method'><b>set_gid_caller(gid)</b></a> [<a href='#credential.Credential.set_gid_caller-method'>#</a>]</dt>
+<dd>
+<p>set the GID of the caller</p>
+<dl>
+<dt><i>gid</i></dt>
+<dd>
+GID object of the caller</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.set_gid_object-method' name='credential.Credential.set_gid_object-method'><b>set_gid_object(gid)</b></a> [<a href='#credential.Credential.set_gid_object-method'>#</a>]</dt>
+<dd>
+<p>set the GID of the object</p>
+<dl>
+<dt><i>gid</i></dt>
+<dd>
+GID object of the object</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.set_lifetime-method' name='credential.Credential.set_lifetime-method'><b>set_lifetime(lifeTime)</b></a> [<a href='#credential.Credential.set_lifetime-method'>#</a>]</dt>
+<dd>
+<p>set the lifetime of this credential</p>
+<dl>
+<dt><i>lifetime</i></dt>
+<dd>
+lifetime of credential</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.set_privileges-method' name='credential.Credential.set_privileges-method'><b>set_privileges(privs)</b></a> [<a href='#credential.Credential.set_privileges-method'>#</a>]</dt>
+<dd>
+<p>set the privileges</p>
+<dl>
+<dt><i>privs</i></dt>
+<dd>
+either a comma-separated list of privileges of a RightList object</dd>
+</dl><br />
+</dd>
+<dt><a id='credential.Credential.verify_chain-method' name='credential.Credential.verify_chain-method'><b>verify_chain(trusted_certs=None)</b></a> [<a href='#credential.Credential.verify_chain-method'>#</a>]</dt>
+<dd>
+<p>Verify that a chain of credentials is valid (see cert.py:verify). In
+addition to the checks for ordinary certificates, verification also
+ensures that the delegate bit was set by each parent in the chain. If
+a delegate bit was not set, then an exception is thrown.</p>
+</dd>
+</dl>
+</body></html>