import sys
import os,os.path
+from datetime import datetime
+from sfa.util.xrn import Xrn
import sfa.util.sfalogging
# importing sfa.utils.faults does pull a lot of stuff
# see optimizing dependencies below
from sfa.trust.certificate import Keypair, Certificate
-
+from sfa.trust.credential import Credential
##########
# a helper class to implement the bootstrapping of crypto. material
# assuming we are starting from scratch on the client side
self.assert_private_key()
registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(),
certificate_filename)
- credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user")
+ try:
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user")
+ except:
+ # some urns hrns may replace non hierarchy delimiters '.' with an '_' instead of escaping the '.'
+ hrn = Xrn(self.hrn).get_hrn().replace('\.', '_')
+ credential_string=registry_proxy.GetSelfCredential (certificate_string, hrn, "user")
self.plain_write (output, credential_string)
self.logger.debug("SfaClientBootstrap: Wrote result of GetSelfCredential in %s"%output)
return output
self.logger.debug("SfaClientBootstrap: Wrote GID for %s (%s) in %s"% (hrn,type,output))
return output
+
+ # Returns True if credential file is valid. Otherwise return false.
+ def validate_credential(self, filename):
+ valid = True
+ cred = Credential(filename=filename)
+ # check if credential is expires
+ if cred.get_expiration() < datetime.now():
+ valid = False
+ return valid
+
+
#################### public interface
# return my_gid, run all missing steps in the bootstrap sequence
# the expected filenames for the various pieces
def private_key_filename (self):
- return self.fullpath ("%s.pkey"%self.hrn)
+ return self.fullpath ("%s.pkey" % Xrn.unescape(self.hrn))
def self_signed_cert_filename (self):
return self.fullpath ("%s.sscert"%self.hrn)
def my_credential_filename (self):
def authority_credential_filename (self, hrn):
return self.credential_filename(hrn,'authority')
def my_gid_filename (self):
- return self.gid_filename ("user", self.hrn)
+ return self.gid_filename (self.hrn, "user")
def gid_filename (self, hrn, type):
return self.fullpath ("%s.%s.gid"%(hrn,type))
# decorator to make up the other methods
- def get_or_produce (filename_method, produce_method):
+ def get_or_produce (filename_method, produce_method, validate_method=None):
+ # default validator returns true
def wrap (f):
def wrapped (self, *args, **kw):
filename=filename_method (self, *args, **kw)
- if os.path.isfile ( filename ): return filename
+ if os.path.isfile ( filename ):
+ if not validate_method:
+ return filename
+ elif validate_method(self, filename):
+ return filename
+ else:
+ # remove invalid file
+ self.logger.warning ("Removing %s - has expired"%filename)
+ os.unlink(filename)
try:
produce_method (self, filename, *args, **kw)
return filename
@get_or_produce (self_signed_cert_filename, self_signed_cert_produce)
def self_signed_cert (self): pass
- @get_or_produce (my_credential_filename, my_credential_produce)
+ @get_or_produce (my_credential_filename, my_credential_produce, validate_credential)
def my_credential (self): pass
@get_or_produce (my_gid_filename, my_gid_produce)
def my_gid (self): pass
- @get_or_produce (credential_filename, credential_produce)
+ @get_or_produce (credential_filename, credential_produce, validate_credential)
def credential (self, hrn, type): pass
- @get_or_produce (slice_credential_filename, slice_credential_produce)
+ @get_or_produce (slice_credential_filename, slice_credential_produce, validate_credential)
def slice_credential (self, hrn): pass
- @get_or_produce (authority_credential_filename, authority_credential_produce)
+ @get_or_produce (authority_credential_filename, authority_credential_produce, validate_credential)
def authority_credential (self, hrn): pass
@get_or_produce (gid_filename, gid_produce)