# Credentials are signed XML files that assign a subject gid privileges to an object gid
##
-### $Id$
-### $URL$
-
import os
+from types import StringTypes
import datetime
-from sfa.util.sfatime import utcparse
+from StringIO import StringIO
from tempfile import mkstemp
from xml.dom.minidom import Document, parseString
from lxml import etree
-from dateutil.parser import parse
-from StringIO import StringIO
+
from sfa.util.faults import *
from sfa.util.sfalogging import logger
+from sfa.util.sfatime import utcparse
from sfa.trust.certificate import Keypair
from sfa.trust.credential_legacy import CredentialLegacy
-from sfa.trust.rights import Right, Rights
+from sfa.trust.rights import Right, Rights, determine_rights
from sfa.trust.gid import GID
from sfa.util.xrn import urn_to_hrn
##
- # Expiration: an absolute UTC time of expiration (as either an int or datetime)
+ # Expiration: an absolute UTC time of expiration (as either an int or string or datetime)
#
def set_expiration(self, expiration):
- if isinstance(expiration, int):
+ if isinstance(expiration, (int,float)):
self.expiration = datetime.datetime.fromtimestamp(expiration)
- else:
+ elif isinstance (expiration, datetime.datetime):
self.expiration = expiration
-
+ elif isinstance (expiration, StringTypes):
+ self.expiration = utcparse (expiration)
+ else:
+ logger.error ("unexpected input type in Credential.set_expiration")
##
- # get the lifetime of the credential (in datetime format)
-
+ # get the lifetime of the credential (always in datetime format)
+ #
def get_expiration(self):
if not self.expiration:
self.decode()
- return utcparse(self.expiration)
+ # at this point self.expiration is normalized as a datetime - DON'T call utcparse again
+ return self.expiration
##
# For legacy sake
self.set_refid(cred.getAttribute("xml:id"))
- self.set_expiration(parse(getTextNode(cred, "expires")))
+ self.set_expiration(utcparse(getTextNode(cred, "expires")))
self.gidCaller = GID(string=getTextNode(cred, "owner_gid"))
self.gidObject = GID(string=getTextNode(cred, "target_gid"))
# Convert * into the default privileges for the credential's type
# Each inherits the delegatability from the * above
_ , type = urn_to_hrn(self.gidObject.get_urn())
- rl = rlist.determine_rights(type, self.gidObject.get_urn())
+ rl = determine_rights(type, self.gidObject.get_urn())
for r in rl.rights:
r.delegate = deleg
rlist.add(r)
if self.parent and dump_parents:
result += "\nPARENT"
- result += self.parent.dump(True)
+ result += self.parent.dump_string(True)
return result