from xml.dom.minidom import *
from StringIO import StringIO
+from sfa.util.sfatime import SFATIME_FORMAT
+
from sfa.trust.certificate import Certificate
from sfa.trust.credential import Credential, signature_template, HAVELXML
from sfa.trust.abac_credential import ABACCredential, ABACElement
# Credential has not expired
if cred.expiration and cred.expiration < datetime.datetime.utcnow():
- return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.isoformat(), cred.get_summary_tostring())
+ return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring())
# Must be ABAC
if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE:
principal_keyid = head.get_principal_keyid()
role = head.get_role()
- logger.info('user keyid: %s' % user_keyid)
- logger.info('principal keyid: %s' % principal_keyid)
- logger.info('tool keyid: %s' % tool_keyid)
- logger.info('subject keyid: %s' % subject_keyid)
- logger.info('role: %s' % role)
- logger.info('user gid: %s' % user_gid.dump_string())
- f = open('/tmp/speaksfor/tool.gid', 'w')
- f.write(tool_gid.dump_string())
- f.close()
-
# Credential must pass xmlsec1 verify
cred_file = write_to_tempfile(cred.save_to_string())
cert_args = []
# trusted_roots is a list of Certificate objects from the system
# trusted_root directory
# Optionally, provide an XML schema against which to validate the credential
-def determine_speaks_for(logger, credentials, caller_gid, options,
- trusted_roots, schema=None):
- logger.info(options)
- logger.info("geni speaking for:%s " % 'geni_speaking_for' in options)
- if options and 'geni_speaking_for' in options:
- speaking_for_urn = options['geni_speaking_for'].strip()
+def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trusted_roots, schema=None):
+ if speaking_for_xrn:
+ speaking_for_urn = Xrn (speaking_for_xrn.strip()).get_urn()
for cred in credentials:
# Skip things that aren't ABAC credentials
if type(cred) == dict:
# print "Got a cred to check speaksfor for: %s" % cred.get_summary_tostring()
# #cred.dump(True, True)
# print "Caller: %s" % caller_gid.dump_string(2, True)
- logger.info(cred.dump_string())
- f = open('/tmp/speaksfor/%s.cred' % cred, 'w')
- f.write(cred.xml)
- f.close()
# See if this is a valid speaks_for
is_valid_speaks_for, user_gid, msg = \
verify_speaks_for(cred,
credential_duration = datetime.timedelta(days=dur_days)
- expiration = datetime.datetime.now(du_tz.tzutc()) + credential_duration
- expiration_str = expiration.strftime('%Y-%m-%dT%H:%M:%SZ') # FIXME: libabac can't handle .isoformat()
+ expiration = datetime.datetime.utcnow() + credential_duration
+ expiration_str = expiration.strftime(SFATIME_FORMAT)
version = "1.1"
user_keyid = get_cert_keyid(user_gid)