git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
more cleanup on timestamps - issue with short-lived credentials still present though
[sfa.git] / sfa / trust / speaksfor_util.py
diff --git a/sfa/trust/speaksfor_util.py b/sfa/trust/speaksfor_util.py
index ab74237..2c56a47 100644 (file)
--- a/sfa/trust/speaksfor_util.py
+++ b/sfa/trust/speaksfor_util.py
@@ -31,6 +31,8 @@ import tempfile
 from xml.dom.minidom import *
 from StringIO import StringIO
 
+from sfa.util.sfatime import SFATIME_FORMAT
+
 from sfa.trust.certificate import Certificate
 from sfa.trust.credential import Credential, signature_template, HAVELXML
 from sfa.trust.abac_credential import ABACCredential, ABACElement
@@ -129,7 +131,7 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
 
     # Credential has not expired
     if cred.expiration and cred.expiration < datetime.datetime.utcnow():
-        return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.isoformat(), cred.get_summary_tostring())
+        return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring())
 
     # Must be ABAC
     if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE:
@@ -158,16 +160,6 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
     principal_keyid = head.get_principal_keyid()
     role = head.get_role()
 
-    logger.info('user keyid: %s' % user_keyid)         
-    logger.info('principal keyid: %s' % principal_keyid)       
-    logger.info('tool keyid: %s' % tool_keyid)         
-    logger.info('subject keyid: %s' % subject_keyid) 
-    logger.info('role: %s' % role) 
-    logger.info('user gid: %s' % user_gid.dump_string())
-    f = open('/tmp/speaksfor/tool.gid', 'w')
-    f.write(tool_gid.dump_string())
-    f.close()  
-
     # Credential must pass xmlsec1 verify
     cred_file = write_to_tempfile(cred.save_to_string())
     cert_args = []
@@ -239,12 +231,9 @@ def verify_speaks_for(cred, tool_gid, speaking_for_urn,
 # trusted_roots is a list of Certificate objects from the system
 #   trusted_root directory
 # Optionally, provide an XML schema against which to validate the credential
-def determine_speaks_for(logger, credentials, caller_gid, options,
-                         trusted_roots, schema=None):
-    logger.info(options)
-    logger.info("geni speaking for:%s " % 'geni_speaking_for' in options)  
-    if options and 'geni_speaking_for' in options:
-        speaking_for_urn = options['geni_speaking_for'].strip()
+def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trusted_roots, schema=None):
+    if speaking_for_xrn:
+        speaking_for_urn = Xrn (speaking_for_xrn.strip()).get_urn()
         for cred in credentials:
             # Skip things that aren't ABAC credentials
             if type(cred) == dict:
@@ -266,10 +255,6 @@ def determine_speaks_for(logger, credentials, caller_gid, options,
 #            print "Got a cred to check speaksfor for: %s" % cred.get_summary_tostring()
 #            #cred.dump(True, True)
 #            print "Caller: %s" % caller_gid.dump_string(2, True)
-            logger.info(cred.dump_string())
-            f = open('/tmp/speaksfor/%s.cred' % cred, 'w')
-            f.write(cred.xml)
-            f.close()
             # See if this is a valid speaks_for
             is_valid_speaks_for, user_gid, msg = \
                 verify_speaks_for(cred,
@@ -365,8 +350,8 @@ def create_speaks_for(tool_gid, user_gid, ma_gid, \
 
 
     credential_duration = datetime.timedelta(days=dur_days)
-    expiration = datetime.datetime.now(du_tz.tzutc()) + credential_duration
-    expiration_str = expiration.strftime('%Y-%m-%dT%H:%M:%SZ') # FIXME: libabac can't handle .isoformat()
+    expiration = datetime.datetime.utcnow() + credential_duration
+    expiration_str = expiration.strftime(SFATIME_FORMAT)
     version = "1.1"
 
     user_keyid = get_cert_keyid(user_gid)
sfa