from xml.dom.minidom import *
from StringIO import StringIO
+from sfa.util.sfatime import SFATIME_FORMAT
+
from sfa.trust.certificate import Certificate
from sfa.trust.credential import Credential, signature_template, HAVELXML
from sfa.trust.abac_credential import ABACCredential, ABACElement
# Credential has not expired
if cred.expiration and cred.expiration < datetime.datetime.utcnow():
- return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.isoformat(), cred.get_summary_tostring())
+ return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring())
# Must be ABAC
if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE:
# trusted_roots is a list of Certificate objects from the system
# trusted_root directory
# Optionally, provide an XML schema against which to validate the credential
-def determine_speaks_for(logger, credentials, caller_gid, options,
- trusted_roots, schema=None):
- if options and 'geni_speaking_for' in options:
- speaking_for_urn = options['geni_speaking_for'].strip()
+def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trusted_roots, schema=None):
+ if speaking_for_xrn:
+ speaking_for_urn = Xrn (speaking_for_xrn.strip()).get_urn()
for cred in credentials:
# Skip things that aren't ABAC credentials
if type(cred) == dict:
credential_duration = datetime.timedelta(days=dur_days)
- expiration = datetime.datetime.now(du_tz.tzutc()) + credential_duration
- expiration_str = expiration.strftime('%Y-%m-%dT%H:%M:%SZ') # FIXME: libabac can't handle .isoformat()
+ expiration = datetime.datetime.utcnow() + credential_duration
+ expiration_str = expiration.strftime(SFATIME_FORMAT)
version = "1.1"
user_keyid = get_cert_keyid(user_gid)