X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfaclientlib.py;h=c5c5b8021c42c4259b493b6fc08020f3d5799e68;hb=43c4f89c59b5c977bf8ee77b7817c14dc6349bc3;hp=c81e4d657fa26af9f13c72e74bb5e0922c076a37;hpb=d82549203bcb89bb7352b65ef58830c9531a3afb;p=sfa.git diff --git a/sfa/client/sfaclientlib.py b/sfa/client/sfaclientlib.py index c81e4d65..c5c5b802 100644 --- a/sfa/client/sfaclientlib.py +++ b/sfa/client/sfaclientlib.py @@ -3,7 +3,14 @@ # a minimal library for writing "lightweight" SFA clients # +# xxx todo +# this library should probably check for the expiration date of the various +# certificates and automatically retrieve fresh ones when expired + +import sys import os,os.path +from datetime import datetime +from sfa.util.xrn import Xrn import sfa.util.sfalogging # importing sfa.utils.faults does pull a lot of stuff @@ -14,7 +21,7 @@ from sfa.client.sfaserverproxy import SfaServerProxy # see optimizing dependencies below from sfa.trust.certificate import Keypair, Certificate - +from sfa.trust.credential import Credential ########## # a helper class to implement the bootstrapping of crypto. material # assuming we are starting from scratch on the client side @@ -126,7 +133,12 @@ class SfaClientBootstrap: self.assert_private_key() registry_proxy = SfaServerProxy (self.registry_url, self.private_key_filename(), certificate_filename) - credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user") + try: + credential_string=registry_proxy.GetSelfCredential (certificate_string, self.hrn, "user") + except: + # some urns hrns may replace non hierarchy delimiters '.' with an '_' instead of escaping the '.' + hrn = Xrn(self.hrn).get_hrn().replace('\.', '_') + credential_string=registry_proxy.GetSelfCredential (certificate_string, hrn, "user") self.plain_write (output, credential_string) self.logger.debug("SfaClientBootstrap: Wrote result of GetSelfCredential in %s"%output) return output @@ -180,6 +192,17 @@ class SfaClientBootstrap: self.logger.debug("SfaClientBootstrap: Wrote GID for %s (%s) in %s"% (hrn,type,output)) return output + + # Returns True if credential file is valid. Otherwise return false. + def validate_credential(self, filename): + valid = True + cred = Credential(filename=filename) + # check if credential is expires + if cred.get_expiration() < datetime.now(): + valid = False + return valid + + #################### public interface # return my_gid, run all missing steps in the bootstrap sequence @@ -221,7 +244,7 @@ class SfaClientBootstrap: # the expected filenames for the various pieces def private_key_filename (self): - return self.fullpath ("%s.pkey"%self.hrn) + return self.fullpath ("%s.pkey" % Xrn.unescape(self.hrn)) def self_signed_cert_filename (self): return self.fullpath ("%s.sscert"%self.hrn) def my_credential_filename (self): @@ -233,7 +256,7 @@ class SfaClientBootstrap: def authority_credential_filename (self, hrn): return self.credential_filename(hrn,'authority') def my_gid_filename (self): - return self.gid_filename ("user", self.hrn) + return self.gid_filename (self.hrn, "user") def gid_filename (self, hrn, type): return self.fullpath ("%s.%s.gid"%(hrn,type)) @@ -266,39 +289,50 @@ class SfaClientBootstrap: # decorator to make up the other methods - def get_or_produce (filename_method, produce_method): + def get_or_produce (filename_method, produce_method, validate_method=None): + # default validator returns true def wrap (f): def wrapped (self, *args, **kw): filename=filename_method (self, *args, **kw) - if os.path.isfile ( filename ): return filename + if os.path.isfile ( filename ): + if not validate_method: + return filename + elif validate_method(self, filename): + return filename + else: + # remove invalid file + self.logger.warning ("Removing %s - has expired"%filename) + os.unlink(filename) try: produce_method (self, filename, *args, **kw) return filename except IOError: raise - except: - self.logger.log_exc() - raise Exception, "Could not produce/retrieve %s"%filename - wrapped.__name__=f.__name__ + except : + error = sys.exc_info()[:2] + message="Could not produce/retrieve %s (%s -- %s)"%\ + (filename,error[0],error[1]) + self.logger.log_exc(message) + raise Exception, message return wrapped return wrap @get_or_produce (self_signed_cert_filename, self_signed_cert_produce) def self_signed_cert (self): pass - @get_or_produce (my_credential_filename, my_credential_produce) + @get_or_produce (my_credential_filename, my_credential_produce, validate_credential) def my_credential (self): pass @get_or_produce (my_gid_filename, my_gid_produce) def my_gid (self): pass - @get_or_produce (credential_filename, credential_produce) + @get_or_produce (credential_filename, credential_produce, validate_credential) def credential (self, hrn, type): pass - @get_or_produce (slice_credential_filename, slice_credential_produce) + @get_or_produce (slice_credential_filename, slice_credential_produce, validate_credential) def slice_credential (self, hrn): pass - @get_or_produce (authority_credential_filename, authority_credential_produce) + @get_or_produce (authority_credential_filename, authority_credential_produce, validate_credential) def authority_credential (self, hrn): pass @get_or_produce (gid_filename, gid_produce)