X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfaclientlib.py;h=dce22014d1d4bc13970260aa04688ea8fbff0192;hb=1cc8e9613cab8b5b22478de369f259e591c54e6d;hp=c5c5b8021c42c4259b493b6fc08020f3d5799e68;hpb=06368a71f4110e88e0f31fbecce979669b2a0b84;p=sfa.git diff --git a/sfa/client/sfaclientlib.py b/sfa/client/sfaclientlib.py index c5c5b802..dce22014 100644 --- a/sfa/client/sfaclientlib.py +++ b/sfa/client/sfaclientlib.py @@ -22,6 +22,7 @@ from sfa.client.sfaserverproxy import SfaServerProxy # see optimizing dependencies below from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential +from sfa.trust.gid import GID ########## # a helper class to implement the bootstrapping of crypto. material # assuming we are starting from scratch on the client side @@ -82,9 +83,9 @@ from sfa.trust.credential import Credential # the usage model is to reuse an existing keypair) # # there might be a more portable, i.e. less language-dependant way, to -# implement this step by exec'ing the openssl command a known -# successful attempt at this approach that worked for Java is -# documented below +# implement this step by exec'ing the openssl command. +# a known successful attempt at this approach that worked +# for Java is documented below # http://nam.ece.upatras.gr/fstoolkit/trac/wiki/JavaSFAClient # #################### @@ -354,3 +355,38 @@ class SfaClientBootstrap: def private_key (self): self.assert_private_key() return self.private_key_filename() + + def delegate_credential_string (self, original_credential, to_hrn, to_type='authority'): + """ + sign a delegation credential to someone else + + original_credential : typically one's user- or slice- credential to be delegated to s/b else + to_hrn : the hrn of the person that will be allowed to do stuff on our behalf + to_type : goes with to_hrn, usually 'user' or 'authority' + + returns a string with the delegated credential + + this internally uses self.my_gid() + it also retrieves the gid for to_hrn/to_type + and uses Credential.delegate()""" + + # the gid and hrn of the object we are delegating + if isinstance (original_credential, str): + original_credential = Credential (string=original_credential) + original_gid = original_credential.get_gid_object() + original_hrn = original_gid.get_hrn() + + if not original_credential.get_privileges().get_all_delegate(): + self.logger.error("delegate_credential_string: original credential %s does not have delegate bit set"%original_hrn) + return + + # the delegating user's gid + my_gid = self.my_gid() + + # retrieve the GID for the entity that we're delegating to + to_gidfile = self.gid (to_hrn,to_type) +# to_gid = GID ( to_gidfile ) +# to_hrn = delegee_gid.get_hrn() +# print 'to_hrn',to_hrn + delegated_credential = original_credential.delegate(to_gidfile, self.private_key(), my_gid) + return delegated_credential.save_to_string(save_parents=True)