X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;fp=sfa%2Ftrust%2Fcredential.py;h=286894cb6f2f84038c2747c167b863dbf4f0b829;hb=b4337060a7f0d2373d7429f58d5a93d47fa22b66;hp=46205eada4e96c0ea547e200072b0c5f358decc0;hpb=430896c90f993b77c80b830ae7d1b349e4ba6d58;p=sfa.git

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 46205ead..286894cb 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -171,6 +171,21 @@ class Signature(object):
 # not be changed else the signature is no longer valid.  So, once
 # you have loaded an existing signed credential, do not call encode() or sign() on it.
 
+def filter_creds_by_caller(creds, caller_hrn):
+        """
+        Returns a list of creds who's gid caller matches the
+        specified caller hrn
+        """
+        if not isinstance(creds, list): creds = [creds]
+        caller_creds = []
+        for cred in creds:
+            try:
+                tmp_cred = Credential(string=cred)
+                if tmp_cred.get_gid_caller().get_hrn() == caller_hrn:
+                    caller_creds.append(cred)
+            except: pass
+        return caller_creds
+
 class Credential(object):
 
     ##
@@ -780,7 +795,7 @@ class Credential(object):
             parent_cred.verify_parent(parent_cred.parent)
 
 
-    def delegate(self, delegee_gidfile, keyfile):
+    def delegate(self, delegee_gidfile, caller_keyfile, caller_gidfile):
         """
         Return a delegated copy of this credential, delegated to the 
         specified gid's user.    
@@ -792,18 +807,19 @@ class Credential(object):
         # the hrn of the user who will be delegated to
         delegee_gid = GID(filename=delegee_gidfile)
         delegee_hrn = delegee_gid.get_hrn()
-   
-        user_key = Keypair(filename=keyfile)
-        user_hrn = self.get_gid_caller().get_hrn()
+  
+        #user_key = Keypair(filename=keyfile)
+        #user_hrn = self.get_gid_caller().get_hrn()
         subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
         dcred = Credential(subject=subject_string)
         dcred.set_gid_caller(delegee_gid)
         dcred.set_gid_object(object_gid)
-        privs = self.get_privileges()
+        dcred.set_parent(self)
+        dcred.set_lifetime(self.get_lifetime())
         dcred.set_privileges(self.get_privileges())
         dcred.get_privileges().delegate_all_privileges(True)
-        dcred.set_issuer_keys(keyfile, delegee_gidfile)
-        dcred.set_parent(self)
+        #dcred.set_issuer_keys(keyfile, delegee_gidfile)
+        dcred.set_issuer_keys(caller_keyfile, caller_gidfile)
         dcred.encode()
         dcred.sign()