From: Josh Karlin Date: Thu, 8 Apr 2010 19:59:53 +0000 (+0000) Subject: full delegate verification.. not well tested X-Git-Tag: geni-apiv1-totrunk~71 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=47871999adf1209203c0880cecc78c91eef13924;p=sfa.git full delegate verification.. not well tested --- diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index 0c9a5c57..9b3e9c41 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -21,14 +21,16 @@ from sfa.util.faults import * from sfa.util.sfalogging import logger +# Two years, in minutes +DEFAULT_CREDENTIAL_LIFETIME = 1051200 + + # TODO: -# . Need to implement full verification (parent signatures etc). -# . remove verify_chain -# . make delegation per privilege instead of global # . make privs match between PG and PL -# . what about tickets? do they need to be redone to be like credentials? # . Need to test delegation, xml verification + + signature_template = \ ''' @@ -186,7 +188,7 @@ class Credential(object): lifetime = legacy.get_lifetime() if not lifetime: # Default to two years - self.set_lifetime(1051200) + self.set_lifetime(DEFAULT_CREDENTIAL_LIFETIME) else: self.set_lifetime(int(lifetime)) self.lifeTime = legacy.get_lifetime() @@ -202,15 +204,6 @@ class Credential(object): self.issuer_privkey = privkey self.issuer_gid = gid - #def set_issuer(self, issuer): - # issuer = issuer - - #def set_subject(self, subject): - # subject = subject - - #def set_pubkey(self, pubkey): - # self.issuer_pubkey = pubkey - ## # Set this credential's parent @@ -425,7 +418,7 @@ class Credential(object): next_cred = self.parent while next_cred: refs.append(next_cred.get_refid()) - if next_cred.parent_xml: + if next_cred.parent: next_cred = next_cred.parent else: next_cred = None