From: Josh Karlin Date: Wed, 31 Mar 2010 21:19:07 +0000 (+0000) Subject: Improvements to the XML based credential, still no verification X-Git-Tag: geni-apiv1-totrunk~82 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=679f682fab2ff3afa07b34bf1c55ed1d5d105f22;hp=a9a76ebe68611ff68c24d772f3e2d354858b1bf0;p=sfa.git Improvements to the XML based credential, still no verification --- diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index e8fc7030..403f7726 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -25,7 +25,7 @@ from sfa.util.sfalogging import * # TODO: # . Need to verify credentials -# . Need to add privileges +# . Need to add privileges (make PG and PL privs work together and add delegation per privelege instead of global) # . Need to fix lifetime # . Need to make sure delegation is fully supported # . Need to test @@ -271,14 +271,18 @@ class Credential(object): priveleges = doc.createElement("privileges") cred.appendChild(priveleges) + if self.privileges: + rights = self.privileges.save_to_string().split(",") + for right in rights: + priv = doc.createElement("privelege") + priv.append_sub(doc, priv, "name", right.strip()) + priv.append_sub(doc, priv, "can_delegate", str(self.delegate)) + priveleges.appendChild(priv) + # Add the parent credential if it exists if self.parent: - cred.appendChild(doc.createElement("parent").appendChild(p_cred)) - - - # Fill out any priveleges here - - + cred.appendChild(doc.createElement("parent").appendChild(p_cred)) + signed_cred.appendChild(cred) @@ -347,7 +351,23 @@ class Credential(object): self.lifeTime = self.getTextNode(p_cred, "expires") self.gidCaller = GID(string=self.getTextNode(p_cred, "owner_gid")) self.gidObject = GID(string=self.getTextNode(p_cred, "target_gid")) - + privs = p_cred.getElementsByTagName("priveleges")[0] + sz_privs = '' + delegates = [] + for priv in privs.getElementsByTagName("privelege"): + sz_privs += self.getTextNode(priv, "name") + sz_privs += ", " + delegates.append(self.getTextNode(priv, "can_delegate")) + + # Can we delegate? + delegate = False + if "false" not in delegates: + self.delegate = True + + # Make the rights list + sz_privs.rstrip(", ") + self.priveleges = RightList(string=sz_privs) + self.delegate ## ## @@ -398,7 +418,7 @@ class Credential(object): # 3. That the object's certificate stays the s # 2. That the GID of the - def verify(self, trusted_certs = None): + #def verify(self, trusted_certs = None):