From 47871999adf1209203c0880cecc78c91eef13924 Mon Sep 17 00:00:00 2001 From: Josh Karlin Date: Thu, 8 Apr 2010 19:59:53 +0000 Subject: [PATCH] full delegate verification.. not well tested --- sfa/trust/credential.py | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index 0c9a5c57..9b3e9c41 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -21,14 +21,16 @@ from sfa.util.faults import * from sfa.util.sfalogging import logger +# Two years, in minutes +DEFAULT_CREDENTIAL_LIFETIME = 1051200 + + # TODO: -# . Need to implement full verification (parent signatures etc). -# . remove verify_chain -# . make delegation per privilege instead of global # . make privs match between PG and PL -# . what about tickets? do they need to be redone to be like credentials? # . Need to test delegation, xml verification + + signature_template = \ ''' @@ -186,7 +188,7 @@ class Credential(object): lifetime = legacy.get_lifetime() if not lifetime: # Default to two years - self.set_lifetime(1051200) + self.set_lifetime(DEFAULT_CREDENTIAL_LIFETIME) else: self.set_lifetime(int(lifetime)) self.lifeTime = legacy.get_lifetime() @@ -202,15 +204,6 @@ class Credential(object): self.issuer_privkey = privkey self.issuer_gid = gid - #def set_issuer(self, issuer): - # issuer = issuer - - #def set_subject(self, subject): - # subject = subject - - #def set_pubkey(self, pubkey): - # self.issuer_pubkey = pubkey - ## # Set this credential's parent @@ -425,7 +418,7 @@ class Credential(object): next_cred = self.parent while next_cred: refs.append(next_cred.get_refid()) - if next_cred.parent_xml: + if next_cred.parent: next_cred = next_cred.parent else: next_cred = None -- 2.47.0