From 6c2a42354f11160d74bd34b34769af89e1c300e3 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Thu, 5 Aug 2010 00:07:25 +0000 Subject: [PATCH] added delegeate method to Credential --- sfa/trust/credential.py | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index cfab006f..384e0a55 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -33,7 +33,7 @@ import os import datetime from xml.dom.minidom import Document, parseString from tempfile import mkstemp - +from sfa.trust.keypair import Keypair from sfa.trust.credential_legacy import CredentialLegacy from sfa.trust.rights import * from sfa.trust.gid import * @@ -779,6 +779,37 @@ class Credential(object): if parent_cred.parent: parent_cred.verify_parent(parent_cred.parent) + + def delegate(self, delegee_gid, keyfile): + """ + Return a delegated copy of this credential, delegated to the + specified gid's user. + """ + # get the gid of the object we are delegating + object_gid = self.get_gid_object() + object_hrn = self.get_hrn() + + # the hrn of the user who will be delegated to + if isinstance(delegee_gid, str): + delegee_gid = GID(string=records[0]['gid']) + delegee_hrn = delegee_gid.get_hrn() + + user_key = Keypair(filename=keyfile) + user_hrn = self.get_gid_caller().get_hrn() + subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn) + dcred = Credential(subject=subject_string) + dcred.set_gid_caller(delegee_gid) + dcred.set_gid_object(object_gid) + privs = self.get_privileges() + dcred.set_privileges(self.get_privileges()) + dcred.get_privileges().delegate_all_privileges(True) + dcred.set_pubkey(object_gid.get_pubkey()) + dcred.set_issuer(user_key, user_hrn) + dcred.set_parent(self) + dcred.encode() + dcred.sign() + + return dcred ## # Dump the contents of a credential to stdout in human-readable format # -- 2.43.0