3 # implements GENI credentials
5 # Credentials are layered on top of certificates, and are essentially a
6 # certificate that stores a tuple of parameters.
13 # Credential is a tuple:
14 # (GIDCaller, GIDObject, LifeTime, Privileges, Delegate)
16 # These fields are encoded using xmlrpc into the subjectAltName field of the
17 # x509 certificate. Note: Call encode() once the fields have been filled in
18 # to perform this encoding.
20 class Credential(Certificate):
27 def __init__(self, create=False, subject=None, string=None, filename=None):
28 Certificate.__init__(self, create, subject, string, filename)
30 def create_similar(self):
33 def set_gid_caller(self, gid):
36 def get_gid_caller(self):
37 if not self.gidCaller:
41 def set_gid_object(self, gid):
44 def get_gid_object(self):
45 if not self.gidObject:
49 def set_lifetime(self, lifeTime):
50 self.lifeTime = lifeTime
52 def get_lifetime(self):
57 def set_delegate(self, delegate):
58 self.delegate = delegate
60 def get_delegate(self):
65 def set_privileges(self, privs):
66 if isinstance(privs, str):
67 self.privileges = RightList(string = privs)
69 self.privileges = privs
71 def get_privileges(self):
72 if not self.privileges:
74 return self.privileges
76 def can_perform(self, op_name):
77 rights = self.get_privileges()
80 return rights.can_perform(op_name)
83 dict = {"gidCaller": None,
85 "lifeTime": self.lifeTime,
87 "delegate": self.delegate}
89 dict["gidCaller"] = self.gidCaller.save_to_string(save_parents=True)
91 dict["gidObject"] = self.gidObject.save_to_string(save_parents=True)
93 dict["privileges"] = self.privileges.save_to_string()
94 str = xmlrpclib.dumps((dict,), allow_none=True)
98 data = self.get_data()
100 dict = xmlrpclib.loads(self.get_data())[0][0]
104 self.lifeTime = dict.get("lifeTime", None)
105 self.delegate = dict.get("delegate", None)
107 privStr = dict.get("privileges", None)
109 self.privileges = RightList(string = privStr)
111 self.privileges = None
113 gidCallerStr = dict.get("gidCaller", None)
115 self.gidCaller = GID(string=gidCallerStr)
117 self.gidCaller = None
119 gidObjectStr = dict.get("gidObject", None)
121 self.gidObject = GID(string=gidObjectStr)
123 self.gidObject = None
125 def verify_chain(self, trusted_certs = None):
126 # do the normal certificate verification stuff
127 Certificate.verify_chain(self, trusted_certs)
130 # make sure the parent delegated rights to the child
131 if not self.parent.get_delegate():
132 raise MissingDelegateBit(self.parent.get_subject())
134 # XXX todo: make sure child rights are a subset of parent rights
138 def dump(self, dump_parents=False):
139 print "CREDENTIAL", self.get_subject()
141 print " privs:", self.get_privileges().save_to_string()
144 gidCaller = self.get_gid_caller()
146 gidCaller.dump(8, dump_parents)
149 gidObject = self.get_gid_object()
151 gidObject.dump(8, dump_parents)
153 print " delegate:", self.get_delegate()
155 if self.parent and dump_parents:
157 self.parent.dump(dump_parents)