git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix speaks for auth
[sfa.git] / sfa / trust / credential_factory.py
diff --git a/sfa/trust/credential_factory.py b/sfa/trust/credential_factory.py
new file mode 100644 (file)
index 0000000..2fe37a7
--- /dev/null
+++ b/sfa/trust/credential_factory.py
@@ -0,0 +1,110 @@
+#----------------------------------------------------------------------\r
+# Copyright (c) 2014 Raytheon BBN Technologies\r
+#\r
+# Permission is hereby granted, free of charge, to any person obtaining\r
+# a copy of this software and/or hardware specification (the "Work") to\r
+# deal in the Work without restriction, including without limitation the\r
+# rights to use, copy, modify, merge, publish, distribute, sublicense,\r
+# and/or sell copies of the Work, and to permit persons to whom the Work\r
+# is furnished to do so, subject to the following conditions:\r
+#\r
+# The above copyright notice and this permission notice shall be\r
+# included in all copies or substantial portions of the Work.\r
+#\r
+# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS\r
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\r
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\r
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\r
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,\r
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
+# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS\r
+# IN THE WORK.\r
+#----------------------------------------------------------------------\r
+\r
+from sfa.util.sfalogging import logger\r
+from sfa.trust.credential import Credential\r
+from sfa.trust.abac_credential import ABACCredential\r
+\r
+import json\r
+import re\r
+\r
+# Factory for creating credentials of different sorts by type.\r
+# Specifically, this factory can create standard SFA credentials\r
+# and ABAC credentials from XML strings based on their identifying content\r
+\r
+class CredentialFactory:\r
+\r
+    UNKNOWN_CREDENTIAL_TYPE = 'geni_unknown'\r
+\r
+    # Static Credential class method to determine the type of a credential\r
+    # string depending on its contents\r
+    @staticmethod\r
+    def getType(credString):\r
+        credString_nowhitespace = re.sub('\s', '', credString)\r
+        if credString_nowhitespace.find('<type>abac</type>') > -1:\r
+            return ABACCredential.ABAC_CREDENTIAL_TYPE\r
+        elif credString_nowhitespace.find('<type>privilege</type>') > -1:\r
+            return Credential.SFA_CREDENTIAL_TYPE\r
+        else:\r
+            st = credString_nowhitespace.find('<type>')\r
+            end = credString_nowhitespace.find('</type>', st)\r
+            return credString_nowhitespace[st + len('<type>'):end]\r
+#            return CredentialFactory.UNKNOWN_CREDENTIAL_TYPE\r
+\r
+    # Static Credential class method to create the appropriate credential\r
+    # (SFA or ABAC) depending on its type\r
+    @staticmethod\r
+    def createCred(credString=None, credFile=None):\r
+        if not credString and not credFile:\r
+            raise Exception("CredentialFactory.createCred called with no argument")\r
+        if credFile:\r
+            try:\r
+                credString = open(credFile).read()\r
+            except Exception, e:\r
+                logger.info("Error opening credential file %s: %s" % credFile, e)\r
+                return None\r
+\r
+        # Try to treat the file as JSON, getting the cred_type from the struct\r
+        try:\r
+            credO = json.loads(credString, encoding='ascii')\r
+            if credO.has_key('geni_value') and credO.has_key('geni_type'):\r
+                cred_type = credO['geni_type']\r
+                credString = credO['geni_value']\r
+        except Exception, e:\r
+            # It wasn't a struct. So the credString is XML. Pull the type directly from the string\r
+            logger.debug("Credential string not JSON: %s" % e)\r
+            cred_type = CredentialFactory.getType(credString)\r
+\r
+        if cred_type == Credential.SFA_CREDENTIAL_TYPE:\r
+            try:\r
+                cred = Credential(string=credString)\r
+                return cred\r
+            except Exception, e:\r
+                if credFile:\r
+                    msg = "credString started: %s" % credString[:50]\r
+                    raise Exception("%s not a parsable SFA credential: %s. " % (credFile, e) + msg)\r
+                else:\r
+                    raise Exception("SFA Credential not parsable: %s. Cred start: %s..." % (e, credString[:50]))\r
+\r
+        elif cred_type == ABACCredential.ABAC_CREDENTIAL_TYPE:\r
+            try:\r
+                cred = ABACCredential(string=credString)\r
+                return cred\r
+            except Exception, e:\r
+                if credFile:\r
+                    raise Exception("%s not a parsable ABAC credential: %s" % (credFile, e))\r
+                else:\r
+                    raise Exception("ABAC Credential not parsable: %s. Cred start: %s..." % (e, credString[:50]))\r
+        else:\r
+            raise Exception("Unknown credential type '%s'" % cred_type)\r
+\r
+if __name__ == "__main__":\r
+    c2 = open('/tmp/sfa.xml').read()\r
+    cred1 = CredentialFactory.createCred(credFile='/tmp/cred.xml')\r
+    cred2 = CredentialFactory.createCred(credString=c2)\r
+\r
+    print "C1 = %s" % cred1\r
+    print "C2 = %s" % cred2\r
+    c1s = cred1.dump_string()\r
+    print "C1 = %s" % c1s\r
+#    print "C2 = %s" % cred2.dump_string()\r
sfa