# IN THE WORK.
#----------------------------------------------------------------------
-from sfa.trust.credential import Credential, append_sub
+from sfa.trust.credential import Credential, append_sub, DEFAULT_CREDENTIAL_LIFETIME
from sfa.util.sfalogging import logger
+from sfa.util.sfatime import SFATIME_FORMAT
from StringIO import StringIO
from xml.dom.minidom import Document, parseString
filename=self.get_filename()
if filename: result += "Filename %s\n"%filename
if self.expiration:
- result += "\texpiration: %s \n" % self.expiration.isoformat()
+ result += "\texpiration: %s \n" % self.expiration.strftime(SFATIME_FORMAT)
result += "\tHead: %s\n" % self.get_head()
for tail in self.get_tails():
if self.expiration.tzinfo is not None and self.expiration.tzinfo.utcoffset(self.expiration) is not None:
# TZ aware. Make sure it is UTC
self.expiration = self.expiration.astimezone(tz.tzutc())
- append_sub(doc, cred, "expires", self.expiration.strftime('%Y-%m-%dT%H:%M:%SZ')) # RFC3339
+ append_sub(doc, cred, "expires", self.expiration.strftime(SFATIME_FORMAT)) # RFC3339
abac = doc.createElement("abac")
rt0 = doc.createElement("rt0")
from sfa.util.faults import CredentialNotVerifiable, ChildRightsNotSubsetOfParent
from sfa.util.sfalogging import logger
-from sfa.util.sfatime import utcparse
+from sfa.util.sfatime import utcparse, SFATIME_FORMAT
from sfa.trust.rights import Right, Rights, determine_rights
from sfa.trust.gid import GID
from sfa.util.xrn import urn_to_hrn, hrn_authfor_hrn
# 31 days, in seconds
-DEFAULT_CREDENTIAL_LIFETIME = 86400 * 31
+DEFAULT_CREDENTIAL_LIFETIME = 2 * 3600
+#DEFAULT_CREDENTIAL_LIFETIME = 86400 * 31
# TODO:
# Expiration: an absolute UTC time of expiration (as either an int or string or datetime)
#
def set_expiration(self, expiration):
- if isinstance(expiration, (int, float)):
- self.expiration = datetime.datetime.fromtimestamp(expiration)
- elif isinstance (expiration, datetime.datetime):
- self.expiration = expiration
- elif isinstance (expiration, StringTypes):
- self.expiration = utcparse (expiration)
+ expiration_datetime = utcparse (expiration)
+ if expiration_datetime is not None:
+ self.expiration = expiration_datetime
else:
- logger.error ("unexpected input type in Credential.set_expiration")
-
+ logger.error ("unexpected input %s in Credential.set_expiration"%expiration)
##
# get the lifetime of the credential (always in datetime format)
logger.debug("Creating credential valid for %s s"%DEFAULT_CREDENTIAL_LIFETIME)
self.set_expiration(datetime.datetime.utcnow() + datetime.timedelta(seconds=DEFAULT_CREDENTIAL_LIFETIME))
self.expiration = self.expiration.replace(microsecond=0)
- append_sub(doc, cred, "expires", self.expiration.isoformat())
+ append_sub(doc, cred, "expires", self.expiration.strftime(SFATIME_FORMAT))
privileges = doc.createElement("privileges")
cred.appendChild(privileges)
# make sure it is not expired
if self.get_expiration() < datetime.datetime.utcnow():
- raise CredentialNotVerifiable("Credential %s expired at %s" % (self.get_summary_tostring(), self.expiration.isoformat()))
+ raise CredentialNotVerifiable("Credential %s expired at %s" % (self.get_summary_tostring(), self.expiration.strftime(SFATIME_FORMAT)))
# Verify the signatures
filename = self.save_to_random_tmp_file()
self.get_signature().get_issuer_gid().dump(8, dump_parents)
if self.expiration:
- print " expiration:", self.expiration.isoformat()
+ print " expiration:", self.expiration.strftime(SFATIME_FORMAT)
gidObject = self.get_gid_object()
if gidObject:
from xml.dom.minidom import *
from StringIO import StringIO
+from sfa.util.sfatime import SFATIME_FORMAT
+
from sfa.trust.certificate import Certificate
from sfa.trust.credential import Credential, signature_template, HAVELXML
from sfa.trust.abac_credential import ABACCredential, ABACElement
# Credential has not expired
if cred.expiration and cred.expiration < datetime.datetime.utcnow():
- return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.isoformat(), cred.get_summary_tostring())
+ return False, None, "ABAC Credential expired at %s (%s)" % (cred.expiration.strftime(SFATIME_FORMAT), cred.get_summary_tostring())
# Must be ABAC
if cred.get_cred_type() != ABACCredential.ABAC_CREDENTIAL_TYPE:
credential_duration = datetime.timedelta(days=dur_days)
expiration = datetime.datetime.utcnow() + credential_duration
- expiration_str = expiration.strftime('%Y-%m-%dT%H:%M:%SZ') # FIXME: libabac can't handle .isoformat()
+ expiration_str = expiration.strftime(SFATIME_FORMAT)
version = "1.1"
user_keyid = get_cert_keyid(user_gid)