full delegate verification.. not well tested

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 0c9a5c5..9b3e9c4 100644 (file)
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -21,14 +21,16 @@ from sfa.util.faults import *
 from sfa.util.sfalogging import logger
 
 
+# Two years, in minutes 
+DEFAULT_CREDENTIAL_LIFETIME = 1051200
+
+
 # TODO:
-# . Need to implement full verification (parent signatures etc).
-# . remove verify_chain
-# . make delegation per privilege instead of global
 # . make privs match between PG and PL
-# . what about tickets?  do they need to be redone to be like credentials?
 # . Need to test delegation, xml verification
 
+
+
 signature_template = \
 '''
 <Signature xml:id="Sig_%s" xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -186,7 +188,7 @@ class Credential(object):
         lifetime = legacy.get_lifetime()
         if not lifetime:
             # Default to two years
-            self.set_lifetime(1051200)
+            self.set_lifetime(DEFAULT_CREDENTIAL_LIFETIME)
         else:
             self.set_lifetime(int(lifetime))
         self.lifeTime = legacy.get_lifetime()
@@ -202,15 +204,6 @@ class Credential(object):
         self.issuer_privkey = privkey
         self.issuer_gid = gid
 
-    #def set_issuer(self, issuer):
-    #    issuer = issuer
-
-    #def set_subject(self, subject):
-    #    subject = subject
-        
-    #def set_pubkey(self, pubkey):
-    #    self.issuer_pubkey = pubkey
-
 
     ##
     # Set this credential's parent
@@ -425,7 +418,7 @@ class Credential(object):
         next_cred = self.parent
         while next_cred:
             refs.append(next_cred.get_refid())
-            if next_cred.parent_xml:
+            if next_cred.parent:
                 next_cred = next_cred.parent
             else:
                 next_cred = None