def validate_credential(self, filename): valid = True cred = Credential(filename=filename) # check if credential is expires if cred.get_expiration() < datetime.now(): valid = False return valid
def validate_credential(self, filename): valid = True cred = Credential(filename=filename) # check if credential is expires if cred.get_expiration() < datetime.utcnow(): valid = False return valid
def get_cached_credential(self, file): """ Return a cached credential only if it hasn't expired. """ if (os.path.isfile(file)): credential = Credential(filename=file) # make sure it isnt expired if not credential.get_expiration or \ datetime.datetime.today() < credential.get_expiration(): return credential return None
def call(self, urns, creds, expiration_time, options): # Find the valid credentials valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'renewsliver', urns, check_sliver_callback = self.api.driver.check_sliver_credentials, options=options) the_credential = Credential(cred=valid_creds[0]) actual_caller_hrn = the_credential.actual_caller_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-urns: %s\texpiration:%s\tmethod-name: %s"%\ (self.api.interface, actual_caller_hrn, urns, expiration_time,self.name)) # extend as long as possible : take the min of requested and now+SFA_MAX_SLICE_RENEW if options.get('geni_extend_alap'): # ignore requested time and set to max expiration_time = add_datetime(datetime.datetime.utcnow(), days=int(self.api.config.SFA_MAX_SLICE_RENEW)) # Validate that the time does not go beyond the credential's expiration time requested_expire = utcparse(expiration_time) self.api.logger.info("requested_expire = %s"%requested_expire) credential_expire = the_credential.get_expiration() self.api.logger.info("credential_expire = %s"%credential_expire) max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW) max_expire = datetime.datetime.utcnow() + datetime.timedelta (days=max_renew_days) if requested_expire > credential_expire: # used to throw an InsufficientRights exception here, this was not right self.api.logger.warning("Requested expiration %s, after credential expiration (%s) -> trimming to the latter/sooner"%\ (requested_expire, credential_expire)) requested_expire = credential_expire if requested_expire > max_expire: # likewise self.api.logger.warning("Requested expiration %s, after maximal expiration %s days (%s) -> trimming to the latter/sooner"%\ (requested_expire, self.api.config.SFA_MAX_SLICE_RENEW,max_expire)) requested_expire = max_expire return self.api.manager.Renew(self.api, urns, creds, requested_expire, options)
def getCredential(self): """ Return a valid credential for this interface. """ type = 'authority' path = self.config.SFA_DATA_DIR filename = ".".join([self.interface, self.hrn, type, "cred"]) cred_filename = path + os.sep + filename cred = None if os.path.isfile(cred_filename): cred = Credential(filename = cred_filename) # make sure cred isnt expired if not cred.get_expiration or \ datetime.datetime.utcnow() < cred.get_expiration(): return cred.save_to_string(save_parents=True) # get a new credential if self.interface in ['registry']: cred = self.__getCredentialRaw() else: cred = self.__getCredential() cred.save_to_file(cred_filename, save_parents=True) return cred.save_to_string(save_parents=True)
def getCredential(self, minimumExpiration=0): """ Return a valid credential for this interface. """ type = 'authority' path = self.config.SFA_DATA_DIR filename = ".".join([self.interface, self.hrn, type, "cred"]) cred_filename = os.path.join(path, filename) cred = None if os.path.isfile(cred_filename): cred = Credential(filename=cred_filename) # make sure cred isnt expired if not cred.get_expiration or \ datetime.datetime.utcnow() + datetime.timedelta(seconds=minimumExpiration) < cred.get_expiration(): return cred.save_to_string(save_parents=True) # get a new credential if self.interface in ['registry']: cred = self._getCredentialRaw() else: cred = self._getCredential() cred.save_to_file(cred_filename, save_parents=True) return cred.save_to_string(save_parents=True)