def verify(self, trusted_certs=None, schema=None, trusted_certs_required=True): if not self.xml: self.decode() # validate against RelaxNG schema if HAVELXML and not self.legacy: if schema and os.path.exists(schema): tree = etree.parse(StringIO(self.xml)) schema_doc = etree.parse(schema) xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error message = "%s: %s (line %s)" % (self.get_summary_tostring(), error.message, error.line) raise CredentialNotVerifiable(message) if trusted_certs_required and trusted_certs is None: trusted_certs = [] # trusted_cert_objects = [GID(filename=f) for f in trusted_certs] trusted_cert_objects = [] ok_trusted_certs = [] # If caller explicitly passed in None that means skip cert chain validation. # Strange and not typical if trusted_certs is not None: for f in trusted_certs: try: # Failures here include unreadable files # or non PEM files trusted_cert_objects.append(GID(filename=f)) ok_trusted_certs.append(f) except Exception, exc: logger.error("Failed to load trusted cert from %s: %r" % (f, exc)) trusted_certs = ok_trusted_certs
def utcparse(input): """ Translate a string into a time using dateutil.parser.parse but make sure it's in UTC time and strip the timezone, so that it's compatible with normal datetime.datetime objects. For safety this can also handle inputs that are either timestamps, or datetimes """ # prepare the input for the checks below by # casting strings ('1327098335') to ints if isinstance(input, StringTypes): try: input = int(input) except ValueError: pass if isinstance (input, datetime.datetime): logger.warn ("argument to utcparse already a datetime - doing nothing") return input elif isinstance (input, StringTypes): t = dateutil.parser.parse(input) if t.utcoffset() is not None: t = t.utcoffset() + t.replace(tzinfo=None) return t elif isinstance (input, (int,float,long)): return datetime.datetime.fromtimestamp(input) else: logger.error("Unexpected type in utcparse [%s]"%type(input))
def set_expiration(self, expiration): if isinstance(expiration, (int, float)): self.expiration = datetime.datetime.fromtimestamp(expiration) elif isinstance(expiration, datetime.datetime): self.expiration = expiration elif isinstance(expiration, StringTypes): self.expiration = utcparse(expiration) else: logger.error("unexpected input type in Credential.set_expiration")
def set_expiration(self, expiration): if isinstance(expiration, (int, float)): self.expiration = datetime.datetime.fromtimestamp(expiration) elif isinstance (expiration, datetime.datetime): self.expiration = expiration elif isinstance (expiration, StringTypes): self.expiration = utcparse (expiration) else: logger.error ("unexpected input type in Credential.set_expiration")
def verify(self, trusted_certs=None, schema=None, trusted_certs_required=True): if not self.xml: self.decode() # validate against RelaxNG schema if HAVELXML and not self.legacy: if schema and os.path.exists(schema): tree = etree.parse(StringIO(self.xml)) schema_doc = etree.parse(schema) xmlschema = etree.XMLSchema(schema_doc) if not xmlschema.validate(tree): error = xmlschema.error_log.last_error message = "%s: %s (line %s)" % ( self.get_summary_tostring(), error.message, error.line) raise CredentialNotVerifiable(message) if trusted_certs_required and trusted_certs is None: trusted_certs = [] # trusted_cert_objects = [GID(filename=f) for f in trusted_certs] trusted_cert_objects = [] ok_trusted_certs = [] # If caller explicitly passed in None that means skip cert chain validation. # Strange and not typical if trusted_certs is not None: for f in trusted_certs: try: # Failures here include unreadable files # or non PEM files trusted_cert_objects.append(GID(filename=f)) ok_trusted_certs.append(f) except Exception, exc: logger.error("Failed to load trusted cert from %s: %r" % (f, exc)) trusted_certs = ok_trusted_certs