Exemple #1
0
 def createABACElement(self, doc, tagName, abacObj):
     kid = abacObj.get_principal_keyid()
     mnem = abacObj.get_principal_mnemonic() # may be None
     role = abacObj.get_role() # may be None
     link = abacObj.get_linking_role() # may be None
     ele = doc.createElement(tagName)
     prin = doc.createElement('ABACprincipal')
     ele.appendChild(prin)
     append_sub(doc, prin, "keyid", kid)
     if mnem:
         append_sub(doc, prin, "mnemonic", mnem)
     if role:
         append_sub(doc, ele, "role", role)
     if link:
         append_sub(doc, ele, "linking_role", link)
     return ele
Exemple #2
0
    def encode(self):
        # Create the XML document
        doc = Document()
        signed_cred = doc.createElement("signed-credential")

# Declare namespaces
# Note that credential/policy.xsd are really the PG schemas
# in a PL namespace.
# Note that delegation of credentials between the 2 only really works
# cause those schemas are identical.
# Also note these PG schemas talk about PG tickets and CM policies.
        signed_cred.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance")
        signed_cred.setAttribute("xsi:noNamespaceSchemaLocation", "http://www.geni.net/resources/credential/2/credential.xsd")
        signed_cred.setAttribute("xsi:schemaLocation", "http://www.planet-lab.org/resources/sfa/ext/policy/1 http://www.planet-lab.org/resources/sfa/ext/policy/1/policy.xsd")

# PG says for those last 2:
#        signed_cred.setAttribute("xsi:noNamespaceSchemaLocation", "http://www.protogeni.net/resources/credential/credential.xsd")
#        signed_cred.setAttribute("xsi:schemaLocation", "http://www.protogeni.net/resources/credential/ext/policy/1 http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd")

        doc.appendChild(signed_cred)

        # Fill in the <credential> bit
        cred = doc.createElement("credential")
        cred.setAttribute("xml:id", self.get_refid())
        signed_cred.appendChild(cred)
        append_sub(doc, cred, "type", "abac")

        # Stub fields
        append_sub(doc, cred, "serial", "8")
        append_sub(doc, cred, "owner_gid", '')
        append_sub(doc, cred, "owner_urn", '')
        append_sub(doc, cred, "target_gid", '')
        append_sub(doc, cred, "target_urn", '')
        append_sub(doc, cred, "uuid", "")

        if not self.expiration:
            self.set_expiration(datetime.datetime.utcnow() + datetime.timedelta(seconds=DEFAULT_CREDENTIAL_LIFETIME))
        self.expiration = self.expiration.replace(microsecond=0)
        if self.expiration.tzinfo is not None and self.expiration.tzinfo.utcoffset(self.expiration) is not None:
            # TZ aware. Make sure it is UTC
            self.expiration = self.expiration.astimezone(tz.tzutc())
        append_sub(doc, cred, "expires", self.expiration.strftime(SFATIME_FORMAT)) # RFC3339

        abac = doc.createElement("abac")
        rt0 = doc.createElement("rt0")
        abac.appendChild(rt0)
        cred.appendChild(abac)
        append_sub(doc, rt0, "version", "1.1")
        head = self.createABACElement(doc, "head", self.get_head())
        rt0.appendChild(head)
        for tail in self.get_tails():
            tailEle = self.createABACElement(doc, "tail", tail)
            rt0.appendChild(tailEle)

        # Create the <signatures> tag
        signatures = doc.createElement("signatures")
        signed_cred.appendChild(signatures)

        # Get the finished product
        self.xml = doc.toxml("utf-8")