コード例 #1
0
ファイル: gid.py プロジェクト: HalasNet/felix
 def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None, lifeDays=1825):
     
     Certificate.__init__(self, lifeDays, create, subject, string, filename)
     if subject:
         logger.debug("Creating GID for subject: %s" % subject)
     if uuid:
         self.uuid = int(uuid)
     if hrn:
         self.hrn = hrn
         self.urn = hrn_to_urn(hrn, 'unknown')
     if urn:
         self.urn = urn
         self.hrn, type = urn_to_hrn(urn)
コード例 #2
0
ファイル: gid.py プロジェクト: HalasNet/felix
    def verify_chain(self, trusted_certs = None):
        # do the normal certificate verification stuff
        trusted_root = Certificate.verify_chain(self, trusted_certs)        
       
        if self.parent:
            # make sure the parent's hrn is a prefix of the child's hrn
            if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):
                raise GidParentHrn("This cert HRN %s isn't in the namespace for parent HRN %s" % (self.get_hrn(), self.parent.get_hrn()))

            # Parent must also be an authority (of some type) to sign a GID
            # There are multiple types of authority - accept them all here
            if not self.parent.get_type().find('authority') == 0:
                raise GidInvalidParentHrn("This cert %s's parent %s is not an authority (is a %s)" % (self.get_hrn(), self.parent.get_hrn(), self.parent.get_type()))

            # Then recurse up the chain - ensure the parent is a trusted
            # root or is in the namespace of a trusted root
            self.parent.verify_chain(trusted_certs)
        else:
            # make sure that the trusted root's hrn is a prefix of the child's
            trusted_gid = GID(string=trusted_root.save_to_string())
            trusted_type = trusted_gid.get_type()
            trusted_hrn = trusted_gid.get_hrn()
            #if trusted_type == 'authority':
            #    trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
            cur_hrn = self.get_hrn()
            if not hrn_authfor_hrn(trusted_hrn, cur_hrn):
                raise GidParentHrn("Trusted root with HRN %s isn't a namespace authority for this cert: %s" % (trusted_hrn, cur_hrn))

            # There are multiple types of authority - accept them all here
            if not trusted_type.find('authority') == 0:
                raise GidInvalidParentHrn("This cert %s's trusted root signer %s is not an authority (is a %s)" % (self.get_hrn(), trusted_hrn, trusted_type))

        return
コード例 #3
0
    def verify_chain(self, trusted_certs=None):
        # do the normal certificate verification stuff
        Certificate.verify_chain(self, trusted_certs)

        if self.parent:
            # make sure the parent delegated rights to the child
            if not self.parent.get_delegate():
                raise MissingDelegateBit(self.parent.get_subject())

            # make sure the rights given to the child are a subset of the
            # parents rights
            if not self.parent.get_privileges().is_superset(
                    self.get_privileges()):
                raise ChildRightsNotSubsetOfParent(
                    self.get_subject() + " " +
                    self.parent.get_privileges().save_to_string() + " " +
                    self.get_privileges().save_to_string())

        return
コード例 #4
0
ファイル: credential_legacy.py プロジェクト: HalasNet/felix
    def verify_chain(self, trusted_certs=None):
        # do the normal certificate verification stuff
        Certificate.verify_chain(self, trusted_certs)

        if self.parent:
            # make sure the parent delegated rights to the child
            if not self.parent.get_delegate():
                raise MissingDelegateBit(self.parent.get_subject())

            # make sure the rights given to the child are a subset of the
            # parents rights
            if not self.parent.get_privileges().is_superset(self.get_privileges()):
                raise ChildRightsNotSubsetOfParent(
                    self.get_subject()
                    + " "
                    + self.parent.get_privileges().save_to_string()
                    + " "
                    + self.get_privileges().save_to_string()
                )

        return
コード例 #5
0
    def __init__(self,
                 create=False,
                 subject=None,
                 string=None,
                 filename=None,
                 uuid=None,
                 hrn=None,
                 urn=None,
                 lifeDays=1825):

        Certificate.__init__(self, lifeDays, create, subject, string, filename)
        if subject:
            logger.debug("Creating GID for subject: %s" % subject)
        if uuid:
            self.uuid = int(uuid)
        if hrn:
            self.hrn = hrn
            self.urn = hrn_to_urn(hrn, 'unknown')
        if urn:
            self.urn = urn
            self.hrn, type = urn_to_hrn(urn)
コード例 #6
0
    def verify_chain(self, trusted_certs=None):
        # do the normal certificate verification stuff
        trusted_root = Certificate.verify_chain(self, trusted_certs)

        if self.parent:
            # make sure the parent's hrn is a prefix of the child's hrn
            if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):
                raise GidParentHrn(
                    "This cert HRN %s isn't in the namespace for parent HRN %s"
                    % (self.get_hrn(), self.parent.get_hrn()))

            # Parent must also be an authority (of some type) to sign a GID
            # There are multiple types of authority - accept them all here
            if not self.parent.get_type().find('authority') == 0:
                raise GidInvalidParentHrn(
                    "This cert %s's parent %s is not an authority (is a %s)" %
                    (self.get_hrn(), self.parent.get_hrn(),
                     self.parent.get_type()))

            # Then recurse up the chain - ensure the parent is a trusted
            # root or is in the namespace of a trusted root
            self.parent.verify_chain(trusted_certs)
        else:
            # make sure that the trusted root's hrn is a prefix of the child's
            trusted_gid = GID(string=trusted_root.save_to_string())
            trusted_type = trusted_gid.get_type()
            trusted_hrn = trusted_gid.get_hrn()
            #if trusted_type == 'authority':
            #    trusted_hrn = trusted_hrn[:trusted_hrn.rindex('.')]
            cur_hrn = self.get_hrn()
            if not hrn_authfor_hrn(trusted_hrn, cur_hrn):
                raise GidParentHrn(
                    "Trusted root with HRN %s isn't a namespace authority for this cert: %s"
                    % (trusted_hrn, cur_hrn))

            # There are multiple types of authority - accept them all here
            if not trusted_type.find('authority') == 0:
                raise GidInvalidParentHrn(
                    "This cert %s's trusted root signer %s is not an authority (is a %s)"
                    % (self.get_hrn(), trusted_hrn, trusted_type))

        return
コード例 #7
0
ファイル: credential_legacy.py プロジェクト: HalasNet/felix
 def __init__(self, create=False, subject=None, string=None, filename=None):
     Certificate.__init__(self, create, subject, string, filename)
コード例 #8
0
 def __init__(self, create=False, subject=None, string=None, filename=None):
     Certificate.__init__(self, create, subject, string, filename)