def createABACElement(self, doc, tagName, abacObj):
kid = abacObj.get_principal_keyid()
mnem = abacObj.get_principal_mnemonic() # may be None
role = abacObj.get_role() # may be None
link = abacObj.get_linking_role() # may be None
ele = doc.createElement(tagName)
prin = doc.createElement('ABACprincipal')
ele.appendChild(prin)
append_sub(doc, prin, "keyid", kid)
if mnem:
append_sub(doc, prin, "mnemonic", mnem)
if role:
append_sub(doc, ele, "role", role)
if link:
append_sub(doc, ele, "linking_role", link)
return ele
def createABACElement(self, doc, tagName, abacObj):
kid = abacObj.get_principal_keyid()
mnem = abacObj.get_principal_mnemonic() # may be None
role = abacObj.get_role() # may be None
link = abacObj.get_linking_role() # may be None
ele = doc.createElement(tagName)
prin = doc.createElement('ABACprincipal')
ele.appendChild(prin)
append_sub(doc, prin, "keyid", kid)
if mnem:
append_sub(doc, prin, "mnemonic", mnem)
if role:
append_sub(doc, ele, "role", role)
if link:
append_sub(doc, ele, "linking_role", link)
return ele
def encode(self):
# Create the XML document
doc = Document()
signed_cred = doc.createElement("signed-credential")
# Declare namespaces
# Note that credential/policy.xsd are really the PG schemas
# in a PL namespace.
# Note that delegation of credentials between the 2 only really works
# cause those schemas are identical.
# Also note these PG schemas talk about PG tickets and CM policies.
signed_cred.setAttribute("xmlns:xsi",
"http://www.w3.org/2001/XMLSchema-instance")
signed_cred.setAttribute(
"xsi:noNamespaceSchemaLocation",
"http://www.geni.net/resources/credential/2/credential.xsd")
signed_cred.setAttribute(
"xsi:schemaLocation",
"http://www.planet-lab.org/resources/sfa/ext/policy/1 http://www.planet-lab.org/resources/sfa/ext/policy/1/policy.xsd"
)
# PG says for those last 2:
# signed_cred.setAttribute("xsi:noNamespaceSchemaLocation", "http://www.protogeni.net/resources/credential/credential.xsd")
# signed_cred.setAttribute("xsi:schemaLocation", "http://www.protogeni.net/resources/credential/ext/policy/1 http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd")
doc.appendChild(signed_cred)
# Fill in the <credential> bit
cred = doc.createElement("credential")
cred.setAttribute("xml:id", self.get_refid())
signed_cred.appendChild(cred)
append_sub(doc, cred, "type", "abac")
# Stub fields
append_sub(doc, cred, "serial", "8")
append_sub(doc, cred, "owner_gid", '')
append_sub(doc, cred, "owner_urn", '')
append_sub(doc, cred, "target_gid", '')
append_sub(doc, cred, "target_urn", '')
append_sub(doc, cred, "uuid", "")
if not self.expiration:
self.set_expiration(datetime.datetime.utcnow() +
datetime.timedelta(
seconds=DEFAULT_CREDENTIAL_LIFETIME))
self.expiration = self.expiration.replace(microsecond=0)
if self.expiration.tzinfo is not None and self.expiration.tzinfo.utcoffset(
self.expiration) is not None:
# TZ aware. Make sure it is UTC
self.expiration = self.expiration.astimezone(tz.tzutc())
append_sub(doc, cred, "expires",
self.expiration.strftime('%Y-%m-%dT%H:%M:%SZ')) # RFC3339
abac = doc.createElement("abac")
rt0 = doc.createElement("rt0")
abac.appendChild(rt0)
cred.appendChild(abac)
append_sub(doc, rt0, "version", "1.1")
head = self.createABACElement(doc, "head", self.get_head())
rt0.appendChild(head)
for tail in self.get_tails():
tailEle = self.createABACElement(doc, "tail", tail)
rt0.appendChild(tailEle)
# Create the <signatures> tag
signatures = doc.createElement("signatures")
signed_cred.appendChild(signatures)
# Get the finished product
self.xml = doc.toxml("utf-8")
def encode(self):
# Create the XML document
doc = Document()
signed_cred = doc.createElement("signed-credential")
# Declare namespaces
# Note that credential/policy.xsd are really the PG schemas
# in a PL namespace.
# Note that delegation of credentials between the 2 only really works
# cause those schemas are identical.
# Also note these PG schemas talk about PG tickets and CM policies.
signed_cred.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance")
signed_cred.setAttribute("xsi:noNamespaceSchemaLocation", "http://www.geni.net/resources/credential/2/credential.xsd")
signed_cred.setAttribute("xsi:schemaLocation", "http://www.planet-lab.org/resources/sfa/ext/policy/1 http://www.planet-lab.org/resources/sfa/ext/policy/1/policy.xsd")
# PG says for those last 2:
# signed_cred.setAttribute("xsi:noNamespaceSchemaLocation", "http://www.protogeni.net/resources/credential/credential.xsd")
# signed_cred.setAttribute("xsi:schemaLocation", "http://www.protogeni.net/resources/credential/ext/policy/1 http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd")
doc.appendChild(signed_cred)
# Fill in the <credential> bit
cred = doc.createElement("credential")
cred.setAttribute("xml:id", self.get_refid())
signed_cred.appendChild(cred)
append_sub(doc, cred, "type", "abac")
# Stub fields
append_sub(doc, cred, "serial", "8")
append_sub(doc, cred, "owner_gid", '')
append_sub(doc, cred, "owner_urn", '')
append_sub(doc, cred, "target_gid", '')
append_sub(doc, cred, "target_urn", '')
append_sub(doc, cred, "uuid", "")
if not self.expiration:
self.set_expiration(datetime.datetime.utcnow() + datetime.timedelta(seconds=DEFAULT_CREDENTIAL_LIFETIME))
self.expiration = self.expiration.replace(microsecond=0)
if self.expiration.tzinfo is not None and self.expiration.tzinfo.utcoffset(self.expiration) is not None:
# TZ aware. Make sure it is UTC
self.expiration = self.expiration.astimezone(tz.tzutc())
append_sub(doc, cred, "expires", self.expiration.strftime('%Y-%m-%dT%H:%M:%SZ')) # RFC3339
abac = doc.createElement("abac")
rt0 = doc.createElement("rt0")
abac.appendChild(rt0)
cred.appendChild(abac)
append_sub(doc, rt0, "version", "1.1")
head = self.createABACElement(doc, "head", self.get_head())
rt0.appendChild(head)
for tail in self.get_tails():
tailEle = self.createABACElement(doc, "tail", tail)
rt0.appendChild(tailEle)
# Create the <signatures> tag
signatures = doc.createElement("signatures")
signed_cred.appendChild(signatures)
# Get the finished product
self.xml = doc.toxml("utf-8")