def validate_credential(self, filename):
valid = True
cred = Credential(filename=filename)
# check if credential is expires
if cred.get_expiration() < datetime.now():
valid = False
return valid
def validate_credential(self, filename):
valid = True
cred = Credential(filename=filename)
# check if credential is expires
if cred.get_expiration() < datetime.utcnow():
valid = False
return valid
def get_cached_credential(self, file):
"""
Return a cached credential only if it hasn't expired.
"""
if (os.path.isfile(file)):
credential = Credential(filename=file)
# make sure it isnt expired
if not credential.get_expiration or \
datetime.datetime.today() < credential.get_expiration():
return credential
return None
def call(self, urns, creds, expiration_time, options):
# Find the valid credentials
valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'renewsliver', urns,
check_sliver_callback = self.api.driver.check_sliver_credentials,
options=options)
the_credential = Credential(cred=valid_creds[0])
actual_caller_hrn = the_credential.actual_caller_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-urns: %s\texpiration:%s\tmethod-name: %s"%\
(self.api.interface, actual_caller_hrn, urns, expiration_time,self.name))
# extend as long as possible : take the min of requested and now+SFA_MAX_SLICE_RENEW
if options.get('geni_extend_alap'):
# ignore requested time and set to max
expiration_time = add_datetime(datetime.datetime.utcnow(), days=int(self.api.config.SFA_MAX_SLICE_RENEW))
# Validate that the time does not go beyond the credential's expiration time
requested_expire = utcparse(expiration_time)
self.api.logger.info("requested_expire = %s"%requested_expire)
credential_expire = the_credential.get_expiration()
self.api.logger.info("credential_expire = %s"%credential_expire)
max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW)
max_expire = datetime.datetime.utcnow() + datetime.timedelta (days=max_renew_days)
if requested_expire > credential_expire:
# used to throw an InsufficientRights exception here, this was not right
self.api.logger.warning("Requested expiration %s, after credential expiration (%s) -> trimming to the latter/sooner"%\
(requested_expire, credential_expire))
requested_expire = credential_expire
if requested_expire > max_expire:
# likewise
self.api.logger.warning("Requested expiration %s, after maximal expiration %s days (%s) -> trimming to the latter/sooner"%\
(requested_expire, self.api.config.SFA_MAX_SLICE_RENEW,max_expire))
requested_expire = max_expire
return self.api.manager.Renew(self.api, urns, creds, requested_expire, options)
def getCredential(self):
"""
Return a valid credential for this interface.
"""
type = 'authority'
path = self.config.SFA_DATA_DIR
filename = ".".join([self.interface, self.hrn, type, "cred"])
cred_filename = path + os.sep + filename
cred = None
if os.path.isfile(cred_filename):
cred = Credential(filename = cred_filename)
# make sure cred isnt expired
if not cred.get_expiration or \
datetime.datetime.utcnow() < cred.get_expiration():
return cred.save_to_string(save_parents=True)
# get a new credential
if self.interface in ['registry']:
cred = self.__getCredentialRaw()
else:
cred = self.__getCredential()
cred.save_to_file(cred_filename, save_parents=True)
return cred.save_to_string(save_parents=True)
def getCredential(self, minimumExpiration=0):
"""
Return a valid credential for this interface.
"""
type = 'authority'
path = self.config.SFA_DATA_DIR
filename = ".".join([self.interface, self.hrn, type, "cred"])
cred_filename = os.path.join(path, filename)
cred = None
if os.path.isfile(cred_filename):
cred = Credential(filename=cred_filename)
# make sure cred isnt expired
if not cred.get_expiration or \
datetime.datetime.utcnow() + datetime.timedelta(seconds=minimumExpiration) < cred.get_expiration():
return cred.save_to_string(save_parents=True)
# get a new credential
if self.interface in ['registry']:
cred = self._getCredentialRaw()
else:
cred = self._getCredential()
cred.save_to_file(cred_filename, save_parents=True)
return cred.save_to_string(save_parents=True)
