Changeset 4157521 for fedd


Ignore:
Timestamp:
Sep 19, 2011 2:31:55 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
compt_changes, info-ops, master
Children:
cd360a0
Parents:
a55f2f9
Message:

Convert to libcreddy. Closed #18

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/fedd_to_abac.py

    ra55f2f9 r4157521  
    1010
    1111from string import join
     12
     13import Creddy
    1214
    1315from federation.authorizer import abac_authorizer
     
    2931                default=False, help='Create the --dir directory')
    3032        self.add_option('--debug', action='store_true', dest='debug',
    31                 default=False, help='Just print the creddy commands')
     33                default=False, help='Just print the libcreddy parameters')
    3234        self.add_option('--policy_only', action='store_const', const=False,
    3335                dest='make_authorizer', default=True,
     
    9799def make_credentials(roles, cert, key, creds_dir, debug):
    98100    """
    99     From the dict of identities, indexed by fedid, call creddy to create the
     101    From the dict of identities, indexed by fedid, call libcreddy to create the
    100102    ABAC certificates.  Return a list of the created files.  If debug is true,
    101     just print the creddy commands.
     103    just print the creddy attribute creation parameters.
    102104    """
    103105    credfiles = []
     
    106108            cf = '%s/%s%03d_attr.der' % \
    107109                    (creds_dir or 'new_cert_dir', id.name, i)
    108             cmd = ['creddy', '--attribute',
    109                     '--issuer=%s' % (cert or 'cert_file'),
    110                     '--key=%s' % (key or 'key_file'), '--role=%s' % r,
    111                     '--subject-id=%s' % k, '--out=%s' % cf ]
     110
     111            cid = Creddy.ID(cert)
     112            cid.load_privkey(key)
     113            cattr = Creddy.Attribute(cid, r, 3600 * 24 * 365 * 10)
     114            cattr.principal(k)
     115
    112116            if debug:
    113                 print join(cmd)
     117                print 'cert %s key %s role %s principal %s out %s' % \
     118                        (cert, key, r, k, cf)
    114119            else:
    115                 rv =  subprocess.call(cmd)
    116                 if rv != 0:
    117                     raise RuntimeError('%s failed: %d' % (join(cmd), rv))
    118                 else:
    119                     credfiles.append(cf)
     120                cattr.bake()
     121                cattr.write_name(cf)
     122                credfiles.append(cf)
    120123    return credfiles
    121124
Note: See TracChangeset for help on using the changeset viewer.