Changeset 67fa1cf for fedd/federation/authorizer.py

Timestamp:

May 30, 2013 3:53:29 PM (11 years ago)

Author:

Ted Faber <faber@…>

Branches:

master

Children:

1f9c361, b213b53

Parents:

e8f2d4c

Message:

MOve over to ABAC 0.1.4

File:

• fedd/federation/authorizer.py (modified) (9 diffs)

fedd/federation/authorizer.py

@@ -15 +15 @@
 
 import ABAC
-import Creddy
 import pickle
 
@@ -258 +257 @@
 
         for dir in certs or []:
-            self.context.load_directory(dir)
+            self.resilient_load_directory(dir)
 
         if load:
@@ -266 +265 @@
         self.creddy_id = None
         try:
-            self.creddy_id = Creddy.ID(self.me)
+            self.creddy_id = ABAC.ID(self.me)
         except:
             raise abac_authorizer.bad_cert_error('Cannot load cert %s' \
@@ -277 +276 @@
             raise abac_authorized_bad_cert_error('Cannot load key %s' \
                     % self.key)
+
+    def resilient_load_directory(self, dirname):
+        '''
+        ABAC.Context.load_directory has foolish arbitrary filename
+        distinctions.  This tries to load the contents of dirname into the
+        authorizer's context first as IDs and then any that fail as attributes.
+        '''
+        files = os.listdir(dirname)
+        attrs = []
+        for f in files:
+            p = os.path.join(dirname, f)
+            if not os.path.isfile(p): continue
+            if self.context.load_id_file(p) != ABAC.ABAC_CERT_SUCCESS:
+                attrs.append(p)
+        for p in attrs:
+            self.context.load_attribute_file(p) 
 
 
@@ -318 +333 @@
             if data_list is None: data_list = []
             for fn in file_list:
-                # Try to parse file as a Creddy ID, so we can import PEM files
+                # Try to parse file as a ABAC ID, so we can import PEM files
                 try:
-                    cid = Creddy.ID(fn)
+                    cid = ABAC.ID(fn)
                     data_list.append(cid.cert_chunk())
                     continue
@@ -379 +394 @@
                 # This will simplify when we have libcreddy
                 try:
-                    attrcert = Creddy.Attribute(self.creddy_id, 
+                    attrcert = ABAC.Attribute(self.creddy_id, 
                             self.clean_attr(attr), 3600 * 24 * 365 * 10)
                     attrcert.principal("%s" % name)
@@ -575 +590 @@
                 attr = c.attribute_cert()
                 # NB: file naming conventions matter here.  The trailing_ID and
-                # _attr are required by ABAC.COntext.load_directory()
+                # _attr are required by ABAC.Context.load_directory().  We use
+                # resilient_load_directory now, but no sense pulling these out
+                # now.
                 if id and id not in seenid:
-                    f = open("%s/certs/ID_%05d_ID.der" % (dir, ii), "w")
+                    f = open("%s/certs/ID_%05d_ID.xml" % (dir, ii), "w")
                     f.write(id)
                     f.close()
@@ -583 +600 @@
                     seenid.add(id)
                 if attr and attr not in seenattr:
-                    f = open("%s/certs/attr_%05d_attr.der" % (dir, ai), "w")
+                    f = open("%s/certs/attr_%05d_attr.xml" % (dir, ai), "w")
                     f.write(attr)
                     f.close()
@@ -620 +637 @@
                 if self.key:
                     self.init_libcreddy_id()
-            self.context.load_directory("%s/certs" % dir)
+            self.resilient_load_directory("%s/certs" % dir)
             self.save_dir = dir
         except EnvironmentError, e: