Changeset cd360a0


Ignore:
Timestamp:
Sep 19, 2011 2:50:32 PM (8 years ago)
Author:
Ted Faber <faber@…>
Branches:
compt_changes, info-ops, master
Children:
52131d3
Parents:
4157521
Message:

Move to libcreddy. Closes #20

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/access_to_abac.py

    r2e46f35 rcd360a0  
    99from optparse import OptionParser, OptionValueError
    1010from tempfile import mkdtemp
     11
     12import Creddy
    1113
    1214from federation.fedid import fedid
     
    289291        creddy='/usr/local/bin/creddy'):
    290292    '''
    291     Make the creddy calls to create the attributes from the list of credential
     293    Make the the attributes from the list of credential
    292294    objects in the creds parameter.
    293295    '''
    294     def attrs(r):
    295         '''
    296         Convert an attribute into creddy --subject-id and --subject-role
    297         parameters
    298         '''
    299         if r.principal and r.link and r.attr:
    300             return ['--subject-id=%s' % r.principal,
    301                     '--subject-role=%s.%s' % (r.attr, r.link),
    302                     ]
    303         elif r.principal and r.attr:
    304             return ['--subject-id=%s' % r.principal,
    305                     '--subject-role=%s' %r.attr]
    306         elif r.principal:
    307             return ['--subject-id=%s' % r.prinicpal]
    308         else:
    309             raise parse_error('Attribute without a principal?')
    310 
    311     # main line of create_creds
    312296    for i, c in enumerate(creds):
    313         cmd = [creddy, '--attribute', '--issuer=%s' % cert, '--key=%s' % key,
    314                 '--role=%s' % c.attr, '--out=%s/cred%d_attr.der' % (dir, i)]
     297        cid = Creddy.ID(cert)
     298        cid.load_privkey(key)
     299        cattr = Creddy.Attribute(cid, c.attr, 3600 * 24 * 365 * 10)
    315300        for r in c.req:
    316             cmd.extend(attrs(r))
    317         if debug:
    318             print join(cmd)
    319         else:
    320             rv = subprocess.call(cmd)
    321             if rv != 0:
    322                 raise credential_error("%s: %d" % (join(cmd), rv))
     301            if r.principal and r.link and r.attr:
     302                cattr.linking_role(r.principal, r.attr, r.link)
     303            elif r.principal and r.attr:
     304                cattr.role(r.principal, r.attr)
     305            elif r.principal:
     306                cattr.principal(r.principal)
     307            else:
     308                raise parse_error('Attribute without a principal?')
     309        cattr.bake()
     310        cattr.write_name('%s/cred%d_attr.der' % (dir, i))
    323311
    324312def clear_dir(dir):
Note: See TracChangeset for help on using the changeset viewer.