Commit d6513c72 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Quickie pass at adding delegation of a credential.

parent edaaf280
#!/usr/bin/perl -wT
#
# GENIPUBLIC-COPYRIGHT
# Copyright (c) 2008-2010 University of Utah and the Flux Group.
# Copyright (c) 2008-2011 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCredential;
......@@ -135,6 +135,7 @@ sub Create($$$)
$self->{'string'} = undef;
$self->{'capabilities'} = undef;
$self->{'extensions'} = undef;
$self->{'parent_cred'} = undef;
$self->{'idx'} = undef; # Only set when stored to DB.
bless($self, $class);
......@@ -157,6 +158,7 @@ sub hrn($) { return $_[0]->{"target_cert"}->hrn(); }
sub target_urn($) { return $_[0]->{"target_cert"}->urn(); }
sub owner_urn($) { return $_[0]->{"owner_cert"}->urn(); }
sub signer_certs($) { return $_[0]->{"signer_certs"}; }
sub parent_cred($) { return $_[0]->{"parent_cred"}; }
#
# Stringify for output.
......@@ -365,6 +367,12 @@ sub CreateFromSigned($$;$)
}
my $root = $doc->documentElement();
# Dig out the entire credential structure to save it.
my ($credential) = $doc->getElementsByTagName("credential");
# Ditto the signatures.
my @signatures = $doc->getElementsByTagName("signatures");
# Dig out the extensions
# now extensions is an xml element.
my ($extensions) = GeniXML::FindNodes('//n:extensions',
......@@ -468,6 +476,9 @@ sub CreateFromSigned($$;$)
$self->{'owner_uuid'} = $owner_certificate->uuid();
$self->{'owner_cert'} = $owner_certificate;
$self->{'string'} = $string;
$self->{'parent_cred'} = undef;
$self->{'credentialdoc'} = $credential;
$self->{'signatures'} = \@signatures;
$self->{'signer_certs'} = $signer_certs;
$self->{'idx'} = undef; # Only set when stored to DB.
bless($self, $class);
......@@ -569,7 +580,7 @@ sub Sign($$)
$cap_xml .= "<can_delegate>$can_delegate</can_delegate>";
$cap_xml .= "</privilege>\n";
}
$cap_xml .= "</privileges>\n";
$cap_xml .= "</privileges>";
my $extensions = $self->extensions();
$cap_xml .= GeniXML::Serialize($extensions)
......@@ -620,8 +631,16 @@ sub Sign($$)
my $id = sprintf( "%04X%04X%04X%04X", int( rand( 0x10000 ) ),
int( rand( 0x10000 ) ), int( rand( 0x10000 ) ),
int( rand( 0x10000 ) ) );
# If this is a delegation, need to construct a different XML file.
my $parent_xml = "";
if (defined($self->{'parent_cred'})) {
$parent_xml = "<parent>" .
$self->{'parent_cred'}->{'credentialdoc'}->toString() .
"</parent>";
}
my $template =
"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n".
"<credential xml:id=\"ref$id\">\n".
" <type>privilege</type>\n".
" <serial>$idx</serial>\n".
......@@ -631,13 +650,20 @@ sub Sign($$)
" <target_urn>$target_urn</target_urn>\n".
" <uuid>$cred_uuid</uuid>\n".
" <expires>$expires</expires>\n".
" $cap_xml\n".
" $cap_xml". $parent_xml .
"</credential>\n";
if (defined($self->{'parent_cred'})) {
$template = "<signed-credential>\n$template\n";
foreach my $sig (@{ $self->{'parent_cred'}->{'signatures'}}) {
$template .= $sig->toString();
}
$template .= "</signed-credential>\n";
}
my ($fh, $filename) = tempfile(UNLINK => 0);
return -1
if (!defined($fh));
print $fh "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n";
print $fh $template;
close($fh);
......@@ -697,6 +723,26 @@ sub Sign($$)
return 0;
}
#
# Delegate to another owner. This creates a new credential.
#
sub Delegate($$)
{
my ($self, $owner) = @_;
my $credential = GeniCredential->Create($self->target_cert(), $owner);
if (!defined($credential)) {
print STDERR "Could not delegate $self to $owner\n";
return undef;
}
foreach my $cap (keys(%{ $self->capabilities() })) {
$credential->AddCapability($cap, 0);
}
$credential->{'parent_cred'} = $self;
$credential->{'valid_until'} = $self->{'valid_until'};
return $credential;
}
#
# Store the given signed credential in the DB.
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment