Import py-macaroon-bakery_0.0.5.orig.tar.gz

3 files changed, 95 insertions, 14 deletions

diff --git a/macaroonbakery/checkers/__init__.py b/macaroonbakery/checkers/__init__.py
index 9f0b022..25c6b7d 100644
--- a/macaroonbakery/checkers/__init__.py
+++ b/macaroonbakery/checkers/__init__.py
@@ -1,24 +1,53 @@
 # Copyright 2017 Canonical Ltd.
 # Licensed under the LGPLv3, see LICENCE file for details.
 from macaroonbakery.checkers.conditions import (
-    STD_NAMESPACE, COND_DECLARED, COND_TIME_BEFORE, COND_ERROR, COND_ALLOW,
-    COND_DENY, COND_NEED_DECLARED
+    STD_NAMESPACE,
+    COND_DECLARED,
+    COND_TIME_BEFORE,
+    COND_ERROR,
+    COND_ALLOW,
+    COND_DENY,
+    COND_NEED_DECLARED,
 )
 from macaroonbakery.checkers.caveat import (
-    allow_caveat, deny_caveat, declared_caveat, parse_caveat,
-    time_before_caveat, Caveat
+    allow_caveat,
+    deny_caveat,
+    declared_caveat,
+    parse_caveat,
+    time_before_caveat,
+    Caveat,
 )
 from macaroonbakery.checkers.declared import (
-    context_with_declared, infer_declared, infer_declared_from_conditions,
-    need_declared_caveat
+    context_with_declared,
+    infer_declared,
+    infer_declared_from_conditions,
+    need_declared_caveat,
+)
+from macaroonbakery.checkers.operation import (
+    context_with_operations,
+)
+from macaroonbakery.checkers.namespace import (
+    Namespace,
+    deserialize_namespace
+)
+from macaroonbakery.checkers.time import (
+    context_with_clock,
+    expiry_time,
+    macaroons_expiry_time,
 )
-from macaroonbakery.checkers.operation import context_with_operations
-from macaroonbakery.checkers.namespace import Namespace, deserialize_namespace
-from macaroonbakery.checkers.time import context_with_clock
 from macaroonbakery.checkers.checkers import (
-    Checker, CheckerInfo, RegisterError
+    Checker,
+    CheckerInfo,
+    RegisterError,
+)
+from macaroonbakery.checkers.auth_context import (
+    AuthContext,
+    ContextKey,
+)
+
+from macaroonbakery.checkers.utils import (
+    condition_with_prefix,
 )
-from macaroonbakery.checkers.auth_context import AuthContext, ContextKey
 
 __all__ = [
     'AuthContext',
@@ -36,14 +65,17 @@ __all__ = [
     'Namespace',
     'RegisterError',
     'allow_caveat',
+    'condition_with_prefix',
     'context_with_declared',
     'context_with_operations',
     'context_with_clock',
     'declared_caveat',
     'deny_caveat',
     'deserialize_namespace',
+    'expiry_time',
     'infer_declared',
     'infer_declared_from_conditions',
+    'macaroons_expiry_time',
     'need_declared_caveat',
     'parse_caveat',
     'time_before_caveat',
diff --git a/macaroonbakery/checkers/time.py b/macaroonbakery/checkers/time.py
index 052d983..0b52131 100644
--- a/macaroonbakery/checkers/time.py
+++ b/macaroonbakery/checkers/time.py
@@ -1,14 +1,20 @@
 # Copyright 2017 Canonical Ltd.
 # Licensed under the LGPLv3, see LICENCE file for details.
+
+import pyrfc3339
+
 from macaroonbakery.checkers.auth_context import ContextKey
+from macaroonbakery.checkers.conditions import COND_TIME_BEFORE, STD_NAMESPACE
+from macaroonbakery.checkers.utils import condition_with_prefix
+from macaroonbakery.checkers.caveat import parse_caveat
 
 
 TIME_KEY = ContextKey('time-key')
 
 
 def context_with_clock(ctx, clock):
-    ''' Returns a copy of ctx with a key added that associates it with the given
-    clock implementation, which will be used by the time-before checker
+    ''' Returns a copy of ctx with a key added that associates it with the
+    given clock implementation, which will be used by the time-before checker
     to determine the current time.
     The clock should have a utcnow method that returns the current time
     as a datetime value in UTC.
@@ -16,3 +22,46 @@ def context_with_clock(ctx, clock):
     if clock is None:
         return ctx
     return ctx.with_value(TIME_KEY, clock)
+
+
+def macaroons_expiry_time(ns, ms):
+    ''' Returns the minimum time of any time-before caveats found in the given
+    macaroons or None if no such caveats were found.
+    :param ns: a Namespace, used to resolve caveats.
+    :param ms: a list of pymacaroons.Macaroon
+    :return: datetime.DateTime or None.
+    '''
+    t = None
+    for m in ms:
+        et = expiry_time(ns, m.caveats)
+        if et is not None and (t is None or et < t):
+            t = et
+    return t
+
+
+def expiry_time(ns, cavs):
+    ''' Returns the minimum time of any time-before caveats found
+    in the given list or None if no such caveats were found.
+
+    The ns parameter is
+    :param ns: used to determine the standard namespace prefix - if
+    the standard namespace is not found, the empty prefix is assumed.
+    :param cavs: a list of pymacaroons.Caveat
+    :return: datetime.DateTime or None.
+    '''
+    prefix = ns.resolve(STD_NAMESPACE)
+    time_before_cond = condition_with_prefix(
+        prefix, COND_TIME_BEFORE)
+    t = None
+    for cav in cavs:
+        cav = cav.caveat_id_bytes.decode('utf-8')
+        name, rest = parse_caveat(cav)
+        if name != time_before_cond:
+            continue
+        try:
+            et = pyrfc3339.parse(rest)
+            if t is None or et < t:
+                t = et
+        except ValueError:
+            continue
+    return t
diff --git a/macaroonbakery/checkers/utils.py b/macaroonbakery/checkers/utils.py
index f2e51b1..925e8c7 100644
--- a/macaroonbakery/checkers/utils.py
+++ b/macaroonbakery/checkers/utils.py
@@ -7,7 +7,7 @@ def condition_with_prefix(prefix, condition):
 
     If the prefix is non-empty, a colon is used to separate them.
     '''
-    if prefix == '':
+    if prefix == '' or prefix is None:
         return condition
 
     return prefix + ':' + condition