diff options
author | Colin Watson <cjwatson@debian.org> | 2017-11-06 10:04:48 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-11-06 10:04:48 +0000 |
commit | 37d61d0415f6cc96a7a9abe057e1ae0f89fd977e (patch) | |
tree | 4ca3c2560d2ba062adb7de86d047d67db8984940 /macaroonbakery/checkers | |
parent | 3d9eaeb5dacee168a93da090e2c0d46eedbe51a2 (diff) |
Import py-macaroon-bakery_0.0.5.orig.tar.gz
Diffstat (limited to 'macaroonbakery/checkers')
-rw-r--r-- | macaroonbakery/checkers/__init__.py | 54 | ||||
-rw-r--r-- | macaroonbakery/checkers/time.py | 53 | ||||
-rw-r--r-- | macaroonbakery/checkers/utils.py | 2 |
3 files changed, 95 insertions, 14 deletions
diff --git a/macaroonbakery/checkers/__init__.py b/macaroonbakery/checkers/__init__.py index 9f0b022..25c6b7d 100644 --- a/macaroonbakery/checkers/__init__.py +++ b/macaroonbakery/checkers/__init__.py @@ -1,24 +1,53 @@ # Copyright 2017 Canonical Ltd. # Licensed under the LGPLv3, see LICENCE file for details. from macaroonbakery.checkers.conditions import ( - STD_NAMESPACE, COND_DECLARED, COND_TIME_BEFORE, COND_ERROR, COND_ALLOW, - COND_DENY, COND_NEED_DECLARED + STD_NAMESPACE, + COND_DECLARED, + COND_TIME_BEFORE, + COND_ERROR, + COND_ALLOW, + COND_DENY, + COND_NEED_DECLARED, ) from macaroonbakery.checkers.caveat import ( - allow_caveat, deny_caveat, declared_caveat, parse_caveat, - time_before_caveat, Caveat + allow_caveat, + deny_caveat, + declared_caveat, + parse_caveat, + time_before_caveat, + Caveat, ) from macaroonbakery.checkers.declared import ( - context_with_declared, infer_declared, infer_declared_from_conditions, - need_declared_caveat + context_with_declared, + infer_declared, + infer_declared_from_conditions, + need_declared_caveat, +) +from macaroonbakery.checkers.operation import ( + context_with_operations, +) +from macaroonbakery.checkers.namespace import ( + Namespace, + deserialize_namespace +) +from macaroonbakery.checkers.time import ( + context_with_clock, + expiry_time, + macaroons_expiry_time, ) -from macaroonbakery.checkers.operation import context_with_operations -from macaroonbakery.checkers.namespace import Namespace, deserialize_namespace -from macaroonbakery.checkers.time import context_with_clock from macaroonbakery.checkers.checkers import ( - Checker, CheckerInfo, RegisterError + Checker, + CheckerInfo, + RegisterError, +) +from macaroonbakery.checkers.auth_context import ( + AuthContext, + ContextKey, +) + +from macaroonbakery.checkers.utils import ( + condition_with_prefix, ) -from macaroonbakery.checkers.auth_context import AuthContext, ContextKey __all__ = [ 'AuthContext', @@ -36,14 +65,17 @@ __all__ = [ 'Namespace', 'RegisterError', 'allow_caveat', + 'condition_with_prefix', 'context_with_declared', 'context_with_operations', 'context_with_clock', 'declared_caveat', 'deny_caveat', 'deserialize_namespace', + 'expiry_time', 'infer_declared', 'infer_declared_from_conditions', + 'macaroons_expiry_time', 'need_declared_caveat', 'parse_caveat', 'time_before_caveat', diff --git a/macaroonbakery/checkers/time.py b/macaroonbakery/checkers/time.py index 052d983..0b52131 100644 --- a/macaroonbakery/checkers/time.py +++ b/macaroonbakery/checkers/time.py @@ -1,14 +1,20 @@ # Copyright 2017 Canonical Ltd. # Licensed under the LGPLv3, see LICENCE file for details. + +import pyrfc3339 + from macaroonbakery.checkers.auth_context import ContextKey +from macaroonbakery.checkers.conditions import COND_TIME_BEFORE, STD_NAMESPACE +from macaroonbakery.checkers.utils import condition_with_prefix +from macaroonbakery.checkers.caveat import parse_caveat TIME_KEY = ContextKey('time-key') def context_with_clock(ctx, clock): - ''' Returns a copy of ctx with a key added that associates it with the given - clock implementation, which will be used by the time-before checker + ''' Returns a copy of ctx with a key added that associates it with the + given clock implementation, which will be used by the time-before checker to determine the current time. The clock should have a utcnow method that returns the current time as a datetime value in UTC. @@ -16,3 +22,46 @@ def context_with_clock(ctx, clock): if clock is None: return ctx return ctx.with_value(TIME_KEY, clock) + + +def macaroons_expiry_time(ns, ms): + ''' Returns the minimum time of any time-before caveats found in the given + macaroons or None if no such caveats were found. + :param ns: a Namespace, used to resolve caveats. + :param ms: a list of pymacaroons.Macaroon + :return: datetime.DateTime or None. + ''' + t = None + for m in ms: + et = expiry_time(ns, m.caveats) + if et is not None and (t is None or et < t): + t = et + return t + + +def expiry_time(ns, cavs): + ''' Returns the minimum time of any time-before caveats found + in the given list or None if no such caveats were found. + + The ns parameter is + :param ns: used to determine the standard namespace prefix - if + the standard namespace is not found, the empty prefix is assumed. + :param cavs: a list of pymacaroons.Caveat + :return: datetime.DateTime or None. + ''' + prefix = ns.resolve(STD_NAMESPACE) + time_before_cond = condition_with_prefix( + prefix, COND_TIME_BEFORE) + t = None + for cav in cavs: + cav = cav.caveat_id_bytes.decode('utf-8') + name, rest = parse_caveat(cav) + if name != time_before_cond: + continue + try: + et = pyrfc3339.parse(rest) + if t is None or et < t: + t = et + except ValueError: + continue + return t diff --git a/macaroonbakery/checkers/utils.py b/macaroonbakery/checkers/utils.py index f2e51b1..925e8c7 100644 --- a/macaroonbakery/checkers/utils.py +++ b/macaroonbakery/checkers/utils.py @@ -7,7 +7,7 @@ def condition_with_prefix(prefix, condition): If the prefix is non-empty, a colon is used to separate them. ''' - if prefix == '': + if prefix == '' or prefix is None: return condition return prefix + ':' + condition |