summaryrefslogtreecommitdiff
path: root/macaroonbakery/checkers/_time.py
blob: 2ae1d894b2b6c40e6e3026d88c5000476c2cabfa (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# Copyright 2017 Canonical Ltd.
# Licensed under the LGPLv3, see LICENCE file for details.

import pyrfc3339
from ._auth_context import ContextKey
from ._caveat import parse_caveat
from ._conditions import COND_TIME_BEFORE, STD_NAMESPACE
from ._utils import condition_with_prefix

TIME_KEY = ContextKey('time-key')


def context_with_clock(ctx, clock):
    ''' Returns a copy of ctx with a key added that associates it with the
    given clock implementation, which will be used by the time-before checker
    to determine the current time.
    The clock should have a utcnow method that returns the current time
    as a datetime value in UTC.
    '''
    if clock is None:
        return ctx
    return ctx.with_value(TIME_KEY, clock)


def macaroons_expiry_time(ns, ms):
    ''' Returns the minimum time of any time-before caveats found in the given
    macaroons or None if no such caveats were found.
    :param ns: a Namespace, used to resolve caveats.
    :param ms: a list of pymacaroons.Macaroon
    :return: datetime.DateTime or None.
    '''
    t = None
    for m in ms:
        et = expiry_time(ns, m.caveats)
        if et is not None and (t is None or et < t):
            t = et
    return t


def expiry_time(ns, cavs):
    ''' Returns the minimum time of any time-before caveats found
    in the given list or None if no such caveats were found.

    The ns parameter is
    :param ns: used to determine the standard namespace prefix - if
    the standard namespace is not found, the empty prefix is assumed.
    :param cavs: a list of pymacaroons.Caveat
    :return: datetime.DateTime or None.
    '''
    prefix = ns.resolve(STD_NAMESPACE)
    time_before_cond = condition_with_prefix(
        prefix, COND_TIME_BEFORE)
    t = None
    for cav in cavs:
        if not cav.first_party():
            continue
        cav = cav.caveat_id_bytes.decode('utf-8')
        name, rest = parse_caveat(cav)
        if name != time_before_cond:
            continue
        try:
            et = pyrfc3339.parse(rest, utc=True).replace(tzinfo=None)
            if t is None or et < t:
                t = et
        except ValueError:
            continue
    return t
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 19:54:40 +0000