import crypto, socket, time

appbase = '/home/equinox/subdap/'
keyfile = appbase + 'subdap-%s.key' % (socket.gethostname())
pubfile = appbase + 'subdap-%s.pem' % (socket.gethostname())
keys = ['site', 'user', 'ts', 'sig']

def tgt_create(site, user):
	ts = int(time.time())
	data = '%s:%d:%s' % (site, ts, user)
	sig = crypto.sign(keyfile, data)
	return {'site': site, 'user': user, 'ts': ts, 'sig': sig}

def tgt_verify(site, user, ts, sig, maxage = None):
	data = '%s:%d:%s' % (site, int(ts), user)
	status = crypto.verify(pubfile, data, sig)
	if maxage != None:
		status &= ts > time.time() - maxage
	return status

if __name__ == '__main__':
	import urllib
	sig = tgt_create('site', 'test')
	print urllib.urlencode(sig)
	assert not tgt_verify(maxage = -9999, **sig)
	assert     tgt_verify(maxage =  9999, **sig)