3 from BaseApi import BaseApi
5 from sfa.trust.credential import Credential
6 from sfa.trust.gid import GID
7 from sfa.trust.trustedroot import TrustedRootList
9 from ApiExceptionCodes import *
11 class BadRequestHash(xmlrpclib.Fault):
12 def __init__(self, hash = None):
13 faultString = "bad request hash: " + str(hash)
14 xmlrpclib.Fault.__init__(self, FAULT_BADREQUESTHASH, faultString)
16 class AuthenticatedApi(BaseApi):
17 def __init__(self, encoding = "utf-8", trustedRootsDir=None):
18 BaseApi.__init__(self, encoding)
20 self.trusted_cert_list = TrustedRootList(trustedRootsDir).get_list()
22 self.trusted_cert_list = None
24 def register_functions(self):
25 BaseApi.register_functions(self)
26 self.register_function(self.gidNoop)
28 def verifyGidRequestHash(self, gid, hash, arglist):
29 key = gid.get_pubkey()
30 if not key.verify_string(str(arglist), hash):
31 raise BadRequestHash(hash)
33 def verifyCredRequestHash(self, cred, hash, arglist):
34 gid = cred.get_gid_caller()
35 self.verifyGidRequestHash(gid, hash, arglist)
37 def validateGid(self, gid):
38 if self.trusted_cert_list:
39 gid.verify_chain(self.trusted_cert_list)
41 def validateCred(self, cred):
42 if self.trusted_cert_list:
43 cred.verify_chain(self.trusted_cert_list)
44 caller_gid = cred.get_gid_caller()
45 object_gid = cred.get_gid_object()
47 caller_gid.verify_chain(self.trusted_cert_list)
49 object_gid.verify_chain(self.trusted_cert_list)
51 def authenticateGid(self, gidStr, argList, requestHash):
52 gid = GID(string = gidStr)
54 self.verifyGidRequestHash(gid, requestHash, argList)
57 def authenticateCred(self, credStr, argList, requestHash):
58 cred = Credential(string = credStr)
59 self.validateCred(cred)
60 self.verifyCredRequestHash(cred, requestHash, argList)
63 def gidNoop(self, gidStr, value, requestHash):
64 self.authenticateGid(gidStr, [gidStr, value], requestHash)
67 def credNoop(self, credStr, value, requestHash):
68 self.authenticateCred(credStr, [credStr, value], requestHash)