3 from BaseApi import BaseApi
5 from sfa.trust.credential import Credential
6 from sfa.trust.gid import GID
7 from sfa.trust.trustedroot import TrustedRootList
9 from ApiExceptionCodes import *
11 class BadRequestHash(xmlrpclib.Fault):
12 def __init__(self, hash = None):
13 faultString = "bad request hash: " + str(hash)
14 xmlrpclib.Fault.__init__(self, FAULT_BADREQUESTHASH, faultString)
16 class AuthenticatedApi(BaseApi):
17 def __init__(self, encoding = "utf-8", trustedRootsDir=None):
18 BaseApi.__init__(self, encoding)
20 self.trusted_cert_list = TrustedRootList(trustedRootsDir).get_list()
21 self.trusted_cert_file_list = TrustedRootList(trustedRootsDir).get_file_list()
23 self.trusted_cert_list = None
25 def register_functions(self):
26 BaseApi.register_functions(self)
27 self.register_function(self.gidNoop)
29 def verifyGidRequestHash(self, gid, hash, arglist):
30 key = gid.get_pubkey()
31 if not key.verify_string(str(arglist), hash):
32 raise BadRequestHash(hash)
34 def verifyCredRequestHash(self, cred, hash, arglist):
35 gid = cred.get_gid_caller()
36 self.verifyGidRequestHash(gid, hash, arglist)
38 def validateGid(self, gid):
39 if self.trusted_cert_list:
40 gid.verify_chain(self.trusted_cert_list)
42 def validateCred(self, cred):
43 if self.trusted_cert_list:
44 cred.verify(self.trusted_cert_file_list)
46 def authenticateGid(self, gidStr, argList, requestHash):
47 gid = GID(string = gidStr)
49 self.verifyGidRequestHash(gid, requestHash, argList)
52 def authenticateCred(self, credStr, argList, requestHash):
53 cred = Credential(string = credStr)
54 self.validateCred(cred)
55 self.verifyCredRequestHash(cred, requestHash, argList)
58 def gidNoop(self, gidStr, value, requestHash):
59 self.authenticateGid(gidStr, [gidStr, value], requestHash)
62 def credNoop(self, credStr, value, requestHash):
63 self.authenticateCred(credStr, [credStr, value], requestHash)