sfa/server/modpythonapi/AuthenticatedApi.py

   1 import xmlrpclib
   2
   3 from BaseApi import BaseApi
   4
   5 from sfa.trust.credential import Credential
   6 from sfa.trust.gid import GID
   7 from sfa.trust.trustedroot import TrustedRootList
   8
   9 from ApiExceptionCodes import *
  10
  11 class BadRequestHash(xmlrpclib.Fault):
  12    def __init__(self, hash = None):
  13         faultString = "bad request hash: " + str(hash)
  14         xmlrpclib.Fault.__init__(self, FAULT_BADREQUESTHASH, faultString)
  15
  16 class AuthenticatedApi(BaseApi):
  17     def __init__(self, encoding = "utf-8", trustedRootsDir=None):
  18         BaseApi.__init__(self, encoding)
  19         if trustedRootsDir:
  20             self.trusted_cert_list = TrustedRootList(trustedRootsDir).get_list()
  21         else:
  22             self.trusted_cert_list = None
  23
  24     def register_functions(self):
  25         BaseApi.register_functions(self)
  26         self.register_function(self.gidNoop)
  27
  28     def verifyGidRequestHash(self, gid, hash, arglist):
  29         key = gid.get_pubkey()
  30         if not key.verify_string(str(arglist), hash):
  31             raise BadRequestHash(hash)
  32
  33     def verifyCredRequestHash(self, cred, hash, arglist):
  34         gid = cred.get_gid_caller()
  35         self.verifyGidRequestHash(gid, hash, arglist)
  36
  37     def validateGid(self, gid):
  38         if self.trusted_cert_list:
  39             gid.verify_chain(self.trusted_cert_list)
  40
  41     def validateCred(self, cred):
  42         if self.trusted_cert_list:
  43             cred.verify_chain(self.trusted_cert_list)
  44             caller_gid = cred.get_gid_caller()
  45             object_gid = cred.get_gid_object()
  46             if caller_gid:
  47                 caller_gid.verify_chain(self.trusted_cert_list)
  48             if object_gid:
  49                 object_gid.verify_chain(self.trusted_cert_list)
  50
  51     def authenticateGid(self, gidStr, argList, requestHash):
  52         gid = GID(string = gidStr)
  53         self.validateGid(gid)
  54         self.verifyGidRequestHash(gid, requestHash, argList)
  55         return gid
  56
  57     def authenticateCred(self, credStr, argList, requestHash):
  58         cred = Credential(string = credStr)
  59         self.validateCred(cred)
  60         self.verifyCredRequestHash(cred, requestHash, argList)
  61         return cred
  62
  63     def gidNoop(self, gidStr, value, requestHash):
  64         self.authenticateGid(gidStr, [gidStr, value], requestHash)
  65         return value
  66
  67     def credNoop(self, credStr, value, requestHash):
  68         self.authenticateCred(credStr, [credStr, value], requestHash)
  69         return value
  70
  71