import repository from arizona
[raven.git] / apps / gacks / gacksauth.py
1 import xmlrpclib
2 from ravenlib.modpythonapi.ApiExceptionCodes import FAULT_BADREQUESTHASH
3 from sfa.trust.credential import GID, Credential
4
5 class BadRequestHash(xmlrpclib.Fault):
6    def __init__(self, hash = None):
7         faultString = "bad request hash: " + str(hash)
8         xmlrpclib.Fault.__init__(self, FAULT_BADREQUESTHASH, faultString)
9
10 class GacksAuthToken:
11    def __init__(self, gid=None, cred=None, dict=None, xmlrpc_arg=None, argList=None, reqHash=None, pkey=None):
12        self.gid = gid
13        self.cred = cred
14        self.version = "1.0"
15        self.argList = None
16        self.reqHash = reqHash
17        self.pkey = pkey
18        if dict is not None:
19            self.load_from_dict(dict)
20        if xmlrpc_arg is not None:
21            self.load_from_xmlrpc_arg(xmlrpc_arg)
22
23        if argList is not None:
24            self.argList=argList
25
26        if (self.argList is not None) and (self.pkey is not None) and (self.reqHash==None):
27            self.generateRequestHash()
28
29    def save_to_dict(self):
30        if self.gid:
31            d = {"version": self.version, "method": "gid", "value": self.gid.save_to_string(save_parents=True)}
32        elif self.cred:
33            d = {"version": self.version, "method": "cred", "value": self.cred.save_to_string(save_parents=True)}
34        else:
35            raise TypeError("no gid or cred selected")
36
37        if self.argList:
38            d["arglist"] = self.argList
39
40        if self.reqHash:
41            d["reqhash"] = self.reqHash
42
43        return d
44
45    def load_from_dict(self,dict):
46        if dict["method"]=="gid":
47            self.gid = GID(string=dict["value"])
48        elif dict["method"]=="cred":
49            self.cred = Credential(string=dict["value"])
50        else:
51            raise TypeError("method is not gid or cred")
52
53        self.argList = dict.get("arglist", None)
54        self.reqHash = dict.get("reqhash", None)
55
56    def get_gid_caller(self):
57        if self.cred:
58            return self.cred.get_gid_caller()
59        else:
60            return self.gid
61
62    def get_gid_object(self):
63        if self.cred:
64            return self.cred.get_gid_object()
65        else:
66            return self.gid
67
68    def get_signable_val(self):
69        d = self.save_to_dict()
70        assert(self.argList is not None)
71        return str([[d["version"], d["method"], d["value"]], self.argList])
72
73    def generateRequestHash(self):
74        self.reqHash = self.pkey.sign_string(self.get_signable_val())
75
76    def authenticate(self, trusted_roots=None):
77        if self.cred:
78            if trusted_roots:
79                caller_gid = self.cred.get_gid_caller()
80                object_gid = self.cred.get_gid_object()
81                if caller_gid:
82                    caller_gid.verify_chain(trusted_roots.get_list())
83                if object_gid:
84                    object_gid.verify_chain(trusted_roots.get_list())
85            key = self.cred.get_gid_caller().get_pubkey()
86        else:
87            if trusted_roots:
88                self.gid.verify_chain(trusted_roots.get_list())
89            key = self.gid.get_pubkey()
90
91        if not key.verify_string(self.get_signable_val(), self.reqHash):
92            return BadRequestHash(self.reqHash)
93
94    def xmlrpc_arg(self, argList=None):
95        if (argList is not None):
96            self.argList = argList
97            self.generateRequestHash()
98
99        d = self.save_to_dict()
100        if "arglist" in d:
101            del d["arglist"]
102        return d
103
104    def load_from_xmlrpc_arg(self, arg):
105        self.load_from_dict(arg)
106
107    def old_xmlrpc_arg(self):
108        d = self.save_to_dict()
109        # note that a tuple will be encoded by xmlrpc as a list, so encode our
110        # dict as a list instead of a tuple.
111        return [d["version"], d["method"], d["value"], d["reqhash"]]
112
113    def old_load_from_xmlrpc_arg(self, arg):
114        d = {"version": arg[0], "method": arg[1], "value": arg[2], "reqhash": arg[3]}
115        self.load_from_dict(d)
116
117
118
119
120