import repository from arizona
[raven.git] / lib / ravenlib / modpythonapi / AuthenticatedApi.py
1 import xmlrpclib
2
3 from BaseApi import BaseApi
4
5 from sfa.trust.credential import Credential
6 from sfa.trust.gid import GID
7 from sfa.trust.trustedroots import TrustedRoots
8
9 from ApiExceptionCodes import *
10
11 class BadRequestHash(xmlrpclib.Fault):
12    def __init__(self, hash = None):
13         faultString = "bad request hash: " + str(hash)
14         xmlrpclib.Fault.__init__(self, FAULT_BADREQUESTHASH, faultString)
15
16 class AuthenticatedApi(BaseApi):
17     def __init__(self, encoding = "utf-8", trustedRootsDir=None):
18         BaseApi.__init__(self, encoding)
19         if trustedRootsDir:
20             self.trusted_roots = TrustedRoots(trustedRootsDir)
21         else:
22             self.trusted_roots = None
23
24     def register_functions(self):
25         BaseApi.register_functions(self)
26         self.register_function(self.gidNoop)
27         self.register_function(self.credNoop)
28
29     def verifyGidRequestHash(self, gid, hash, arglist):
30         key = gid.get_pubkey()
31         if not key.verify_string(str(arglist), hash):
32             raise BadRequestHash(hash)
33
34     def verifyCredRequestHash(self, cred, hash, arglist):
35         gid = cred.get_gid_caller()
36         self.verifyGidRequestHash(gid, hash, arglist)
37
38     def validateGid(self, gid):
39         if self.trusted_roots:
40             gid.verify_chain(self.trusted_roots.get_list())
41
42     def validateCred(self, cred):
43         if self.trusted_roots:
44             if hasattr(cred, "verify"):
45                 pass
46                 # return                # XXX smbaker - fix this ASAP
47                 # cred.verify(self.trusted_roots.get_file_list())
48             else:
49                 cred.verify_chain(self.trusted_roots.get_list())
50             caller_gid = cred.get_gid_caller()
51             object_gid = cred.get_gid_object()
52             if caller_gid:
53                 caller_gid.verify_chain(self.trusted_roots.get_list())
54             if object_gid:
55                 object_gid.verify_chain(self.trusted_roots.get_list())
56
57     def authenticateGid(self, gidStr, argList, requestHash):
58         gid = GID(string = gidStr)
59         self.validateGid(gid)
60         self.verifyGidRequestHash(gid, requestHash, argList)
61         return gid
62
63     def authenticateCred(self, credStr, argList, requestHash):
64         cred = Credential(string = credStr)
65         self.validateCred(cred)
66         self.verifyCredRequestHash(cred, requestHash, argList)
67         return cred
68
69     def gidNoop(self, gidStr, value, requestHash):
70         self.authenticateGid(gidStr, [gidStr, value], requestHash)
71         return value
72
73     def credNoop(self, credStr, value, requestHash):
74         self.authenticateCred(credStr, [credStr, value], requestHash)
75         return value
76
77