async def start(self):
"""
Start offering and selling data encryption keys in the background.
"""
assert self._run_loop is None
self.log.info('Starting key rotation every {interval} seconds for api_id="{api_id}" ..',
interval=hl(self._interval), api_id=hl(uuid.UUID(bytes=self._api_id)))
self.running = True
self._run_loop = LoopingCall(lambda: ensureDeferred(self._rotate()))
self._started = self._run_loop.start(self._interval)
return self._started
async def start(self):
"""
Start offering and selling data encryption keys in the background.
"""
assert not self.running
self.log.info(
'Starting key rotation every {interval} seconds for api_id="{api_id}" ..',
interval=hl(self._interval),
api_id=hl(uuid.UUID(bytes=self._api_id)))
self.running = True
async def rotate_with_interval():
while self.running:
await self._rotate()
await asyncio.sleep(self._interval)
asyncio.create_task(rotate_with_interval())
async def authenticate(realm, authid, details):
"""
this is our dynamic authenticator procedure that will be called by Crossbar.io
when a session is authenticating
"""
log.info(
'authenticate(realm="{realm}", authid="{authid}", details={details}) {func}',
realm=hl(realm),
authid=hl(authid),
details=details,
func=hltype(create_rlink_authenticator),
)
assert ('authmethod' in details)
assert (details['authmethod'] == 'cryptosign')
assert ('authextra' in details)
assert ('pubkey' in details['authextra'])
pubkey = details['authextra']['pubkey']
log.info(
'authenticating session using realm="{realm}", pubkey={pubkey} .. {func}',
realm=hl(realm),
pubkey=hl(pubkey),
func=hltype(create_rlink_authenticator),
)
if pubkey in pubkey_to_principals:
principal = pubkey_to_principals[pubkey]
auth = {
'pubkey': pubkey,
'realm': principal['realm'],
'authid': principal['authid'],
'role': principal['role'],
'extra': principal['extra'],
'cache': True
}
# Note: with WAMP-cryptosign, even though a client may or may not request a `realm`, but in any case, the
# effective realm the client is authenticated will be returned in the principal `auth['role']` (!)
effective_realm = auth['realm']
log.info(
'found valid principal authid="{authid}", authrole="{authrole}", realm="{realm}" matching given client public key {func}',
func=hltype(create_rlink_authenticator),
authid=hl(auth['authid']),
authrole=hl(auth['role']),
realm=hl(effective_realm),
)
# only now that we know the effective realm a client is to be joined to (see above), maybe active (start)
# the desired application realm to let the client join to subsequently
# await _maybe_activate_realm(controller, effective_realm)
return auth
else:
msg = 'no principal with matching public key 0x{}'.format(pubkey)
log.warn(msg)
raise ApplicationError('com.example.no_such_user', msg)