async def start(self): """ Start offering and selling data encryption keys in the background. """ assert self._run_loop is None self.log.info('Starting key rotation every {interval} seconds for api_id="{api_id}" ..', interval=hl(self._interval), api_id=hl(uuid.UUID(bytes=self._api_id))) self.running = True self._run_loop = LoopingCall(lambda: ensureDeferred(self._rotate())) self._started = self._run_loop.start(self._interval) return self._started
async def start(self): """ Start offering and selling data encryption keys in the background. """ assert not self.running self.log.info( 'Starting key rotation every {interval} seconds for api_id="{api_id}" ..', interval=hl(self._interval), api_id=hl(uuid.UUID(bytes=self._api_id))) self.running = True async def rotate_with_interval(): while self.running: await self._rotate() await asyncio.sleep(self._interval) asyncio.create_task(rotate_with_interval())
async def authenticate(realm, authid, details): """ this is our dynamic authenticator procedure that will be called by Crossbar.io when a session is authenticating """ log.info( 'authenticate(realm="{realm}", authid="{authid}", details={details}) {func}', realm=hl(realm), authid=hl(authid), details=details, func=hltype(create_rlink_authenticator), ) assert ('authmethod' in details) assert (details['authmethod'] == 'cryptosign') assert ('authextra' in details) assert ('pubkey' in details['authextra']) pubkey = details['authextra']['pubkey'] log.info( 'authenticating session using realm="{realm}", pubkey={pubkey} .. {func}', realm=hl(realm), pubkey=hl(pubkey), func=hltype(create_rlink_authenticator), ) if pubkey in pubkey_to_principals: principal = pubkey_to_principals[pubkey] auth = { 'pubkey': pubkey, 'realm': principal['realm'], 'authid': principal['authid'], 'role': principal['role'], 'extra': principal['extra'], 'cache': True } # Note: with WAMP-cryptosign, even though a client may or may not request a `realm`, but in any case, the # effective realm the client is authenticated will be returned in the principal `auth['role']` (!) effective_realm = auth['realm'] log.info( 'found valid principal authid="{authid}", authrole="{authrole}", realm="{realm}" matching given client public key {func}', func=hltype(create_rlink_authenticator), authid=hl(auth['authid']), authrole=hl(auth['role']), realm=hl(effective_realm), ) # only now that we know the effective realm a client is to be joined to (see above), maybe active (start) # the desired application realm to let the client join to subsequently # await _maybe_activate_realm(controller, effective_realm) return auth else: msg = 'no principal with matching public key 0x{}'.format(pubkey) log.warn(msg) raise ApplicationError('com.example.no_such_user', msg)