def handle(self, connection_id, message_content): """ If the connection wants to take on a role that requires a challenge to be signed, it will request the challenge by sending an AuthorizationChallengeRequest to the validator it wishes to connect to. The validator will send back a random payload that must be signed. If the connection has not sent a ConnectionRequest or the connection has already recieved an AuthorizationChallengeResponse, an AuthorizationViolation will be returned and the connection will be closed. """ if self._network.get_connection_status(connection_id) != \ ConnectionStatus.CONNECTION_REQUEST: LOGGER.debug( "Connection's previous message was not a" " ConnectionRequest, Remove connection to %s", connection_id) violation = AuthorizationViolation( violation=RoleType.Value("NETWORK")) return HandlerResult( HandlerStatus.RETURN_AND_CLOSE, message_out=violation, message_type=validator_pb2.Message.AUTHORIZATION_VIOLATION) random_payload = os.urandom(PAYLOAD_LENGTH) self._challenge_payload_cache[connection_id] = random_payload auth_challenge_response = AuthorizationChallengeResponse( payload=random_payload) self._network.update_connection_status( connection_id, ConnectionStatus.AUTH_CHALLENGE_REQUEST) return HandlerResult(HandlerStatus.RETURN, message_out=auth_challenge_response, message_type=validator_pb2.Message. AUTHORIZATION_CHALLENGE_RESPONSE)
def _inbound_challenge_authorization_callback(self, request, result, connection=None): if result.message_type != \ validator_pb2.Message.AUTHORIZATION_CHALLENGE_RESPONSE: LOGGER.debug("Unable to complete Challenge Authorization.") return auth_challenge_response = AuthorizationChallengeResponse() auth_challenge_response.ParseFromString(result.content) payload = auth_challenge_response.payload signature = signing.sign(payload, self._priv_key) auth_challenge_submit = AuthorizationChallengeSubmit( public_key=self._public_key, payload=payload, signature=signature, roles=[RoleType.Value("NETWORK")]) self.send(validator_pb2.Message.AUTHORIZATION_CHALLENGE_SUBMIT, auth_challenge_submit.SerializeToString(), connection)