def fetch_derived_token(self, ezSecurityToken, targetApp, excludedAuths=None, skipCache=False): """ Used when an application receives an EzSecurityToken as part of it's API but needs to call another service that itself takes an EzSecurityToken. :param ezSecurityToken: :param targetApp: :param excludedAuths: :return: """ # get the security id for target app (depending on if its a common # service or an application) dc = ServiceDiscoveryClient(self.zk_con_str) targetSecurityId = dc.get_security_id(targetApp) token_request = TokenRequest( self.appConfig.getSecurityID(), util.current_time_millis() ) token_request.tokenPrincipal = ezSecurityToken token_request.targetSecurityId = targetSecurityId token_request.excludeAuthorizations = excludedAuths # look in the cache (and return immediately if in cache) dn = ezSecurityToken.tokenPrincipal.principal request_chain = ezSecurityToken.tokenPrincipal.requestChain cache_key = self._get_cache_key(ezSecurityToken.type, dn, excludedAuths, request_chain, targetSecurityId) if not skipCache: token = self.__get_from_cache(cache_key) if token: return token # get token (since it wasn't found in the cache) headers = { HTTP_HEADER_USER_INFO: dn, HTTP_HEADER_SIGNATURE: self._sign(dn) } request, signature = self.build_request(headers, targetApp, exclude_authorizations=excludedAuths) return self._request_token_and_store(request, signature, "derived", dn, cache_key)
def build_request(self, headers, target_app=None, token_type=TokenType.USER, exclude_authorizations=None): """ Build a TokenRequest for the given information. @param target_app: the optional targetSecurityId @return: A TokenRequest for the request """ token = TokenRequest(securityId=self.appConfig.getSecurityID(), targetSecurityId=target_app, timestamp=util.current_time_millis(), type=token_type, excludeAuthorizations=exclude_authorizations) token.targetSecurityId = target_app if token_type == TokenType.USER: token.proxyPrincipal = self.principal_from_request(headers) # generate signature if not self.mock: signature = self._sign(util.serialize_token_request(token)) else: signature = "" return token, signature