def authorize(self, scheme, **params):
identifier = self.getIdentifierInRealm(params["realm"])
if identifier:
log.debug("Using idenitifier {0} for realm {1[realm]}".format(
identifier, params), system=repr(self))
cred = {"challenge": params["challenge"],
"realm": params["realm"],
"id": identifier, }
log.debug("Signing challenge with {0.key.id}".format(self))
try:
cred["signature"] = yield self.signAuth(cred)
log.debug("Signed challenge")
auth = ", ".join(["{0}=\"{1}\"".format(*i) for i in cred.items()])
authorization = "{0} {1}".format(scheme, auth)
log.debug("Authorization: {0}".format(authorization))
except:
log.err()
raise
else:
log.debug("{0.key.id} has no idenitifier in realm {1}".format(
self, params["realm"]), system=repr(self))
authorization = None
yield succeed(True)
returnValue(authorization)
def agentDetached(self, agent, reason):
log.debug("Detached from SSH agent: {0}".format(agent))
try:
self.agents.remove(agent)
except:
log.err()
self._pruneAgentKeys(agent)
def _buildKey(self, key, comment):
if isinstance(key, basestring):
try:
key = crypto.Key.fromString(key)
except:
log.err()
raise ValueError("Invalid key data")
if not isinstance(key, crypto.Key):
raise ValueError("Invalid key")
return PublicKey(key, self.id, comment, self.config, self.agent)
def _handleErrors(self, open, request):
try:
rsp = yield open(request)
except Exception, err:
log.err()
if isinstance(err, (EntityNotFound, KeyNotFound, KeyAlreadyExists, EntityAlreadyExists)):
request.setResponseCode(http.BAD_REQUEST)
else:
request.setResponseCode(http.INTERNAL_SERVER_ERROR)
request.setHeader("Content-type", "application/json")
self.jsonize({"error": err}, request)
request.finish()
def _compileRealmRegexes(self, authenticators):
# Need to use a copy of the list if we need to remove() items.
for authSpec in list(authenticators):
try:
if "realms" in authSpec:
for realmSpec in authSpec["realms"]:
if "realm" in realmSpec:
realmSpec["pattern"] = pattern = realmSpec["realm"]
realmSpec["realm"] = re.compile(pattern)
except:
authenticators.remove(authSpec)
log.err()
return authenticators
def registerKey(self, key, comment):
url = self.baseUrl.click("keys/")
pubKey = self._buildKey(key, comment)
try:
rsp = yield self.agent.open(url, method="POST",
data=ws.jsonize({"key": pubKey}))
except WebError, err:
if int(err.status) == http.BAD_REQUEST:
try:
errInfo = json.loads(err.response.content)["error"]
except:
log.err()
raise err
else:
log.debug("Decoded JSON error")
if errInfo.get("type") == "KeyAlreadyExists":
raise iface.KeyAlreadyExists(pubKey)
log.err()
raise
def registerEntity(self, entId, species, key):
url = self.baseUrl.click("entities/")
ent = self._buildEntity(entId, species, key.id)
pubKey = self._buildKey(key, entId, "primary")
try:
rsp = yield self.agent.open(url, method="POST",
data=ws.jsonize({"entity": ent, "key": pubKey, }))
except WebError, err:
if int(err.status) == http.BAD_REQUEST:
try:
errInfo = json.loads(err.response.content)["error"]
except:
log.err()
raise err
else:
log.debug("Decoded JSON error")
if errInfo.get("type") == "EntityAlreadyExists":
raise iface.EntityAlreadyExists(entId)
log.err()
raise
