def authenticate_baisc_cperequest(dict_acs_option, dict_acs_option2,
request_class, sn):
"""
用于对CPE的HTTP请求进行baisc认证
"""
log.run_info("Begin baisc Auth")
dict_cperequest_header = request_class.getAllHeaders()
realm = dict_acs_option.get('realm', 'tr069 basic realm')
dict_acs_option['realm'] = realm
#检查CPE认证http头中是否包含authorization字段
if 'authorization' in dict_cperequest_header:
#对aauthorization字段中信息解码分别赋值在cpe_auth_type和cpe_message中
cpe_auth_type = dict_cperequest_header['authorization'].split(
' ')[:1][0]
cpe_message = dict_cperequest_header['authorization'].split(' ')[1:][0]
#检查CPE认证类型是否为Basic
if 'Basic' == cpe_auth_type:
#调用check_baisc_auth()检查CPE认证信息
if check_basic_auth(dict_acs_option,
cpe_message) == ACS_AUTHENTICATE_PASS:
result = ACS_AUTHENTICATE_PASS
return result
else:
dict_acs_option["username"] = dict_acs_option2["username"]
dict_acs_option["password"] = dict_acs_option2["password"]
if check_basic_auth(dict_acs_option,
cpe_message) == ACS_AUTHENTICATE_PASS:
result = ACS_AUTHENTICATE_PASS
dict_acs_option2["is_default"] = True
return result
else:
result = ACS_AUTHENTICATE_FAIL
else:
result = ACS_AUTHENTICATION_TYPE_ERROR
else:
result = ACS_NO_AUTHENTICATION
if ACS_NO_AUTHENTICATION == result:
#没有认证信息,调用baisc_challenge()给CPE返回401
message = baisc_challenge(dict_acs_option, request_class)
if CALL_METHOD_ERROR == message:
log.run_info("Call baisc_challenge method error")
return CALL_METHOD_ERROR
else:
return ACS_NO_AUTHENTICATION
return baisc_challenge(dict_acs_option, request_class, message)
else:
#认证失败返回401错误
request_class.setResponseCode(401, 'Unauthorized')
return ACS_AUTHENTICATE_FAIL
def authenticate_digest_cperequest(dict_acs_option, dict_acs_option2,
request_class, sn):
"""
用于对CPE的HTTP请求进行digest认证
"""
log.run_info("Begin digest Auth")
dict_cperequest_header = request_class.getAllHeaders()
realm = dict_acs_option.get('realm', 'tr069')
dict_acs_option['realm'] = realm
#检查CPE的http头信息是否包含Authorization字段
if 'authorization' in dict_cperequest_header:
#对CPE的消息头进行解析,保存相关数据到dict_cperequest_authheader
dict_cperequest_authheader = get_data(
dict_cperequest_header['authorization'])
dict_cperequest_authheader['method'] = request_class.method
#检查CPE认证信息类型是否为Digest
if 'Digest' == dict_cperequest_authheader['digest_type']:
result = try_username_password(dict_cperequest_authheader,
dict_acs_option)
if result == ACS_AUTHENTICATE_PASS:
return result
else:
dict_acs_option["username"] = dict_acs_option2["username"]
dict_acs_option["password"] = dict_acs_option2["password"]
result = try_username_password(dict_cperequest_authheader,
dict_acs_option)
if result == ACS_AUTHENTICATE_PASS:
dict_acs_option2["is_default"] = True
return result
else:
result = ACS_AUTHENTICATION_TYPE_ERROR
else:
result = ACS_NO_AUTHENTICATION
if ACS_NO_AUTHENTICATION == result:
#没有认证信息调用digest_challenge
message = digest_challenge(dict_acs_option, request_class, sn)
if message == CALL_METHOD_ERROR:
log.run_info("Call digest_challenge method error")
result = CALL_METHOD_ERROR
else:
return ACS_NO_AUTHENTICATION
else:
#认证失败返回cpe 401错误信息
request_class.setResponseCode(401, 'Unauthorized')
return result
def baisc_challenge(dict_acs_option, request_class):
"""
构建baisc认证返回信息
"""
header = 'WWW-Authenticate'
message = 'Unauthorized'
header_value = create_baisc_header(dict_acs_option)
try:
request_class.setResponseCode(401, message)
request_class.setHeader(header, header_value)
log.run_info('send WWW-Authenticate response succeed')
except Exception:
log.run_info('send WWW-Authenticate response error')
return CALL_METHOD_ERROR
def try_username_password(dict_cperequest_authheader, dict_acs_option):
"""
nwf 2013-05-08
"""
#检查CPE认证用户名是否和ACS选项用户名一致
if dict_cperequest_authheader['username'] == dict_acs_option['username']:
#检查CPE的认证信息的其他字段(qop,nonce,response)
try:
result = check_digest_auth(dict_acs_option,
dict_cperequest_authheader)
#认证通过返回 ACS_AUTHENTICATE_PASS
if result == ACS_AUTHENTICATE_PASS:
return result
except Exception, e:
log.run_info('call check_digest_auth error,message:%s' % e)
return ACS_AUTHENTICATE_FAIL
def digest_challenge(dict_acs_option, request_class, sn):
"""
Digest认证错误或没有认证信息,返回401信息
"""
header = 'WWW-Authenticate'
header_value = create_header(dict_acs_option, sn)
#调用http模块的setResponseCod和sendHttpHeader发送错误信息
if header_value == CALL_METHOD_ERROR:
log.run_info('create WWW-Authenticate header error')
return CALL_METHOD_ERROR
try:
request_class.setResponseCode(401, 'Unauthorized')
request_class.setHeader(header, header_value)
log.run_info('send WWW-Authenticate response succeed')
return
except Exception:
log.run_info('send WWW-Authenticate response error')
return CALL_METHOD_ERROR
def authenticate_acs_cperequest(request_class, sn, dict_acs_option,
dict_acs_option2):
"""
根据CPE sn号判断当前读取当前CPE的配置信息
"""
#判断是否需要认证
if dict_acs_option.get(
"auth_type"
) == "None": # acs rf tr069gui 统一为不认证为str的"None" zsj 2013/11/20
return ACS_AUTHENTICATE_PASS
auth_type = dict_acs_option.get('auth_type', None)
#判断ACS认证类型是否为digest或者baisc,不是设置为digest
if auth_type != 'digest' and auth_type != 'basic':
dict_acs_option['auth_type'] = 'digest'
#ACS认证类型为digest则调用authenticate_digest_cperequest()进行认证
if dict_acs_option['auth_type'] == 'digest':
message = authenticate_digest_cperequest(dict_acs_option,
dict_acs_option2,
request_class, sn)
#ACS认证类型为baisc则调用authenticate_baisc_cperequest()进行认证
else:
message = authenticate_baisc_cperequest(dict_acs_option,
dict_acs_option2,
request_class, sn)
if message == ACS_AUTHENTICATE_PASS:
log.run_info('*********Authention Succeed!*********')
return ACS_AUTHENTICATE_PASS
elif message == ACS_NO_AUTHENTICATION:
log.run_info("Cpe soap not have authentication")
return ACS_NO_AUTHENTICATION
else:
log.run_info('*********Authention FAIL**********')
return ACS_AUTHENTICATE_FAIL