def __init__(self, app_name, cert=None, key=None, ca_bundle=None, authserver="login.ancient-solutions.com"): """Set up the authentication client so it can be used lateron. Args: app_name: The name the login server shall display to the user. cert: Path to the certificate to use for signing the requests, or the contents of the certificate. key: Path to the private key to use for signing the requests, or the contents of the key. ca_bundle: path to a CA bundle file to use for authenticating the server. """ if key is not None and type(key) == str and exists(key): self._rsa_key = rsa.UnwrapRSAKey(key) elif key is not None and isinstance(key, RSA._RSAobj): self._rsa_key = key elif key is not None: self._rsa_key = RSA.importKey(key) else: self._rsa_key = None if cert is not None and type(cert) == str and exists(cert): self._cert = x509.parse_certificate_file(cert) f = open(cert) self._plain_cert = f.read() f.close() elif cert is not None and isinstance(cert, x509.Certificate): self._cert = cert # TODO: We'll need the plaintext certificate here... elif cert is not None: self._cert = x509.parse_certificate(cert) self._plain_cert = cert else: self._cert = None self._plain_cert = None if ca_bundle is not None and type(ca_bundle) == str and exists( ca_bundle): self._ca = x509.parse_certificate_file(ca_bundle) elif ca_bundle is not None and isinstance(ca_bundle, x509.Certificate): self._ca = ca_bundle elif ca_bundle is not None: self._ca = x509.parse_certificate(ca_bundle) else: self._ca = None self._app_name = app_name self._authserver = authserver
def __init__(self, app_name, cert=None, key=None, ca_bundle=None, authserver="login.ancient-solutions.com"): """Set up the authentication client so it can be used lateron. Args: app_name: The name the login server shall display to the user. cert: Path to the certificate to use for signing the requests, or the contents of the certificate. key: Path to the private key to use for signing the requests, or the contents of the key. ca_bundle: path to a CA bundle file to use for authenticating the server. """ if key is not None and type(key) == str and exists(key): self._rsa_key = rsa.UnwrapRSAKey(key) elif key is not None and isinstance(key, RSA._RSAobj): self._rsa_key = key elif key is not None: self._rsa_key = RSA.importKey(key) else: self._rsa_key = None if cert is not None and type(cert) == str and exists(cert): self._cert = x509.parse_certificate_file(cert) f = open(cert) self._plain_cert = f.read() f.close() elif cert is not None and isinstance(cert, x509.Certificate): self._cert = cert # TODO: We'll need the plaintext certificate here... elif cert is not None: self._cert = x509.parse_certificate(cert) self._plain_cert = cert else: self._cert = None self._plain_cert = None if ca_bundle is not None and type(ca_bundle) == str and exists(ca_bundle): self._ca = x509.parse_certificate_file(ca_bundle) elif ca_bundle is not None and isinstance(ca_bundle, x509.Certificate): self._ca = ca_bundle elif ca_bundle is not None: self._ca = x509.parse_certificate(ca_bundle) else: self._ca = None self._app_name = app_name self._authserver = authserver
def set_cacert(self, cert): """Define a CA certificate to verify request certificates with. AuthTokenRequests may contain certificates which were used for signing the request. The CA certificate defined using this method will be used to verify any certificates specified in the AuthTokenRequests passed in. Args: cert: x509.Certificate object or path to an X509 certificate file. """ if not isinstance(cert, x509.Certificate): cert = x509.parse_certificate_file(cert) self._ca = cert
def __init__(self, atr, privkey=None, pubkey=None, cacert=None): """Creates an encoder/decoder for AuthTokenResponse objects. The codec can encode an authentication token response to signed, base64 encoded format and read such tokens, verifying their signature. Args: lc: an AuthTokenResponse object to be used for reading/writing the structured data. Will be used as a data source for encode() and as a destination for data in decode(). privkey: Crypto.PublicKey.RSA key to use for signing the cookie. pubkey: RSA public key to use for verifying the signature. cacert: path or x509.Certificate object of a CA certificate which should be used to verify certificates used in the AuthTokenResponse. """ if isinstance(atr, token_pb2.AuthTokenResponse): self._atr = atr else: raise DataTypeException() if privkey is None or isinstance(privkey, RSA._RSAobj): self._priv = privkey else: raise UnsupportedKeyTypeException() if pubkey is None or isinstance(pubkey, RSA._RSAobj): self._pub = pubkey else: raise UnsupportedKeyTypeException() if cacert is None or isinstance(cacert, x509.Certificate): self._ca = cacert else: self._ca = x509.parse_certificate_file(cacert)