def __init__(self,
app_name,
cert=None,
key=None,
ca_bundle=None,
authserver="login.ancient-solutions.com"):
"""Set up the authentication client so it can be used lateron.
Args:
app_name: The name the login server shall display to the user.
cert: Path to the certificate to use for signing the
requests, or the contents of the certificate.
key: Path to the private key to use for signing the
requests, or the contents of the key.
ca_bundle: path to a CA bundle file to use for authenticating
the server.
"""
if key is not None and type(key) == str and exists(key):
self._rsa_key = rsa.UnwrapRSAKey(key)
elif key is not None and isinstance(key, RSA._RSAobj):
self._rsa_key = key
elif key is not None:
self._rsa_key = RSA.importKey(key)
else:
self._rsa_key = None
if cert is not None and type(cert) == str and exists(cert):
self._cert = x509.parse_certificate_file(cert)
f = open(cert)
self._plain_cert = f.read()
f.close()
elif cert is not None and isinstance(cert, x509.Certificate):
self._cert = cert
# TODO: We'll need the plaintext certificate here...
elif cert is not None:
self._cert = x509.parse_certificate(cert)
self._plain_cert = cert
else:
self._cert = None
self._plain_cert = None
if ca_bundle is not None and type(ca_bundle) == str and exists(
ca_bundle):
self._ca = x509.parse_certificate_file(ca_bundle)
elif ca_bundle is not None and isinstance(ca_bundle, x509.Certificate):
self._ca = ca_bundle
elif ca_bundle is not None:
self._ca = x509.parse_certificate(ca_bundle)
else:
self._ca = None
self._app_name = app_name
self._authserver = authserver
def __init__(self, app_name, cert=None, key=None, ca_bundle=None,
authserver="login.ancient-solutions.com"):
"""Set up the authentication client so it can be used lateron.
Args:
app_name: The name the login server shall display to the user.
cert: Path to the certificate to use for signing the
requests, or the contents of the certificate.
key: Path to the private key to use for signing the
requests, or the contents of the key.
ca_bundle: path to a CA bundle file to use for authenticating
the server.
"""
if key is not None and type(key) == str and exists(key):
self._rsa_key = rsa.UnwrapRSAKey(key)
elif key is not None and isinstance(key, RSA._RSAobj):
self._rsa_key = key
elif key is not None:
self._rsa_key = RSA.importKey(key)
else:
self._rsa_key = None
if cert is not None and type(cert) == str and exists(cert):
self._cert = x509.parse_certificate_file(cert)
f = open(cert)
self._plain_cert = f.read()
f.close()
elif cert is not None and isinstance(cert, x509.Certificate):
self._cert = cert
# TODO: We'll need the plaintext certificate here...
elif cert is not None:
self._cert = x509.parse_certificate(cert)
self._plain_cert = cert
else:
self._cert = None
self._plain_cert = None
if ca_bundle is not None and type(ca_bundle) == str and exists(ca_bundle):
self._ca = x509.parse_certificate_file(ca_bundle)
elif ca_bundle is not None and isinstance(ca_bundle, x509.Certificate):
self._ca = ca_bundle
elif ca_bundle is not None:
self._ca = x509.parse_certificate(ca_bundle)
else:
self._ca = None
self._app_name = app_name
self._authserver = authserver
def set_cacert(self, cert):
"""Define a CA certificate to verify request certificates with.
AuthTokenRequests may contain certificates which were used for
signing the request. The CA certificate defined using this
method will be used to verify any certificates specified in
the AuthTokenRequests passed in.
Args:
cert: x509.Certificate object or path to an X509 certificate file.
"""
if not isinstance(cert, x509.Certificate):
cert = x509.parse_certificate_file(cert)
self._ca = cert
def __init__(self, atr, privkey=None, pubkey=None, cacert=None):
"""Creates an encoder/decoder for AuthTokenResponse objects.
The codec can encode an authentication token response to signed,
base64 encoded format and read such tokens, verifying their
signature.
Args:
lc: an AuthTokenResponse object to be used for reading/writing the
structured data. Will be used as a data source for encode() and
as a destination for data in decode().
privkey: Crypto.PublicKey.RSA key to use for signing the cookie.
pubkey: RSA public key to use for verifying the signature.
cacert: path or x509.Certificate object of a CA certificate which
should be used to verify certificates used in the
AuthTokenResponse.
"""
if isinstance(atr, token_pb2.AuthTokenResponse):
self._atr = atr
else:
raise DataTypeException()
if privkey is None or isinstance(privkey, RSA._RSAobj):
self._priv = privkey
else:
raise UnsupportedKeyTypeException()
if pubkey is None or isinstance(pubkey, RSA._RSAobj):
self._pub = pubkey
else:
raise UnsupportedKeyTypeException()
if cacert is None or isinstance(cacert, x509.Certificate):
self._ca = cacert
else:
self._ca = x509.parse_certificate_file(cacert)