本文整理汇总了Python中sfa.trust.credential.Credential.get_gid_caller方法的典型用法代码示例。如果您正苦于以下问题:Python Credential.get_gid_caller方法的具体用法?Python Credential.get_gid_caller怎么用?Python Credential.get_gid_caller使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sfa.trust.credential.Credential的用法示例。
在下文中一共展示了Credential.get_gid_caller方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: call
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
def call(self, cred, record_dict, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name))
# validate the cred
self.api.auth.check(cred, "register")
# make sure this is a peer record
if 'peer_authority' not in record_dict or \
not record_dict['peer_authority']:
raise SfaInvalidArgument, "peer_authority must be specified"
record = SfaRecord(dict = record_dict)
type, hrn, peer_authority = record['type'], record['hrn'], record['peer_authority']
record['authority'] = get_authority(record['hrn'])
# verify permissions
self.api.auth.verify_cred_is_me(cred)
# check if record already exists
table = SfaTable()
existing_records = table.find({'type': type, 'hrn': hrn, 'peer_authority': peer_authority})
if existing_records:
for existing_record in existing_records:
if existing_record['pointer'] != record['pointer']:
record['record_id'] = existing_record['record_id']
table.update(record)
else:
record_id = table.insert(record)
return 1示例2: verify_cred_is_me
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
def verify_cred_is_me(self, credential):
is_me = False
cred = Credential(string=credential)
caller_gid = cred.get_gid_caller()
caller_hrn = caller_gid.get_hrn()
if caller_hrn != self.config.SFA_INTERFACE_HRN:
raise SfaPermissionDenied(self.config.SFA_INTEFACE_HRN)
return 示例3: filter_creds_by_caller
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
def filter_creds_by_caller(self, creds, caller_hrn_list):
"""
Returns a list of creds who's gid caller matches the
specified caller hrn
"""
if not isinstance(creds, list):
creds = [creds]
creds = []
if not isinstance(caller_hrn_list, list):
caller_hrn_list = [caller_hrn_list]
for cred in creds:
try:
tmp_cred = Credential(string=cred)
if tmp_cred.get_gid_caller().get_hrn() in [caller_hrn_list]:
creds.append(cred)
except: pass
return creds示例4: server_proxy
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
def server_proxy(self, interface, cred, timeout=30):
"""
Returns a connection to the specified interface. Use the specified
credential to determine the caller and look for the caller's key/cert
in the registry hierarchy cache.
"""
from sfa.trust.hierarchy import Hierarchy
if not isinstance(cred, Credential):
cred_obj = Credential(string=cred)
else:
cred_obj = cred
caller_gid = cred_obj.get_gid_caller()
hierarchy = Hierarchy()
auth_info = hierarchy.get_auth_info(caller_gid.get_hrn())
key_file = auth_info.get_privkey_filename()
cert_file = auth_info.get_gid_filename()
server = interface.server_proxy(key_file, cert_file, timeout)
return server示例5: call
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
def call(self, cred, record, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, record['hrn'], self.name))
self.api.auth.check(cred, "remove")
# Only allow the local interface or record owner to delete peer_records
try: self.api.auth.verify_object_permission(record['hrn'])
except: self.api.auth.verify_cred_is_me(cred)
table = SfaTable()
hrn, type = record['hrn'], record['type']
records = table.find({'hrn': hrn, 'type': type })
for record in records:
if record['peer_authority']:
self.remove_plc_record(record)
table.remove(record)
return 1示例6: __init__
# 需要导入模块: from sfa.trust.credential import Credential [as 别名]
# 或者: from sfa.trust.credential.Credential import get_gid_caller [as 别名]
class Auth:
"""
Credential based authentication
"""
def __init__(self, peer_cert = None, config = None ):
self.peer_cert = peer_cert
self.hierarchy = Hierarchy()
if not config:
self.config = Config()
self.load_trusted_certs()
def load_trusted_certs(self):
self.trusted_cert_list = TrustedRoots(self.config.get_trustedroots_dir()).get_list()
self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
def checkCredentials(self, creds, operation, hrn = None):
valid = []
if not isinstance(creds, list):
creds = [creds]
logger.debug("Auth.checkCredentials with %d creds"%len(creds))
for cred in creds:
try:
self.check(cred, operation, hrn)
valid.append(cred)
except:
cred_obj=Credential(string=cred)
logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
if not len(valid):
raise InsufficientRights('Access denied: %s -- %s' % (error[0],error[1]))
return valid
def check(self, cred, operation, hrn = None):
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
HTTPS connection, check if the credential was signed by a
trusted cert and check if the credential is allowed to perform
the specified operation.
"""
self.client_cred = Credential(string = cred)
self.client_gid = self.client_cred.get_gid_caller()
self.object_gid = self.client_cred.get_gid_object()
# make sure the client_gid is not blank
if not self.client_gid:
raise MissingCallerGID(self.client_cred.get_subject())
# validate the client cert if it exists
if self.peer_cert:
self.verifyPeerCert(self.peer_cert, self.client_gid)
# make sure the client is allowed to perform the operation
if operation:
if not self.client_cred.can_perform(operation):
raise InsufficientRights(operation)
if self.trusted_cert_list:
self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA)
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
# Make sure the credential's target matches the specified hrn.
# This check does not apply to trusted peers
trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list]
if hrn and self.client_gid.get_hrn() not in trusted_peers:
target_hrn = self.object_gid.get_hrn()
if not hrn == target_hrn:
raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \
(target_hrn, hrn) )
return True
def check_ticket(self, ticket):
"""
Check if the tickt was signed by a trusted cert
"""
if self.trusted_cert_list:
client_ticket = SfaTicket(string=ticket)
client_ticket.verify_chain(self.trusted_cert_list)
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
return True
def verifyPeerCert(self, cert, gid):
# make sure the client_gid matches client's certificate
if not cert.is_pubkey(gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(gid.get_subject()+":"+cert.get_subject())
def verifyGidRequestHash(self, gid, hash, arglist):
key = gid.get_pubkey()
if not key.verify_string(str(arglist), hash):
raise BadRequestHash(hash)
#.........这里部分代码省略.........