bexchange.auth package

Submodules

bexchange.auth.coreauth module

class bexchange.auth.coreauth.Auth[source]

Bases: object

interface for authentication providers

abstract add_key_config(jsonstr)[source]

Adds a key config to this provider :param jsonstr: THe key config :return the nodename this key should be associated with

abstract authenticate(req, credentials)[source]

authenticate the request with provided crendentials

Parameters:

  • req (Request) – the request to authenticate

  • credentials – implementation specific credential string

Returns:

True if success, otherwise False

abstract classmethod from_conf(conf)[source]

construct an instance from configuration

Parameters:

conf – a Properties instance

classmethod get_impl(name)[source]
Parameters:

name – The name of the entrypoint as defined in setup.py, e.g. crypto, keyczar…

Returns:

the class represented by name. Used to create an instance of correct type

exception bexchange.auth.coreauth.AuthError[source]

Bases: Exception

expected authentication errors

class bexchange.auth.coreauth.CryptoAuth(key_root)[source]

Bases: Auth

Provide authentication through the internal crypto registered as exchange-crypto in baltrad.bdbserver.web.auth entry-point

add_key(name, path)[source]
Parameters:

  • name – the name to associate the key with for lookups

  • path – an absolute or relative path to the key.

Raise:

Exception if the key can not be read

creates a public key verifier from the key located at path

add_key_config(conf)[source]

Adding key from a json-conf. Will ensure that creator is baltradcrypto.crypto. :param conf: The json configuration

authenticate(req, credentials)[source]

Authenticates the request against the credentials. :param req: The http request :param credentials: The credentials that should be verified against :return: True if authenticated, False otherwise.

create_signable_string(req)[source]

construct a signable string from a Request

See Crypto authentication provider for details.

classmethod from_conf(conf)[source]

Create from configuration.

Parameters:

conf – a Properties instance

Raise:

LookupError if a required configuration parameter is missing.

All keys are accessed with prefix baltrad.bdb.server.auth.keyczar.. The value of keystore_root is passed to the constructor. All values under keys are passed to add_key() where the configuration key is used as a name and the value is used as the path for the key lookup.

getPublicKey(nodename)[source]

Returns the public key associated with the nodename

Parameters:

nodename – Node name

Returns:

the public key

setPrivateKey(privkey, nodename=None)[source]

Sets the private key (and associates it with a nodename) so that it is possible to setup the private key from the properties-file.

Parameters:

  • privkey – Path to the private key

  • nodename – The nodename that should be associated with the private key

class bexchange.auth.coreauth.NoAuth[source]

Bases: Auth

No authentication, allow everyone registered as noauth in baltrad.bdbserver.web.auth entry-point

authenticate(req, credentials)[source]

Validates the content in the request against the credentials.

Parameters:

  • req (Request) – the request to authenticate

  • credentials – implementation specific credential string

Returns:

always True

classmethod from_conf(conf)[source]

Creates a NoAuth instance from configuration.

Parameters:

conf – the configuration entry

Returns:

a NoAuth instance.

class bexchange.auth.coreauth.auth_manager[source]

Bases: object

add_key_config(conf)[source]

Adds a key from key config

Parameters:

conf – The key config

Returns:

the node name this key should be associated with

add_provider_from_conf(name, conf)[source]

load an Auth implementation and add it as a provider

Parameters:

  • name – the name of the Auth implementation to load

  • conf – a Properties instance to configure from

Raise:

LookupError if an implementation with this name doesn’t exist

authenticate(req)[source]

authenticate a Request

classmethod from_conf(conf)[source]
Parameters:

  • app – the WSGI application receiving the request if authenication is successful.

  • conf – a Properties instance to configure from

get_credentials(req)[source]

get authorization credentials from a Request

Raise:

AuthError if the authorization header is illegally formed (for the purposes of Baltrad-BDB)

Returns:

a 2-tuple of provider and credential strings extracted from the header

See Crypto authentication provider for details.

Note that (“noauth”, None) is returned if authorization header is missing.

get_nodename(req)[source]

Returns the node name from the credentials / request :param req: The request :return the nodename if found, otherwise None

get_private_key(_type)[source]

Returns the private key for the provided type

Parameters:

_type – The encryption type

Returns:

the private key

get_provider(name)[source]

Returns the specified provider

Parameters:

name – The name of the provider

Returns:

the provider for specified name

get_providers()[source]
Returns:

all providers

bexchange.auth.keyczarauth module

class bexchange.auth.keyczarauth.KeyczarAuth(keystore_root)[source]

Bases: Auth

Provide authentication through Keyczar

registered as keyczar in baltrad.bdbserver.web.auth entry-point

add_key(name, path)[source]
Parameters:

  • name – the name to associate the key with for lookups

  • path – an absolute or relative path to the key.

Raise:

keyczar.errors.KeyczarError if the key can not be read

creates a keyczar.keyczar.Verifier from the key located at path

add_key_config(conf)[source]

Adds a key from key config

Parameters:

conf – The key config

Returns:

the node name this key should be associated with

authenticate(req, credentials)[source]

Authenticates the request against the credentials. :param req: The http request :param credentials: The credentials that should be verified against :return: True if authenticated, False otherwise.

create_signable_string(req)[source]

construct a signable string from a Request

See Keyczar authentication provider (Legacy) for details.

classmethod from_conf(conf)[source]

Create from configuration.

Parameters:

conf – a Properties instance

Raise:

LookupError if a required configuration parameter is missing.

All keys are accessed with prefix baltrad.bdb.server.auth.keyczar.. The value of keystore_root is passed to the constructor. All values under keys are passed to add_key() where the configuration key is used as a name and the value is used as the path for the key lookup.

bexchange.auth.tinkauth module

class bexchange.auth.tinkauth.TinkAuth(tink_root)[source]

Bases: Auth

Provide authentication through Tink

registered as tink in baltrad.bdbserver.web.auth entry-point

add_key(name, path)[source]
Parameters:

  • name – the name to associate the key with for lookups

  • path – an absolute or relative path to the key.

Raise:

tink.TinkError if the key can not be read

creates a public key verifier from the key located at path

add_key_config(conf)[source]

Adds a key from key config

Parameters:

conf – The key config

Returns:

the node name this key should be associated with

authenticate(req, credentials)[source]

Authenticates the request against the credentials. :param req: The http request :param credentials: The credentials that should be verified against :return: True if authenticated, False otherwise.

create_signable_string(req)[source]

construct a signable string from a Request

classmethod from_conf(conf)[source]

Create from configuration.

Parameters:

conf – a Properties instance

Raise:

LookupError if a required configuration parameter is missing.

All keys are accessed with prefix baltrad.bdb.server.auth.keyczar.. The value of keystore_root is passed to the constructor. All values under keys are passed to add_key() where the configuration key is used as a name and the value is used as the path for the key lookup.

Module contents