pvl-hosts: pvl/login/pubtkt.py@3c20473d0bdc (annotated)

348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	1	import base64
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	2	import calendar
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	3	import datetime
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	4	import ipaddr
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	5	import hashlib
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	6	import M2Crypto
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	7
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	8	import logging; log = logging.getLogger('pvl.login.pubtkt')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	9
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	10	def datetime2unix (dt) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	11	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	12	datetime.datetime -> float
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	13	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	14
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	15	return calendar.timegm(dt.utctimetuple())
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	16
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	17	class Error (Exception) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	18	pass
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	19
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	20	class ParseError (Error) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	21	pass
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	22
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	23	class VerifyError (Error) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	24	def __init__ (self, pubtkt, error) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	25	self.pubtkt = pubtkt
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	26	self.error = error
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	27
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	28	class ExpiredError (VerifyError) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	29	def __init__ (self, pubtkt, now) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	30	self.pubtkt = pubtkt
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	31	self.now = now
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	32
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	33	class ServerKeys (object) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	34	@classmethod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	35	def config (cls, public_key, private_key) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	36	return cls(
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	37	public = M2Crypto.RSA.load_pub_key(public_key),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	38	private = M2Crypto.RSA.load_key(private_key),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	39	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	40
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	41	def __init__ (self, public, private) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	42	self.public = public
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	43	self.private = private
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	44
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	45	class PubTkt (object) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	46	@classmethod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	47	def load (cls, cookie, public_key) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	48	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	49	Load and verify a pubtkt from a cookie.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	50
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	51	Raise ParseError, VerifyError.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	52	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	53
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	54	pubtkt, hash, sig = cls.parse(cookie)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	55
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	56	log.debug("parsed %s hash=%s sig=%s", pubtkt, hash.encode('hex'), sig.encode('hex'))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	57
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	58	try :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	59	if not public_key.verify(hash, sig, 'sha1') :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	60	raise VerifyError(pubtkt, "Unable to verify signature")
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	61	except M2Crypto.RSA.RSAError as ex :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	62	raise VerifyError(pubtkt, str(ex))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	63
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	64	now = datetime.datetime.now()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	65
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	66	log.debug("validating %s < %s", pubtkt.validuntil, now)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	67
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	68	if pubtkt.validuntil < now :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	69	raise ExpiredError(pubtkt, now)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	70
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	71	return pubtkt
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	72
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	73	@classmethod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	74	def parse (cls, cookie) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	75	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	76	Load a pubtkt from a cookie
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	77
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	78	Raises ParseError.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	79	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	80
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	81	if ';sig=' in cookie :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	82	data, sig = cookie.rsplit(';sig=', 1)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	83	else :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	84	raise ParseError("Missing signature")
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	85
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	86	sig = base64.b64decode(sig)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	87	hash = hashlib.sha1(data).digest()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	88
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	89	try :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	90	attrs = dict(field.split('=', 1) for field in data.split(';'))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	91	except ValueError as ex :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	92	raise ParseError(str(ex))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	93
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	94	try :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	95	return cls.build(**attrs), hash, sig
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	96	except (TypeError, ValueError) as ex :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	97	raise ParseError(str(ex))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	98
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	99	@classmethod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	100	def build (cls, uid, validuntil, cip=None, tokens=None, udata=None, graceperiod=None, bauth=None) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	101	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	102	Build a pubtkt from items.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	103
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	104	Raises TypeError or ValueError..
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	105	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	106
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	107	return cls(uid,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	108	validuntil = datetime.datetime.fromtimestamp(int(validuntil)),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	109	cip = ipaddr.IPAddress(cip) if cip else None,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	110	tokens = tokens.split(',') if tokens else (),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	111	udata = udata,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	112	graceperiod = datetime.datetime.fromtimestamp(int(graceperiod)) if graceperiod else None,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	113	bauth = bauth,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	114	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	115
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	116	@classmethod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	117	def new (cls, uid, expiry, **opts) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	118	now = datetime.datetime.now()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	119
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	120	return cls(uid, now + expiry, **opts)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	121
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	122	def __init__ (self, uid, validuntil, cip=None, tokens=(), udata=None, graceperiod=None, bauth=None) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	123	self.uid = uid
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	124	self.validuntil = validuntil
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	125	self.cip = cip
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	126	self.tokens = tokens
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	127	self.udata = udata
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	128	self.graceperiod = graceperiod
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	129	self.bauth = bauth
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	130
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	131	def iteritems (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	132	yield 'uid', self.uid
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	133	yield 'validuntil', int(datetime2unix(self.validuntil))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	134
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	135	if self.cip :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	136	yield 'cip', self.cip
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	137
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	138	if self.tokens :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	139	yield 'tokens', ','.join(self.tokens)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	140
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	141	if self.udata :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	142	yield 'udata', self.udata
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	143
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	144	if self.graceperiod :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	145	yield 'graceperiod', int(datetime2unix(self.graceperiod))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	146
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	147	if self.bauth :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	148	yield 'bauth', self.bauth
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	149
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	150	def __str__ (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	151	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	152	The (unsigned) pubtkt
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	153	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	154
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	155	return ';'.join('%s=%s' % (key, value) for key, value in self.iteritems())
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	156
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	157	def sign (self, private_key) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	158	data = str(self)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	159	hash = hashlib.sha1(data).digest()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	160	sign = private_key.sign(hash, 'sha1')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	161
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	162	return '%s;sig=%s' % (self, base64.b64encode(sign))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	163
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	164	def valid (self) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	165	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	166	Return remaining ticket validity.
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	167	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	168
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	169	return self.validuntil - datetime.datetime.now()
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	170
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	171	def grace (self) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	172	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	173	Return remaining ticket grace.
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	174	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	175
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	176	return self.graceperiod - datetime.datetime.now()
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	177

author	Tero Marttila <terom@paivola.fi>
	Mon, 13 Jan 2014 02:28:19 +0200
changeset 349	3c20473d0bdc
parent 348	089ec3eddc92
child 351	147f5e86b139
permissions	-rw-r--r--