spresso.model.authentication package

Submodules

spresso.model.authentication.identity_assertion module

class IdentityAssertion(**kwargs)

Bases: spresso.model.authentication.identity_assertion.IdentityAssertionBase

decrypt(data)

Decrypt the encrypted Identity Assertion.

Parameters:data (str) – The encrypted IA as serialized JSON. Returns:The decrypted IA as serialized JSON. Return type:bytes Raises:ValueError – A required parameter of the encrypted IA is missing.

sign()

Method for signing the identity assertion.

Returns:

The b64-encoded signature.

Return type:

str

Raises:

• ValueError – Attempt of creating a signature from a malformed IA.
• InvalidSettings – The private key is missing.

verify(signature)

Verifies with a public key from whom the data came that it was indeed signed by their private key.

Parameters:

signature (bytes) – The Identity Assertion as serialized JSON.

Raises:

• ValueError – A required parameter to perform the verification
• is missing.
• InvalidSignature – The signature verification of the IA failed.

class IdentityAssertionBase(**kwargs)

Bases: spresso.model.base.Composition, spresso.model.base.SettingsMixin

Basic Identity Assertion Class. The template instances ‘signature’ and ‘expected_signature’ can be extended to hold further information. Object is used by IdP and RP.

from_request(request)

Load an Identity Assertion from a request object.

Parameters:request (Request) – The request instance.

from_session(session)

Load an Identity Assertion from a Session object.

Parameters:session (Session) – The session instance.

template = {'tag': None, 'email': None, 'forwarder_domain': None}

spresso.model.authentication.json_schema module

JSON schema definitions.

class AuthenticationJsonSchema

Bases: spresso.model.base.JsonSchema

Base resource folder.

resource_path = 'resources/authentication/'

class IdentityAssertionDefinition

Bases: spresso.model.authentication.json_schema.AuthenticationJsonSchema

Identity Assertion schmema definition.

file_path = 'json/ia_sig.json'

ia = 'ia_signature'

class StartLoginDefinition

Bases: spresso.model.authentication.json_schema.AuthenticationJsonSchema

StartLogin schema definition.

file_path = 'json/start_login.json'

forwarder_domain = 'forwarder_domain'

login_session_token = 'login_session_token'

tag_key = 'tag_key'

class WellKnownInfoDefinition

Bases: spresso.model.authentication.json_schema.AuthenticationJsonSchema

Well Known Info schema definition.

file_path = 'json/wk_info.json'

public_key = 'public_key'

spresso.model.authentication.request module

class IdpInfoRequest(netloc, **kwargs)

Bases: spresso.model.base.SettingsMixin

Class to retrieve the well-known information from the IdP. Extend this implementation by making requests over the Tor network to ensure privacy.

get_content()

Return the Well Known Info from the Identity Provider. Retrieved resources can be cached.

Returns:The HTTP response content. Return type:str

spresso.model.authentication.session module

class Session(user, idp_info, **kwargs)

Bases: spresso.model.base.SettingsMixin

Session object, used by the Relying Party. Validates input parameters. Processes the Tag and generates the login URL.

get_login_url()

Create, encrypt and serialize the Tag. Generate a Login URL using all information necessary for the login flow.

Returns:The login URL. Return type:str

validate()

Validate the user, the settings and the Well Known info.

spresso.model.authentication.tag module

class Tag(rp_origin, rp_nonce, key, iv, **kwargs)

Bases: spresso.model.authentication.tag.TagBase

Tag definition, providing a method for the encryption of a Tag.

encrypt(padding=True)

Encrypt the Tag object.

Parameters:

• padding (bool) – Domain name padding, prevent side channel
• attacks. –

Returns:

Dictionary containing the initialization vector and the cipher text.

Return type:

Composition

class TagBase(rp_origin, rp_nonce, key, iv, **kwargs)

Bases: spresso.model.base.Composition

Base for a Tag. Can be extended to hold further information.

max_domain_length = 256

template = {'rp_nonce': None, 'rp_origin': None}

Module contents