3 # Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING
5 from __future__ import absolute_import
7 from ipsilon.providers.common import ProviderBase
8 from ipsilon.util.plugin import PluginObject
9 from ipsilon.util import config as pconfig
10 from ipsilon.info.common import InfoMapping
11 from ipsilon.providers.persona.auth import Persona
12 from ipsilon.tools import files
19 class IdpProvider(ProviderBase):
21 def __init__(self, *pargs):
22 super(IdpProvider, self).__init__('persona', 'persona', *pargs)
23 self.mapping = InfoMapping()
28 self.description = """
29 Provides Persona authentication infrastructure. """
35 'The issuer domain of the Persona provider',
39 'The key where the Persona key is stored.',
43 'List of domains this IdP is willing to issue claims for.'),
47 def issuer_domain(self):
48 return self.get_config_value('issuer domain')
51 def idp_key_file(self):
52 return self.get_config_value('idp key file')
55 def allowed_domains(self):
56 return self.get_config_value('allowed domains')
58 def get_tree(self, site):
60 self.page = Persona(site, self)
61 # self.admin = AdminPage(site, self)
68 self.key = M2Crypto.RSA.load_key(self.idp_key_file,
70 except Exception, e: # pylint: disable=broad-except
71 self._debug('Failed to init Persona provider: %r' % e)
75 super(IdpProvider, self).on_enable()
79 class Installer(object):
81 def __init__(self, *pargs):
83 self.ptype = 'provider'
86 def install_args(self, group):
87 group.add_argument('--persona', choices=['yes', 'no'], default='yes',
88 help='Configure Persona Provider')
90 def configure(self, opts):
91 if opts['persona'] != 'yes':
94 # Check storage path is present or create it
95 path = os.path.join(opts['data_dir'], 'persona')
96 if not os.path.exists(path):
97 os.makedirs(path, 0700)
99 keyfile = os.path.join(path, 'persona.key')
101 key = M2Crypto.RSA.gen_key(2048, exponent)
102 key.save_key(keyfile, cipher=None)
105 key_n = (key_n*256) + ord(c)
107 wellknown['authentication'] = '/%s/persona/SignIn/' % opts['instance']
108 wellknown['provisioning'] = '/%s/persona/' % opts['instance']
109 wellknown['public-key'] = {'algorithm': 'RS',
112 with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f:
113 f.write(json.dumps(wellknown))
115 # Add configuration data to database
116 po = PluginObject(*self.pargs)
119 po.wipe_config_values()
120 config = {'issuer domain': opts['hostname'],
121 'idp key file': keyfile,
122 'allowed domains': opts['hostname']}
123 po.save_plugin_config(config)
125 # Update global config to add login plugin
127 po.save_enabled_state()
129 # Fixup permissions so only the ipsilon user can read these files
130 files.fix_user_dirs(path, opts['system_user'])