1 # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
3 from __future__ import absolute_import
5 from ipsilon.providers.common import ProviderBase, ProviderInstaller
6 from ipsilon.util.plugin import PluginObject
7 from ipsilon.util import config as pconfig
8 from ipsilon.info.common import InfoMapping
9 from ipsilon.providers.persona.auth import Persona
10 from ipsilon.tools import files
17 class IdpProvider(ProviderBase):
19 def __init__(self, *pargs):
20 super(IdpProvider, self).__init__('persona', 'persona', *pargs)
21 self.mapping = InfoMapping()
26 self.description = """
27 Provides Persona authentication infrastructure. """
33 'The issuer domain of the Persona provider',
37 'The key where the Persona key is stored.',
41 'List of domains this IdP is willing to issue claims for.'),
45 def issuer_domain(self):
46 return self.get_config_value('issuer domain')
49 def idp_key_file(self):
50 return self.get_config_value('idp key file')
53 def allowed_domains(self):
54 return self.get_config_value('allowed domains')
56 def get_tree(self, site):
57 self.page = Persona(site, self)
58 # self.admin = AdminPage(site, self)
65 self.key = M2Crypto.RSA.load_key(self.idp_key_file,
67 except Exception, e: # pylint: disable=broad-except
68 self.debug('Failed to init Persona provider: %r' % e)
72 super(IdpProvider, self).on_enable()
76 class Installer(ProviderInstaller):
78 def __init__(self, *pargs):
79 super(Installer, self).__init__()
83 def install_args(self, group):
84 group.add_argument('--persona', choices=['yes', 'no'], default='yes',
85 help='Configure Persona Provider')
87 def configure(self, opts, changes):
88 if opts['persona'] != 'yes':
91 # Check storage path is present or create it
92 path = os.path.join(opts['data_dir'], 'persona')
93 if not os.path.exists(path):
94 os.makedirs(path, 0700)
96 keyfile = os.path.join(path, 'persona.key')
98 key = M2Crypto.RSA.gen_key(2048, exponent)
99 key.save_key(keyfile, cipher=None)
102 key_n = (key_n*256) + ord(c)
104 wellknown['authentication'] = '/%s/persona/SignIn/' % opts['instance']
105 wellknown['provisioning'] = '/%s/persona/' % opts['instance']
106 wellknown['public-key'] = {'algorithm': 'RS',
109 with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f:
110 f.write(json.dumps(wellknown))
112 # Add configuration data to database
113 po = PluginObject(*self.pargs)
116 po.wipe_config_values()
117 config = {'issuer domain': opts['hostname'],
118 'idp key file': keyfile,
119 'allowed domains': opts['hostname']}
120 po.save_plugin_config(config)
122 # Update global config to add login plugin
124 po.save_enabled_state()
126 # Fixup permissions so only the ipsilon user can read these files
127 files.fix_user_dirs(path, opts['system_user'])