From 10058c5fb0d258c15c9e6bf9df14afcca5d9f8c8 Mon Sep 17 00:00:00 2001 From: Shmuel Melamud Date: Mon, 26 Aug 2024 06:44:50 +0300 Subject: [PATCH] Python library changes. --- _data/py_crypto_classes.yml | 30 ++++++++++++--- _data/py_node_classes.yml | 55 +++++++++++++++++++++++++++- development/python-moeralib/index.md | 15 ++++++++ 3 files changed, 93 insertions(+), 7 deletions(-) diff --git a/_data/py_crypto_classes.yml b/_data/py_crypto_classes.yml index fbcd1a0..a173cea 100644 --- a/_data/py_crypto_classes.yml +++ b/_data/py_crypto_classes.yml @@ -1,4 +1,13 @@ functions: + - name: digest_fingerprint(fingerprint) + params: + - name: fingerprint + type: bytes + description: the fingerprint + out: + type: bytes + description: the digest + description: Calculate a cryptographic digest of the fingerprint. - name: generate_key() out: type: ec.EllipticCurvePrivateKey @@ -18,6 +27,15 @@ functions: type: ec.EllipticCurvePrivateKey description: the private key description: Restore a private key from the given mnemonic. + - name: raw_private_key(private_key) + params: + - name: private_key + type: ec.EllipticCurvePrivateKey + description: the private key + out: + type: bytes + description: the raw private key + description: Convert a private key to the raw format to pass to the client. - name: raw_public_key(public_key) params: - name: public_key @@ -27,15 +45,15 @@ functions: type: bytes description: the raw public key description: Convert a public key to the raw format used by the naming server. - - name: digest_fingerprint(fingerprint) + - name: raw_to_private_key(raw_private_key) params: - - name: fingerprint + - name: raw_private_key type: bytes - description: the fingerprint + description: the raw private key out: - type: bytes - description: the digest - description: Calculate a cryptographic digest of the fingerprint. + type: ec.EllipticCurvePrivateKey + description: the private key + description: Restore a private key from the raw format. - name: sign_fingerprint(fingerprint, private_key) params: - name: fingerprint diff --git a/_data/py_node_classes.yml b/_data/py_node_classes.yml index 34bf6df..e8074e8 100644 --- a/_data/py_node_classes.yml +++ b/_data/py_node_classes.yml @@ -60,11 +60,24 @@ classes: category: class description: Class that gets cartes from the given node, caches them and supplies them for authentication. functions: - - name: MoeraCarteSource(node) + - name: MoeraCarteSource(node, client_scope, admin_scope) params: - name: node class: MoeraNode description: node to get cartes from + - name: client_scope + class: Scope + array: true + optional: true + description: > + permissions to be granted to the carte; if not set, all permissions of the carte's owner are granted + - name: admin_scope + class: Scope + array: true + optional: true + description: > + additional administrative permissions (of those granted to the carte's owner by the target node) to be + granted to the carte - name: renew() description: Force renewing the cached list of cartes. - name: get_carte() @@ -209,3 +222,43 @@ functions: type: str description: standard URL description: Convert partial node URL to a standardized form. + - name: generate_carte(owner_name, signing_key, beginning, ttl, address, node_name, client_scope, admin_scope) + params: + - name: owner_name + type: str + optional: true + description: name of the node authenticating with the carte + - name: signing_key + type: ec.EllipticCurvePrivateKey + description: the private signing key to sign the carte + - name: beginning + type: Timestamp + optional: true + description: timestamp of the beginning of the carte's life + - name: ttl + type: int + optional: true + description: length of the carte's life, in seconds + - name: address + type: str + optional: true + description: if set, the carte is valid for authentication from the given IP address only + - name: node_name + type: str + optional: true + description: if set, the carte is valid for authentication on the specified node only + - name: client_scope + class: Scope + array: true + optional: true + description: list of permissions granted to the carte + - name: admin_scope + class: Scope + array: true + optional: true + description: > + list of additional administrative permissions (of those granted to the carte's owner by the target node) + granted to the carte + out: + type: str + description: the carte diff --git a/development/python-moeralib/index.md b/development/python-moeralib/index.md index 60c1a4a..3a65f7f 100644 --- a/development/python-moeralib/index.md +++ b/development/python-moeralib/index.md @@ -130,6 +130,21 @@ for story in slice.stories: print(story.posting.operations.view, story.posting.heading) ``` +## Generating cartes + +`generate_carte()` function generates a carte with the given parameters and signs +it with the provided private signing key. + +```python +import time + +from moeralib.crypto import raw_to_private_key +from moeralib.node import generate_carte + +signing_key = raw_to_private_key(bytes.fromhex("72d0817beaf1800c5448841e490139b680f134a56e140bdb4f33aeb2c43e3c48")) +carte = generate_carte("app0_0", signing_key, int(time.time()), node_name='Alice') +``` + ## Universal URLs moeralib.universal_location