summaryrefslogtreecommitdiffstats
path: root/src/lib/tlslite/SharedKeyDB.py
blob: 3246ec7f155453d19ffeef9c7e9ebddde7ceb8a7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
"""Class for storing shared keys."""

from utils.cryptomath import *
from utils.compat import *
from mathtls import *
from Session import Session
from BaseDB import BaseDB

class SharedKeyDB(BaseDB):
    """This class represent an in-memory or on-disk database of shared
    keys.

    A SharedKeyDB can be passed to a server handshake function to
    authenticate a client based on one of the shared keys.

    This class is thread-safe.
    """

    def __init__(self, filename=None):
        """Create a new SharedKeyDB.

        @type filename: str
        @param filename: Filename for an on-disk database, or None for
        an in-memory database.  If the filename already exists, follow
        this with a call to open().  To create a new on-disk database,
        follow this with a call to create().
        """
        BaseDB.__init__(self, filename, "shared key")

    def _getItem(self, username, valueStr):
        session = Session()
        session._createSharedKey(username, valueStr)
        return session

    def __setitem__(self, username, sharedKey):
        """Add a shared key to the database.

        @type username: str
        @param username: The username to associate the shared key with.
        Must be less than or equal to 16 characters in length, and must
        not already be in the database.

        @type sharedKey: str
        @param sharedKey: The shared key to add.  Must be less than 48
        characters in length.
        """
        BaseDB.__setitem__(self, username, sharedKey)

    def _setItem(self, username, value):
        if len(username)>16:
            raise ValueError("username too long")
        if len(value)>=48:
            raise ValueError("shared key too long")
        return value

    def _checkItem(self, value, username, param):
        newSession = self._getItem(username, param)
        return value.masterSecret == newSession.masterSecret