request.authorization.base¶

Provides the AuthorizationComponent class for authorization logic.

Classes¶

`AuthorizationComponent`	Abstract base class for authorization components.
`ProtocolAuthorization`	Ensures the request is under the correct protocol: CMP or EST.
`CertificateProfileAuthorization`	Ensures the device is allowed to use the requested certificate profile.
`DomainScopeValidation`	Ensures the request is within the authorized domain.
`DevOwnerIDAuthorization`	Ensure that if this is an AOKI request, we have a matching DevOwnerID to the IDevID.
`CompositeAuthorization`	Composite authorization handler for grouping and executing multiple authorization components.

Module Contents¶

class request.authorization.base.AuthorizationComponent[source]¶

Bases: abc.ABC

Abstract base class for authorization components.

abstractmethod authorize(context)[source]¶

Execute authorization logic.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.base.ProtocolAuthorization(allowed_protocols)[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the request is under the correct protocol: CMP or EST.

Parameters:: allowed_protocols (list[str])

allowed_protocols[source]¶

authorize(context)[source]¶

Authorize the request based on the protocol.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.base.CertificateProfileAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the device is allowed to use the requested certificate profile.

authorize(context)[source]¶

Authorize the request based on the certificate profile.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.base.DomainScopeValidation[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the request is within the authorized domain.

authorize(context)[source]¶

Authorize the request based on the domain scope.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.base.DevOwnerIDAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensure that if this is an AOKI request, we have a matching DevOwnerID to the IDevID.

authorize(context)[source]¶

Authorize the request based on the DevOwnerID corresponding to the client certificate.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.base.CompositeAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Composite authorization handler for grouping and executing multiple authorization components.

components: list[AuthorizationComponent] = [][source]¶

add(component)[source]¶

Add a new authorization component to the composite.

Parameters:: component (AuthorizationComponent)
Return type:: None

remove(component)[source]¶

Remove an authorization component from the composite.

Parameters:: component (AuthorizationComponent)
Return type:: None

authorize(context)[source]¶

Iterate through all child authorization components and execute their authorization logic.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None