request.authorization¶

Initialization for the authorization step of the request pipeline.

Submodules¶

Classes¶

`AuthorizationComponent`	Abstract base class for authorization components.
`CertificateProfileAuthorization`	Ensures the device is allowed to use the requested certificate profile.
`CompositeAuthorization`	Composite authorization handler for grouping and executing multiple authorization components.
`DevOwnerIDAuthorization`	Ensure that if this is an AOKI request, we have a matching DevOwnerID to the IDevID.
`DomainScopeValidation`	Ensures the request is within the authorized domain.
`ProtocolAuthorization`	Ensures the request is under the correct protocol: CMP or EST.
`CmpAuthorization`	Composite authorization handler for EST requests.
`EstAuthorization`	Composite authorization handler for EST requests.

Package Contents¶

class request.authorization.AuthorizationComponent[source]¶

Bases: abc.ABC

Abstract base class for authorization components.

abstractmethod authorize(context)[source]¶

Execute authorization logic.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.CertificateProfileAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the device is allowed to use the requested certificate profile.

authorize(context)[source]¶

Authorize the request based on the certificate profile.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.CompositeAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Composite authorization handler for grouping and executing multiple authorization components.

components: list[AuthorizationComponent] = []¶

add(component)[source]¶

Add a new authorization component to the composite.

Parameters:: component (AuthorizationComponent)
Return type:: None

remove(component)[source]¶

Remove an authorization component from the composite.

Parameters:: component (AuthorizationComponent)
Return type:: None

authorize(context)[source]¶

Iterate through all child authorization components and execute their authorization logic.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.DevOwnerIDAuthorization[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensure that if this is an AOKI request, we have a matching DevOwnerID to the IDevID.

authorize(context)[source]¶

Authorize the request based on the DevOwnerID corresponding to the client certificate.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.DomainScopeValidation[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the request is within the authorized domain.

authorize(context)[source]¶

Authorize the request based on the domain scope.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.ProtocolAuthorization(allowed_protocols)[source]¶

Bases: AuthorizationComponent, trustpoint.logger.LoggerMixin

Ensures the request is under the correct protocol: CMP or EST.

Parameters:: allowed_protocols (list[str])

allowed_protocols¶

authorize(context)[source]¶

Authorize the request based on the protocol.

Parameters:: context (request.request_context.BaseRequestContext)
Return type:: None

class request.authorization.CmpAuthorization(allowed_operations=None)[source]¶

Bases: request.authorization.base.CompositeAuthorization

Composite authorization handler for EST requests.

Parameters:: allowed_operations (list[str] | None)

class request.authorization.EstAuthorization(allowed_operations=None)[source]¶

Bases: request.authorization.base.CompositeAuthorization

Composite authorization handler for EST requests.

Parameters:: allowed_operations (list[str] | None)