linotp.lib.security.provider module¶
The security provider is a dynamic handler for security relevant tasks like random, crypt, decrypt, sign
- class linotp.lib.security.provider.SecurityProvider¶
Bases:
objectthe security provider is the singleton in the server who provides the security modules to run security relevant methods
read the hsm configurations
set up a pool of hsm modules
bind a hsm to one session
free the hsm from session after usage
the thread id is used as session identifier
- createHSMPool(hsm_id=None, *args, **kw)¶
Setup the pool of security module connections
- Parameters:
hsm_id – The id of the hsm provider which must exist in the hsm config,
if None the one from the config will be used
- Returns:
The created pool (list) of hsm connections
- dropSecurityModule(hsm_id=None, sessionId=None)¶
Searches in the hsm pool and finds the hsm connection allocated by the thread (sessionId) and makes that hsm connection free
- Parameters:
hsm_id – the identifier of the hsm pool which is stated in the hsm config
sessionId – the thread id
- Returns:
expected to be True if it succeeds to drop, false if it fails
- getSecurityModule(hsm_id=None, sessionId=None)¶
Allocate a security module for the sessionId
- Parameters:
hsm_id – Specifies from which pool to choose. It will use the
activeOne if it’s not specified :param sessionId: Specifies the threadId which will be used for the allocation of the hsm connection
- Returns:
The allocated hsm connection
- get_config_entries(config_name)¶
- Parameters:
names – list of config entries by modulename
- Returns:
dict
- loadSecurityModule(module_id=None)¶
return the specified security module
- Parameters:
id (String or None) – identifier for the security module (from the configuration)
- Returns:
None or the created object
- Return type:
security module
- load_config(config)¶
load the security modules configuration
- setupModule(hsm_id, config=None)¶
setupModule is called during runtime to define the config parameters like password or connection strings