|
| 1 | +import satosa.util as util |
| 2 | +from satosa.micro_services.base import ResponseMicroService |
| 3 | + |
| 4 | + |
| 5 | +CONFIG_KEY_SALT = "salt" |
| 6 | +CONFIG_KEY_ALG = "alg" |
| 7 | +CONFIG_KEY_SUBJID = "subject_id" |
| 8 | +CONFIG_KEY_ATTRS = "attributes" |
| 9 | + |
| 10 | + |
| 11 | +class Hasher(ResponseMicroService): |
| 12 | + """Hash subject_id and attributes. |
| 13 | +
|
| 14 | + This is a micro-service that allows hashing of the subject_id and different |
| 15 | + attributes, with the selected hash algorithm and salt, as specified in the |
| 16 | + configuration. |
| 17 | +
|
| 18 | + Supported hash algorithms are listed through hashlib: |
| 19 | +
|
| 20 | + import hashlib |
| 21 | + print(hashlib.algorithms_available) |
| 22 | +
|
| 23 | + An example configuration: |
| 24 | +
|
| 25 | + module: satosa.micro_services.hasher.Hasher |
| 26 | + name: Hasher |
| 27 | + config: |
| 28 | +
|
| 29 | + # default settings that apply to every requester |
| 30 | + "": |
| 31 | + # default salt configuration is required |
| 32 | + salt: abcdef0123456789 |
| 33 | +
|
| 34 | + # the hash algorithm to use (default: sha512) |
| 35 | + alg: sha256 |
| 36 | +
|
| 37 | + # whether subject_id should be hashed (default: yes) |
| 38 | + subject_id: yes |
| 39 | +
|
| 40 | + # a list of attributes to hash (default: []) |
| 41 | + attributes: |
| 42 | + - edupersontargetedid |
| 43 | +
|
| 44 | + # specific settings for requester 'some_entityid' |
| 45 | + some_entityid: |
| 46 | + # for this requester use sha1 |
| 47 | + alg: sha1 |
| 48 | +
|
| 49 | + # do not hash any attributes |
| 50 | + # if this is missing the defaults will be used |
| 51 | + attributes: [] |
| 52 | +
|
| 53 | + # specific settings for requester 'some_other_entityid' |
| 54 | + some_other_entityid: |
| 55 | + # for this requester only use this salt |
| 56 | + salt: abcd1234 |
| 57 | +
|
| 58 | + # do not hash subject_id |
| 59 | + subject_id: no |
| 60 | +
|
| 61 | + # only hash the following attributes |
| 62 | + attributes: |
| 63 | + - gender |
| 64 | + - identifier |
| 65 | + """ |
| 66 | + |
| 67 | + def __init__(self, config, *args, **kwargs): |
| 68 | + super().__init__(*args, **kwargs) |
| 69 | + self.config = self._init_config(config) |
| 70 | + |
| 71 | + def _init_config(self, config): |
| 72 | + defaults = { |
| 73 | + CONFIG_KEY_ALG: "sha512", |
| 74 | + CONFIG_KEY_SUBJID: True, |
| 75 | + CONFIG_KEY_ATTRS: [], |
| 76 | + } |
| 77 | + |
| 78 | + defaults.update(config.get("", {})) |
| 79 | + if not defaults.get(CONFIG_KEY_SALT, None): |
| 80 | + raise Exception( |
| 81 | + "Required config key missing: {}".format(CONFIG_KEY_SALT) |
| 82 | + ) |
| 83 | + |
| 84 | + for requester, conf in config.items(): |
| 85 | + defs = defaults.copy() |
| 86 | + defs.update(conf) |
| 87 | + config[requester] = defs |
| 88 | + return config |
| 89 | + |
| 90 | + def process(self, context, internal_data): |
| 91 | + requester = internal_data.requester |
| 92 | + config = self.config.get(requester, self.config[""]) |
| 93 | + if config[CONFIG_KEY_SUBJID]: |
| 94 | + self.hash_subject_id(config, internal_data) |
| 95 | + if config[CONFIG_KEY_ATTRS]: |
| 96 | + self.hash_attributes(config, internal_data) |
| 97 | + return super().process(context, internal_data) |
| 98 | + |
| 99 | + def hash_subject_id(self, config, internal_data): |
| 100 | + internal_data.subject_id = util.hash_data( |
| 101 | + config[CONFIG_KEY_SALT], |
| 102 | + internal_data.subject_id, |
| 103 | + hash_alg=config[CONFIG_KEY_ALG], |
| 104 | + ) |
| 105 | + |
| 106 | + def hash_attributes(self, config, internal_data): |
| 107 | + for attribute in config[CONFIG_KEY_ATTRS]: |
| 108 | + internal_data.attributes[attribute] = [ |
| 109 | + util.hash_data( |
| 110 | + config[CONFIG_KEY_SALT], |
| 111 | + value, |
| 112 | + hash_alg=config[CONFIG_KEY_ALG], |
| 113 | + ) |
| 114 | + for value in internal_data.attributes.get(attribute, []) |
| 115 | + ] |
0 commit comments