#!/usr/bin/env python
#Copyright 2004 Sebastian Hagen
# This file is part of eucharis.

# eucharis is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# as published by the Free Software Foundation

# eucharis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with eucharis; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

import os
import time
import md5

auth_dictionary = {}

def create_request_string(prefix):
   return '%s#%s#%s' % (prefix, repr(time.time()).replace('.',''), str(os.getpid()))

def verify_response(method, request_user, request_string, response_string, auth_dictionary=auth_dictionary):
   if not (request_user in auth_dictionary):
      raise UnknownUserError('%s' % (request_user,))

   if (method == 'request_md5'):
      if (response_string == md5.new(request_string + auth_dictionary[request_user][0]).hexdigest()):
         return auth_dictionary[request_user][1]

   elif (method == 'cleartext'):
      if (response_string == auth_dictionary[request_user][0]):
         return auth_dictionary[request_user][1]
      
   else:
      raise UnknownMethodError()
      
   return False


class UnknownEntryError(StandardError):
   pass
   
class UnknownUserError(UnknownEntryError):
   pass
   
class UnknownRequestError(UnknownEntryError):
   pass

   
class UnknownMethodError(StandardError):
   pass
   
class InsufficientPermissionsError(StandardError):
   pass
   
class authentication_unit:
   #lvalues are located in local namespace of class
   auth_cache = {}
   
   def __init__(self, auth_dictionary=auth_dictionary):
      self.auth_dictionary = auth_dictionary

   def request(self, user, sessioninfo=None):
      if (user in self.auth_dictionary):
         request_string = create_request_string(user)
         self.auth_cache[(user, sessioninfo)] = request_string
         return request_string
      else:
         raise UnknownUserError(str(user))
   
   def response(self, method, user, response, sessioninfo=None):
      if ((user, sessioninfo) in self.auth_cache):
         return verify_response(method, user, self.auth_cache.pop((user, sessioninfo)), response, self.auth_dictionary)
         del(self.auth_cache[(user, sessioninfo)])

      elif (method == 'cleartext'):
         return verify_response(method, user, None, response, self.auth_dictionary)
      
      else:
         raise UnknownRequestError(str((user, sessioninfo)))
      
   def valid_user(self, user):
      if (user in self.auth_dictionary):
         return True
      else:
         return False