def add_third_party_caveat(self,
                            macaroon,
                            location,
                            key,
                            key_id,
                            **kwargs):
     derived_key = truncate_or_pad(
         generate_derived_key(convert_to_bytes(key))
     )
     old_key = truncate_or_pad(binascii.unhexlify(macaroon.signature_bytes))
     box = SecretBox(key=old_key)
     verification_key_id = box.encrypt(
         derived_key, nonce=kwargs.get('nonce')
     )
     caveat = Caveat(
         caveat_id=key_id,
         location=location,
         verification_key_id=verification_key_id
     )
     macaroon.caveats.append(caveat)
     encode_key = binascii.unhexlify(macaroon.signature_bytes)
     macaroon.signature = sign_third_party_caveat(
         encode_key,
         caveat._verification_key_id,
         caveat._caveat_id
     )
     return macaroon
Beispiel #2
0
 def verify(self, macaroon, key):
     key = generate_derived_key(convert_to_bytes(key))
     return self.verify_discharge(
         macaroon,
         macaroon,
         key,
     )
Beispiel #3
0
 def add_third_party_caveat(self, macaroon, location, key, key_id,
                            **kwargs):
     derived_key = truncate_or_pad(
         generate_derived_key(convert_to_bytes(key)))
     old_key = truncate_or_pad(binascii.unhexlify(macaroon.signature_bytes))
     box = SecretBox(key=old_key)
     verification_key_id = box.encrypt(derived_key,
                                       nonce=kwargs.get('nonce'))
     caveat = Caveat(caveat_id=key_id,
                     location=location,
                     verification_key_id=verification_key_id,
                     version=macaroon.version)
     macaroon.caveats.append(caveat)
     encode_key = binascii.unhexlify(macaroon.signature_bytes)
     macaroon.signature = sign_third_party_caveat(
         encode_key, caveat._verification_key_id, caveat._caveat_id)
     return macaroon
Beispiel #4
0
 def add_third_party_caveat(self,
                            macaroon,
                            location,
                            key,
                            key_id,
                            nonce=None,
                            **kwargs):
     derived_key = truncate_or_pad(
         generate_derived_key(convert_to_bytes(key)))
     old_key = truncate_or_pad(binascii.unhexlify(macaroon.signature_bytes))
     box = SecretBox(key=old_key)
     nonce = nonce or nacl.utils.random(box.NONCE_SIZE)
     verification_key_id = box.encrypt(derived_key, nonce=nonce)
     caveat = Caveat(caveat_id=key_id,
                     location=location,
                     verification_key_id=verification_key_id)
     macaroon.caveats.append(caveat)
     encode_key = binascii.unhexlify(macaroon.signature_bytes)
     macaroon.signature = sign_third_party_caveat(
         encode_key, caveat._verification_key_id, caveat._caveat_id)
     return macaroon
Beispiel #5
0
 def verify(self, macaroon, key, discharge_macaroons=None):
     key = generate_derived_key(convert_to_bytes(key))
     return self.verify_discharge(macaroon, macaroon, key,
                                  discharge_macaroons)