def onChallenge(self, challenge):
if sys.version_info.major < 3:
return compute_wcs(
bytes(self.token), bytes(challenge.extra['challenge'])
).decode()
else:
return compute_wcs(
bytes(self.token, 'utf-8'), bytes(challenge.extra['challenge'], 'utf-8')
).decode()
def onChallenge(self, challenge):
self.log.info('authentication challenge received')
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(CRA_SECRET, challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
signature = auth.compute_wcs(key, challenge.extra['challenge'])
return signature
else:
signature = auth.compute_wcs(CRA_SECRET,
challenge.extra['challenge'])
return signature
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def onChallenge(self, msg):
assert msg.method == u'wampcra'
signature = auth.compute_wcs(
u"seekrit".encode('utf8'),
msg.extra['challenge'].encode('utf8'),
)
return signature.decode('ascii')
def onChallenge(self, challenge):
if challenge.method == DEFAULT_AUTH_METHOD:
signature = compute_wcs(
u'secret2'.encode('utf8'),
challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
raise ValueError('Unknown authentication method %r' % challenge.method)
def _compute_challenge(self, user):
"""
Returns: challenge, signature
"""
challenge_obj = {
'authid': self._authid,
'authrole': self._authrole,
'authmethod': self._authmethod,
'authprovider': self._authprovider,
'session': self._session_details['session'],
'nonce': util.newid(64),
'timestamp': util.utcnow()
}
challenge: str = json.dumps(challenge_obj, ensure_ascii=False)
secret = user['secret'].encode('utf8')
signature = auth.compute_wcs(secret,
challenge.encode('utf8')).decode('ascii')
# extra data to send to client in CHALLENGE
extra = {'challenge': challenge}
# when using salted passwords, provide the client with
# the salt and then PBKDF2 parameters used
if 'salt' in user:
extra['salt'] = user['salt']
extra['iterations'] = user.get('iterations', 1000)
extra['keylen'] = user.get('keylen', 32)
return extra, signature
def onChallenge(self, challenge):
self.logger.info(
"Authenticate connection %s@%s (challenge) ...",
self.authid, self.config.realm
)
self.logger.debug("Challenge:")
self.logger.debug(" + method: %s", challenge.method)
self.logger.debug(" + extra: %s", challenge.extra)
if challenge.method == u"wampcra":
salt = challenge.extra['salt']
secret = self.secret
secret = auth.derive_key(
secret.encode('utf8'),
salt.encode('utf8'),
iterations=challenge.extra['iterations'],
keylen=challenge.extra['keylen']
).decode('ascii')
signature = auth.compute_wcs(
secret.encode('utf8'),
challenge.extra['challenge'].encode('utf8')
)
signature = signature.decode('ascii')
self.logger.debug("Signature '%s'", signature)
return signature
else:
self.logger.error("Unknown challenge method '%s'", challenge.method)
def on_challenge(challenge):
if challenge.method == u"wampcra":
print("WAMP-CRA challenge received: {}".format(challenge))
if u'salt' in challenge.extra:
# salted secret
salted_key = auth.derive_key(secret,
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
salted_key = (salted_key).decode('utf-8')
print(salted_key)
#if user==u'ffbo':
# plain, unsalted secret
# salted_key = u"kMU73GH4GS1WGUpEaSdDYwN57bdLdB58PK1Brb25UCE="
#print(salted_key)
# compute signature for challenge, using the key
signature = auth.compute_wcs(salted_key,
challenge.extra['challenge'])
# return the signature to the router for verification
return signature
else:
raise Exception("Invalid authmethod {}".format(
challenge.method))
def onChallenge(self, challenge):
if challenge.method != u'wampcra':
raise Exception("invalid auth method " + challenge.method)
if u'salt' in challenge.extra:
raise Exception("salt unimplemented")
return auth.compute_wcs(environ.get("AUTOBAHN_SECRET", None),
challenge.extra[u'challenge'])
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
authkey = self.config.extra['authkey'].encode('utf8')
signature = auth.compute_wcs(authkey, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def test_compute_wcs(self):
secret = 'L3L1YUE8Txlw'
challenge = json.dumps([1, 2, 3], ensure_ascii=False).encode('utf8')
signature = auth.compute_wcs(secret.encode('utf8'), challenge)
self.assertEqual(type(signature), bytes)
self.assertEqual(signature,
b"1njQtmmeYO41N5EWEzD2kAjjEKRZ5kPZt/TzpYXOzR0=")
def __init__(self, session, authid, authrole, authprovider, secret):
"""
:param session: The WAMP session ID of the session being authenticated.
:type session: int
:param authid: The authentication ID of the authenticating principal.
:type authid: unicode
:param authrole: The role under which the principal will be authenticated when
the authentication succeeds.
:type authrole: unicode
:param authprovider: Optional authentication provider.
:type authprovider: unicode or None
:param secret: The secret of the principal being authenticated. Either a password
or a salted password.
:type secret: str
"""
self.session = session
self.authmethod = u"wampcra"
self.authid = authid
self.authrole = authrole
self.authprovider = authprovider
challenge_obj = {
'authid': self.authid,
'authrole': self.authrole,
'authmethod': u'wampcra',
'authprovider': self.authprovider,
'session': self.session,
'nonce': util.newid(),
'timestamp': util.utcnow()
}
self.challenge = json.dumps(challenge_obj)
self.signature = auth.compute_wcs(secret, self.challenge)
def __init__(self, session, authid, authrole, authprovider, secret):
"""
:param session: The WAMP session ID of the session being authenticated.
:type session: int
:param authid: The authentication ID of the authenticating principal.
:type authid: unicode
:param authrole: The role under which the principal will be authenticated when
the authentication succeeds.
:type authrole: unicode
:param authprovider: Optional authentication provider.
:type authprovider: unicode or None
:param secret: The secret of the principal being authenticated. Either a password
or a salted password.
:type secret: str
"""
self.session = session
self.authmethod = u"wampcra"
self.authid = authid
self.authrole = authrole
self.authprovider = authprovider
challenge_obj = {
'authid': self.authid,
'authrole': self.authrole,
'authmethod': u'wampcra',
'authprovider': self.authprovider,
'session': self.session,
'nonce': util.newid(),
'timestamp': util.utcnow()
}
# challenge must be bytes
self.challenge = json.dumps(challenge_obj,
ensure_ascii=False).encode('utf8')
self.signature = auth.compute_wcs(secret, self.challenge)
def onChallenge(self, msg):
assert msg.method == u'wampcra'
signature = auth.compute_wcs(
u"seekrit".encode('utf8'),
msg.extra['challenge'].encode('utf8'),
)
return signature.decode('ascii')
def onChallenge(self, challenge):
self.logger.info("Authenticate connection %s@%s (challenge) ...",
self.authid, self.config.realm)
self.logger.debug("Challenge:")
self.logger.debug(" + method: %s", challenge.method)
self.logger.debug(" + extra: %s", challenge.extra)
if challenge.method == u"wampcra":
salt = challenge.extra['salt']
secret = self.secret
secret = auth.derive_key(
secret.encode('utf8'),
salt.encode('utf8'),
iterations=challenge.extra['iterations'],
keylen=challenge.extra['keylen']).decode('ascii')
signature = auth.compute_wcs(
secret.encode('utf8'),
challenge.extra['challenge'].encode('utf8'))
signature = signature.decode('ascii')
self.logger.debug("Signature '%s'", signature)
return signature
else:
self.logger.error("Unknown challenge method '%s'",
challenge.method)
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
authkey = self.config.extra['authkey'].encode('utf8')
signature = auth.compute_wcs(authkey, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
secret = config["crossbar"]["auth"]["password"]
signature = auth.compute_wcs(
secret.encode("utf-8"),
challenge.extra["challenge"].encode("utf-8"))
return signature.decode("ascii")
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
signature = auth.compute_wcs(BACKEND_SECRET,
challenge.extra['challenge'])
return signature
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def _compute_challenge(self, user):
"""
Returns: challenge, signature
"""
challenge_obj = {
u'authid': self._authid,
u'authrole': self._authrole,
u'authmethod': self._authmethod,
u'authprovider': self._authprovider,
u'session': self._session_details[u'session'],
u'nonce': util.newid(64),
u'timestamp': util.utcnow()
}
challenge = json.dumps(challenge_obj, ensure_ascii=False)
# Sometimes, if it doesn't have to be Unicode, PyPy won't make it
# Unicode. Make it Unicode, even if it's just ASCII.
if not isinstance(challenge, six.text_type):
challenge = challenge.decode('utf8')
secret = user['secret'].encode('utf8')
signature = auth.compute_wcs(secret,
challenge.encode('utf8')).decode('ascii')
# extra data to send to client in CHALLENGE
extra = {u'challenge': challenge}
# when using salted passwords, provide the client with
# the salt and then PBKDF2 parameters used
if 'salt' in user:
extra[u'salt'] = user['salt']
extra[u'iterations'] = user.get('iterations', 1000)
extra[u'keylen'] = user.get('keylen', 32)
return extra, signature
def onChallenge(self, challenge):
if challenge.method != u'wampcra':
raise Exception("invalid auth method " + challenge.method)
if u'salt' in challenge.extra:
raise Exception("salt unimplemented")
return auth.compute_wcs(get_config().get('auth', 'secret'),
challenge.extra['challenge'])
def onChallenge(self, challenge):
assert challenge.method == "wampcra", "don't know how to handle authmethod {}".format(
challenge.method)
signature = auth.compute_wcs(
self.config["secret"].encode("utf8"),
challenge.extra["challenge"].encode("utf8"))
return signature.decode("ascii")
def onChallenge(self, challenge):
print "Received Auth Challenge"
if challenge.method == u"wampcra":
secret = os.environ['ROUTER_AUTH_SECRET']
signature = auth.compute_wcs(unicode(secret).encode('utf8'), challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to handle authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
signature = auth.compute_wcs(
u"secret".encode('utf8'),
challenge.extra['challenge'].encode('utf8')
)
return signature.decode('ascii')
else:
raise Exception("don't know how to handle authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
secret = self.config.extra["secret"].encode('utf8')
signature = auth.compute_wcs(
secret, challenge.extra['challenge'].encode('utf8'))
return signature.decode("ascii")
else:
raise Exception("don't know how to handle authmethod {}".format(
challenge.method))
def onChallenge(self, challenge):
secret = config('WAMP_SECRET')
if challenge.method == u"ticket":
print("WAMP-Ticket challenge received: {}".format(challenge))
return secret
elif challenge.method == u"wampcra":
return compute_wcs(secret, challenge.extra['challenge'])
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == "wampcra":
logger.info(f"WAMP-Ticket challenge received: {challenge}")
signature = auth.compute_wcs(self.crsb_user_secret.encode('utf8'),
challenge.extra['challenge'].encode('utf8')) # noqa # pylint: disable=line-too-long
return signature.decode('ascii')
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
""" this is our challenge authentication """
log.msg("> dealing with [{}] challenge".format(challenge.method))
if challenge.method != u"wampcra":
raise Exception("no authmethod {}".format(challenge.method))
extra = challenge.extra["challenge"].encode("ascii")
signature = auth.compute_wcs(conf.PASS, extra)
return signature.decode("ascii")
def on_challenge(self, session, challenge):
key = self._secret.encode('utf8')
if u'salt' in challenge.extra:
key = auth.derive_key(key, challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
signature = auth.compute_wcs(
key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
def onChallenge(self, challenge):
password = self.config.extra.get('password', u"p4ssw0rd")
if challenge.method == u"wampcra":
signature = auth.compute_wcs(
password.encode(
'utf8'
), # XXX FIXME isn't this just using that as the key, directly?!
# ...i.e. probably docs should use os.urandom(32) in the examples...?
challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
raise RuntimeError("unknown authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
print challenge
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(PASSWORDS[USER], challenge.extra['salt'],
challenge.extra.get('iterations', None), challenge.extra.get('keylen', None))
else:
key = PASSWORDS[USER]
signature = auth.compute_wcs(key, challenge.extra['challenge'])
return signature
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
#print challenge
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(self.config.extra['topic'], challenge.extra['salt'],
challenge.extra.get('iterations', None), challenge.extra.get('keylen', None))
else:
key = self.config.extra['topic']
signature = auth.compute_wcs(key, challenge.extra['challenge'])
return signature
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
"""
Called by WAMP for authentication.
:param challenge: The server's authentication challenge
:return: The client's authentication response
"""
if challenge.method == "wampcra":
signature = auth.compute_wcs(WAMP_PASSWORD.encode('utf8'),
challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to handle authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
self.log.debug("WAMP-CRA challenge received: {}".format(challenge))
if u'salt' in challenge.extra:
# salted secret
key = derive_key(USER_SECRET,
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
# return the signature to the router for verification
return compute_wcs(key, challenge.extra['challenge'])
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
logger.info('Challenge received.')
if challenge.method == 'wampcra':
if 'salt' in challenge.extra:
key = auth.derive_key(password.encode(),
challenge.extra['salt'].encode(),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = password.encode()
signature = auth.compute_wcs(key, challenge.extra['challenge'])
return signature.decode('ascii')
else:
raise Exception('Unknown challenge method: %s' % challenge.method)
def onChallenge(self, challenge):
print("authentication challenge received: {}".format(challenge))
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(PASSWORDS[USER].encode('utf8'),
challenge.extra['salt'].encode('utf8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = PASSWORDS[USER].encode('utf8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(u"marketmaker".encode('utf8'),
challenge.extra['salt'].encode('utf8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = u"a".encode('utf8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
elif challenge.method == u"cookie":
return self.cookie
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
log.msg("got challenge: %s" % challenge)
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(self.factory.password.encode('utf-8'),
challenge.extra['salt'].encode('utf-8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = self.factory.password.encode('utf-8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf-8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def on_challenge(self, session, challenge):
key = self._secret.encode('utf8')
if u'salt' in challenge.extra:
key = auth.derive_key(
key,
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen']
)
signature = auth.compute_wcs(
key,
challenge.extra['challenge'].encode('utf8')
)
return signature.decode('ascii')
def onChallenge(self, challenge):
log.msg("got challenge: %s" % challenge)
if challenge.method == u"wampcra":
if u'salt' in challenge.extra:
key = auth.derive_key(self.factory.password.encode('utf-8'),
challenge.extra['salt'].encode('utf-8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = self.factory.password.encode('utf-8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf-8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge: Challenge):
if challenge.method != self.__auth_method:
raise ConnectionError(
'expected authentication method "{}" but received a "{}" challenge instead'.
format(self.__auth_method, challenge.method))
if challenge.method == 'wampcra':
key = self.__auth_secret
if 'salt' in challenge.extra:
# salted secret
key = auth.derive_key(self.__auth_secret.encode('utf-8'),
challenge.extra['salt'], challenge.extra['iterations'],
challenge.extra['keylen'])
return auth.compute_wcs(key, challenge.extra['challenge'])
elif challenge.method == 'ticket': # ticket
return self.__auth_secret
def onChallenge(self, challenge):
log.msg("onChallenge - maynard")
password = '******'
if 'authinfo' in self.svar:
password = self.svar['authinfo']['auth_password']
log.msg("onChallenge with password {}".format(password))
if challenge.method == u'wampcra':
if u'salt' in challenge.extra:
key = auth.derive_key(password.encode('utf8'),
challenge.extra['salt'].encode('utf8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None))
else:
key = password.encode('utf8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge: Challenge):
if challenge.method != self.__auth_method:
raise WAMPError(
'expected authentication method "{}" but received a "{}" challenge '
'instead'.format(self.__auth_method, challenge.method))
if challenge.method == 'wampcra':
key = self.__auth_secret
if 'salt' in challenge.extra:
# salted secret
key = auth.derive_key(self.__auth_secret.encode('utf-8'),
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
return auth.compute_wcs(key, challenge.extra['challenge'])
elif challenge.method == 'ticket':
return self.__auth_secret
def onChallenge(self, challenge):
print("authentication challenge received")
if challenge.method == u"wampcra":
print("WAMP-CRA challenge received: {}".format(challenge))
if u'salt' in challenge.extra:
# salted secret
key = auth.derive_key(u"uSrnbKa2cjxkYu9Flom1ZMIkNYMriSZ5tKzlhVKJT6o", challenge.extra['salt'], challenge.extra['iterations'], challenge.extra['keylen'])
else:
# plain, unsalted secret
key = u"uSrnbKa2cjxkYu9Flom1ZMIkNYMriSZ5tKzlhVKJT6o"
# compute signature for challenge, using the key
signature = auth.compute_wcs(key, challenge.extra['challenge'])
# return the signature to the router for verification
return signature
def on_challenge(self, challenge):
"""
A function that is called when we got onChallenge event aka authentication to a WAMP router.
This function is attached to our WampDefaultComponent only if protocol is WSS
:param self:
:param challenge:
:return: digital signature decode in ascii
"""
log = Logger()
log.info('On Challenge...')
if challenge.method == u"wampcra":
cfg = Config().get_wamp()
password = {
u'%s' % cfg.user: u'%s' % cfg.password
}
if u'salt' in challenge.extra:
key = auth.derive_key(
password[cfg.user].encode('utf8'),
challenge.extra['salt'].encode('utf8'),
challenge.extra.get('iterations', None),
challenge.extra.get('keylen', None)
)
else:
key = password[cfg.user].encode('utf8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
else:
raise Exception("don't know how to compute challenge for authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == "wampcra":
if 'salt' in challenge.extra:
# salted secret
key = auth.derive_key(
conf.WAMP_CONNECTION['AUTHSECRET'],
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'],
)
else:
# plain, unsalted secret
key = conf.WAMP_CONNECTION['AUTHSECRET']
signature = auth.compute_wcs(key, challenge.extra['challenge'])
self.log.info(key)
return signature
else:
raise Exception("don't know how to handle authmethod {}".format(challenge.method))
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
print("WAMP-CRA challenge received: {}".format(challenge))
if u'salt' in challenge.extra:
key = auth.derive_key(secret, challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
else:
# plain, unsalted secret
key = secret
# compute signature for challenge, using the key
signature = auth.compute_wcs(key, challenge.extra['challenge'])
# return the signature to the router for verification
return signature
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def __init__(self, key, session, authid, authrole, authmethod, authprovider):
self.authid = authid
self.authrole = authrole
self.authmethod = authmethod
self.authprovider = authprovider
self.session = session
self.timestamp = util.utcnow()
self.nonce = util.newid()
challenge_obj = {
'authid': self.authid,
'authrole': self.authrole,
'authmethod': self.authmethod,
'authprovider': self.authprovider,
'session': self.session,
'nonce': self.nonce,
'timestamp': self.timestamp
}
self.challenge = json.dumps(challenge_obj)
self.signature = auth.compute_wcs(key, self.challenge)
def __init__(self, key, session, authid, authrole, authmethod, authprovider, uid):
self.authid = authid
self.authrole = authrole
self.authmethod = authmethod
self.authprovider = authprovider
self.uid = uid
self.session = session
self.timestamp = util.utcnow()
self.nonce = util.newid()
challenge_obj = {
'authid': self.authid,
'authrole': self.authrole,
'authmethod': self.authmethod,
'authprovider': self.authprovider,
'session': self.session,
'nonce': self.nonce,
'timestamp': self.timestamp
}
self.challenge = json.dumps(challenge_obj, ensure_ascii = False)
self.signature = auth.compute_wcs(key.encode('utf8'), self.challenge.encode('utf8')).decode('ascii')
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
print("WAMP-CRA challenge received: {}".format(challenge))
if u'salt' in challenge.extra:
# salted secret
key = auth.derive_key(USER_SECRET,
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
else:
# plain, unsalted secret
key = USER_SECRET
# compute signature for challenge, using the key
signature = auth.compute_wcs(key, challenge.extra['challenge'])
# return the signature to the router for verification
return signature
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def __init__(self, session, authid, authrole, authprovider, secret):
"""
:param session: The WAMP session ID of the session being authenticated.
:type session: int
:param authid: The authentication ID of the authenticating principal.
:type authid: unicode
:param authrole: The role under which the principal will be authenticated when
the authentication succeeds.
:type authrole: unicode
:param authprovider: Optional authentication provider.
:type authprovider: unicode or None
:param secret: The secret of the principal being authenticated. Either a password
or a salted password.
:type secret: str
"""
self.session = session
self.authmethod = u"wampcra"
self.authid = authid
self.authrole = authrole
self.authprovider = authprovider
challenge_obj = {
'authid': self.authid,
'authrole': self.authrole,
'authmethod': u'wampcra',
'authprovider': self.authprovider,
'session': self.session,
'nonce': util.newid(),
'timestamp': util.utcnow()
}
self.challenge = json.dumps(challenge_obj, ensure_ascii=False)
# Sometimes, if it doesn't have to be Unicode, PyPy won't make it
# Unicode. Make it Unicode, even if it's just ASCII.
if not isinstance(self.challenge, six.text_type):
self.challenge = self.challenge.decode('utf8')
self.signature = auth.compute_wcs(secret, self.challenge.encode('utf8')).decode('ascii')
def onChallenge(self, challenge):
if challenge.method == u"wampcra":
out.verbose("WAMP-CRA challenge received: {}".format(challenge))
wampPassword = nexus.core.getKey('apitoken')
if u'salt' in challenge.extra:
# salted secret
key = auth.derive_key(wampPassword,
challenge.extra['salt'],
challenge.extra['iterations'],
challenge.extra['keylen'])
else:
# plain, unsalted secret
key = wampPassword
# compute signature for challenge, using the key
signature = auth.compute_wcs(key, challenge.extra['challenge'])
# return the signature to the router for verification
return signature
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
def _compute_challenge(self, user):
"""
Returns: challenge, signature
"""
challenge_obj = {
u'authid': self._authid,
u'authrole': self._authrole,
u'authmethod': self._authmethod,
u'authprovider': self._authprovider,
u'session': self._session_details[u'session'],
u'nonce': util.newid(64),
u'timestamp': util.utcnow()
}
challenge = json.dumps(challenge_obj, ensure_ascii=False)
# Sometimes, if it doesn't have to be Unicode, PyPy won't make it
# Unicode. Make it Unicode, even if it's just ASCII.
if not isinstance(challenge, six.text_type):
challenge = challenge.decode('utf8')
secret = user['secret'].encode('utf8')
signature = auth.compute_wcs(secret, challenge.encode('utf8')).decode('ascii')
# extra data to send to client in CHALLENGE
extra = {
u'challenge': challenge
}
# when using salted passwords, provide the client with
# the salt and then PBKDF2 parameters used
if 'salt' in user:
extra[u'salt'] = user['salt']
extra[u'iterations'] = user.get('iterations', 1000)
extra[u'keylen'] = user.get('keylen', 32)
return extra, signature
def onChallenge(self, challenge):
key = config_wamp["password"].encode('utf8')
signature = auth.compute_wcs(key, challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
def onChallenge(self, msg):
assert msg.method == u"wampcra"
signature = auth.compute_wcs(u"seekrit".encode("utf8"), msg.extra["challenge"].encode("utf8"))
return signature.decode("ascii")
def onChallenge(self, challenge):
s = auth.compute_wcs(generate_secret(CROSSBAR_SALT), challenge.extra['challenge'].encode('utf8'))
return s.decode('ascii')
def test_compute_wcs(self):
secret = u'L3L1YUE8Txlw'
challenge = json.dumps([1, 2, 3], ensure_ascii=False).encode('utf8')
signature = auth.compute_wcs(secret.encode('utf8'), challenge)
self.assertEqual(type(signature), bytes)
self.assertEqual(signature, b"1njQtmmeYO41N5EWEzD2kAjjEKRZ5kPZt/TzpYXOzR0=")
def onChallenge(self, challenge):
secret = config["analytics"]["auth"]["password"]
signature = auth.compute_wcs(secret.encode('utf8'), challenge.extra['challenge'].encode('utf8'))
return signature.decode('ascii')
