def pack_auth_db():
"""Packs an entire AuthDB into a blob, signing it using app's private key.
Returns:
Tuple (blob, name of a key used to sign it, base64 encoded signature).
"""
# Grab the snapshot.
state, snapshot = replication.new_auth_db_snapshot()
# Serialize to binary proto message.
req = replication_pb2.ReplicationPushRequest()
req.revision.primary_id = app_identity.get_application_id()
req.revision.auth_db_rev = state.auth_db_rev
req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
req.auth_code_version = version.__version__
auth_db_blob = req.SerializeToString()
# Sign it using primary's private keys. sign_blob is limited to 8KB only, so
# hash the body first and sign the digest.
key_name, sig = signature.sign_blob(hashlib.sha512(auth_db_blob).digest())
sig = base64.b64encode(sig)
logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
return auth_db_blob, key_name, sig
def pack_auth_db():
"""Packs an entire AuthDB into a blob, signing it using app's private key.
Returns:
Tuple (blob, name of a key used to sign it, base64 encoded signature).
"""
# Grab the snapshot.
state, snapshot = replication.new_auth_db_snapshot()
# Serialize to binary proto message.
req = replication_pb2.ReplicationPushRequest()
req.revision.primary_id = app_identity.get_application_id()
req.revision.auth_db_rev = state.auth_db_rev
req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
req.auth_code_version = version.__version__
auth_db_blob = req.SerializeToString()
# Sign it using primary's private keys. sign_blob is limited to 8KB only, so
# hash the body first and sign the digest.
key_name, sig = signature.sign_blob(hashlib.sha512(auth_db_blob).digest())
sig = base64.b64encode(sig)
logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
return auth_db_blob, key_name, sig
def test_works(self):
PRIMARY_URL = 'https://primary'
AUTH_DB_REV = 1234
# Make some non-empty snapshot, its contents is not important.
auth_db = replication.auth_db_snapshot_to_proto(
make_snapshot_obj(global_config=model.AuthGlobalConfig(
key=model.root_key(),
oauth_client_id=u'some-client-id',
oauth_client_secret=u'some-client-secret',
oauth_additional_client_ids=[u'id1', u'id2'],
token_server_url=u'https://example.com',
security_config='security config blob')))
# Store in 50-byte shards.
shard_ids = replication.store_sharded_auth_db(auth_db, PRIMARY_URL,
AUTH_DB_REV, 50)
self.assertEqual(2, len(shard_ids))
# Verify keys look OK and the shard size is respected.
for shard_id in shard_ids:
self.assertEqual(len(shard_id), 16)
shard = model.snapshot_shard_key(PRIMARY_URL, AUTH_DB_REV,
shard_id).get()
self.assertTrue(len(shard.blob) <= 50)
# Verify it can be reassembled back.
reassembled = replication.load_sharded_auth_db(PRIMARY_URL,
AUTH_DB_REV, shard_ids)
self.assertEqual(reassembled, auth_db)
def pack_auth_db():
"""Packs an entire AuthDB into a blob (serialized protobuf message).
Returns:
Tuple (AuthReplicationState, blob).
"""
# Grab the snapshot.
state, snapshot = replication.new_auth_db_snapshot()
# Serialize to binary proto message.
req = replication_pb2.ReplicationPushRequest()
req.revision.primary_id = app_identity.get_application_id()
req.revision.auth_db_rev = state.auth_db_rev
req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
req.auth_code_version = version.__version__
auth_db_blob = req.SerializeToString()
logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
return state, auth_db_blob
def pack_auth_db():
"""Packs an entire AuthDB into a blob (serialized protobuf message).
Returns:
Tuple (AuthReplicationState, blob).
"""
# Grab the snapshot.
state, snapshot = replication.new_auth_db_snapshot()
# Serialize to binary proto message.
req = replication_pb2.ReplicationPushRequest()
req.revision.primary_id = app_identity.get_application_id()
req.revision.auth_db_rev = state.auth_db_rev
req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts)
replication.auth_db_snapshot_to_proto(snapshot, req.auth_db)
req.auth_code_version = version.__version__
auth_db_blob = req.SerializeToString()
logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob))
return state, auth_db_blob
def assert_serialization_works(self, snapshot):
"""Ensures AuthDBSnapshot == AuthDBSnapshot -> proto -> AuthDBSnapshot."""
roundtrip = replication.proto_to_auth_db_snapshot(
replication.auth_db_snapshot_to_proto(snapshot))
self.assertEqual(snapshot_to_dict(snapshot), snapshot_to_dict(roundtrip))
def assert_serialization_works(self, snapshot):
"""Ensures AuthDBSnapshot == AuthDBSnapshot -> proto -> AuthDBSnapshot."""
roundtrip = replication.proto_to_auth_db_snapshot(
replication.auth_db_snapshot_to_proto(snapshot))
self.assertEqual(snapshot_to_dict(snapshot), snapshot_to_dict(roundtrip))
def make_auth_db_proto(**kwargs):
return replication.auth_db_snapshot_to_proto(make_snapshot_obj(**kwargs))
