def test_valid_ticket(self): self._add_key(DEFAULT_SOURCE) self._add_key(DEFAULT_DEST) response = self._request_ticket().json b64m = response['metadata'] metadata = jsonutils.loads(base64.b64decode(b64m)) signature = response['signature'] b64t = response['ticket'] # check signature was signed to source csig = self.crypto.sign(SOURCE_KEY, b64m + b64t) self.assertEqual(signature, csig) # decrypt the ticket base if required, done by source if metadata['encryption']: ticket = self.crypto.decrypt(SOURCE_KEY, b64t) ticket = jsonutils.loads(ticket) skey = base64.b64decode(ticket['skey']) ekey = base64.b64decode(ticket['ekey']) b64esek = ticket['esek'] # the esek part is sent to the destination, so destination should be # able to decrypt it from here. esek = self.crypto.decrypt(DEST_KEY, b64esek) esek = jsonutils.loads(esek) self.assertEqual(int(self.CONF.ticket_lifetime), esek['ttl']) # now should be able to reconstruct skey, ekey from esek data info = '%s,%s,%s' % (metadata['source'], metadata['destination'], esek['timestamp']) key = base64.b64decode(esek['key']) new_sig, new_key = self.CRYPTO.generate_keys(key, info) self.assertEqual(new_key, ekey) self.assertEqual(new_sig, skey)
def test_valid_ticket(self): self._add_key(DEFAULT_SOURCE) self._add_key(DEFAULT_DEST) response = self._request_ticket().json b64m = response["metadata"] metadata = jsonutils.loads(base64.b64decode(b64m)) signature = response["signature"] b64t = response["ticket"] # check signature was signed to source csig = self.crypto.sign(SOURCE_KEY, b64m + b64t) self.assertEqual(signature, csig) # decrypt the ticket base if required, done by source if metadata["encryption"]: ticket = self.crypto.decrypt(SOURCE_KEY, b64t) ticket = jsonutils.loads(ticket) skey = base64.b64decode(ticket["skey"]) ekey = base64.b64decode(ticket["ekey"]) b64esek = ticket["esek"] # the esek part is sent to the destination, so destination should be # able to decrypt it from here. esek = self.crypto.decrypt(DEST_KEY, b64esek) esek = jsonutils.loads(esek) self.assertEqual(int(self.CONF.ticket_lifetime), esek["ttl"]) # now should be able to reconstruct skey, ekey from esek data info = "%s,%s,%s" % (metadata["source"], metadata["destination"], esek["timestamp"]) key = base64.b64decode(esek["key"]) new_sig, new_key = self.CRYPTO.generate_keys(key, info) self.assertEqual(new_key, ekey) self.assertEqual(new_sig, skey)
def meta(self): return jsonutils.loads(base64.decodestring(self.metadata))