def test_valid_ticket(self):
self._add_key(DEFAULT_SOURCE)
self._add_key(DEFAULT_DEST)
response = self._request_ticket().json
b64m = response['metadata']
metadata = jsonutils.loads(base64.b64decode(b64m))
signature = response['signature']
b64t = response['ticket']
# check signature was signed to source
csig = self.crypto.sign(SOURCE_KEY, b64m + b64t)
self.assertEqual(signature, csig)
# decrypt the ticket base if required, done by source
if metadata['encryption']:
ticket = self.crypto.decrypt(SOURCE_KEY, b64t)
ticket = jsonutils.loads(ticket)
skey = base64.b64decode(ticket['skey'])
ekey = base64.b64decode(ticket['ekey'])
b64esek = ticket['esek']
# the esek part is sent to the destination, so destination should be
# able to decrypt it from here.
esek = self.crypto.decrypt(DEST_KEY, b64esek)
esek = jsonutils.loads(esek)
self.assertEqual(int(self.CONF.ticket_lifetime), esek['ttl'])
# now should be able to reconstruct skey, ekey from esek data
info = '%s,%s,%s' % (metadata['source'], metadata['destination'],
esek['timestamp'])
key = base64.b64decode(esek['key'])
new_sig, new_key = self.CRYPTO.generate_keys(key, info)
self.assertEqual(new_key, ekey)
self.assertEqual(new_sig, skey)
def test_valid_ticket(self):
self._add_key(DEFAULT_SOURCE)
self._add_key(DEFAULT_DEST)
response = self._request_ticket().json
b64m = response["metadata"]
metadata = jsonutils.loads(base64.b64decode(b64m))
signature = response["signature"]
b64t = response["ticket"]
# check signature was signed to source
csig = self.crypto.sign(SOURCE_KEY, b64m + b64t)
self.assertEqual(signature, csig)
# decrypt the ticket base if required, done by source
if metadata["encryption"]:
ticket = self.crypto.decrypt(SOURCE_KEY, b64t)
ticket = jsonutils.loads(ticket)
skey = base64.b64decode(ticket["skey"])
ekey = base64.b64decode(ticket["ekey"])
b64esek = ticket["esek"]
# the esek part is sent to the destination, so destination should be
# able to decrypt it from here.
esek = self.crypto.decrypt(DEST_KEY, b64esek)
esek = jsonutils.loads(esek)
self.assertEqual(int(self.CONF.ticket_lifetime), esek["ttl"])
# now should be able to reconstruct skey, ekey from esek data
info = "%s,%s,%s" % (metadata["source"], metadata["destination"], esek["timestamp"])
key = base64.b64decode(esek["key"])
new_sig, new_key = self.CRYPTO.generate_keys(key, info)
self.assertEqual(new_key, ekey)
self.assertEqual(new_sig, skey)
def meta(self):
return jsonutils.loads(base64.decodestring(self.metadata))
