def format(self, record):
message = {'message': record.getMessage(),
'asctime': self.formatTime(record, self.datefmt),
'name': record.name,
'msg': record.msg,
'args': record.args,
'levelname': record.levelname,
'levelno': record.levelno,
'pathname': record.pathname,
'filename': record.filename,
'module': record.module,
'lineno': record.lineno,
'funcname': record.funcName,
'created': record.created,
'msecs': record.msecs,
'relative_created': record.relativeCreated,
'thread': record.thread,
'thread_name': record.threadName,
'process_name': record.processName,
'process': record.process,
'traceback': None}
if hasattr(record, 'extra'):
message['extra'] = record.extra
if record.exc_info:
message['traceback'] = self.formatException(record.exc_info)
return jsonutils.dumps(message)
def format(self, record):
message = {
'message': record.getMessage(),
'asctime': self.formatTime(record, self.datefmt),
'name': record.name,
'msg': record.msg,
'args': record.args,
'levelname': record.levelname,
'levelno': record.levelno,
'pathname': record.pathname,
'filename': record.filename,
'module': record.module,
'lineno': record.lineno,
'funcname': record.funcName,
'created': record.created,
'msecs': record.msecs,
'relative_created': record.relativeCreated,
'thread': record.thread,
'thread_name': record.threadName,
'process_name': record.processName,
'process': record.process,
'traceback': None
}
if hasattr(record, 'extra'):
message['extra'] = record.extra
if record.exc_info:
message['traceback'] = self.formatException(record.exc_info)
return jsonutils.dumps(message)
def post(self, ticket_request):
# verify all required fields present and the signature is correct
ticket_request.verify()
# create a new random base key. With the combination of this base key
# and the information available in the metadata a client will be able
# to re-generate the keys required for this session.
rndkey = pecan.request.crypto.extract(ticket_request.source.key,
pecan.request.crypto.new_key())
# generate the keys to communicate between these two endpoints.
s_key, e_key = pecan.request.crypto.generate_keys(
rndkey, ticket_request.info)
# encrypt the base key for the target, this can be used to generate
# the sek on the target
esek_data = {
'key': base64.b64encode(rndkey),
'timestamp': ticket_request.time_str,
'ttl': ticket_request.ttl.seconds
}
# encrypt returns a base64 encrypted string
esek = pecan.request.crypto.encrypt(ticket_request.destination.key,
jsonutils.dumps(esek_data))
return ticket_request.new_response(e_key, s_key, esek)
def _request_ticket(self,
metadata=None,
signature=None,
source=DEFAULT_SOURCE,
destination=DEFAULT_DEST,
nonce=DEFAULT_NONCE,
timestamp=None,
source_key=None,
status=200):
if not metadata:
metadata = self._ticket_metadata(source=source,
nonce=nonce,
destination=destination,
timestamp=timestamp)
if not isinstance(metadata, six.text_type):
metadata = base64.b64encode(jsonutils.dumps(metadata))
if not signature:
if not source_key and source == DEFAULT_SOURCE:
source_key = SOURCE_KEY
signature = self.crypto.sign(source_key, metadata)
return self.post('tickets',
json={
'metadata': metadata,
'signature': signature
},
status=status)
def post(self, ticket_request):
# verify all required fields present and the signature is correct
ticket_request.verify()
# create a new random base key. With the combination of this base key
# and the information available in the metadata a client will be able
# to re-generate the keys required for this session.
rndkey = pecan.request.crypto.extract(ticket_request.source.key,
pecan.request.crypto.new_key())
# generate the keys to communicate between these two endpoints.
s_key, e_key = pecan.request.crypto.generate_keys(rndkey,
ticket_request.info)
# encrypt the base key for the target, this can be used to generate
# the sek on the target
esek_data = {'key': base64.b64encode(rndkey),
'timestamp': ticket_request.time_str,
'ttl': ticket_request.ttl.seconds}
# encrypt returns a base64 encrypted string
esek = pecan.request.crypto.encrypt(ticket_request.destination.key,
jsonutils.dumps(esek_data))
return ticket_request.new_response(e_key, s_key, esek)
def format(self, record):
message = {
"message": record.getMessage(),
"asctime": self.formatTime(record, self.datefmt),
"name": record.name,
"msg": record.msg,
"args": record.args,
"levelname": record.levelname,
"levelno": record.levelno,
"pathname": record.pathname,
"filename": record.filename,
"module": record.module,
"lineno": record.lineno,
"funcname": record.funcName,
"created": record.created,
"msecs": record.msecs,
"relative_created": record.relativeCreated,
"thread": record.thread,
"thread_name": record.threadName,
"process_name": record.processName,
"process": record.process,
"traceback": None,
}
if hasattr(record, "extra"):
message["extra"] = record.extra
if record.exc_info:
message["traceback"] = self.formatException(record.exc_info)
return jsonutils.dumps(message)
def set_ticket(self, rkey, enc_key, signature, esek):
"""Create and encrypt a ticket to the requestor.
The requestor will be able to decrypt the ticket with their key and the
information in the metadata to get the new point-to-point key.
"""
ticket = jsonutils.dumps({'skey': base64.b64encode(signature),
'ekey': base64.b64encode(enc_key),
'esek': esek})
self.ticket = pecan.request.crypto.encrypt(rkey, ticket)
def set_metadata(self, source, destination, expiration):
"""Attach the generation metadata to the ticket.
This informs the client and server of expiration and the expect sending
and receiving host and will be validated by both client and server.
"""
metadata = jsonutils.dumps({'source': source,
'destination': destination,
'expiration': expiration,
'encryption': True})
self.metadata = base64.b64encode(metadata)
def set_ticket(self, rkey, enc_key, signature, esek):
"""Create and encrypt a ticket to the requestor.
The requestor will be able to decrypt the ticket with their key and the
information in the metadata to get the new point-to-point key.
"""
ticket = jsonutils.dumps({
'skey': base64.b64encode(signature),
'ekey': base64.b64encode(enc_key),
'esek': esek
})
self.ticket = pecan.request.crypto.encrypt(rkey, ticket)
def request(self, url, method, **kwargs):
try:
json = kwargs.pop('json')
except KeyError:
pass
else:
kwargs['content_type'] = 'application/json'
kwargs['params'] = jsonutils.dumps(json)
try:
func = self.METHODS[method.lower()]
except KeyError:
self.fail("Unsupported HTTP Method: %s" % method)
else:
return func(self.app, url, **kwargs)
def request(self, url, method, **kwargs):
try:
json = kwargs.pop('json')
except KeyError:
pass
else:
kwargs['content_type'] = 'application/json'
kwargs['params'] = jsonutils.dumps(json)
try:
func = self.METHODS[method.lower()]
except KeyError:
self.fail("Unsupported HTTP Method: %s" % method)
else:
return func(self.app, url, **kwargs)
def _request_ticket(
self,
metadata=None,
signature=None,
source=DEFAULT_SOURCE,
destination=DEFAULT_DEST,
nonce=DEFAULT_NONCE,
timestamp=None,
source_key=None,
status=200,
):
if not metadata:
metadata = self._ticket_metadata(source=source, nonce=nonce, destination=destination, timestamp=timestamp)
if not isinstance(metadata, six.text_type):
metadata = base64.b64encode(jsonutils.dumps(metadata))
if not signature:
if not source_key and source == DEFAULT_SOURCE:
source_key = SOURCE_KEY
signature = self.crypto.sign(source_key, metadata)
return self.post("tickets", json={"metadata": metadata, "signature": signature}, status=status)
