def get_ticket(self, source, target, crypto, key): # prepare metadata md = {'requestor': source, 'target': target, 'timestamp': time.time(), 'nonce': struct.unpack('Q', os.urandom(8))[0]} metadata = base64.b64encode(jsonutils.dumps(md)) # sign metadata signature = crypto.sign(key, metadata) # HTTP request reply = self._get_ticket({'metadata': metadata, 'signature': signature}) # verify reply signature = crypto.sign(key, (reply['metadata'] + reply['ticket'])) if signature != reply['signature']: raise InvalidEncryptedTicket(md['source'], md['destination']) md = jsonutils.loads(base64.b64decode(reply['metadata'])) if ((md['source'] != source or md['destination'] != target or md['expiration'] < time.time())): raise InvalidEncryptedTicket(md['source'], md['destination']) # return ticket data tkt = jsonutils.loads(crypto.decrypt(key, reply['ticket'])) return tkt, md['expiration']
def _decode_esek(self, key, source, target, timestamp, esek): """This function decrypts the esek buffer passed in and returns a KeyStore to be used to check and decrypt the received message. :param key: The key to use to decrypt the ticket (esek) :param source: The name of the source service :param traget: The name of the target service :param timestamp: The incoming message timestamp :param esek: a base64 encoded encrypted block containing a JSON string """ rkey = None try: s = self._crypto.decrypt(key, esek) j = jsonutils.loads(s) rkey = base64.b64decode(j['key']) expiration = j['timestamp'] + j['ttl'] if j['timestamp'] > timestamp or timestamp > expiration: raise InvalidExpiredTicket(source, target) except Exception: raise InvalidEncryptedTicket(source, target) info = '%s,%s,%s' % (source, target, str(j['timestamp'])) sek = self._hkdf.expand(rkey, info, len(key) * 2) return self._split_key(sek, len(key))
def load_json(cls, data, default_rule=None): """Allow loading of JSON rule data.""" # Suck in the JSON data and parse the rules rules = dict((k, parse_rule(v)) for k, v in jsonutils.loads(data).items()) return cls(rules, default_rule)
def load_json(cls, data, default_rule=None): """Allow loading of JSON rule data.""" # Suck in the JSON data and parse the rules rules = dict((k, parse_rule(v)) for k, v in jsonutils.loads(data).items()) return cls(rules, default_rule)
def test_verify_signature_nested_json(): data = {'a': 'A', 'b': 'B', 'nested': {'a': 'A', 'b': 'B', 'c': ('c',), 'd': ['d'] }, } data['message_signature'] = meter.compute_signature(data, 'not-so-secret') jsondata = jsonutils.loads(jsonutils.dumps(data)) assert meter.verify_signature(jsondata, 'not-so-secret')
def _get_reply(self, url, resp): if resp.text: try: body = jsonutils.loads(resp.text) reply = body['reply'] except (KeyError, TypeError, ValueError): msg = "Failed to decode reply: %s" % resp.text raise CommunicationError(url, msg) else: msg = "No reply data was returned." raise CommunicationError(url, msg) return reply
def test_verify_signature_nested_json(self): data = {'a': 'A', 'b': 'B', 'nested': {'a': 'A', 'b': 'B', 'c': ('c',), 'd': ['d'] }, } data['message_signature'] = utils.compute_signature( data, 'not-so-secret') jsondata = jsonutils.loads(jsonutils.dumps(data)) self.assertTrue(utils.verify_signature(jsondata, 'not-so-secret'))
def get(self, path, headers=None, **kwds): if kwds: query = path + '?' + urllib.urlencode(kwds) else: query = path rv = self.test_app.get(query, headers=headers) if rv.status_code == 200 and rv.content_type == 'application/json': try: data = jsonutils.loads(rv.data) except ValueError: print('RAW DATA:%s' % rv) raise return data return rv
def _unpack_json_msg(self, msg): """Load the JSON data in msg if msg.content_type indicates that it is necessary. Put the loaded data back into msg.content and update msg.content_type appropriately. A Qpid Message containing a dict will have a content_type of 'amqp/map', whereas one containing a string that needs to be converted back from JSON will have a content_type of JSON_CONTENT_TYPE. :param msg: a Qpid Message object :returns: None """ if msg.content_type == JSON_CONTENT_TYPE: msg.content = jsonutils.loads(msg.content) msg.content_type = 'amqp/map'
def _unpack_json_msg(self, msg): """Load the JSON data in msg if msg.content_type indicates that it is necessary. Put the loaded data back into msg.content and update msg.content_type appropriately. A Qpid Message containing a dict will have a content_type of 'amqp/map', whereas one containing a string that needs to be converted back from JSON will have a content_type of JSON_CONTENT_TYPE. :param msg: a Qpid Message object :returns: None """ if msg.content_type == JSON_CONTENT_TYPE: msg.content = jsonutils.loads(msg.content) msg.content_type = 'amqp/map'
def decode(self, version, metadata, message, signature): """This is the main decoding function. It takes a version, metadata, message and signature strings and returns a tuple with a (decrypted) message and metadata or raises an exception in case of error. :param version: the current envelope version :param metadata: a JSON serialized object with metadata for validation :param message: a JSON serialized (base64 encoded encrypted) message :param signature: a base64 encoded signature """ md = jsonutils.loads(metadata) check_args = ('source', 'destination', 'timestamp', 'nonce', 'esek', 'encryption') for arg in check_args: if arg not in md: raise InvalidMetadata('Missing metadata "%s"' % arg) if md['destination'] != self._name: # TODO(simo) handle group keys by checking target raise UnknownDestinationName(md['destination']) try: skey, ekey = self._decode_esek(self._key, md['source'], md['destination'], md['timestamp'], md['esek']) except InvalidExpiredTicket: raise except Exception: raise InvalidMetadata('Failed to decode ESEK for %s/%s' % ( md['source'], md['destination'])) sig = self._crypto.sign(skey, version + metadata + message) if sig != signature: raise InvalidSignature(md['source'], md['destination']) if md['encryption'] is True: msg = self._crypto.decrypt(ekey, message) else: msg = message return (md, msg)
def deserialize_msg(msg): # NOTE(russellb): Hang on to your hats, this road is about to # get a little bumpy. # # Robustness Principle: # "Be strict in what you send, liberal in what you accept." # # At this point we have to do a bit of guessing about what it # is we just received. Here is the set of possibilities: # # 1) We received a dict. This could be 2 things: # # a) Inspect it to see if it looks like a standard message envelope. # If so, great! # # b) If it doesn't look like a standard message envelope, it could either # be a notification, or a message from before we added a message # envelope (referred to as version 1.0). # Just return the message as-is. # # 2) It's any other non-dict type. Just return it and hope for the best. # This case covers return values from rpc.call() from before message # envelopes were used. (messages to call a method were always a dict) if not isinstance(msg, dict): # See #2 above. return msg base_envelope_keys = (_VERSION_KEY, _MESSAGE_KEY) if not all(map(lambda key: key in msg, base_envelope_keys)): # See #1.b above. return msg # At this point we think we have the message envelope # format we were expecting. (#1.a above) if not version_is_compatible(_RPC_ENVELOPE_VERSION, msg[_VERSION_KEY]): raise UnsupportedRpcEnvelopeVersion(version=msg[_VERSION_KEY]) raw_msg = jsonutils.loads(msg[_MESSAGE_KEY]) return raw_msg
def deserialize_remote_exception(conf, data): failure = jsonutils.loads(str(data)) trace = failure.get('tb', []) message = failure.get('message', "") + "\n" + "\n".join(trace) name = failure.get('class') module = failure.get('module') # NOTE(ameade): We DO NOT want to allow just any module to be imported, in # order to prevent arbitrary code execution. if module not in conf.allowed_rpc_exception_modules: return RemoteError(name, failure.get('message'), trace) try: mod = importutils.import_module(module) klass = getattr(mod, name) if not issubclass(klass, Exception): raise TypeError("Can only deserialize Exceptions") failure = klass(*failure.get('args', []), **failure.get('kwargs', {})) except (AttributeError, TypeError, ImportError): return RemoteError(name, failure.get('message'), trace) ex_type = type(failure) str_override = lambda self: message new_ex_type = type(ex_type.__name__ + _REMOTE_POSTFIX, (ex_type, ), { '__str__': str_override, '__unicode__': str_override }) new_ex_type.__module__ = '%s%s' % (module, _REMOTE_POSTFIX) try: # NOTE(ameade): Dynamically create a new exception type and swap it in # as the new type for the exception. This only works on user defined # Exceptions and not core python exceptions. This is important because # we cannot necessarily change an exception message so we must override # the __str__ method. failure.__class__ = new_ex_type except TypeError: # NOTE(ameade): If a core exception then just add the traceback to the # first exception argument. failure.args = (message, ) + failure.args[1:] return failure
def deserialize_remote_exception(conf, data): failure = jsonutils.loads(str(data)) trace = failure.get('tb', []) message = failure.get('message', "") + "\n" + "\n".join(trace) name = failure.get('class') module = failure.get('module') # NOTE(ameade): We DO NOT want to allow just any module to be imported, in # order to prevent arbitrary code execution. if module not in conf.allowed_rpc_exception_modules: return RemoteError(name, failure.get('message'), trace) try: mod = importutils.import_module(module) klass = getattr(mod, name) if not issubclass(klass, Exception): raise TypeError("Can only deserialize Exceptions") failure = klass(*failure.get('args', []), **failure.get('kwargs', {})) except (AttributeError, TypeError, ImportError): return RemoteError(name, failure.get('message'), trace) ex_type = type(failure) str_override = lambda self: message new_ex_type = type(ex_type.__name__ + _REMOTE_POSTFIX, (ex_type,), {'__str__': str_override, '__unicode__': str_override}) new_ex_type.__module__ = '%s%s' % (module, _REMOTE_POSTFIX) try: # NOTE(ameade): Dynamically create a new exception type and swap it in # as the new type for the exception. This only works on user defined # Exceptions and not core python exceptions. This is important because # we cannot necessarily change an exception message so we must override # the __str__ method. failure.__class__ = new_ex_type except TypeError: # NOTE(ameade): If a core exception then just add the traceback to the # first exception argument. failure.args = (message,) + failure.args[1:] return failure
def _from_json(self, datastring): try: return jsonutils.loads(datastring) except ValueError: msg = _("cannot understand JSON") raise MalformedRequestBody(reason=msg)
def _from_json(self, datastring): try: return jsonutils.loads(datastring) except ValueError: msg = _("cannot understand JSON") raise MalformedRequestBody(reason=msg)
def load_json(cls, data, default_rule=None): """Init a brain using json instead of a rules dictionary.""" rules_dict = jsonutils.loads(data) return cls(rules=rules_dict, default_rule=default_rule)
def _deserialize(data): """Deserialization wrapper.""" LOG.debug(_("Deserializing: %s"), data) return jsonutils.loads(data)
def test_verify_signature_nested_json(self): data = {"a": "A", "b": "B", "nested": {"a": "A", "b": "B", "c": ("c",), "d": ["d"]}} data["message_signature"] = rpc.compute_signature(data, "not-so-secret") jsondata = jsonutils.loads(jsonutils.dumps(data)) self.assertTrue(rpc.verify_signature(jsondata, "not-so-secret"))