def create(self, session): b64_metadata = meta_data.Metadata(self.source.name, self._destination, self._timestamp, self._nonce).encode() b64_signature = self.source.sign(b64_metadata, b64encode=True) json = {'metadata': b64_metadata, 'signature': b64_signature} resp = self._http_post(session, json=json).json() b64_metadata = resp['metadata'] b64_ticket = resp['ticket'] b64_signature = resp['signature'] sig = self.source.sign(six.b(b64_metadata + b64_ticket), b64encode=True) if sig != six.b(b64_signature): raise ValueError("invalid signature on ticket") data = self.source.decrypt(b64_ticket, b64decode=True) self._ticket = jsonutils.loads(data) self._ticket['skey'] = six.b(self._ticket['skey']) self._ticket['ekey'] = six.b(self._ticket['ekey']) self._ticket['esek'] = six.b(self._ticket['esek']) self._metadata = jsonutils.loads(base64.b64decode(b64_metadata))
def create(self, session): b64_metadata = meta_data.Metadata(self.source.name, self._destination, self._timestamp, self._nonce).encode() b64_signature = self.source.sign(b64_metadata, b64encode=True) json = {'metadata': b64_metadata, 'signature': b64_signature} resp = self._http_post(session, json=json).json() b64_metadata = resp['metadata'] b64_group_key = resp['group_key'] b64_signature = resp['signature'] sig = self.source.sign(six.b(b64_metadata + b64_group_key), b64encode=True) if sig != six.b(b64_signature): raise ValueError("invalid signature on group key") group_key = self.source.decrypt(b64_group_key, b64decode=True) self._group_key = base64.b64encode(group_key) self._metadata = jsonutils.loads(base64.b64decode(b64_metadata))
def __init__(self, source, destination, b64_data, hashtype='SHA256', key_size=16): data = jsonutils.loads(destination.decrypt(b64_data, b64decode=True)) base_key = base64.b64decode(data['key']) key_info = '%s,%s,%s' % (source, destination.key_name, data['timestamp']) crypto = cryptoutils.HKDF(hashtype=hashtype) key_data = crypto.expand(base_key, six.b(key_info), key_size * 2) self.sig_key = key_data[:key_size] self.enc_key = key_data[key_size:] # TODO(jamielennox): timestamp validate self.timestamp = timeutils.parse_strtime(data['timestamp'])