def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: Iterable[six.text_type, six.text_type], six.binary_type is deprecated
@return: The binary signature of this sequence of pairs
@rtype: six.binary_type
"""
warning_msg = "Binary values for pairs are deprecated. Use text input instead."
pairs = [(string_to_text(a,
warning_msg), string_to_text(b, warning_msg))
for a, b in pairs]
kv = kvform.seqToKV(pairs)
try:
algorithm = self.hmac_algorithms[self.assoc_type]
except KeyError:
raise ValueError('Unknown association type: %r' %
(self.assoc_type, ))
hmac = HMAC(self.secret, algorithm, backend=default_backend())
hmac.update(kv.encode('utf-8'))
return hmac.finalize()
def serialize(self):
"""
Convert an association to KV form.
@return: String in KV form suitable for deserialization by
deserialize.
@rtype: str
"""
data = {
"version": "2",
"handle": self.handle,
"secret": oidutil.toBase64(self.secret),
"issued": str(int(self.issued)),
"lifetime": str(int(self.lifetime)),
"assoc_type": self.assoc_type,
}
assert len(data) == len(self.assoc_keys)
pairs = []
for field_name in self.assoc_keys:
pairs.append((field_name, data[field_name]))
return kvform.seqToKV(pairs, strict=True)
def serialize(self):
"""
Convert an association to KV form.
@return: String in KV form suitable for deserialization by
deserialize.
@rtype: str
"""
data = {
'version': '2',
'handle': self.handle,
'secret': oidutil.toBase64(self.secret),
'issued': str(int(self.issued)),
'lifetime': str(int(self.lifetime)),
'assoc_type': self.assoc_type
}
assert len(data) == len(self.assoc_keys)
pairs = []
for field_name in self.assoc_keys:
pairs.append((field_name, data[field_name]))
return kvform.seqToKV(pairs, strict=True)
def serialize(self):
"""
Convert an association to KV form.
@return: String in KV form suitable for deserialization by
deserialize.
@rtype: str
"""
data = {
'version': '2',
'handle': self.handle,
'secret': oidutil.toBase64(self.secret),
'issued': str(int(self.issued)),
'lifetime': str(int(self.lifetime)),
'assoc_type': self.assoc_type
}
assert len(data) == len(self.assoc_keys)
pairs = []
for field_name in self.assoc_keys:
pairs.append((field_name, data[field_name]))
return kvform.seqToKV(pairs, strict=True)
def is_valid_openid_response(self):
data = self.get_openid_response_data()
if 'signed' not in data:
return False
if 'sig' not in data:
return False
if 'assoc_handle' not in data:
return False
associations = Association.objects.filter(handle=data['assoc_handle'])
if not associations.exists():
return False
signing_pairs = []
for field in data['signed'].split(','):
if field not in data:
return False
else:
signing_pairs.append((field, data[field]))
association = associations.get()
valid = base64.b64encode(
association.sign(kvform.seqToKV(
tuple(signing_pairs)))) == data['sig']
return valid and super(AssociationExtension,
self).is_valid_openid_response()
def runTest(self):
# seq serializes to expected kvform
actual = kvform.seqToKV(self.seq)
self.failUnlessEqual(self.kvform, actual)
# Parse back to sequence. Expected to be unchanged, except
# stripping whitespace from start and end of values
# (i. e. ordering, case, and internal whitespace is preserved)
seq = kvform.kvToSeq(actual)
clean_seq = self.cleanSeq(seq)
self.failUnlessEqual(seq, clean_seq)
def runTest(self):
# seq serializes to expected kvform
actual = kvform.seqToKV(self.seq)
self.failUnlessEqual(self.kvform, actual)
self.failUnless(type(actual) is str)
# Parse back to sequence. Expected to be unchanged, except
# stripping whitespace from start and end of values
# (i. e. ordering, case, and internal whitespace is preserved)
seq = kvform.kvToSeq(actual)
clean_seq = self.cleanSeq(seq)
self.failUnlessEqual(seq, clean_seq)
self.checkWarnings(self.expected_warnings)
def runTest(self):
for kv_data, result, expected_warnings in kvseq_cases:
# seq serializes to expected kvform
with LogCapture() as logbook:
actual = kvform.seqToKV(kv_data)
self.assertEqual(actual, result)
self.assertIsInstance(actual, str)
# Parse back to sequence. Expected to be unchanged, except
# stripping whitespace from start and end of values
# (i. e. ordering, case, and internal whitespace is preserved)
seq = kvform.kvToSeq(actual)
clean_seq = self.cleanSeq(seq)
self.assertEqual(seq, clean_seq)
self.assertEqual(len(logbook.records), expected_warnings,
"Invalid warnings for {}: {}".format(kv_data, [r.getMessage() for r in logbook.records]))
def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: sequence of (str, str)
@return: The binary signature of this sequence of pairs
@rtype: str
"""
assert self.assoc_type == 'HMAC-SHA1'
kv = kvform.seqToKV(pairs)
return cryptutil.hmacSha1(self.secret, kv)
def runTest(self):
for kv_data, result, expected_warnings in kvseq_cases:
# seq serializes to expected kvform
with LogCapture() as logbook:
actual = kvform.seqToKV(kv_data)
self.assertEqual(actual, result)
self.assertIsInstance(actual, six.text_type)
# Parse back to sequence. Expected to be unchanged, except
# stripping whitespace from start and end of values
# (i. e. ordering, case, and internal whitespace is preserved)
seq = kvform.kvToSeq(actual)
clean_seq = self.cleanSeq(seq)
self.assertEqual(seq, clean_seq)
self.assertEqual(len(logbook.records), expected_warnings,
"Invalid warnings for {}: {}".format(kv_data, [r.getMessage() for r in logbook.records]))
def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: sequence of (str, str)
@return: The binary signature of this sequence of pairs
@rtype: str
"""
assert self.assoc_type == 'HMAC-SHA1'
kv = kvform.seqToKV(pairs)
return cryptutil.hmacSha1(self.secret, kv)
def runTest(self):
# seq serializes to expected kvform
actual = kvform.seqToKV(self.seq)
if isinstance(self.kvform, str):
kvform_bytes = bytes(self.kvform, encoding="utf-8")
else:
kvform_bytes = self.kvform
self.assertEqual(kvform_bytes, actual)
self.assertTrue(isinstance(actual, bytes))
# Parse back to sequence. Expected to be unchanged, except
# stripping whitespace from start and end of values
# (i. e. ordering, case, and internal whitespace is preserved)
seq = kvform.kvToSeq(actual)
clean_seq = self.cleanSeq(seq)
self.assertEqual(seq, clean_seq)
self.checkWarnings(self.expected_warnings)
def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: sequence of (str, str)
@return: The binary signature of this sequence of pairs
@rtype: bytes
"""
kv = kvform.seqToKV(pairs)
try:
mac = self._macs[self.assoc_type]
except KeyError:
raise ValueError(
'Unknown association type: %r' % (self.assoc_type,))
return mac(self.secret, kv)
def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: sequence of (str, str)
@return: The binary signature of this sequence of pairs
@rtype: bytes
"""
kv = kvform.seqToKV(pairs)
try:
mac = self._macs[self.assoc_type]
except KeyError:
raise ValueError("Unknown association type: %r" %
(self.assoc_type, ))
return mac(self.secret, kv)
def is_valid_openid_response(self):
data = self.get_openid_response_data()
if 'signed' not in data:
return False
if 'sig' not in data:
return False
if 'assoc_handle' not in data:
return False
associations = Association.objects.filter(handle=data['assoc_handle'])
if not associations.exists():
return False
signing_pairs = []
for field in data['signed'].split(','):
if field not in data:
return False
else:
signing_pairs.append((field, data[field]))
association = associations.get()
valid = base64.b64encode(association.sign(kvform.seqToKV(tuple(signing_pairs)))) == data['sig']
return valid and super(AssociationExtension, self).is_valid_openid_response()
def serialize(self):
"""
Convert an association to KV form.
@return: String in KV form suitable for deserialization by
deserialize.
@rtype: str
"""
data = {
"version": "2",
"handle": self.handle,
"secret": oidutil.toBase64(self.secret),
"issued": str(int(self.issued)),
"lifetime": str(int(self.lifetime)),
"assoc_type": self.assoc_type,
}
assert len(data) == len(self.assoc_keys)
pairs = []
for field_name in self.assoc_keys:
pairs.append((field_name, data[field_name]))
return kvform.seqToKV(pairs, strict=True)
def sign(self, pairs):
"""
Generate a signature for a sequence of (key, value) pairs
@param pairs: The pairs to sign, in order
@type pairs: Iterable[six.text_type, six.text_type], six.binary_type is deprecated
@return: The binary signature of this sequence of pairs
@rtype: six.binary_type
"""
warning_msg = "Binary values for pairs are deprecated. Use text input instead."
pairs = [(string_to_text(a, warning_msg), string_to_text(b, warning_msg)) for a, b in pairs]
kv = kvform.seqToKV(pairs)
try:
algorithm = self.hmac_algorithms[self.assoc_type]
except KeyError:
raise ValueError(
'Unknown association type: %r' % (self.assoc_type,))
hmac = HMAC(self.secret, algorithm, backend=default_backend())
hmac.update(kv.encode('utf-8'))
return hmac.finalize()
def test_convert(self):
result = kvform.seqToKV([(1,1)])
self.failUnlessEqual(result, '1:1\n')
self.checkWarnings(2)
def test_convert(self):
with LogCapture() as logbook:
result = kvform.seqToKV([(1, 1)])
self.assertEqual(result, '1:1\n')
self.assertEqual(len(logbook.records), 2)
def test_convert(self):
result = kvform.seqToKV([(1, 1)])
self.failUnlessEqual(result, '1:1\n')
self.checkWarnings(2)
def test_convert(self):
result = kvform.seqToKV([(1, 1)])
self.assertEqual(result, b'1:1\n')
self.checkWarnings(2)
def test_convert(self):
with LogCapture() as logbook:
result = kvform.seqToKV([(1, 1)])
self.assertEqual(result, '1:1\n')
self.assertEqual(len(logbook.records), 2)
