def __init__(self, requestData, assoc_type='HMAC-SHA1', handle=None):
"""
Create a new association with the provided requestData.
"""
if(handle):
self.handle = handle
else:
self.handle = base64.b64encode(util.handle())
self.assoc_type = assoc_type
self.secret = util.secret(self.handle, assoc_type)
self.created = time.time()
self.expires_in = '86400'
if(DH_SHA1_ENABLED and requestData.get('openid.session_type') == 'DH-SHA1'):
self.dh_modulus = util.mklong(base64.b64decode(requestData['openid.dh_modulus']))
self.dh_gen = util.mklong(base64.b64decode(requestData['openid.dh_gen']))
self.dh_consumer_public = util.mklong(base64.b64decode(requestData['openid.dh_consumer_public']))
self.dh_server_private = util.mkkey()
self.dh_server_public = base64.b64encode(util.btwoc(pow(self.dh_gen, self.dh_server_private) % self.dh_modulus))
self.dh_shared_secret = pow(self.dh_consumer_public, self.dh_server_private) % self.dh_modulus
self.enc_mac_key = util.secret(util.btwoc(self.dh_shared_secret), 'HMAC-SHA1') ^ self.secret
else:
self.mac_key = base64.b64encode(self.secret)
def get_login_response(registry, requestData):
"""
Convenience function to return a valid login response for the provided request.
@param registry: the current OpenID registry
@type registry: L{OpenIDRegistry}
@param requestData: the current request data
@type requestData: L{OpenIDRequest}
@return: a response URL
@rtype: str
"""
log.msg('[get_login_response] request: %r' % requestData)
association = registry.initiate(requestData, 'openid.assoc_handle' in requestData)
log.msg('[get_login_response] association: %r' % association)
log.msg('[get_login_response] Using handle: %r' % association.handle)
token_key = util.secret(association.handle)
log.msg('[get_login_response] Found key: %r' % token_key)
token_contents = util.kvstr(
mode = 'id_res',
identity = requestData['openid.identity'],
return_to = requestData['openid.return_to'],
)
return_dict = {
'openid.mode' : 'id_res',
'openid.identity' : requestData['openid.identity'],
'openid.assoc_handle' : association.handle,
'openid.return_to' : requestData['openid.return_to'],
'openid.signed' : 'identity,mode,return_to',
'openid.sig' : base64.b64encode(util.get_hmac(token_key, token_contents))
}
if(association.handle != requestData.get('openid.assoc_handle', association.handle)):
log.msg("[get_login_response] Retrieved association handle doesn't match request: %r" % requestData['openid.assoc_handle'])
return_dict['openid.invalidate_handle'] = requestData['openid.assoc_handle']
return util.appendQuery(requestData['openid.return_to'], return_dict)
def test_secret_sha1(self): value = 'some string' expected = '\x8bE\xe4\xbd\x1cj\xcb\x88\xbe\xbfd\x07\xd1b\x05\xf5g\xe6*>' got = util.secret(value) self.failUnlessEqual(got, expected, "Got %r when expecting %r" % (got, expected))
