def fake_authz_headers(hmac_key, method='HNLogin', login='******', name='Test User', dn="/test/dn", roles={}, format="list"): """Create fake authentication and authorisation headers compatible with the CMSWEB front-ends. Assumes you have the HMAC signing key the back-end will use to validate the headers. :arg str hmac_key: binary key data for signing headers. :arg str method: authentication method, one of X509Cert, X509Proxy, HNLogin, HostIP, AUCookie or None. :arg str login: account login name. :arg str name: account user name. :arg str dn: account X509 subject. :arg dict roles: role dictionary, each role with 'site' and 'group' lists. :returns: list of header name, value tuples to add to a HTTP request.""" headers = {'cms-auth-status': 'OK', 'cms-authn-method': method} if login: headers['cms-authn-login'] = login if name: headers['cms-authn-name'] = name if dn: headers['cms-authn-dn'] = dn for name, role in viewitems(roles): name = 'cms-authz-' + authz_canonical(name) headers[name] = [] for r in 'site', 'group': if r in role: headers[name].extend( ["%s:%s" % (r, authz_canonical(v)) for v in role[r]]) headers[name] = " ".join(headers[name]) prefix = suffix = "" hkeys = list(headers) for hk in sorted(hkeys): if hk != 'cms-auth-status': prefix += "h%xv%x" % (len(hk), len(headers[hk])) suffix += "%s%s" % (hk, headers[hk]) msg = prefix + "#" + suffix if PY3: hmac_key = encodeUnicodeToBytes(hmac_key) msg = encodeUnicodeToBytes(msg) cksum = hmac.new(hmac_key, msg, hashlib.sha1).hexdigest() headers['cms-authn-hmac'] = cksum if format == "list": return listitems(headers) else: return headers
def fake_authz_headers(hmac_key, method = 'HNLogin', login = '******', name = 'Test User', dn = None, roles = {}, format = "list"): """Create fake authentication and authorisation headers compatible with the CMSWEB front-ends. Assumes you have the HMAC signing key the back-end will use to validate the headers. :arg str hmac_key: binary key data for signing headers. :arg str method: authentication method, one of X509Cert, X509Proxy, HNLogin, HostIP, AUCookie or None. :arg str login: account login name. :arg str name: account user name. :arg str dn: account X509 subject. :arg dict roles: role dictionary, each role with 'site' and 'group' lists. :returns: list of header name, value tuples to add to a HTTP request.""" headers = { 'cms-auth-status': 'OK', 'cms-authn-method': method } if login: headers['cms-authn-login'] = login if name: headers['cms-authn-name'] = name if dn: headers['cms-authn-dn'] = dn for name, role in roles.items(): name = 'cms-authz-' + authz_canonical(name) headers[name] = [] for r in 'site', 'group': if r in role: headers[name].extend(["%s:%s" % (r, authz_canonical(v)) for v in role[r]]) headers[name] = " ".join(headers[name]) prefix = suffix = "" hkeys = headers.keys() for hk in sorted(hkeys): if hk != 'cms-auth-status': prefix += "h%xv%x" % (len(hk), len(headers[hk])) suffix += "%s%s" % (hk, headers[hk]) cksum = hmac.new(hmac_key, prefix + "#" + suffix, hashlib.sha1).hexdigest() headers['cms-authn-hmac'] = cksum if format == "list": return headers.items() else: return headers