def test_fallback(self):
key = bakery.generate_key()
@urlmatch(path='.*/discharge/info')
def discharge_info(url, request):
return {
'status_code': 404,
}
@urlmatch(path='.*/publickey')
def public_key(url, request):
return {
'status_code': 200,
'content': {
'PublicKey': str(key.public_key),
}
}
expectInfo = bakery.ThirdPartyInfo(public_key=key.public_key,
version=bakery.VERSION_1)
kr = httpbakery.ThirdPartyLocator(allow_insecure=True)
with HTTMock(discharge_info):
with HTTMock(public_key):
info = kr.third_party_info('http://0.1.2.3/')
self.assertEqual(info, expectInfo)
def third_party_info(self, loc):
u = urlparse(loc)
if u.scheme != 'https' and not self._allow_insecure:
raise bakery.ThirdPartyInfoNotFound(
'untrusted discharge URL {}'.format(loc))
loc = loc.rstrip('/')
info = self._cache.get(loc)
if info is not None:
return info
url_endpoint = '/discharge/info'
headers = {BAKERY_PROTOCOL_HEADER: str(bakery.LATEST_VERSION)}
resp = requests.get(url=loc + url_endpoint, headers=headers)
status_code = resp.status_code
if status_code == 404:
url_endpoint = '/publickey'
resp = requests.get(url=loc + url_endpoint, headers=headers)
status_code = resp.status_code
if status_code != 200:
raise bakery.ThirdPartyInfoNotFound(
'unable to get info from {}'.format(url_endpoint))
json_resp = resp.json()
if json_resp is None:
raise bakery.ThirdPartyInfoNotFound(
'no response from /discharge/info')
pk = json_resp.get('PublicKey')
if pk is None:
raise bakery.ThirdPartyInfoNotFound(
'no public key found in /discharge/info')
idm_pk = bakery.PublicKey.deserialize(pk)
version = json_resp.get('Version', bakery.VERSION_1)
self._cache[loc] = bakery.ThirdPartyInfo(version=version,
public_key=idm_pk)
return self._cache.get(loc)
def third_party_info(self, loc):
d = self._dischargers.get(loc)
if d is None:
return None
return bakery.ThirdPartyInfo(
public_key=d._key.public_key,
version=bakery.LATEST_VERSION,
)
def test_v2_round_trip(self):
tp_info = bakery.ThirdPartyInfo(version=bakery.VERSION_2,
public_key=self.tp_key.public_key)
cid = bakery.encode_caveat('is-authenticated-user', b'a random string',
tp_info, self.fp_key, None)
res = bakery.decode_caveat(self.tp_key, cid)
self.assertEquals(
res,
bakery.ThirdPartyCaveatInfo(
first_party_public_key=self.fp_key.public_key,
root_key=b'a random string',
condition='is-authenticated-user',
caveat=cid,
third_party_key_pair=self.tp_key,
version=bakery.VERSION_2,
id=None,
namespace=bakery.legacy_namespace()))
def new_bakery(location, locator=None):
# Returns a new Bakery instance using a new
# key pair, and registers the key with the given locator if provided.
#
# It uses test_checker to check first party caveats.
key = bakery.generate_key()
if locator is not None:
locator.add_info(
location,
bakery.ThirdPartyInfo(public_key=key.public_key,
version=bakery.LATEST_VERSION))
return bakery.Bakery(
key=key,
checker=test_checker(),
location=location,
identity_client=OneIdentity(),
locator=locator,
)
def test_v3_round_trip(self):
tp_info = bakery.ThirdPartyInfo(version=bakery.VERSION_3,
public_key=self.tp_key.public_key)
ns = checkers.Namespace()
ns.register('testns', 'x')
cid = bakery.encode_caveat('is-authenticated-user', b'a random string',
tp_info, self.fp_key, ns)
res = bakery.decode_caveat(self.tp_key, cid)
self.assertEquals(
res,
bakery.ThirdPartyCaveatInfo(
first_party_public_key=self.fp_key.public_key,
root_key=b'a random string',
condition='is-authenticated-user',
caveat=cid,
third_party_key_pair=self.tp_key,
version=bakery.VERSION_3,
id=None,
namespace=ns))
def third_party_info(self, loc):
if loc == 'http://1.2.3.4':
return bakery.ThirdPartyInfo(
public_key=self.key.public_key,
version=bakery.LATEST_VERSION,
)
def third_party_info(self, loc):
if loc == 'http://0.3.2.1':
return bakery.ThirdPartyInfo(
public_key=discharge_key.public_key,
version=bakery.LATEST_VERSION,
)
