def post_collections():
app.logger.debug("POST COLLECTIONS")
# Verify Tokens
objperm = constants.PERM_CREATE
objtype = constants.TYPE_SRV_STORAGE
utility.verify_auth_token_list(flask.g.tokens, config.AC_SERVERS, config.AC_REQUIRED,
objperm, objtype, manager=sigkey_manager)
# Parse JSON
json_in = flask.request.get_json(force=True)
app.logger.debug("json_in = '{}'".format(json_in))
uid = json_in.get('uid', None)
app.logger.debug("uid = '{}'".format(uid))
userdata = json_in.get('userdata', {})
app.logger.debug("userdata = '{}'".format(userdata))
ac_servers = json_in.get('ac_servers')
app.logger.debug("ac_servers = '{}'".format(ac_servers))
ac_required = json_in.get('ac_required', len(ac_servers))
app.logger.debug("ac_required = '{}'".format(ac_required))
# Create Collection
col = flask.g.srv_ss.collections.create(key=uid, userdata=userdata,
ac_servers=ac_servers, ac_required=ac_required)
app.logger.debug("col.key = '{}'".format(col.key))
# Return UUID
json_out = {_KEY_COLLECTIONS: [col.key]}
return flask.jsonify(json_out)
def post_collections_secrets(col_uid):
app.logger.debug("POST COLLECTIONS SECRETS")
# Get Collection
app.logger.debug("col_uid = '{}'".format(col_uid))
col = flask.g.srv_ss.collections.get(key=col_uid)
# Verify Tokens
objperm = constants.PERM_CREATE
objtype = constants.TYPE_COL
objuid = col.uid
utility.verify_auth_token_list(flask.g.tokens, col.ac_servers, col.ac_required,
objperm, objtype, objuid, manager=sigkey_manager)
# Parse JSON
json_in = flask.request.get_json(force=True)
app.logger.debug("json_in = '{}'".format(json_in))
sec_uid = json_in.get('uid', None)
app.logger.debug("sec_uid = '{}'".format(sec_uid))
userdata = json_in.get('userdata', {})
app.logger.debug("userdata = '{}'".format(userdata))
data = json_in.get('data')
app.logger.debug("data = REDACTED")
# Create Secret
sec = col.secrets.create(key=sec_uid, data=data, userdata=userdata)
app.logger.debug("sec.key = '{}'".format(sec.key))
# Return UUID
json_out = {_KEY_SECRETS: [sec.key]}
return flask.jsonify(json_out)
def get_collections_secret_versions_latest(col_uid, sec_uid):
app.logger.debug("GET COLLECTIONS SECRET VERSIONS LATEST")
# Get Collection
col = flask.g.srv_ss.collections.get(key=col_uid)
app.logger.debug("col.key = '{}'".format(col.key))
# Verify Tokens
objperm = constants.PERM_READ
objtype = constants.TYPE_COL
objuid = col.uid
utility.verify_auth_token_list(flask.g.tokens, col.ac_servers, col.ac_required,
objperm, objtype, objuid, manager=sigkey_manager)
# Get Secret
sec = col.secrets.get(key=sec_uid)
app.logger.debug("sec.key = '{}'".format(sec.key))
# Return Secret
json_out = {'data': sec.data, 'userdata': sec.userdata}
return flask.jsonify(json_out)
def test_verify_auth_token_list(self):
# Setup Key Pair
pub1, priv1 = crypto.gen_key_pair()
pub2, priv2 = crypto.gen_key_pair()
pub3, priv3 = crypto.gen_key_pair()
# Setup Servers
servers = ["https://test.server.one", "https://test.server.two"]
manager = utility.SigkeyManager()
# Test Verify - Pass (Single)
manager.cache[servers[0]] = pub1
manager.cache[servers[1]] = pub2
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
tokens = [token1, token2]
cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager)
self.assertEqual(cnt, 1)
# Test Verify - Pass (Multiple)
manager.cache[servers[0]] = pub1
manager.cache[servers[1]] = pub2
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
tokens = [token1, token2]
cnt = utility.verify_auth_token_list(tokens, servers, 2, objperm, objtype, objuid, manager=manager)
self.assertEqual(cnt, 2)
# Test Verify - Pass (Bad tokens)
manager.cache[servers[0]] = pub1
manager.cache[servers[1]] = pub2
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid)
tokens = [token1, token2]
cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager)
self.assertEqual(cnt, 1)
# Test Verify - Fail (Not enough tokens)
manager.cache[servers[0]] = pub1
manager.cache[servers[1]] = pub2
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
tokens = [token1, token2]
self.assertRaises(
utility.TokenVerificationFailed,
utility.verify_auth_token_list,
tokens,
servers,
3,
objperm,
objtype,
objuid,
manager=manager,
)
# Test Verify - Fail (Bad tokens)
manager.cache[servers[0]] = pub1
manager.cache[servers[1]] = pub2
accountuid = uuid.uuid4()
clientuid = uuid.uuid4()
expiration = int(datetime.datetime.now().timestamp()) + 60
expiration = datetime.datetime.fromtimestamp(expiration)
objperm = "test_perm"
objtype = "test_obj"
objuid = uuid.uuid4()
token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid)
tokens = [token1, token2]
self.assertRaises(
utility.TokenVerificationFailed,
utility.verify_auth_token_list,
tokens,
servers,
2,
objperm,
objtype,
objuid,
manager=manager,
)
