def _testKeySignVerify(self, priv, pub):
testData = 'this is the test data'
sig = keys.signData(priv, testData)
self.assert_(
keys.verifySignature(priv, sig, testData),
'verifying with private %s failed' % keys.objectType(priv))
self.assert_(keys.verifySignature(pub, sig, testData),
'verifying with public %s failed' % keys.objectType(pub))
self.failIf(keys.verifySignature(priv, sig, 'other data'),
'verified bad data with %s' % keys.objectType(priv))
self.failIf(keys.verifySignature(priv, 'bad sig', testData),
'verified badsign with %s' % keys.objectType(priv))
def _testKeySignVerify(self, priv, pub):
testData = 'this is the test data'
sig = keys.signData(priv, testData)
self.assert_(keys.verifySignature(priv, sig, testData),
'verifying with private %s failed' %
keys.objectType(priv))
self.assert_(keys.verifySignature(pub, sig, testData),
'verifying with public %s failed' %
keys.objectType(pub))
self.failIf(keys.verifySignature(priv, sig, 'other data'),
'verified bad data with %s' %
keys.objectType(priv))
self.failIf(keys.verifySignature(priv, 'bad sig', testData),
'verified badsign with %s' %
keys.objectType(priv))
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
if conch.version.major < 10:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
pubKey = keys.Key.fromString(credentials.blob)
if pubKey.verify(credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.warning('manhole',
'error checking signature on creds %r: %r',
credentials, log.getFailureMessage(f))
return f
return failure.Failure(UnauthorizedLogin())
def requestAvatarId(self, credentials):
print "requestAvatarId", credentials.username
user = database.getUser(key=credentials.blob)
if user:
if not user['enabled']:
return failure.Failure(
error.ConchError("User account not enabled"))
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
pubKey = keys.Key.fromString(credentials.blob).keyObject
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
print "login as %s" % credentials.username
database.updateUserName(credentials.blob, credentials.username)
return credentials.username
else:
return failure.Failure(error.ConchError("Incorrect signature"))
elif config['ALLOW_ANNONYMOUS']:
print "login as ANONYMOUS"
user = "".join(Random().sample(string.letters, 30))
self.annons[user] = credentials.blob
return user
return failure.Failure(error.ConchError("Not allowed"))
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
if conch.version.major < 10:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
pubKey = keys.Key.fromString(credentials.blob)
if pubKey.verify(credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.warning('manhole',
'error checking signature on creds %r: %r',
credentials, log.getFailureMessage(f))
return f
return failure.Failure(UnauthorizedLogin())
def requestAvatarId(self, credentials):
print "requestAvatarId", credentials.username
user = database.getUser(key=credentials.blob)
if user:
if not user['enabled']:
return failure.Failure(
error.ConchError("User account not enabled"))
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
pubKey = keys.Key.fromString(credentials.blob).keyObject
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
print "login as %s" % credentials.username
database.updateUserName(credentials.blob, credentials.username)
return credentials.username
else:
return failure.Failure(
error.ConchError("Incorrect signature"))
elif config['ALLOW_ANNONYMOUS']:
print "login as ANONYMOUS"
user = "".join(Random().sample(string.letters,30))
self.annons[user] = credentials.blob
return user
return failure.Failure(error.ConchError("Not allowed"))
def requestAvatarId(self, credentials):
if not self.checkKey(credentials):
return defer.fail(UnauthorizedLogin())
if not credentials.signature:
return defer.fail(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data = credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return defer.succeed(credentials.username)
except:
pass
return defer.fail(UnauthorizedLogin())
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature, credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.err()
return f
return failure.Failure(UnauthorizedLogin())
def requestAvatarId(self, credentials):
try:
userKey = AuthKeys[Name(credentials.username)].key
except KeyError:
raise error.ConchError("No such user")
else:
if not credentials.blob == base64.decodestring(userKey):
raise error.ConchError("I don't recognize that key")
if not credentials.signature:
return error.ValidPublicKey( )
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature, credentials.sigData):
return credentials.username
else:
return error.ConchError("Incorrect signature")
def _cbRequestAvatarId(self, validKey, credentials):
if not validKey:
return failure.Failure(UnauthorizedLogin())
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
else:
try:
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
except: # any error should be treated as a failed login
f = failure.Failure()
log.err()
return f
return failure.Failure(UnauthorizedLogin())
def requestAvatarId(self, credentials):
if self.authorizedKeys.has_key(credentials.username):
userKey = self.authorizedKeys[credentials.username]
if not credentials.blob == base64.decodestring(userKey):
raise failure.failure(
error.ConchError("I don't recognize that key"))
if not credentials.signature:
return failure.Failure(error.ValidPublicKey())
pubKey = keys.getPublicKeyObject(data=credentials.blob)
if keys.verifySignature(pubKey, credentials.signature,
credentials.sigData):
return credentials.username
else:
return failure.Failure(error.ConchError("Incorrect signature"))
else:
return failure.Failure(error.ConchError("No such user"))
