def test_fallback(self): key = bakery.generate_key() @urlmatch(path='.*/discharge/info') def discharge_info(url, request): return { 'status_code': 404, } @urlmatch(path='.*/publickey') def public_key(url, request): return { 'status_code': 200, 'content': { 'PublicKey': str(key.public_key), } } expectInfo = bakery.ThirdPartyInfo(public_key=key.public_key, version=bakery.VERSION_1) kr = httpbakery.ThirdPartyLocator(allow_insecure=True) with HTTMock(discharge_info): with HTTMock(public_key): info = kr.third_party_info('http://0.1.2.3/') self.assertEqual(info, expectInfo)
def third_party_info(self, loc): u = urlparse(loc) if u.scheme != 'https' and not self._allow_insecure: raise bakery.ThirdPartyInfoNotFound( 'untrusted discharge URL {}'.format(loc)) loc = loc.rstrip('/') info = self._cache.get(loc) if info is not None: return info url_endpoint = '/discharge/info' headers = {BAKERY_PROTOCOL_HEADER: str(bakery.LATEST_VERSION)} resp = requests.get(url=loc + url_endpoint, headers=headers) status_code = resp.status_code if status_code == 404: url_endpoint = '/publickey' resp = requests.get(url=loc + url_endpoint, headers=headers) status_code = resp.status_code if status_code != 200: raise bakery.ThirdPartyInfoNotFound( 'unable to get info from {}'.format(url_endpoint)) json_resp = resp.json() if json_resp is None: raise bakery.ThirdPartyInfoNotFound( 'no response from /discharge/info') pk = json_resp.get('PublicKey') if pk is None: raise bakery.ThirdPartyInfoNotFound( 'no public key found in /discharge/info') idm_pk = bakery.PublicKey.deserialize(pk) version = json_resp.get('Version', bakery.VERSION_1) self._cache[loc] = bakery.ThirdPartyInfo(version=version, public_key=idm_pk) return self._cache.get(loc)
def third_party_info(self, loc): d = self._dischargers.get(loc) if d is None: return None return bakery.ThirdPartyInfo( public_key=d._key.public_key, version=bakery.LATEST_VERSION, )
def test_v2_round_trip(self): tp_info = bakery.ThirdPartyInfo(version=bakery.VERSION_2, public_key=self.tp_key.public_key) cid = bakery.encode_caveat('is-authenticated-user', b'a random string', tp_info, self.fp_key, None) res = bakery.decode_caveat(self.tp_key, cid) self.assertEquals( res, bakery.ThirdPartyCaveatInfo( first_party_public_key=self.fp_key.public_key, root_key=b'a random string', condition='is-authenticated-user', caveat=cid, third_party_key_pair=self.tp_key, version=bakery.VERSION_2, id=None, namespace=bakery.legacy_namespace()))
def new_bakery(location, locator=None): # Returns a new Bakery instance using a new # key pair, and registers the key with the given locator if provided. # # It uses test_checker to check first party caveats. key = bakery.generate_key() if locator is not None: locator.add_info( location, bakery.ThirdPartyInfo(public_key=key.public_key, version=bakery.LATEST_VERSION)) return bakery.Bakery( key=key, checker=test_checker(), location=location, identity_client=OneIdentity(), locator=locator, )
def test_v3_round_trip(self): tp_info = bakery.ThirdPartyInfo(version=bakery.VERSION_3, public_key=self.tp_key.public_key) ns = checkers.Namespace() ns.register('testns', 'x') cid = bakery.encode_caveat('is-authenticated-user', b'a random string', tp_info, self.fp_key, ns) res = bakery.decode_caveat(self.tp_key, cid) self.assertEquals( res, bakery.ThirdPartyCaveatInfo( first_party_public_key=self.fp_key.public_key, root_key=b'a random string', condition='is-authenticated-user', caveat=cid, third_party_key_pair=self.tp_key, version=bakery.VERSION_3, id=None, namespace=ns))
def third_party_info(self, loc): if loc == 'http://1.2.3.4': return bakery.ThirdPartyInfo( public_key=self.key.public_key, version=bakery.LATEST_VERSION, )
def third_party_info(self, loc): if loc == 'http://0.3.2.1': return bakery.ThirdPartyInfo( public_key=discharge_key.public_key, version=bakery.LATEST_VERSION, )