def add_third_party_caveat(self,
macaroon,
location,
key,
key_id,
**kwargs):
derived_key = truncate_or_pad(
generate_derived_key(convert_to_bytes(key))
)
old_key = truncate_or_pad(binascii.unhexlify(macaroon.signature_bytes))
box = SecretBox(key=old_key)
verification_key_id = box.encrypt(
derived_key, nonce=kwargs.get('nonce')
)
caveat = Caveat(
caveat_id=key_id,
location=location,
verification_key_id=verification_key_id
)
macaroon.caveats.append(caveat)
encode_key = binascii.unhexlify(macaroon.signature_bytes)
macaroon.signature = sign_third_party_caveat(
encode_key,
caveat._verification_key_id,
caveat._caveat_id
)
return macaroon
def add_third_party_caveat(self, macaroon, location, key, key_id,
**kwargs):
derived_key = truncate_or_pad(
generate_derived_key(convert_to_bytes(key)))
old_key = truncate_or_pad(binascii.unhexlify(macaroon.signature_bytes))
box = SecretBox(key=old_key)
verification_key_id = box.encrypt(derived_key,
nonce=kwargs.get('nonce'))
caveat = Caveat(caveat_id=key_id,
location=location,
verification_key_id=verification_key_id)
macaroon.caveats.append(caveat)
encode_key = binascii.unhexlify(macaroon.signature_bytes)
macaroon.signature = sign_third_party_caveat(
encode_key, caveat._verification_key_id, caveat._caveat_id)
return macaroon
def test_encrypted_first_party_caveat(self):
m = Macaroon(
location='http://mybank/',
identifier='we used our secret key',
key='this is our super secret key; only we should know it')
encryptor = SecretBoxEncryptor(
nonce=truncate_or_pad(b'\0', size=crypto_box_NONCEBYTES))
m.first_party_caveat_delegate = EncryptedFirstPartyCaveatDelegate(
field_encryptor=encryptor)
m.add_first_party_caveat('test = caveat', encrypted=True)
assert_equal(
m.signature,
'a443bc61e8f45dca4f0c441d6cfde90b804cebb0b267aab60de1ec2ab8cc8522')
def test_encrypted_first_party_caveat(self):
m = Macaroon(
location='http://mybank/',
identifier='we used our secret key',
key='this is our super secret key; only we should know it'
)
encryptor = SecretBoxEncryptor(nonce=truncate_or_pad(
b'\0',
size=crypto_box_NONCEBYTES
))
m.first_party_caveat_delegate = EncryptedFirstPartyCaveatDelegate(field_encryptor=encryptor)
m.add_first_party_caveat('test = caveat', encrypted=True)
assert_equal(
m.signature,
'a443bc61e8f45dca4f0c441d6cfde90b804cebb0b267aab60de1ec2ab8cc8522'
)
def _extract_caveat_key(self, signature, caveat):
key = truncate_or_pad(signature)
box = SecretBox(key=key)
decrypted = box.decrypt(caveat._verification_key_id)
return decrypted
from __future__ import unicode_literals
import nacl.bindings
from nose.tools import *
from pymacaroons import Macaroon, Verifier
from pymacaroons.caveat_delegates import EncryptedFirstPartyCaveatDelegate, EncryptedFirstPartyCaveatVerifierDelegate
from pymacaroons.field_encryptors import SecretBoxEncryptor
from pymacaroons.utils import truncate_or_pad
ZERO_NONCE = truncate_or_pad(
b'\0', size=nacl.bindings.crypto_secretbox_NONCEBYTES)
class TestEncryptedFieldsMacaroon(object):
def setup(self):
pass
def test_encrypted_first_party_caveat(self):
m = Macaroon(
location='http://mybank/',
identifier='we used our secret key',
key='this is our super secret key; only we should know it'
)
encryptor = SecretBoxEncryptor(nonce=ZERO_NONCE)
m.first_party_caveat_delegate = EncryptedFirstPartyCaveatDelegate(field_encryptor=encryptor)
m.add_first_party_caveat('test = caveat', encrypted=True)
assert_equal(
def _extract_caveat_key(self, signature, caveat):
key = truncate_or_pad(signature)
box = SecretBox(key=key)
decrypted = box.decrypt(caveat._verification_key_id)
return decrypted
def decrypt(self, signature, field_data):
key = truncate_or_pad(signature)
box = SecretBox(key=key)
encoded = convert_to_bytes(field_data[len(self.signifier):])
decrypted = box.decrypt(standard_b64decode(encoded))
return convert_to_string(decrypted)
def encrypt(self, signature, field_data):
encrypt_key = truncate_or_pad(signature)
box = SecretBox(key=encrypt_key)
encrypted = box.encrypt(convert_to_bytes(field_data), nonce=self.nonce)
return self._signifier + standard_b64encode(encrypted)
def __init__(self, root, key=None):
super(HashSignaturesBinder, self).__init__(root)
self.key = key or truncate_or_pad(b'\0')
def decrypt(self, signature, field_data):
key = truncate_or_pad(signature)
box = SecretBox(key=key)
encoded = convert_to_bytes(field_data[len(self.signifier):])
decrypted = box.decrypt(standard_b64decode(encoded))
return convert_to_string(decrypted)
def encrypt(self, signature, field_data):
encrypt_key = truncate_or_pad(signature)
box = SecretBox(key=encrypt_key)
encrypted = box.encrypt(convert_to_bytes(field_data), nonce=self.nonce)
return self._signifier + standard_b64encode(encrypted)
def __init__(self, root, key=None):
super(HashSignaturesBinder, self).__init__(root)
self.key = key or truncate_or_pad(b"\0")
from __future__ import unicode_literals
import nacl.bindings
from nose.tools import *
from pymacaroons import Macaroon, Verifier
from pymacaroons.caveat_delegates import EncryptedFirstPartyCaveatDelegate, EncryptedFirstPartyCaveatVerifierDelegate
from pymacaroons.field_encryptors import SecretBoxEncryptor
from pymacaroons.utils import truncate_or_pad
ZERO_NONCE = truncate_or_pad(b'\0',
size=nacl.bindings.crypto_secretbox_NONCEBYTES)
class TestEncryptedFieldsMacaroon(object):
def setup(self):
pass
def test_encrypted_first_party_caveat(self):
m = Macaroon(
location='http://mybank/',
identifier='we used our secret key',
key='this is our super secret key; only we should know it')
encryptor = SecretBoxEncryptor(nonce=ZERO_NONCE)
m.first_party_caveat_delegate = EncryptedFirstPartyCaveatDelegate(
field_encryptor=encryptor)
m.add_first_party_caveat('test = caveat', encrypted=True)
assert_equal(
m.signature,
'a443bc61e8f45dca4f0c441d6cfde90b804cebb0b267aab60de1ec2ab8cc8522')
