def post_collections(): app.logger.debug("POST COLLECTIONS") # Verify Tokens objperm = constants.PERM_CREATE objtype = constants.TYPE_SRV_STORAGE utility.verify_auth_token_list(flask.g.tokens, config.AC_SERVERS, config.AC_REQUIRED, objperm, objtype, manager=sigkey_manager) # Parse JSON json_in = flask.request.get_json(force=True) app.logger.debug("json_in = '{}'".format(json_in)) uid = json_in.get('uid', None) app.logger.debug("uid = '{}'".format(uid)) userdata = json_in.get('userdata', {}) app.logger.debug("userdata = '{}'".format(userdata)) ac_servers = json_in.get('ac_servers') app.logger.debug("ac_servers = '{}'".format(ac_servers)) ac_required = json_in.get('ac_required', len(ac_servers)) app.logger.debug("ac_required = '{}'".format(ac_required)) # Create Collection col = flask.g.srv_ss.collections.create(key=uid, userdata=userdata, ac_servers=ac_servers, ac_required=ac_required) app.logger.debug("col.key = '{}'".format(col.key)) # Return UUID json_out = {_KEY_COLLECTIONS: [col.key]} return flask.jsonify(json_out)
def post_collections_secrets(col_uid): app.logger.debug("POST COLLECTIONS SECRETS") # Get Collection app.logger.debug("col_uid = '{}'".format(col_uid)) col = flask.g.srv_ss.collections.get(key=col_uid) # Verify Tokens objperm = constants.PERM_CREATE objtype = constants.TYPE_COL objuid = col.uid utility.verify_auth_token_list(flask.g.tokens, col.ac_servers, col.ac_required, objperm, objtype, objuid, manager=sigkey_manager) # Parse JSON json_in = flask.request.get_json(force=True) app.logger.debug("json_in = '{}'".format(json_in)) sec_uid = json_in.get('uid', None) app.logger.debug("sec_uid = '{}'".format(sec_uid)) userdata = json_in.get('userdata', {}) app.logger.debug("userdata = '{}'".format(userdata)) data = json_in.get('data') app.logger.debug("data = REDACTED") # Create Secret sec = col.secrets.create(key=sec_uid, data=data, userdata=userdata) app.logger.debug("sec.key = '{}'".format(sec.key)) # Return UUID json_out = {_KEY_SECRETS: [sec.key]} return flask.jsonify(json_out)
def get_collections_secret_versions_latest(col_uid, sec_uid): app.logger.debug("GET COLLECTIONS SECRET VERSIONS LATEST") # Get Collection col = flask.g.srv_ss.collections.get(key=col_uid) app.logger.debug("col.key = '{}'".format(col.key)) # Verify Tokens objperm = constants.PERM_READ objtype = constants.TYPE_COL objuid = col.uid utility.verify_auth_token_list(flask.g.tokens, col.ac_servers, col.ac_required, objperm, objtype, objuid, manager=sigkey_manager) # Get Secret sec = col.secrets.get(key=sec_uid) app.logger.debug("sec.key = '{}'".format(sec.key)) # Return Secret json_out = {'data': sec.data, 'userdata': sec.userdata} return flask.jsonify(json_out)
def test_verify_auth_token_list(self): # Setup Key Pair pub1, priv1 = crypto.gen_key_pair() pub2, priv2 = crypto.gen_key_pair() pub3, priv3 = crypto.gen_key_pair() # Setup Servers servers = ["https://test.server.one", "https://test.server.two"] manager = utility.SigkeyManager() # Test Verify - Pass (Single) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 1) # Test Verify - Pass (Multiple) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 2, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 2) # Test Verify - Pass (Bad tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 1) # Test Verify - Fail (Not enough tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] self.assertRaises( utility.TokenVerificationFailed, utility.verify_auth_token_list, tokens, servers, 3, objperm, objtype, objuid, manager=manager, ) # Test Verify - Fail (Bad tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] self.assertRaises( utility.TokenVerificationFailed, utility.verify_auth_token_list, tokens, servers, 2, objperm, objtype, objuid, manager=manager, )