diff options
author | Linus Nordberg <linus@nordu.net> | 2017-01-23 15:47:12 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2017-01-23 15:47:12 +0100 |
commit | a4709803d2e824cd447e3906cfb5ee89068802fc (patch) | |
tree | e4296ceceb1732404392b9578ba475ed567b12f6 /tools/certtools.py | |
parent | 08b7a3e0ae682840adb0515273c27ace0f692a31 (diff) | |
parent | a490e6616882ea698a23f1f780ff442479dda0ba (diff) |
Merge remote-tracking branch 'refs/remotes/map/config-api-key'
Diffstat (limited to 'tools/certtools.py')
-rw-r--r-- | tools/certtools.py | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/tools/certtools.py b/tools/certtools.py index 05ff66e..9febc69 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -94,6 +94,12 @@ def get_root_cert(issuer): class sslparameters: cafile = None +class apikeys: + publickeys = {} + +def set_api_keys(config): + apikeys.publickeys = dict([(node["nodename"], base64.b64decode(node["publickey"])) for node in config["apikeys"]]) + def create_ssl_context(cafile=None): try: sslparameters.cafile = cafile @@ -256,32 +262,32 @@ def parse_auth_header(authheader): options = dict([(e.partition("=")[0], e.partition("=")[2]) for e in rawoptions]) return (base64.b64decode(signature), options) -def check_auth_header(authheader, expected_key, publickeydir, data, path): +def check_auth_header(authheader, expected_key, data, path): if expected_key == None: return True (signature, options) = parse_auth_header(authheader) + publickey = apikeys.publickeys[expected_key] keyname = options.get("key") if keyname != expected_key: raise Exception("Response claimed to come from %s, expected %s" % (keyname, expected_key)) - publickey = get_public_key_from_file(publickeydir + "/" + keyname + ".pem") vk = ecdsa.VerifyingKey.from_der(publickey) vk.verify(signature, "%s\0%s\0%s" % ("REPLY", path, data), hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der) return True -def http_request(url, data=None, key=None, verifynode=None, publickeydir=".", params=None, session=None): +def http_request(url, data=None, key=None, verifynode=None, params=None, session=None): if session: - return http_request_session(url, data=data, key=key, verifynode=verifynode, publickeydir=publickeydir, params=params, session=session) + return http_request_session(url, data=data, key=key, verifynode=verifynode, params=params, session=session) else: with requests.sessions.Session() as session: - return http_request_session(url, data=data, key=key, verifynode=verifynode, publickeydir=publickeydir, params=params, session=session) + return http_request_session(url, data=data, key=key, verifynode=verifynode, params=params, session=session) def chunk_generator(data, maxsize): while len(data): yield data[:maxsize] data = data[maxsize:] -def http_request_session(url, data=None, key=None, verifynode=None, publickeydir=".", params=None, session=None): +def http_request_session(url, data=None, key=None, verifynode=None, params=None, session=None): (keyname, keyfile) = key privatekey = get_eckey_from_file(keyfile) sk = ecdsa.SigningKey.from_der(privatekey) @@ -312,7 +318,7 @@ def http_request_session(url, data=None, key=None, verifynode=None, publickeydir result.raise_for_status() authheader = result.headers.get('X-Catlfish-Auth') data = result.text - check_auth_header(authheader, verifynode, publickeydir, data, url_to_sign) + check_auth_header(authheader, verifynode, data, url_to_sign) return data def get_signature(baseurl, data, key=None): @@ -431,8 +437,10 @@ def timing_point(timer_dict=None, name=None): starttime = timer_dict["lasttime"] stoptime = t deltatime = stoptime - starttime - timer_dict["deltatimes"].append((name, deltatime.seconds * 1000000 + deltatime.microseconds)) + microseconds = deltatime.seconds * 1000000 + deltatime.microseconds + timer_dict["deltatimes"].append((name, microseconds)) timer_dict["lasttime"] = t + #print name, microseconds/1000000.0 return None else: timer_dict = {"deltatimes":[], "lasttime":t} |