summaryrefslogtreecommitdiff
path: root/tools/certtools.py
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2017-01-23 15:47:12 +0100
committerLinus Nordberg <linus@nordu.net>2017-01-23 15:47:12 +0100
commita4709803d2e824cd447e3906cfb5ee89068802fc (patch)
treee4296ceceb1732404392b9578ba475ed567b12f6 /tools/certtools.py
parent08b7a3e0ae682840adb0515273c27ace0f692a31 (diff)
parenta490e6616882ea698a23f1f780ff442479dda0ba (diff)
Merge remote-tracking branch 'refs/remotes/map/config-api-key'
Diffstat (limited to 'tools/certtools.py')
-rw-r--r--tools/certtools.py24
1 files changed, 16 insertions, 8 deletions
diff --git a/tools/certtools.py b/tools/certtools.py
index 05ff66e..9febc69 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -94,6 +94,12 @@ def get_root_cert(issuer):
class sslparameters:
cafile = None
+class apikeys:
+ publickeys = {}
+
+def set_api_keys(config):
+ apikeys.publickeys = dict([(node["nodename"], base64.b64decode(node["publickey"])) for node in config["apikeys"]])
+
def create_ssl_context(cafile=None):
try:
sslparameters.cafile = cafile
@@ -256,32 +262,32 @@ def parse_auth_header(authheader):
options = dict([(e.partition("=")[0], e.partition("=")[2]) for e in rawoptions])
return (base64.b64decode(signature), options)
-def check_auth_header(authheader, expected_key, publickeydir, data, path):
+def check_auth_header(authheader, expected_key, data, path):
if expected_key == None:
return True
(signature, options) = parse_auth_header(authheader)
+ publickey = apikeys.publickeys[expected_key]
keyname = options.get("key")
if keyname != expected_key:
raise Exception("Response claimed to come from %s, expected %s" % (keyname, expected_key))
- publickey = get_public_key_from_file(publickeydir + "/" + keyname + ".pem")
vk = ecdsa.VerifyingKey.from_der(publickey)
vk.verify(signature, "%s\0%s\0%s" % ("REPLY", path, data), hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
return True
-def http_request(url, data=None, key=None, verifynode=None, publickeydir=".", params=None, session=None):
+def http_request(url, data=None, key=None, verifynode=None, params=None, session=None):
if session:
- return http_request_session(url, data=data, key=key, verifynode=verifynode, publickeydir=publickeydir, params=params, session=session)
+ return http_request_session(url, data=data, key=key, verifynode=verifynode, params=params, session=session)
else:
with requests.sessions.Session() as session:
- return http_request_session(url, data=data, key=key, verifynode=verifynode, publickeydir=publickeydir, params=params, session=session)
+ return http_request_session(url, data=data, key=key, verifynode=verifynode, params=params, session=session)
def chunk_generator(data, maxsize):
while len(data):
yield data[:maxsize]
data = data[maxsize:]
-def http_request_session(url, data=None, key=None, verifynode=None, publickeydir=".", params=None, session=None):
+def http_request_session(url, data=None, key=None, verifynode=None, params=None, session=None):
(keyname, keyfile) = key
privatekey = get_eckey_from_file(keyfile)
sk = ecdsa.SigningKey.from_der(privatekey)
@@ -312,7 +318,7 @@ def http_request_session(url, data=None, key=None, verifynode=None, publickeydir
result.raise_for_status()
authheader = result.headers.get('X-Catlfish-Auth')
data = result.text
- check_auth_header(authheader, verifynode, publickeydir, data, url_to_sign)
+ check_auth_header(authheader, verifynode, data, url_to_sign)
return data
def get_signature(baseurl, data, key=None):
@@ -431,8 +437,10 @@ def timing_point(timer_dict=None, name=None):
starttime = timer_dict["lasttime"]
stoptime = t
deltatime = stoptime - starttime
- timer_dict["deltatimes"].append((name, deltatime.seconds * 1000000 + deltatime.microseconds))
+ microseconds = deltatime.seconds * 1000000 + deltatime.microseconds
+ timer_dict["deltatimes"].append((name, microseconds))
timer_dict["lasttime"] = t
+ #print name, microseconds/1000000.0
return None
else:
timer_dict = {"deltatimes":[], "lasttime":t}