"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/receipt/receipt_formatters.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

receipt_formatters.py  (keystone-16.0.1):receipt_formatters.py  (keystone-17.0.0)
skipping to change at line 72 skipping to change at line 72
if not keys: if not keys:
raise exception.KeysNotFound() raise exception.KeysNotFound()
fernet_instances = [fernet.Fernet(key) for key in keys] fernet_instances = [fernet.Fernet(key) for key in keys]
return fernet.MultiFernet(fernet_instances) return fernet.MultiFernet(fernet_instances)
def pack(self, payload): def pack(self, payload):
"""Pack a payload for transport as a receipt. """Pack a payload for transport as a receipt.
:type payload: six.binary_type :type payload: bytes
:rtype: six.text_type :rtype: str
""" """
# base64 padding (if any) is not URL-safe # base64 padding (if any) is not URL-safe
return self.crypto.encrypt(payload).rstrip(b'=').decode('utf-8') return self.crypto.encrypt(payload).rstrip(b'=').decode('utf-8')
def unpack(self, receipt): def unpack(self, receipt):
"""Unpack a receipt, and validate the payload. """Unpack a receipt, and validate the payload.
:type receipt: six.text_type :type receipt: str
:rtype: six.binary_type :rtype: bytes
""" """
receipt = ReceiptFormatter.restore_padding(receipt) receipt = ReceiptFormatter.restore_padding(receipt)
try: try:
return self.crypto.decrypt(receipt.encode('utf-8')) return self.crypto.decrypt(receipt.encode('utf-8'))
except fernet.InvalidToken: except fernet.InvalidToken:
raise exception.ValidationError( raise exception.ValidationError(
_('This is not a recognized Fernet receipt %s') % receipt) _('This is not a recognized Fernet receipt %s') % receipt)
@classmethod @classmethod
def restore_padding(cls, receipt): def restore_padding(cls, receipt):
"""Restore padding based on receipt size. """Restore padding based on receipt size.
:param receipt: receipt to restore padding on :param receipt: receipt to restore padding on
:type receipt: six.text_type :type receipt: str
:returns: receipt with correct padding :returns: receipt with correct padding
""" """
# Re-inflate the padding # Re-inflate the padding
mod_returned = len(receipt) % 4 mod_returned = len(receipt) % 4
if mod_returned: if mod_returned:
missing_padding = 4 - mod_returned missing_padding = 4 - mod_returned
receipt += '=' * missing_padding receipt += '=' * missing_padding
return receipt return receipt
@classmethod @classmethod
def creation_time(cls, fernet_receipt): def creation_time(cls, fernet_receipt):
"""Return the creation time of a valid Fernet receipt. """Return the creation time of a valid Fernet receipt.
:type fernet_receipt: six.text_type :type fernet_receipt: str
""" """
fernet_receipt = ReceiptFormatter.restore_padding(fernet_receipt) fernet_receipt = ReceiptFormatter.restore_padding(fernet_receipt)
# fernet_receipt is six.text_type # fernet_receipt is str
# Fernet receipts are base64 encoded, so we need to unpack them first # Fernet receipts are base64 encoded, so we need to unpack them first
# urlsafe_b64decode() requires six.binary_type # urlsafe_b64decode() requires bytes
receipt_bytes = base64.urlsafe_b64decode( receipt_bytes = base64.urlsafe_b64decode(
fernet_receipt.encode('utf-8')) fernet_receipt.encode('utf-8'))
# slice into the byte array to get just the timestamp # slice into the byte array to get just the timestamp
timestamp_bytes = receipt_bytes[TIMESTAMP_START:TIMESTAMP_END] timestamp_bytes = receipt_bytes[TIMESTAMP_START:TIMESTAMP_END]
# convert those bytes to an integer # convert those bytes to an integer
# (it's a 64-bit "unsigned long long int" in C) # (it's a 64-bit "unsigned long long int" in C)
timestamp_int = struct.unpack(">Q", timestamp_bytes)[0] timestamp_int = struct.unpack(">Q", timestamp_bytes)[0]
skipping to change at line 160 skipping to change at line 160
if len(receipt) > 255: if len(receipt) > 255:
LOG.info('Fernet receipt created with length of %d ' LOG.info('Fernet receipt created with length of %d '
'characters, which exceeds 255 characters', 'characters, which exceeds 255 characters',
len(receipt)) len(receipt))
return receipt return receipt
def validate_receipt(self, receipt): def validate_receipt(self, receipt):
"""Validate a Fernet receipt and returns the payload attributes. """Validate a Fernet receipt and returns the payload attributes.
:type receipt: six.text_type :type receipt: str
""" """
serialized_payload = self.unpack(receipt) serialized_payload = self.unpack(receipt)
payload = msgpack.unpackb(serialized_payload) payload = msgpack.unpackb(serialized_payload)
(user_id, methods, expires_at) = ReceiptPayload.disassemble(payload) (user_id, methods, expires_at) = ReceiptPayload.disassemble(payload)
# rather than appearing in the payload, the creation time is encoded # rather than appearing in the payload, the creation time is encoded
# into the receipt format itself # into the receipt format itself
issued_at = ReceiptFormatter.creation_time(receipt) issued_at = ReceiptFormatter.creation_time(receipt)
skipping to change at line 280 skipping to change at line 280
return (True, cls.convert_uuid_hex_to_bytes(value)) return (True, cls.convert_uuid_hex_to_bytes(value))
except ValueError: except ValueError:
# this might not be a UUID, depending on the situation (i.e. # this might not be a UUID, depending on the situation (i.e.
# federation) # federation)
return (False, value) return (False, value)
@classmethod @classmethod
def base64_encode(cls, s): def base64_encode(cls, s):
"""Encode a URL-safe string. """Encode a URL-safe string.
:type s: six.text_type :type s: str
:rtype: six.text_type :rtype: str
""" """
# urlsafe_b64encode() returns six.binary_type so need to convert to # urlsafe_b64encode() returns bytes so need to convert to
# six.text_type, might as well do it before stripping. # str, might as well do it before stripping.
return base64.urlsafe_b64encode(s).decode('utf-8').rstrip('=') return base64.urlsafe_b64encode(s).decode('utf-8').rstrip('=')
@classmethod @classmethod
def random_urlsafe_str_to_bytes(cls, s): def random_urlsafe_str_to_bytes(cls, s):
"""Convert a string from :func:`random_urlsafe_str()` to six.binary_type . """Convert string from :func:`random_urlsafe_str()` to bytes.
:type s: six.text_type :type s: str
:rtype: six.binary_type :rtype: bytes
""" """
# urlsafe_b64decode() requires str, unicode isn't accepted. # urlsafe_b64decode() requires str, unicode isn't accepted.
s = str(s) s = str(s)
# restore the padding (==) at the end of the string # restore the padding (==) at the end of the string
return base64.urlsafe_b64decode(s + '==') return base64.urlsafe_b64decode(s + '==')
 End of changes. 11 change blocks. 
16 lines changed or deleted 16 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)