Verified Commit 178b5c5b authored by Vojtech Myslivec's avatar Vojtech Myslivec 🚀

Rename digest request parameter to signature

parent ab4c521b
Pipeline #47863 passed with stages
in 1 minute and 8 seconds
......@@ -53,7 +53,7 @@ def build_reply_auth_start(sid, nonce):
"status": "authenticate",
"sid": sid,
"nonce": nonce,
"message": "Authenticate yourself by sending digest and auth_type in 'auth' request"
"message": "Authenticate yourself by sending signature and auth_type in 'auth' request"
}
......@@ -117,7 +117,7 @@ def create_auth_session(req, action, r, extra_params=()):
params = ("flags", "auth_type") + extra_params
session = {i: req[i] for i in params}
session.update({"action": action, "nonce": nonce, "digest": ""})
session.update({"action": action, "nonce": nonce, "signature": ""})
r.setex(get_session_key(req["sn"], sid),
current_app.config["REDIS_SESSION_TIMEOUT"],
......@@ -239,10 +239,10 @@ def store_auth_params(sn, sid, session, queue_name, r, extra_params=()):
we can detect and forbid any possible duplicate auth request
in the future.
Parameters "nonce", "digest", "flags", "auth_type" and extra_params are
Parameters "nonce", "signature", "flags", "auth_type" and extra_params are
required in the session (the param) dictionary.
"""
params = ("nonce", "digest", "flags", "auth_type") + extra_params
params = ("nonce", "signature", "flags", "auth_type") + extra_params
request = {i: session[i] for i in params}
request.update({"sn": sn, "sid": sid})
......@@ -256,7 +256,7 @@ def store_auth_params(sn, sid, session, queue_name, r, extra_params=()):
def process_req_auth(req, action, r):
""" Parameters "sn", "sid", "digest" and "auth_type" are
""" Parameters "sn", "sid", "signature" and "auth_type" are
required in the req dictionary.
"""
current_app.logger.debug("Processing AUTH request, sn=%s, sid=%s", req["sn"], req["sid"])
......@@ -273,13 +273,13 @@ def process_req_auth(req, action, r):
current_app.logger.debug("Authentication type does not match, sn=%s, sid=%s", req["sn"], req["sid"])
raise RequestProcessError("Auth type does not match the original one")
if session["digest"]: # already authenticated
current_app.logger.debug("Digest already saved for sn=%s, sid=%s", req["sn"], req["sid"])
raise RequestProcessError("Digest already saved")
if session["signature"]: # already authenticated
current_app.logger.debug("Signature already saved for sn=%s, sid=%s", req["sn"], req["sid"])
raise RequestProcessError("Signature already saved")
# store authentication parameters & tell the client to ask for result later
current_app.logger.debug("Saving digest for sn=%s, sid=%s", req["sn"], req["sid"])
session["digest"] = req["digest"]
current_app.logger.debug("Saving signature for sn=%s, sid=%s", req["sn"], req["sid"])
session["signature"] = req["signature"]
if action == "certs":
store_auth_params(req["sn"], req["sid"], session, QUEUE_NAME_CERTS, r,
CERTS_EXTRA_PARAMS)
......
......@@ -10,7 +10,7 @@ AVAIL_STATES = {"ok", "fail", "error"}
SESSION_PARAMS = {
"auth_type",
"nonce",
"digest",
"signature",
"action",
"flags",
}
......@@ -43,10 +43,10 @@ GET_CERT_REQ_PARAMS = {
}
# Params of request send by clients, auth
AUTH_REQ_PARAMS = {
"digest",
"signature",
}
# Length of digest computed by atsha / otp devices
DIGEST_LEN = {
# Length of signature computed by atsha / otp devices
SIGNATURE_LENGTH = {
"atsha": 64,
"otp": 264
}
......@@ -119,13 +119,13 @@ def validate_sid(sid):
raise RequestConsistencyError("Bad format of sid: {}".format(sid))
def validate_digest(digest, length):
if len(digest) != length:
raise RequestConsistencyError("Bad format of digest: {}".format(digest))
def validate_signature(signature, length):
if len(signature) != length:
raise RequestConsistencyError("Bad signature format: {}".format(signature))
try:
digest = int(digest, 16)
signature = int(signature, 16)
except ValueError:
raise RequestConsistencyError("Bad format of digest: {}".format(digest))
raise RequestConsistencyError("Bad signature format: {}".format(signature))
def validate_auth_type(auth_type):
......@@ -180,7 +180,7 @@ def check_request(req, action):
elif req["type"] == "auth":
check_params_exist(req, AUTH_REQ_PARAMS)
validate_digest(req["digest"], DIGEST_LEN[req["auth_type"]])
validate_signature(req["signature"], SIGNATURE_LENGTH[req["auth_type"]])
else:
raise RequestConsistencyError("Invalid request type: {}".format(req["type"]))
......@@ -262,11 +262,11 @@ good_reqs_auth = [
"sn": "0000000A000001F3",
"type": "auth",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d9f",
"digest": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
{
"type": "auth",
"digest": "8B3DCBE95B151390F0F33AA453D486D748CD836693B46602200565898EB7C3BA",
"signature": "8B3DCBE95B151390F0F33AA453D486D748CD836693B46602200565898EB7C3BA",
"sid": "aea13dbed3b576cc8300d4710bdc708e6baff00f2e485ad2d9614fdc378fd4e0",
"auth_type": "atsha",
"sn": "0000000A000001F3"
......@@ -280,35 +280,35 @@ good_reqs_auth = [
"sn": "0000000A000001F3",
"type": "auth",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d9f",
"digest": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
{ # bad sn
"auth_type": "atsha",
"sn": "0000000A000001F4",
"type": "auth",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d9f",
"digest": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
{ # bad type
"auth_type": "atsha",
"sn": "0000000A000001F3",
"type": "authenticate",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d9f",
"digest": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
{ # bad sid (short)
"auth_type": "atsha",
"sn": "0000000A000001F3",
"type": "auth",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d",
"digest": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "D9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
{ # bad digest (non hexa character)
{ # bad signature (non hexa character)
"auth_type": "atsha",
"sn": "0000000A000001F3",
"type": "auth",
"sid": "4cca5561cf766855a02ee33f229acf4b144fdb7988abd85fd2bad3cfe2546d9f",
"digest": "X9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
"signature": "X9C57EF288673CBC6EBAF6990991C58294521AA46E4FF5A2F49D3326F53E10C0"
},
])
def bad_req_auth(request):
......@@ -326,12 +326,12 @@ good_sessions = [
"wup0tMMeQM/xrHgBYylaTT6ngfGZQpsrmpBAIhAIhxE9+bzUoBDYFRTFHq4lzD/mzCb3s\n"
"/lFwJy694PqA0-----END CERTIFICATE REQUEST-----",
"flags": [],
"digest": "",
"signature": "",
"action": "certs",
},
{
"flags": [],
"digest": "",
"signature": "",
"nonce": "edd22df680f82d1ed1264a93b4f81ddd735aba22b8a99989b087abb2ea4ca3f0",
"auth_type": "atsha",
"csr_str": "-----BEGIN CERTIFICATE REQUEST-----MIHmMIGOAgEAMBsxGTAXBgN\n"
......@@ -349,7 +349,7 @@ good_sessions = [
"x",
# "", # TODO: improve cert-api to this could be added to tests
{ # missing flags
"digest": "",
"signature": "",
"nonce": "edd22df680f82d1ed1264a93b4f81ddd735aba22b8a99989b087abb2ea4ca3f0",
"auth_type": "atsha",
"csr_str": "-----BEGIN CERTIFICATE REQUEST-----MIHmMIGOAgEAMBsxGTAXBgN\n"
......@@ -361,14 +361,14 @@ good_sessions = [
},
{ # missing csr
"flags": [],
"digest": "",
"signature": "",
"nonce": "edd22df680f82d1ed1264a93b4f81ddd735aba22b8a99989b087abb2ea4ca3f0",
"auth_type": "atsha",
},
# { # invalid nonce TODO: improve cert-api to this could be added to tests
# "flags": [],
# "digest": "",
# "signature": "",
# "nonce": "XXd22df680f82d1ed1264a93b4f81ddd735aba22b8a99989b087abb2ea4ca3f0",
# "auth_type": "atsha",
# "csr_str": "-----BEGIN CERTIFICATE REQUEST-----MIHmMIGOAgEAMBsxGTAXBgN\n"
......
from certapi.validators import validate_digest, validate_sid, DIGEST_LEN
from certapi.validators import validate_signature, validate_sid, SIGNATURE_LENGTH
def good_req_sid_useless_cert_broken(client, good_data, redis_mock, bad_cert):
......@@ -12,7 +12,7 @@ def good_req_sid_useless_cert_broken(client, good_data, redis_mock, bad_cert):
assert rv.status_code == 200
resp_data = rv.get_json()
assert resp_data["status"] == "authenticate"
validate_digest(resp_data["nonce"], DIGEST_LEN[good_data[0]["auth_type"]])
validate_signature(resp_data["nonce"], SIGNATURE_LENGTH[good_data[0]["auth_type"]])
validate_sid(resp_data["sid"])
......
from certapi.validators import validate_digest, validate_sid, DIGEST_LEN
from certapi.validators import validate_signature, validate_sid, SIGNATURE_LENGTH
def test_good_renew(client, good_req_get_cert_renew, redis_mock):
......@@ -10,7 +10,7 @@ def test_good_renew(client, good_req_get_cert_renew, redis_mock):
assert rv.status_code == 200
resp_data = rv.get_json()
assert resp_data["status"] == "authenticate"
validate_digest(resp_data["nonce"], DIGEST_LEN[good_req_get_cert_renew["auth_type"]])
validate_signature(resp_data["nonce"], SIGNATURE_LENGTH[good_req_get_cert_renew["auth_type"]])
validate_sid(resp_data["sid"])
......@@ -27,7 +27,7 @@ def good_sid_useless_cert_missing(client, good_data, redis_mock):
assert rv.status_code == 200
resp_data = rv.get_json()
assert resp_data["status"] == "authenticate"
validate_digest(resp_data["nonce"], DIGEST_LEN[good_data[0]["auth_type"]])
validate_signature(resp_data["nonce"], SIGNATURE_LENGTH[good_data[0]["auth_type"]])
validate_sid(resp_data["sid"])
......@@ -117,7 +117,7 @@ def test_good_sid_set_auth_ok_cert_missing(client, good_data, redis_mock):
assert rv.status_code == 200
resp_data = rv.get_json()
assert resp_data["status"] == "authenticate"
validate_digest(resp_data["nonce"], DIGEST_LEN[good_data[0]["auth_type"]])
validate_signature(resp_data["nonce"], SIGNATURE_LENGTH[good_data[0]["auth_type"]])
validate_sid(resp_data["sid"])
......
......@@ -137,7 +137,7 @@ def bad_sid(request):
{
"auth_type": "",
"nonce": "",
"digest": "",
"signature": "",
"csr_str": "",
"flags": "",
"action": "certs",
......@@ -145,7 +145,7 @@ def bad_sid(request):
{
"auth_type": "",
"nonce": "",
"digest": "",
"signature": "",
"flags": "",
"action": "mailpass",
}
......@@ -158,21 +158,21 @@ def good_sessions(request):
{
"auth_type",
"nonce",
"digest",
"signature",
"csr_str",
"",
},
{
"auth_type",
"nonce",
"digest",
"signature",
"csr_str",
"flagss",
},
{
"auth_type",
"nonce",
"digest",
"signature",
"csr_str",
},
{}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment