HTTP API: secrets infrastructure #1166
|
@ -49,14 +49,16 @@ def _extract_secrets(header_values, required_secrets): # type: (List[str], Set[
|
|||
If too few secrets were given, or too many, a ``ClientSecretsException`` is
|
||||
raised.
|
||||
"""
|
||||
key_to_enum = {e.value: e for e in Secrets}
|
||||
string_key_to_enum = {e.value: e for e in Secrets}
|
||||
result = {}
|
||||
try:
|
||||
for header_value in header_values:
|
||||
key, value = header_value.strip().split(" ", 1)
|
||||
# TODO enforce secret is 32 bytes long for lease secrets. dunno
|
||||
# about upload secret.
|
||||
result[key_to_enum[key]] = b64decode(value)
|
||||
string_key, string_value = header_value.strip().split(" ", 1)
|
||||
key = string_key_to_enum[string_key]
|
||||
value = b64decode(string_value)
|
||||
if key in (Secrets.LEASE_CANCEL, Secrets.LEASE_RENEW) and len(value) != 32:
|
||||
raise ClientSecretsException("Lease secrets must be 32 bytes long")
|
||||
result[key] = value
|
||||
except (ValueError, KeyError):
|
||||
raise ClientSecretsException("Bad header value(s): {}".format(header_values))
|
||||
if result.keys() != required_secrets:
|
||||
|
|
|
@ -41,8 +41,8 @@ class ExtractSecretsTests(TestCase):
|
|||
``_extract_secrets()`` returns a dictionary with the extracted secrets
|
||||
if the input secrets match the required secrets.
|
||||
"""
|
||||
secret1 = b"\xFF\x11ZEBRa"
|
||||
secret2 = b"\x34\xF2lalalalalala"
|
||||
secret1 = b"\xFF" * 32
|
||||
secret2 = b"\x34" * 32
|
||||
lease_secret = "lease-renew-secret " + str(b64encode(secret1), "ascii").strip()
|
||||
upload_secret = "upload-secret " + str(b64encode(secret2), "ascii").strip()
|
||||
|
||||
|
@ -101,6 +101,12 @@ class ExtractSecretsTests(TestCase):
|
|||
with self.assertRaises(ClientSecretsException):
|
||||
_extract_secrets(["lease-renew-secret x"], {Secrets.LEASE_RENEW})
|
||||
|
||||
# Wrong length lease secrets (must be 32 bytes long).
|
||||
with self.assertRaises(ClientSecretsException):
|
||||
_extract_secrets(["lease-renew-secret eA=="], {Secrets.LEASE_RENEW})
|
||||
with self.assertRaises(ClientSecretsException):
|
||||
_extract_secrets(["lease-upload-secret eA=="], {Secrets.LEASE_RENEW})
|
||||
|
||||
|
||||
SWISSNUM_FOR_TEST = b"abcd"
|
||||
|
||||
|
|
Loading…
Reference in New Issue