mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-11-22 19:01:33 +00:00
Implement authentication key management
This commit is contained in:
parent
c28a66fc48
commit
c658894c12
@ -38,6 +38,7 @@ ENV PYTHONPATH="/usr/local/lib" \
|
|||||||
TFW_TERMINADO_DIR="/tmp/terminado_server" \
|
TFW_TERMINADO_DIR="/tmp/terminado_server" \
|
||||||
TFW_FRONTEND_DIR="/srv/frontend" \
|
TFW_FRONTEND_DIR="/srv/frontend" \
|
||||||
TFW_SERVER_DIR="/srv/.tfw" \
|
TFW_SERVER_DIR="/srv/.tfw" \
|
||||||
|
TFW_AUTH_KEY="/tmp/tfw-auth.key" \
|
||||||
TFW_HISTFILE="/home/${AVATAO_USER}/.bash_history" \
|
TFW_HISTFILE="/home/${AVATAO_USER}/.bash_history" \
|
||||||
PROMPT_COMMAND="history -a"
|
PROMPT_COMMAND="history -a"
|
||||||
|
|
||||||
|
@ -5,6 +5,9 @@ from functools import wraps
|
|||||||
from base64 import b64encode, b64decode
|
from base64 import b64encode, b64decode
|
||||||
from copy import deepcopy
|
from copy import deepcopy
|
||||||
from hashlib import md5
|
from hashlib import md5
|
||||||
|
from os import urandom, chmod
|
||||||
|
from os.path import exists
|
||||||
|
from stat import S_IRUSR, S_IWUSR, S_IXUSR
|
||||||
|
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
from cryptography.hazmat.primitives.hashes import SHA256
|
from cryptography.hazmat.primitives.hashes import SHA256
|
||||||
@ -12,6 +15,8 @@ from cryptography.hazmat.primitives.hmac import HMAC as _HMAC
|
|||||||
from cryptography.exceptions import InvalidSignature
|
from cryptography.exceptions import InvalidSignature
|
||||||
|
|
||||||
from tfw.networking import message_bytes
|
from tfw.networking import message_bytes
|
||||||
|
from tfw.decorators import lazy_property
|
||||||
|
from tfw.config import TFWENV
|
||||||
|
|
||||||
|
|
||||||
def message_checksum(message):
|
def message_checksum(message):
|
||||||
@ -38,6 +43,32 @@ def verify_message(key, message):
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class KeyManager:
|
||||||
|
def __init__(self):
|
||||||
|
self.keyfile = TFWENV.AUTH_KEY
|
||||||
|
if not exists(self.keyfile):
|
||||||
|
self._init_auth_key()
|
||||||
|
|
||||||
|
@lazy_property
|
||||||
|
def auth_key(self):
|
||||||
|
with open(self.keyfile, 'rb') as ifile:
|
||||||
|
return ifile.read()
|
||||||
|
|
||||||
|
def _init_auth_key(self):
|
||||||
|
key = self.generate_key()
|
||||||
|
with open(self.keyfile, 'wb') as ofile:
|
||||||
|
ofile.write(key)
|
||||||
|
self._chmod_700_keyfile()
|
||||||
|
return key
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def generate_key():
|
||||||
|
return urandom(32)
|
||||||
|
|
||||||
|
def _chmod_700_keyfile(self):
|
||||||
|
chmod(self.keyfile, S_IRUSR | S_IWUSR | S_IXUSR)
|
||||||
|
|
||||||
|
|
||||||
class HMAC:
|
class HMAC:
|
||||||
def __init__(self, key, message):
|
def __init__(self, key, message):
|
||||||
self.key = key
|
self.key = key
|
||||||
|
Loading…
Reference in New Issue
Block a user