Implement authentication key management

This commit is contained in:
Kristóf Tóth 2018-07-16 14:28:40 +02:00
parent c28a66fc48
commit c658894c12
2 changed files with 32 additions and 0 deletions

View File

@ -38,6 +38,7 @@ ENV PYTHONPATH="/usr/local/lib" \
TFW_TERMINADO_DIR="/tmp/terminado_server" \ TFW_TERMINADO_DIR="/tmp/terminado_server" \
TFW_FRONTEND_DIR="/srv/frontend" \ TFW_FRONTEND_DIR="/srv/frontend" \
TFW_SERVER_DIR="/srv/.tfw" \ TFW_SERVER_DIR="/srv/.tfw" \
TFW_AUTH_KEY="/tmp/tfw-auth.key" \
TFW_HISTFILE="/home/${AVATAO_USER}/.bash_history" \ TFW_HISTFILE="/home/${AVATAO_USER}/.bash_history" \
PROMPT_COMMAND="history -a" PROMPT_COMMAND="history -a"

View File

@ -5,6 +5,9 @@ from functools import wraps
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
from copy import deepcopy from copy import deepcopy
from hashlib import md5 from hashlib import md5
from os import urandom, chmod
from os.path import exists
from stat import S_IRUSR, S_IWUSR, S_IXUSR
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.hashes import SHA256 from cryptography.hazmat.primitives.hashes import SHA256
@ -12,6 +15,8 @@ from cryptography.hazmat.primitives.hmac import HMAC as _HMAC
from cryptography.exceptions import InvalidSignature from cryptography.exceptions import InvalidSignature
from tfw.networking import message_bytes from tfw.networking import message_bytes
from tfw.decorators import lazy_property
from tfw.config import TFWENV
def message_checksum(message): def message_checksum(message):
@ -38,6 +43,32 @@ def verify_message(key, message):
return False return False
class KeyManager:
def __init__(self):
self.keyfile = TFWENV.AUTH_KEY
if not exists(self.keyfile):
self._init_auth_key()
@lazy_property
def auth_key(self):
with open(self.keyfile, 'rb') as ifile:
return ifile.read()
def _init_auth_key(self):
key = self.generate_key()
with open(self.keyfile, 'wb') as ofile:
ofile.write(key)
self._chmod_700_keyfile()
return key
@staticmethod
def generate_key():
return urandom(32)
def _chmod_700_keyfile(self):
chmod(self.keyfile, S_IRUSR | S_IWUSR | S_IXUSR)
class HMAC: class HMAC:
def __init__(self, key, message): def __init__(self, key, message):
self.key = key self.key = key