mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-20 13:33:09 +00:00
Enforce length of lease secrets.
This commit is contained in:
Itamar Turner-Trauring
parent
d2ce80dab8
commit
fb0be6b894
@ -49,14 +49,16 @@ def _extract_secrets(header_values, required_secrets): # type: (List[str], Set[
|
|||||||
If too few secrets were given, or too many, a ``ClientSecretsException`` is
|
If too few secrets were given, or too many, a ``ClientSecretsException`` is
|
||||||
raised.
|
raised.
|
||||||
"""
|
"""
|
||||||
key_to_enum = {e.value: e for e in Secrets}
|
string_key_to_enum = {e.value: e for e in Secrets}
|
||||||
result = {}
|
result = {}
|
||||||
try:
|
try:
|
||||||
for header_value in header_values:
|
for header_value in header_values:
|
||||||
key, value = header_value.strip().split(" ", 1)
|
string_key, string_value = header_value.strip().split(" ", 1)
|
||||||
# TODO enforce secret is 32 bytes long for lease secrets. dunno
|
key = string_key_to_enum[string_key]
|
||||||
# about upload secret.
|
value = b64decode(string_value)
|
||||||
result[key_to_enum[key]] = b64decode(value)
|
if key in (Secrets.LEASE_CANCEL, Secrets.LEASE_RENEW) and len(value) != 32:
|
||||||
|
raise ClientSecretsException("Lease secrets must be 32 bytes long")
|
||||||
|
result[key] = value
|
||||||
except (ValueError, KeyError):
|
except (ValueError, KeyError):
|
||||||
raise ClientSecretsException("Bad header value(s): {}".format(header_values))
|
raise ClientSecretsException("Bad header value(s): {}".format(header_values))
|
||||||
if result.keys() != required_secrets:
|
if result.keys() != required_secrets:
|
||||||
|
|||||||
@ -41,8 +41,8 @@ class ExtractSecretsTests(TestCase):
|
|||||||
``_extract_secrets()`` returns a dictionary with the extracted secrets
|
``_extract_secrets()`` returns a dictionary with the extracted secrets
|
||||||
if the input secrets match the required secrets.
|
if the input secrets match the required secrets.
|
||||||
"""
|
"""
|
||||||
secret1 = b"\xFF\x11ZEBRa"
|
secret1 = b"\xFF" * 32
|
||||||
secret2 = b"\x34\xF2lalalalalala"
|
secret2 = b"\x34" * 32
|
||||||
lease_secret = "lease-renew-secret " + str(b64encode(secret1), "ascii").strip()
|
lease_secret = "lease-renew-secret " + str(b64encode(secret1), "ascii").strip()
|
||||||
upload_secret = "upload-secret " + str(b64encode(secret2), "ascii").strip()
|
upload_secret = "upload-secret " + str(b64encode(secret2), "ascii").strip()
|
||||||
|
|
||||||
@ -101,6 +101,12 @@ class ExtractSecretsTests(TestCase):
|
|||||||
with self.assertRaises(ClientSecretsException):
|
with self.assertRaises(ClientSecretsException):
|
||||||
_extract_secrets(["lease-renew-secret x"], {Secrets.LEASE_RENEW})
|
_extract_secrets(["lease-renew-secret x"], {Secrets.LEASE_RENEW})
|
||||||
|
|
||||||
|
# Wrong length lease secrets (must be 32 bytes long).
|
||||||
|
with self.assertRaises(ClientSecretsException):
|
||||||
|
_extract_secrets(["lease-renew-secret eA=="], {Secrets.LEASE_RENEW})
|
||||||
|
with self.assertRaises(ClientSecretsException):
|
||||||
|
_extract_secrets(["lease-upload-secret eA=="], {Secrets.LEASE_RENEW})
|
||||||
|
|
||||||
|
|
||||||
SWISSNUM_FOR_TEST = b"abcd"
|
SWISSNUM_FOR_TEST = b"abcd"
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user