diff options
author | Tin Lam <tin@irrational.io> | 2017-10-05 21:47:30 -0500 |
---|---|---|
committer | Rohan Arora <ra271w@att.com> | 2017-10-11 10:21:06 -0500 |
commit | 74455d80575aa174db0217c5eae905eacab42d78 (patch) | |
tree | b7bc039656f8784cd84e788c05f6d8cab90aeaf3 | |
parent | c0918a4caad82aaad29393050b478381d13b92d3 (diff) | |
download | keystonemiddleware-74455d80575aa174db0217c5eae905eacab42d78.tar.gz |
Fix py3 byte/string error
This patch set corrects a problem when the keystonemiddleware is
executed with memcache encryption enabled. Currently, the
hmac.new() calls throw exceptions in python3 due to how py2 and py3
handles string vs. byte/bytearray.
Co-Authored-By: Rohan Arora <ra271w@att.com>
Closes-Bug: #1713574
Change-Id: I9bb291be48a094b9f266a8459a3f51ee163d33a3
-rw-r--r-- | keystonemiddleware/auth_token/_memcache_crypt.py | 16 | ||||
-rw-r--r-- | keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py index 554d020..4539b49 100644 --- a/keystonemiddleware/auth_token/_memcache_crypt.py +++ b/keystonemiddleware/auth_token/_memcache_crypt.py @@ -33,6 +33,7 @@ import hashlib import hmac import math import os +import six from keystonemiddleware.i18n import _ from oslo_utils import secretutils @@ -98,6 +99,15 @@ def derive_keys(token, secret, strategy): This approach is faster than computing a separate hmac as the KDF for each desired key. """ + if not isinstance(secret, six.binary_type): + secret = secret.encode() + + if not isinstance(token, six.binary_type): + token = token.encode() + + if not isinstance(strategy, six.binary_type): + strategy = strategy.encode() + digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest() return {'CACHE_KEY': digest[:DIGEST_SPLIT], 'MAC': digest[DIGEST_SPLIT: 2 * DIGEST_SPLIT], @@ -107,6 +117,12 @@ def derive_keys(token, secret, strategy): def sign_data(key, data): """Sign the data using the defined function and the derived key.""" + if not isinstance(key, six.binary_type): + key = key.encode() + + if not isinstance(data, six.binary_type): + data = data.encode() + mac = hmac.new(key, data, HASH_FUNCTION).digest() return base64.b64encode(mac) diff --git a/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py b/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py index 74fc38c..2c2c272 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py +++ b/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py @@ -18,7 +18,7 @@ from keystonemiddleware.tests.unit import utils class MemcacheCryptPositiveTests(utils.BaseTestCase): def _setup_keys(self, strategy): - return memcache_crypt.derive_keys(b'token', b'secret', strategy) + return memcache_crypt.derive_keys('token', 'secret', strategy) def test_derive_keys(self): keys = self._setup_keys(b'strategy') |