diff options
author | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2018-05-09 13:11:18 +0200 |
---|---|---|
committer | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2018-05-11 13:39:31 +0200 |
commit | 876e275b4f6c7ce0e3f2354a541e51771f72d89e (patch) | |
tree | 77230f14faa0284374a1558bf674dd8b5fbf8fc8 /openid | |
parent | 656420617dddf554a12d6ef25251a8149b7f8cc9 (diff) | |
download | openid-876e275b4f6c7ce0e3f2354a541e51771f72d89e.tar.gz |
Transform Association API to text strings
Diffstat (limited to 'openid')
-rw-r--r-- | openid/association.py | 79 | ||||
-rw-r--r-- | openid/test/test_association.py | 37 |
2 files changed, 54 insertions, 62 deletions
diff --git a/openid/association.py b/openid/association.py index a265bd4..ae566e7 100644 --- a/openid/association.py +++ b/openid/association.py @@ -24,6 +24,16 @@ association. does not support C{'no-encryption'} associations. It prefers HMAC-SHA1/DH-SHA1 association types if available. """ +from __future__ import unicode_literals + +import time + +import six + +from openid import cryptutil, kvform, oidutil +from openid.message import OPENID_NS + +from .oidutil import string_to_text __all__ = [ 'default_negotiator', @@ -32,10 +42,6 @@ __all__ = [ 'Association', ] -import time - -from openid import cryptutil, kvform, oidutil -from openid.message import OPENID_NS all_association_types = [ 'HMAC-SHA1', @@ -132,7 +138,7 @@ class SessionNegotiator(object): determines preference. If an association/session type comes earlier in the list, the library is more likely to use that type. - @type allowed_types: [(str, str)] + @type allowed_types: List[Tuple[six.text_type, six.text_type]] """ def __init__(self, allowed_types): @@ -144,6 +150,11 @@ class SessionNegotiator(object): def setAllowedTypes(self, allowed_types): """Set the allowed association types, checking to make sure each combination is valid.""" + # Convert strings to text + allowed_types = [ + (string_to_text(a, "Binary values for assoc_type are deprecated. Use text input instead."), + string_to_text(s, "Binary values for session_type are deprecated. Use text input instead.")) + for a, s in allowed_types] for (assoc_type, session_type) in allowed_types: checkSessionType(assoc_type, session_type) @@ -209,14 +220,12 @@ class Association(object): C{L{assoc_type}} instance variables. @ivar handle: This is the handle the server gave this association. - - @type handle: C{str} + @type handle: six.text_type @ivar secret: This is the shared secret the server generated for this association. - - @type secret: C{str} + @type secret: six.binary_type @ivar issued: This is the time this association was issued, in @@ -236,8 +245,7 @@ class Association(object): @ivar assoc_type: This is the type of association this instance represents. The only valid value of this field at this time is C{'HMAC-SHA1'}, but new types may be defined in the future. - - @type assoc_type: C{str} + @type assoc_type: six.text_type @sort: __init__, fromExpiresIn, getExpiresIn, __eq__, __ne__, @@ -277,22 +285,17 @@ class Association(object): @param handle: This is the handle the server gave this association. - - @type handle: C{str} - + @type handle: six.text_type, six.binary_type is deprecated @param secret: This is the shared secret the server generated for this association. - - @type secret: C{str} - + @type secret: six.binary_type @param assoc_type: This is the type of association this instance represents. The only valid value of this field at this time is C{'HMAC-SHA1'}, but new types may be defined in the future. - - @type assoc_type: C{str} + @type assoc_type: six.text_type, six.binary_type is deprecated """ issued = int(time.time()) lifetime = expires_in @@ -305,14 +308,12 @@ class Association(object): @param handle: This is the handle the server gave this association. - - @type handle: C{str} + @type handle: six.text_type, six.binary_type is deprecated @param secret: This is the shared secret the server generated for this association. - - @type secret: C{str} + @type secret: six.binary_type @param issued: This is the time this association was issued, @@ -333,8 +334,7 @@ class Association(object): instance represents. The only valid value of this field at this time is C{'HMAC-SHA1'}, but new types may be defined in the future. - - @type assoc_type: C{str} + @type assoc_type: six.text_type, six.binary_type is deprecated """ if assoc_type not in all_association_types: fmt = '%r is not a supported association type' @@ -345,11 +345,13 @@ class Association(object): # fmt = 'Wrong size secret (%s bytes) for association type %s' # raise ValueError(fmt % (len(secret), assoc_type)) - self.handle = handle + self.handle = string_to_text(handle, "Binary values for handle are deprecated. Use text input instead.") + assert isinstance(secret, six.binary_type) self.secret = secret self.issued = issued self.lifetime = lifetime - self.assoc_type = assoc_type + self.assoc_type = string_to_text(assoc_type, + "Binary values for assoc_type are deprecated. Use text input instead.") def getExpiresIn(self, now=None): """ @@ -408,8 +410,8 @@ class Association(object): 'version': '2', 'handle': self.handle, 'secret': oidutil.toBase64(self.secret), - 'issued': str(int(self.issued)), - 'lifetime': str(int(self.lifetime)), + 'issued': six.text_type(int(self.issued)), + 'lifetime': six.text_type(int(self.lifetime)), 'assoc_type': self.assoc_type } @@ -429,13 +431,12 @@ class Association(object): @param assoc_s: Association as serialized by serialize() - - @type assoc_s: str - + @type assoc_s: six.text_type, six.binary_type is deprecated @return: instance of this class """ - pairs = kvform.kvToSeq(assoc_s, strict=True) + pairs = kvform.kvToSeq( + string_to_text(assoc_s, "Binary values for assoc_s are deprecated. Use text input instead."), strict=True) keys = [] values = [] for k, v in pairs: @@ -459,14 +460,13 @@ class Association(object): @param pairs: The pairs to sign, in order - - @type pairs: sequence of (str, str) - + @type pairs: Iterable[six.text_type, six.text_type], six.binary_type is deprecated @return: The binary signature of this sequence of pairs - - @rtype: six.text_type + @rtype: six.binary_type """ + warning_msg = "Binary values for pairs are deprecated. Use text input instead." + pairs = [(string_to_text(a, warning_msg), string_to_text(b, warning_msg)) for a, b in pairs] kv = kvform.seqToKV(pairs) try: @@ -484,8 +484,7 @@ class Association(object): signed list. @return: the signature, base64 encoded - - @rtype: str + @rtype: six.text_type @raises ValueError: If there is no signed list and I am not a sign-all type of association. diff --git a/openid/test/test_association.py b/openid/test/test_association.py index bd042e9..2dd6266 100644 --- a/openid/test/test_association.py +++ b/openid/test/test_association.py @@ -1,3 +1,5 @@ +from __future__ import unicode_literals + import time import unittest @@ -12,8 +14,7 @@ class AssociationSerializationTest(unittest.TestCase): def test_roundTrip(self): issued = int(time.time()) lifetime = 600 - assoc = association.Association( - 'handle', 'secret', issued, lifetime, 'HMAC-SHA1') + assoc = association.Association('handle', b'secret', issued, lifetime, 'HMAC-SHA1') s = assoc.serialize() assoc2 = association.Association.deserialize(s) self.assertEqual(assoc.handle, assoc2.handle) @@ -30,10 +31,10 @@ def createNonstandardConsumerDH(): class DiffieHellmanSessionTest(unittest.TestCase): secrets = [ - '\x00' * 20, - '\xff' * 20, - ' ' * 20, - 'This is a secret....', + b'\x00' * 20, + b'\xff' * 20, + b' ' * 20, + b'This is a secret....', ] session_factories = [ @@ -66,8 +67,7 @@ class TestMakePairs(unittest.TestCase): 'sig': 'cephalopod', }) m.updateArgs(BARE_NS, {'xey': 'value'}) - self.assoc = association.Association.fromExpiresIn( - 3600, '{sha1}', 'very_secret', "HMAC-SHA1") + self.assoc = association.Association.fromExpiresIn(3600, '{sha1}', b'very_secret', "HMAC-SHA1") def testMakePairs(self): """Make pairs using the OpenID 1.x type signed list.""" @@ -85,18 +85,14 @@ class TestMac(unittest.TestCase): ('key2', 'value2')] def test_sha1(self): - assoc = association.Association.fromExpiresIn( - 3600, '{sha1}', 'very_secret', "HMAC-SHA1") - expected = ('\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b' - '\xe9\xbc\xee}\\\xe5\xbb7*') + assoc = association.Association.fromExpiresIn(3600, '{sha1}', b'very_secret', "HMAC-SHA1") + expected = (b'\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b\xe9\xbc\xee}\\\xe5\xbb7*') sig = assoc.sign(self.pairs) self.assertEqual(sig, expected) def test_sha256(self): - assoc = association.Association.fromExpiresIn( - 3600, '{sha256SA}', 'very_secret', "HMAC-SHA256") - expected = ('\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-\xeaVy' - '\xd5\xa5Z.<\xa9\xed\x18\x82\\$\x95x\x1c&') + assoc = association.Association.fromExpiresIn(3600, '{sha256SA}', b'very_secret', "HMAC-SHA256") + expected = (b'\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-\xeaVy\xd5\xa5Z.<\xa9\xed\x18\x82\\$\x95x\x1c&') sig = assoc.sign(self.pairs) self.assertEqual(sig, expected) @@ -112,16 +108,14 @@ class TestMessageSigning(unittest.TestCase): 'xey': 'value'} def test_signSHA1(self): - assoc = association.Association.fromExpiresIn( - 3600, '{sha1}', 'very_secret', "HMAC-SHA1") + assoc = association.Association.fromExpiresIn(3600, '{sha1}', b'very_secret', "HMAC-SHA1") signed = assoc.signMessage(self.message) self.assertTrue(signed.getArg(OPENID_NS, "sig")) self.assertEqual(signed.getArg(OPENID_NS, "signed"), "assoc_handle,identifier,mode,ns,signed") self.assertEqual(signed.getArg(BARE_NS, "xey"), "value") def test_signSHA256(self): - assoc = association.Association.fromExpiresIn( - 3600, '{sha1}', 'very_secret', "HMAC-SHA256") + assoc = association.Association.fromExpiresIn(3600, '{sha1}', b'very_secret', "HMAC-SHA256") signed = assoc.signMessage(self.message) self.assertTrue(signed.getArg(OPENID_NS, "sig")) self.assertEqual(signed.getArg(OPENID_NS, "signed"), "assoc_handle,identifier,mode,ns,signed") @@ -136,6 +130,5 @@ class TestCheckMessageSignature(unittest.TestCase): 'sig': 'coyote', }) m.updateArgs(BARE_NS, {'xey': 'value'}) - assoc = association.Association.fromExpiresIn( - 3600, '{sha1}', 'very_secret', "HMAC-SHA1") + assoc = association.Association.fromExpiresIn(3600, '{sha1}', b'very_secret', "HMAC-SHA1") self.assertRaises(ValueError, assoc.checkMessageSignature, m) |