check_hobos: generate secrets using shared_secret() from hobo (#8961)

2015-11-12 13:11:40 +01:00 · 2015-11-12 13:11:40 +01:00 · 4e5305b669
parent 65eba14c5f
commit 4e5305b669
2 changed files with 15 additions and 3 deletions
--- a/tests/test_hobo.py
+++ b/tests/test_hobo.py
@ -24,7 +24,8 @@ HOBO_JSON = {
      'base_url': 'http://authentic.example.net',
      'id': 3,
      'secret_key': '_b82$d)(xcw$dl@ieis@jhmrmbbeb4$=%lrpi*4p&b))*a*=5!',
-      'slug': 'authentic'
+      'slug': 'authentic',
+      'secret_key': '12345',
    },
    {
      'service-id': 'wcs',
@ -196,6 +197,9 @@ def test_configure_site_options():
    assert pub.get_site_option('hobo_url', 'variables') == 'http://hobo.example.net/'
    assert pub.get_site_option('foobar', 'variables') == 'http://example.net'
    assert pub.get_site_option('xxx', 'variables') == 'HELLO WORLD'
+    assert (pub.get_site_option('authentic.example.net', 'api-secrets')
+            == CmdCheckHobos.shared_secret(HOBO_JSON['services'][1]['secret_key'],
+                                           HOBO_JSON['services'][2]['secret_key']))

 def test_update_configuration():
    service = [x for x in HOBO_JSON.get('services', []) if x.get('service-id') == 'wcs'][0]
--- a/wcs/ctl/check_hobos.py
+++ b/wcs/ctl/check_hobos.py
@ -283,11 +283,14 @@ class CmdCheckHobos(Command):
        variables = {}
        api_secrets = {}
        for service in self.all_services.get('services', []):
+            # ignore current service to prevent self-domain = secret_key ^ secret_key = 0
+            if service is current_service:
+                continue
            variables['%s_url' % service.get('slug')] = service.get('base_url')
            if not service.get('secret_key'):
                continue
            domain = urlparse.urlparse(service.get('base_url')).netloc.split(':')[0]
-            api_secrets[domain] = hashlib.sha1(domain + service.get('secret_key')).hexdigest()
+            api_secrets[domain] = self.shared_secret(current_service.get('secret_key'), service.get('secret_key'))
            if service.get('service-id') == 'combo':
                if service.get('template_name') == 'portal-agent':
                    variables['portal_agent_url'] = service.get('base_url')
@ -296,7 +299,6 @@ class CmdCheckHobos(Command):
                    variables['portal_url'] = service.get('base_url')
                    config.set('options', 'theme_skeleton_url',
                            service.get('base_url') + '__skeleton__/')
-
        if self.all_services.get('variables'):
            for key, value in self.all_services.get('variables').items():
                variables[key] = value
@ -404,5 +406,11 @@ class CmdCheckHobos(Command):
        cmd.append(str(self.get_instance_path(service)))
        subprocess.call(cmd)

+    @classmethod
+    def shared_secret(cls, secret1, secret2):
+        secret1 = hashlib.sha256(secret1).hexdigest()
+        secret2 = hashlib.sha256(secret2).hexdigest()
+        return hex(int(secret1, 16) ^ int(secret2, 16))[2:-1]
+

 CmdCheckHobos.register()