remove all default keys (#1485)

This change: - Generates a new BitTorrent pepper by default - Generates a new pagination key by default - Changes the pagination key format to base64 - Removes selfsigned JWT certs - Moves test keys to test/data
2016-05-23 16:00:48 -04:00 · 2016-05-23 16:00:48 -04:00 · 5568cc77b8
commit 5568cc77b8
parent 20dcb2053e
7 changed files with 15 additions and 8 deletions
--- a/config.py
+++ b/config.py
@ -1,5 +1,9 @@
 from uuid import uuid4
 import os.path
 from cryptography.fernet import Fernet
 import requests
@ -258,8 +262,8 @@ class DefaultConfig(object):
  # Registry v2 JWT Auth config
  JWT_AUTH_MAX_FRESH_S = 60 * 60 + 60  # At most signed for one hour, accounting for clock skew
  JWT_AUTH_TOKEN_ISSUER = 'quay-test-issuer'
-  JWT_AUTH_CERTIFICATE_PATH = 'conf/selfsigned/jwt.crt'
+  JWT_AUTH_CERTIFICATE_PATH = None
-  JWT_AUTH_PRIVATE_KEY_PATH = 'conf/selfsigned/jwt.key'
+  JWT_AUTH_PRIVATE_KEY_PATH = None
  # The URL endpoint to which we redirect OAuth when generating a token locally.
  LOCAL_OAUTH_HANDLER = '/oauth/localapp'
@ -317,13 +321,14 @@ class DefaultConfig(object):
  FEATURE_BITTORRENT = False
  BITTORRENT_PIECE_SIZE = 512 * 1024
  BITTORRENT_ANNOUNCE_URL = 'https://localhost:6881/announce'
-  BITTORRENT_FILENAME_PEPPER = '3ae93fef-c30a-427e-9ba0-eea0fd710419'
+  BITTORRENT_FILENAME_PEPPER = str(uuid4())
  BITTORRENT_WEBSEED_LIFETIME = 3600
  # "Secret" key for generating encrypted paging tokens. Only needed to be secret to
  # hide the ID range for production (in which this value is overridden). Should *not*
  # be relied upon for secure encryption otherwise.
-  PAGE_TOKEN_KEY = 'um=/?Kqgp)2yQaS/A6C{NL=dXE&>C:}('
+  # This value is a Fernet key and should be 32bytes URL-safe base64 encoded.
  PAGE_TOKEN_KEY = '0OYrc16oBuksR8T3JGB-xxYSlZ2-7I_zzqrLzggBJ58='
  # The timeout for service key approval.
  UNAPPROVED_SERVICE_KEY_TTL_SEC = 60 * 60 * 24 # One day
--- a/test/data/registry_v2_auth.crt
+++ b/test/data/registry_v2_auth.crt
--- a/test/data/registry_v2_auth_private.key
+++ b/test/data/registry_v2_auth_private.key
--- a/test/data/signing-private.gpg
+++ b/test/data/signing-private.gpg
--- a/test/data/signing-public.gpg
+++ b/test/data/signing-public.gpg
--- a/test/testconfig.py
+++ b/test/testconfig.py
@ -70,6 +70,8 @@ class TestConfig(DefaultConfig):
  SIGNING_ENGINE = 'gpg2'
  GPG2_PRIVATE_KEY_NAME = 'EEB32221'
-  GPG2_PRIVATE_KEY_FILENAME = '/test/signing-private.gpg'
+  GPG2_PRIVATE_KEY_FILENAME = '/test/data/signing-private.gpg'
-  GPG2_PUBLIC_KEY_FILENAME = '/test/signing-public.gpg'
+  GPG2_PUBLIC_KEY_FILENAME = '/test/data/signing-public.gpg'
  JWT_AUTH_CERTIFICATE_PATH = 'test/data/registry_v2_auth.crt'
  JWT_AUTH_PRIVATE_KEY_PATH = 'test/data/registry_v2_auth_private.key'
--- a/util/security/crypto.py
+++ b/util/security/crypto.py
@ -4,12 +4,12 @@ from cryptography.fernet import Fernet, InvalidToken
 def encrypt_string(string, key):
  """ Encrypts a string with the specified key. The key must be 32 raw bytes. """
-  f = Fernet(base64.urlsafe_b64encode(key))
+  f = Fernet(key)
  return f.encrypt(string)
 def decrypt_string(string, key, ttl=None):
  """ Decrypts an encrypted string with the specified key. The key must be 32 raw bytes. """
-  f = Fernet(base64.urlsafe_b64encode(key))
+  f = Fernet(key)
  try:
    return f.decrypt(str(string), ttl=ttl)
  except InvalidToken: