basically finish superuser key api

2016-03-28 14:52:20 -04:00 · 2016-03-28 14:52:20 -04:00 · aaf9e83278
commit aaf9e83278
parent 35ed73e195
3 changed files with 34 additions and 25 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -1,13 +1,18 @@
 """ Superuser API. """

-import string
+import json
 import logging
 import os
+import string

+from collections import OrderedDict
 from datetime import datetime
+from hashlib import sha256
 from random import SystemRandom

+from Crypto.PublicKey import RSA
 from flask import request, make_response, jsonify
+from jwkest.jwk import RSAKey

 import features

@ -21,6 +26,7 @@ from endpoints.api import (ApiResource, nickname, resource, validate_json_reques
                           page_support)
 from endpoints.api.logs import get_logs, get_aggregate_logs
 from data import model
+from data.database import ServiceKeyApprovalType
 from util.useremails import send_confirmation_email, send_recovery_email


@ -506,7 +512,7 @@ class SuperUserServiceKeyManagement(ApiResource):
  @verify_not_prod
  @nickname('getServiceKeys')
  @require_scope(scopes.SUPERUSER)
-  def get():
+  def get(self):
    if SuperUserPermission().can():
      return jsonify(list(model.service_keys.get_service_keys(False)))
    abort(403)
@ -515,11 +521,11 @@ class SuperUserServiceKeyManagement(ApiResource):
  @nickname('createServiceKey')
  @require_scope(scopes.SUPERUSER)
  @validate_json_request('PutServiceKey')
-  def post(self, service):
+  def post(self):
    if SuperUserPermission().can():
      body = request.get_json()

-      expiration_date = body['expiration']
+      expiration_date = body.get('expiration', None)
      if expiration_date is not None and expiration_date != '':
        try:
          expiration_date = datetime.utcfromtimestamp(float(expiration_date))
@ -527,7 +533,7 @@ class SuperUserServiceKeyManagement(ApiResource):
          abort(400)


-      user = get_authenticate_user()
+      user = get_authenticated_user()
      metadata = body.get('metadata', {})
      metadata.update({
        'created_by': 'Quay SuperUser Panel',
@ -535,18 +541,17 @@ class SuperUserServiceKeyManagement(ApiResource):
        'superuser ip': request.remote_addr,
      })

-      key = RSAKey(key=RSA.generate(2048))
-      key.serialize()
-      jwk = json.dumps(key.to_dict(), "enc")
-
-      public_key, private_key = generate_key_pair()
-      jwk = jwk(private_key)
-      kid = kid(private_key)
+      private_key = RSA.generate(2048)
+      jwk = RSAKey(key=private_key.publickey()).serialize()
+      canonical_jwk = OrderedDict(sorted(jwk.items()))
+      kid = sha256(json.dumps(canonical_jwk)).hexdigest()


-      model.service_keys.create_service_key(body['name'] or '', kid, jwk, metadata, expiration_date)
-      model.service_keys.approve_service_key(kid, user,
-      return jsonify({'public_key': public_key, 'private_key': private_key})
+      model.service_keys.create_service_key(body.get('name', ''), kid, body['service'], jwk,
+                                            metadata, expiration_date)
+      model.service_keys.approve_service_key(kid, user, ServiceKeyApprovalType.SUPERUSER)
+
+      return jsonify({'private_key': private_key.exportKey('PEM')})

    abort(403)