Skip to content

Commit

Permalink
Merge branch 'serialize_once' into internal_ca
Browse files Browse the repository at this point in the history
  • Loading branch information
@jschlyter
jschlyter committed Dec 17, 2024
2 parents 297c8f1 + 0255f84 commit 4eb9d7c
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 11 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,14 @@ test-client: test-client-enroll test-client-renew

test-client-enroll:
rm -f tls.crt tls-ca.crt tls.key data.json
NODEMAN_USERNAME=username NODEMAN_PASSWORD=password poetry run nodeman_client enroll --create
NODEMAN_USERNAME=username NODEMAN_PASSWORD=password poetry run nodeman_client --debug enroll --create
step crypto jwk public < data.json
step certificate inspect tls.crt
step certificate inspect tls-ca.crt

test-client-renew:
rm -f tls.crt tls-ca.crt tls.key
poetry run nodeman_client renew
poetry run nodeman_client --debug renew
step crypto jwk public < data.json
step certificate inspect tls.crt
step certificate inspect tls-ca.crt
Expand Down
4 changes: 2 additions & 2 deletions nodeman/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def enroll(name: str, server: str, hmac_key: JWK, data_key: JWK, x509_key: Priva
jws = JWS(payload=jws_payload)
jws.add_signature(key=hmac_key, alg=hmac_alg, protected={"alg": hmac_alg})
jws.add_signature(key=data_key, alg=data_alg, protected={"alg": data_alg})
enrollment_request = jws.serialize()
enrollment_request = json.loads(jws.serialize())

url = urljoin(server, f"/api/v1/node/{name}/enroll")

Expand Down Expand Up @@ -71,7 +71,7 @@ def renew(name: str, server: str, data_key: JWK, x509_key: PrivateKey) -> NodeCe

jws = JWS(payload=jws_payload)
jws.add_signature(key=data_key, alg=data_alg, protected={"alg": data_alg})
renewal_request = jws.serialize()
renewal_request = json.loads(jws.serialize())

url = urljoin(server, f"/api/v1/node/{name}/renew")
try:
Expand Down
6 changes: 4 additions & 2 deletions nodeman/nodes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ async def enroll_node(

with tracer.start_as_current_span("verify_jws"):
jws = JWS()
jws.deserialize(json.loads(body.decode()))
jws.deserialize(body.decode())

# Verify signature by HMAC key
try:
Expand Down Expand Up @@ -297,8 +297,10 @@ async def renew_node(

with tracer.start_as_current_span("verify_jws"):
jws = JWS()
jws.deserialize(json.loads(body.decode()))
jws.deserialize(body.decode())

public_key = JWK(**node.public_key)

# Verify signature by public data key
try:
jws.verify(key=public_key)
Expand Down
10 changes: 5 additions & 5 deletions tests/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def _test_enroll(data_key: JWK, x509_key: PrivateKey, requested_name: str | None
jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=hmac_key, alg=hmac_alg, protected={"alg": hmac_alg})
jws.add_signature(key=data_key, alg=data_alg, protected={"alg": data_alg})
enrollment_request = jws.serialize()
enrollment_request = json.loads(jws.serialize())

node_enroll_url = f"{node_url}/enroll"

Expand Down Expand Up @@ -174,7 +174,7 @@ def _test_enroll(data_key: JWK, x509_key: PrivateKey, requested_name: str | None

jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=rekey(data_key), alg=data_alg, protected={"alg": data_alg})
renew_request = jws.serialize()
renew_request = json.loads(jws.serialize())

response = client.post(f"{node_url}/renew", json=renew_request)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
Expand All @@ -190,7 +190,7 @@ def _test_enroll(data_key: JWK, x509_key: PrivateKey, requested_name: str | None

jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=data_key, alg=data_alg, protected={"alg": data_alg})
renew_request = jws.serialize()
renew_request = json.loads(jws.serialize())

response = client.post(f"{node_url}/renew", json=renew_request)
assert response.status_code == status.HTTP_200_OK
Expand Down Expand Up @@ -294,7 +294,7 @@ def test_enroll_bad_hmac_signature() -> None:
jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=hmac_key, alg=hmac_alg, protected={"alg": hmac_alg})
jws.add_signature(key=data_key, alg=data_alg, protected={"alg": data_alg})
enrollment_request = jws.serialize()
enrollment_request = json.loads(jws.serialize())

url = urljoin(server, f"/api/v1/node/{name}/enroll")
response = client.post(url, json=enrollment_request)
Expand Down Expand Up @@ -342,7 +342,7 @@ def test_enroll_bad_data_signature() -> None:
jws = JWS(payload=json.dumps(payload))
jws.add_signature(key=hmac_key, alg=hmac_alg, protected={"alg": hmac_alg})
jws.add_signature(key=bad_data_key, alg=data_alg, protected={"alg": data_alg})
enrollment_request = jws.serialize()
enrollment_request = json.loads(jws.serialize())

url = urljoin(server, f"/api/v1/node/{name}/enroll")
response = client.post(url, json=enrollment_request)
Expand Down

0 comments on commit 4eb9d7c

Please sign in to comment.