summaryrefslogtreecommitdiff
path: root/macaroonbakery/bakery
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-10-15 10:58:25 +0100
committerColin Watson <cjwatson@debian.org>2018-10-15 10:58:25 +0100
commit619cb9d927e2d6955d0b6a97d4d4c5ea9548150a (patch)
tree4a46618b7c301c0c3e037d4fe3eb61f8d06da743 /macaroonbakery/bakery
parent883e591e1e08c13d1a8e909a113a621552ae4b55 (diff)
New upstream version 1.2.1
Diffstat (limited to 'macaroonbakery/bakery')
-rw-r--r--macaroonbakery/bakery/_discharge.py11
-rw-r--r--macaroonbakery/bakery/_oven.py22
2 files changed, 21 insertions, 12 deletions
diff --git a/macaroonbakery/bakery/_discharge.py b/macaroonbakery/bakery/_discharge.py
index 1831209..32284b7 100644
--- a/macaroonbakery/bakery/_discharge.py
+++ b/macaroonbakery/bakery/_discharge.py
@@ -33,9 +33,12 @@ def discharge_all(m, get_discharge, local_key=None):
It returns a list of macaroon with m as the first element, followed by all
the discharge macaroons.
All the discharge macaroons will be bound to the primary macaroon.
+
The get_discharge function is passed a context (AuthContext),
- the caveat(Caveat) to be discharged and encrypted_caveat (bytes)will be
+ the caveat(pymacaroons.Caveat) to be discharged and encrypted_caveat (bytes) will be
passed the external caveat payload found in m, if any.
+ It should return a bakery.Macaroon object holding the discharge
+ macaroon for the third party caveat.
'''
primary = m.macaroon
discharges = [primary]
@@ -161,7 +164,7 @@ def discharge(ctx, id, caveat, key, checker, locator):
raise VerificationError(exc.args[0])
if cond == checkers.COND_NEED_DECLARED:
- cav_info = cav_info._replace(condition=arg.encode('utf-8'))
+ cav_info = cav_info._replace(condition=arg)
caveats = _check_need_declared(ctx, cav_info, checker)
else:
caveats = checker.check_third_party_caveat(ctx, cav_info)
@@ -185,7 +188,7 @@ def discharge(ctx, id, caveat, key, checker, locator):
def _check_need_declared(ctx, cav_info, checker):
- arg = cav_info.condition.decode('utf-8')
+ arg = cav_info.condition
i = arg.find(' ')
if i <= 0:
raise VerificationError(
@@ -197,7 +200,7 @@ def _check_need_declared(ctx, cav_info, checker):
raise VerificationError('need-declared caveat with empty required attribute')
if len(need_declared) == 0:
raise VerificationError('need-declared caveat with no required attributes')
- cav_info = cav_info._replace(condition=arg[i + 1:].encode('utf-8'))
+ cav_info = cav_info._replace(condition=arg[i + 1:])
caveats = checker.check_third_party_caveat(ctx, cav_info)
declared = {}
for cav in caveats:
diff --git a/macaroonbakery/bakery/_oven.py b/macaroonbakery/bakery/_oven.py
index 414a164..d0a2a23 100644
--- a/macaroonbakery/bakery/_oven.py
+++ b/macaroonbakery/bakery/_oven.py
@@ -28,10 +28,6 @@ from macaroonbakery._utils import (
)
from ._internal import id_pb2
from pymacaroons import MACAROON_V2, Verifier
-from pymacaroons.exceptions import (
- MacaroonInvalidSignatureException,
- MacaroonUnmetCaveatException,
-)
class Oven:
@@ -183,10 +179,20 @@ class Oven:
v.satisfy_general(validator)
try:
v.verify(macaroons[0], root_key, macaroons[1:])
- except (MacaroonUnmetCaveatException,
- MacaroonInvalidSignatureException) as exc:
- raise VerificationError(
- 'verification failed: {}'.format(exc.args[0]))
+ except Exception as exc:
+ # Unfortunately pymacaroons doesn't control
+ # the set of exceptions that can be raised here.
+ # Possible candidates are:
+ # pymacaroons.exceptions.MacaroonUnmetCaveatException
+ # pymacaroons.exceptions.MacaroonInvalidSignatureException
+ # ValueError
+ # nacl.exceptions.CryptoError
+ #
+ # There may be others too, so just catch everything.
+ raise six.raise_from(
+ VerificationError('verification failed: {}'.format(str(exc))),
+ exc,
+ )
if (self.ops_store is not None
and len(ops) == 1