diff options
author | Colin Watson <cjwatson@debian.org> | 2018-10-15 10:58:26 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-10-15 10:58:56 +0100 |
commit | f00e0b7d3ea974ffaa8bc284ad2b7df6fcb77eb2 (patch) | |
tree | 5acfe37d50981ef409c3a0753b8d048eaed53558 /macaroonbakery/bakery | |
parent | 83e714c5f5f17a4db661ba942f8da617dccac9bb (diff) | |
parent | 619cb9d927e2d6955d0b6a97d4d4c5ea9548150a (diff) |
Update upstream source from tag 'upstream/1.2.1'
Update to upstream version '1.2.1'
with Debian dir ccd0e7fdc6e29a6c6f8c47c3e463ae6e6a3343c3
Diffstat (limited to 'macaroonbakery/bakery')
-rw-r--r-- | macaroonbakery/bakery/_discharge.py | 11 | ||||
-rw-r--r-- | macaroonbakery/bakery/_oven.py | 22 |
2 files changed, 21 insertions, 12 deletions
diff --git a/macaroonbakery/bakery/_discharge.py b/macaroonbakery/bakery/_discharge.py index 1831209..32284b7 100644 --- a/macaroonbakery/bakery/_discharge.py +++ b/macaroonbakery/bakery/_discharge.py @@ -33,9 +33,12 @@ def discharge_all(m, get_discharge, local_key=None): It returns a list of macaroon with m as the first element, followed by all the discharge macaroons. All the discharge macaroons will be bound to the primary macaroon. + The get_discharge function is passed a context (AuthContext), - the caveat(Caveat) to be discharged and encrypted_caveat (bytes)will be + the caveat(pymacaroons.Caveat) to be discharged and encrypted_caveat (bytes) will be passed the external caveat payload found in m, if any. + It should return a bakery.Macaroon object holding the discharge + macaroon for the third party caveat. ''' primary = m.macaroon discharges = [primary] @@ -161,7 +164,7 @@ def discharge(ctx, id, caveat, key, checker, locator): raise VerificationError(exc.args[0]) if cond == checkers.COND_NEED_DECLARED: - cav_info = cav_info._replace(condition=arg.encode('utf-8')) + cav_info = cav_info._replace(condition=arg) caveats = _check_need_declared(ctx, cav_info, checker) else: caveats = checker.check_third_party_caveat(ctx, cav_info) @@ -185,7 +188,7 @@ def discharge(ctx, id, caveat, key, checker, locator): def _check_need_declared(ctx, cav_info, checker): - arg = cav_info.condition.decode('utf-8') + arg = cav_info.condition i = arg.find(' ') if i <= 0: raise VerificationError( @@ -197,7 +200,7 @@ def _check_need_declared(ctx, cav_info, checker): raise VerificationError('need-declared caveat with empty required attribute') if len(need_declared) == 0: raise VerificationError('need-declared caveat with no required attributes') - cav_info = cav_info._replace(condition=arg[i + 1:].encode('utf-8')) + cav_info = cav_info._replace(condition=arg[i + 1:]) caveats = checker.check_third_party_caveat(ctx, cav_info) declared = {} for cav in caveats: diff --git a/macaroonbakery/bakery/_oven.py b/macaroonbakery/bakery/_oven.py index 414a164..d0a2a23 100644 --- a/macaroonbakery/bakery/_oven.py +++ b/macaroonbakery/bakery/_oven.py @@ -28,10 +28,6 @@ from macaroonbakery._utils import ( ) from ._internal import id_pb2 from pymacaroons import MACAROON_V2, Verifier -from pymacaroons.exceptions import ( - MacaroonInvalidSignatureException, - MacaroonUnmetCaveatException, -) class Oven: @@ -183,10 +179,20 @@ class Oven: v.satisfy_general(validator) try: v.verify(macaroons[0], root_key, macaroons[1:]) - except (MacaroonUnmetCaveatException, - MacaroonInvalidSignatureException) as exc: - raise VerificationError( - 'verification failed: {}'.format(exc.args[0])) + except Exception as exc: + # Unfortunately pymacaroons doesn't control + # the set of exceptions that can be raised here. + # Possible candidates are: + # pymacaroons.exceptions.MacaroonUnmetCaveatException + # pymacaroons.exceptions.MacaroonInvalidSignatureException + # ValueError + # nacl.exceptions.CryptoError + # + # There may be others too, so just catch everything. + raise six.raise_from( + VerificationError('verification failed: {}'.format(str(exc))), + exc, + ) if (self.ops_store is not None and len(ops) == 1 |