From 619cb9d927e2d6955d0b6a97d4d4c5ea9548150a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 15 Oct 2018 10:58:25 +0100 Subject: New upstream version 1.2.1 --- macaroonbakery/bakery/_discharge.py | 11 +++++++---- macaroonbakery/bakery/_oven.py | 22 ++++++++++++++-------- 2 files changed, 21 insertions(+), 12 deletions(-) (limited to 'macaroonbakery/bakery') diff --git a/macaroonbakery/bakery/_discharge.py b/macaroonbakery/bakery/_discharge.py index 1831209..32284b7 100644 --- a/macaroonbakery/bakery/_discharge.py +++ b/macaroonbakery/bakery/_discharge.py @@ -33,9 +33,12 @@ def discharge_all(m, get_discharge, local_key=None): It returns a list of macaroon with m as the first element, followed by all the discharge macaroons. All the discharge macaroons will be bound to the primary macaroon. + The get_discharge function is passed a context (AuthContext), - the caveat(Caveat) to be discharged and encrypted_caveat (bytes)will be + the caveat(pymacaroons.Caveat) to be discharged and encrypted_caveat (bytes) will be passed the external caveat payload found in m, if any. + It should return a bakery.Macaroon object holding the discharge + macaroon for the third party caveat. ''' primary = m.macaroon discharges = [primary] @@ -161,7 +164,7 @@ def discharge(ctx, id, caveat, key, checker, locator): raise VerificationError(exc.args[0]) if cond == checkers.COND_NEED_DECLARED: - cav_info = cav_info._replace(condition=arg.encode('utf-8')) + cav_info = cav_info._replace(condition=arg) caveats = _check_need_declared(ctx, cav_info, checker) else: caveats = checker.check_third_party_caveat(ctx, cav_info) @@ -185,7 +188,7 @@ def discharge(ctx, id, caveat, key, checker, locator): def _check_need_declared(ctx, cav_info, checker): - arg = cav_info.condition.decode('utf-8') + arg = cav_info.condition i = arg.find(' ') if i <= 0: raise VerificationError( @@ -197,7 +200,7 @@ def _check_need_declared(ctx, cav_info, checker): raise VerificationError('need-declared caveat with empty required attribute') if len(need_declared) == 0: raise VerificationError('need-declared caveat with no required attributes') - cav_info = cav_info._replace(condition=arg[i + 1:].encode('utf-8')) + cav_info = cav_info._replace(condition=arg[i + 1:]) caveats = checker.check_third_party_caveat(ctx, cav_info) declared = {} for cav in caveats: diff --git a/macaroonbakery/bakery/_oven.py b/macaroonbakery/bakery/_oven.py index 414a164..d0a2a23 100644 --- a/macaroonbakery/bakery/_oven.py +++ b/macaroonbakery/bakery/_oven.py @@ -28,10 +28,6 @@ from macaroonbakery._utils import ( ) from ._internal import id_pb2 from pymacaroons import MACAROON_V2, Verifier -from pymacaroons.exceptions import ( - MacaroonInvalidSignatureException, - MacaroonUnmetCaveatException, -) class Oven: @@ -183,10 +179,20 @@ class Oven: v.satisfy_general(validator) try: v.verify(macaroons[0], root_key, macaroons[1:]) - except (MacaroonUnmetCaveatException, - MacaroonInvalidSignatureException) as exc: - raise VerificationError( - 'verification failed: {}'.format(exc.args[0])) + except Exception as exc: + # Unfortunately pymacaroons doesn't control + # the set of exceptions that can be raised here. + # Possible candidates are: + # pymacaroons.exceptions.MacaroonUnmetCaveatException + # pymacaroons.exceptions.MacaroonInvalidSignatureException + # ValueError + # nacl.exceptions.CryptoError + # + # There may be others too, so just catch everything. + raise six.raise_from( + VerificationError('verification failed: {}'.format(str(exc))), + exc, + ) if (self.ops_store is not None and len(ops) == 1 -- cgit v1.2.3