summaryrefslogtreecommitdiffstats
path: root/events/src
diff options
context:
space:
mode:
authorAravinda VK <avishwan@redhat.com>2017-12-28 14:04:50 +0530
committerAravinda VK <avishwan@redhat.com>2017-12-28 14:26:54 +0530
commit33c39e5dce3bc941d8e26c98d91f8ddab9505b73 (patch)
treebca27b06d61a213c51e45d2e63d5cdd477c67eec /events/src
parent3f0405f3ee81e05666116720c4f136403f778188 (diff)
eventsapi: JWT signing without external dependency
Added support for JWT signing without using python-jwt since it is not available in all the distributions. BUG: 1529463 Change-Id: I95699055442fbf9da15249f5defe8a8b287010f1 Signed-off-by: Aravinda VK <avishwan@redhat.com>
Diffstat (limited to 'events/src')
-rw-r--r--events/src/utils.py20
1 files changed, 17 insertions, 3 deletions
diff --git a/events/src/utils.py b/events/src/utils.py
index 851543e8f3b..f405e44ac70 100644
--- a/events/src/utils.py
+++ b/events/src/utils.py
@@ -18,6 +18,10 @@ from threading import Thread
import multiprocessing
from Queue import Queue
from datetime import datetime, timedelta
+import base64
+import hmac
+from hashlib import sha256
+from calendar import timegm
from eventsapiconf import (LOG_FILE,
WEBHOOKS_FILE,
@@ -185,15 +189,25 @@ def autoload_webhooks():
load_webhooks()
+def base64_urlencode(inp):
+ return base64.urlsafe_b64encode(inp).replace("=", "").strip()
+
+
def get_jwt_token(secret, event_type, event_ts, jwt_expiry_time_seconds=60):
- import jwt
+ exp = datetime.utcnow() + timedelta(seconds=jwt_expiry_time_seconds)
payload = {
- "exp": datetime.utcnow() + timedelta(seconds=jwt_expiry_time_seconds),
+ "exp": timegm(exp.utctimetuple()),
"iss": "gluster",
"sub": event_type,
"iat": event_ts
}
- return jwt.encode(payload, secret, algorithm='HS256')
+ header = '{"alg":"HS256","typ":"JWT"}'
+ payload = json.dumps(payload, separators=(',', ':'), sort_keys=True)
+ msg = base64_urlencode(header) + "." + base64_urlencode(payload)
+ return "%s.%s" % (
+ msg,
+ base64_urlencode(hmac.HMAC(secret, msg, sha256).digest())
+ )
def save_https_cert(domain, port, cert_path):