o S!@sdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddlm Z ddl m Z dZ dZdZdZd ZGd d d e jZdS) z4Class to offload the end to end flow of U2F signing.N)errors)model)baseauthenticatorSK_SIGNING_PLUGINiiijc@sXeZdZdZddZejjfddZddZ dd Z d d Z d d Z ddZ ddZdS)CustomAuthenticatoraOffloads U2F signing to a pluggable command-line tool. Offloads U2F signing to a signing plugin which takes the form of a command-line tool. The command-line tool is configurable via the SK_SIGNING_PLUGIN environment variable. The signing plugin should implement the following interface: Communication occurs over stdin/stdout, and messages are both sent and received in the form: [4 bytes - payload size (little-endian)][variable bytes - json payload] Signing Request JSON { "type": "sign_helper_request", "signData": [{ "keyHandle": , "appIdHash": , "challengeHash": , "version": U2F protocol version (usually "U2F_V2") },...], "timeoutSeconds": } Signing Response JSON { "type": "sign_helper_reply", "code": . "errorDetail": , "responseData": { "appIdHash": , "challengeHash": , "keyHandle": , "version": , "signatureData": } } Possible response error codes are: NoError = 0 UnknownError = -127 TouchRequired = 0x6985 WrongData = 0x6a80 cCs ||_dS)N)origin)selfrr N/tmp/google-cloud-sdk/lib/third_party/pyu2f/convenience/customauthenticator.py__init__Us zCustomAuthenticator.__init__c Cs|tjt}|durtdt||||j\}}|d| |g|}|d|df}||} | } | || |S)See base class.Nz{} env var is not setz*Please insert and touch your security key keyHandle challengeHash) osenvirongetSK_SIGNING_PLUGIN_ENV_VARr PluginErrorformat_BuildPluginRequestr _CallPluginencode_BuildAuthenticatorResponse) r app_idchallenge_dataprint_callback plugin_cmdclient_data_map signing_inputresponsekey_challenge_pairclient_data_json client_datar r r AuthenticateXs z CustomAuthenticator.AuthenticatecCstjtduS)r N)rrrr)r r r r IsAvailablepszCustomAuthenticator.IsAvailablecCsi}g}|||}|D]6}|d}||j} |d} ttjj| |} ||| } ||| | |jd| | f} | || <qd|t dd}|t |fS)z:Builds a JSON request in the form that the plugin expects.key challenge) appIdHashrrversionsign_helper_requestT)typesignDatatimeoutSeconds localAlways) _Base64Encode_SHA256 key_handler ClientDataTYP_AUTHENTICATIONGetJsonappendr)U2F_SIGNATURE_TIMEOUT_SECONDSjsondumps)r rrrrencoded_challengesapp_id_hash_encodedchallenge_itemr&key_handle_encoded raw_challenger"challenge_hash_encodedr!signing_requestr r r rts>  z'CustomAuthenticator._BuildPluginRequestcCs4||}t|d}t|d}||||d}|S)z,Builds the response to return to the caller. signatureDatar) clientDatar@ applicationIdr)r/str)r rr#plugin_responseencoded_client_datasignature_datar1r r r r rs   z/CustomAuthenticator._BuildAuthenticatorResponsecCst|}td|}||}tj|tjtjd}||d}|}|dd} t d| d} |dd} | t| krKt d | t| |z t | } Wntyct d |w| dd krd |} | d }|r}| d |7} t | | d }|durt d ||tkrt t jj|tkrt t jj|tkrt d || d || d}|durt d ||S)z,Calls the plugin and validates the response.zs"