github
/
bitcoin
mirror of https://github.com/bitcoin/bitcoin
1
Fork 0
Code Releases Activity

Modernize rpcauth.py and its tests

This commit is contained in:
Pieter Wuille 2023-02-10 17:34:31 -05:00
parent 2c1fe27bf3
commit e4e17907b6
2 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
share/rpcauth/rpcauth.py
View File

@ -4,22 +4,20 @@
# file COPYING or http://www.opensource.org/licenses/mit-license.php. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
from argparse import ArgumentParser from argparse import ArgumentParser
from base64 import urlsafe_b64encode
from getpass import getpass from getpass import getpass
from os import urandom from secrets import token_hex, token_urlsafe
import hmac import hmac
def generate_salt(size): def generate_salt(size):
"""Create size byte hex salt""" """Create size byte hex salt"""
return urandom(size).hex() return token_hex(size)
def generate_password(): def generate_password():
"""Create 32 byte b64 password""" """Create 32 byte b64 password"""
return urlsafe_b64encode(urandom(32)).decode('utf-8') return token_urlsafe(32)
def password_to_hmac(salt, password): def password_to_hmac(salt, password):
m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256') m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
return m.hexdigest() return m.hexdigest()
def main(): def main():
@ -38,8 +36,8 @@ def main():
password_hmac = password_to_hmac(salt, args.password) password_hmac = password_to_hmac(salt, args.password)
print('String to be appended to bitcoin.conf:') print('String to be appended to bitcoin.conf:')
print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac)) print(f'rpcauth={args.username}:{salt}${password_hmac}')
print('Your password:\n{0}'.format(args.password)) print(f'Your password:\n{args.password}')
if __name__ == '__main__': if __name__ == '__main__':
main() main()

11
test/util/rpcauth-test.py
View File

@ -4,7 +4,7 @@
# file COPYING or http://www.opensource.org/licenses/mit-license.php. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
"""Test share/rpcauth/rpcauth.py """Test share/rpcauth/rpcauth.py
""" """
import base64 import re
import configparser import configparser
import hmac import hmac
import importlib import importlib
@ -28,18 +28,17 @@ class TestRPCAuth(unittest.TestCase):
self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2) self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2)
def test_generate_password(self): def test_generate_password(self):
"""Test that generated passwords only consist of urlsafe characters."""
r = re.compile(r"[0-9a-zA-Z_-]*")
password = self.rpcauth.generate_password() password = self.rpcauth.generate_password()
expected_password = base64.urlsafe_b64encode( self.assertTrue(r.fullmatch(password))
base64.urlsafe_b64decode(password)).decode('utf-8')
self.assertEqual(expected_password, password)
def test_check_password_hmac(self): def test_check_password_hmac(self):
salt = self.rpcauth.generate_salt(16) salt = self.rpcauth.generate_salt(16)
password = self.rpcauth.generate_password() password = self.rpcauth.generate_password()
password_hmac = self.rpcauth.password_to_hmac(salt, password) password_hmac = self.rpcauth.password_to_hmac(salt, password)
m = hmac.new(bytearray(salt, 'utf-8'), m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
bytearray(password, 'utf-8'), 'SHA256')
expected_password_hmac = m.hexdigest() expected_password_hmac = m.hexdigest()
self.assertEqual(expected_password_hmac, password_hmac) self.assertEqual(expected_password_hmac, password_hmac)