LRPpumpJ

· 7 years ago · Aug 03, 2018, 11:14 PM
1import base64
2import urlparse
3from tlslite.utils import keyfactory
4import oauth2 as oauth
5
6class SignatureMethod_RSA_SHA1(oauth.SignatureMethod):
7    name = 'RSA-SHA1'
8
9    def signing_base(self, request, consumer, token):
10        if not hasattr(request, 'normalized_url') or request.normalized_url is None:
11            raise ValueError("Base URL for request is not set.")
12
13        sig = (
14            oauth.escape(request.method),
15            oauth.escape(request.normalized_url),
16            oauth.escape(request.get_normalized_parameters()),
17        )
18
19        key = '%s&' % oauth.escape(consumer.secret)
20        if token:
21            key += oauth.escape(token.secret)
22        raw = '&'.join(sig)
23        return key, raw
24
25    def sign(self, request, consumer, token):
26        """Builds the base signature string."""
27        key, raw = self.signing_base(request, consumer, token)
28
29        with open('../rsa.pem', 'r') as f:
30            data = f.read()
31        privateKeyString = data.strip()
32
33        privatekey = keyfactory.parsePrivateKey(privateKeyString)
34        signature = privatekey.hashAndSign(raw)
35
36        return base64.b64encode(signature)
37
38
39with open(".../jira_privatekey.pem") as f:
40    consumer_key = f.read()
41consumer_secret = 'dont_care'
42
43# tried both https/http
44request_token_url = 'https://<domain>/jira/plugins/servlet/oauth/request-token'
45access_token_url = 'https://<domain>/jira/plugins/servlet/oauth/access-token'
46authorize_url = 'http://<domain>/jira/plugins/servlet/oauth/authorize'
47
48data_url = 'https://<domain>/rest/api/2/application-properties/advanced-settings'
49
50consumer = oauth.Consumer(consumer_key, consumer_secret)
51client = oauth.Client(consumer)
52
53# Lets try to access a JIRA issue (BULK-1). We should get a 401.
54resp, content = client.request(data_url, "GET")
55if resp['status'] != '401':
56    raise Exception("Did not receive 401")
57
58consumer = oauth.Consumer(consumer_key, consumer_secret)
59client = oauth.Client(consumer)
60client.set_signature_method(SignatureMethod_RSA_SHA1())
61
62# Step 1: Get a request token. This is a temporary token that is used for
63# having the user authorize an access token and to sign the request to obtain
64# said access token.
65
66resp, content = client.request(request_token_url, "POST")
67if resp['status'] != '200':
68    raise Exception("Invalid response %s: %s" % (resp['status'],  content))
69
70request_token = dict(urlparse.parse_qsl(content))
71
72print "Request Token:"
73print "    - oauth_token        = %s" % request_token['oauth_token']
74print "    - oauth_token_secret = %s" % request_token['oauth_token_secret']
75print
76
77# Step 2: Redirect to the provider. Since this is a CLI script we do not
78# redirect. In a web application you would redirect the user to the URL
79# below.
80
81print "Go to the following link in your browser:"
82print "%s?oauth_token=%s" % (authorize_url, request_token['oauth_token'])
83print
84
85# After the user has granted access to you, the consumer, the provider will
86# redirect you to whatever URL you have told them to redirect to. You can
87# usually define this in the oauth_callback argument as well.
88accepted = 'n'
89while accepted.lower() == 'n':
90    accepted = raw_input('Have you authorized me? (y/n) ')
91# oauth_verifier = raw_input('What is the PIN? ')
92
93# Step 3: Once the consumer has redirected the user back to the oauth_callback
94# URL you can request the access token the user has approved. You use the
95# request token to sign this request. After this is done you throw away the
96# request token and use the access token returned. You should store this
97# access token somewhere safe, like a database, for future use.
98token = oauth.Token(request_token['oauth_token'],
99    request_token['oauth_token_secret'])
100#token.set_verifier(oauth_verifier)
101client = oauth.Client(consumer, token)
102client.set_signature_method(SignatureMethod_RSA_SHA1())
103
104resp, content = client.request(access_token_url, "POST")
105access_token = dict(urlparse.parse_qsl(content))
106
107print "Access Token:"
108print "    - oauth_token        = %s" % access_token['oauth_token']
109print "    - oauth_token_secret = %s" % access_token['oauth_token_secret']
110print
111print "You may now access protected resources using the access tokens above."
112print
113
114
115# Now lets try to access the same issue again with the access token. We should get a 200!
116accessToken = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret'])
117client = oauth.Client(consumer, accessToken)
118client.set_signature_method(SignatureMethod_RSA_SHA1())
119
120resp, content = client.request(data_url, "GET")
121if resp['status'] != '200':
122    raise Exception("Should have access!")