spresso.utils package

Submodules

spresso.utils.base module

create_nonce(length)[source]

Generates random bytes of specified length. UNIX-like system will query /dev/urandom, Windows will use CryptGenRandom()

Parameters:length (int) – The length of the random sequence.
Returns:The random sequence.
Return type:bytes
create_random_characters(length, chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')[source]

Generates a random string of a specified length. Per default the charset consists of uppercase ASCII letters and digits.

Parameters:
  • length (int) – The length of the random string sequence.
  • chars (str) – The charset from which to choose.
Returns:

The random string sequence.
Return type:

str
from_b64(data_b64, return_bytes=False)[source]

Wrapper around base64.b64decode() to decode data using Base64.

Parameters:
  • data_b64 (str, bytes) – The Base64-encoded data.
  • return_bytes (bool) – Flag to indicate if bytes or string should be returned.
Returns:

The decoded data.
Return type:

str, bytes
get_file_content(path, mode)[source]

Wrapper around open().

Parameters:
  • path (str) – The path to the file.
  • mode (str) – The mode in which the file should be opened.
Raises:
  • ValueError – The path or mode is invalid.
  • FileNotFoundError – The file could not found at the given path.
Returns:

The file contents.
Return type:

str
get_resource(resource_path, path)[source]

Method to retrieve resource files from the package installation directory.

Parameters:
  • resource_path (str) – The path where resources are stored.
  • path (str) – The relative path to the resource.
Returns:

The file content of the resource.
Return type:

str
get_url(scheme, netloc, path='', params='', query='', fragment='')[source]

Wrapper around urllib.parse.ParseResult and urllib.parse.urlunparse() to retrieve an URL.

Parameters:
  • scheme (str) – The URL scheme.
  • netloc (str) – The URL domain.
  • path (str) – The URL path.
  • params (str) – The URL parameters.
  • query (str) – The URL query arguments.
  • fragment (str) – The URL fragment.
Returns:

The URL.
Return type:

str
to_b64(data)[source]

Wrapper around base64.b64encode() to encode data using Base64.

Parameters:data (str, bytes) – The data.
Returns:The Base64-encoded data.
Return type:str
update_existing_keys(source, target)[source]

Wrapper around dict.update(). This function only updates the existing keys in the dictionary.

Parameters:
  • source (dict) – The source dictionary.
  • target (dict) – The target dictionary.

spresso.utils.crypto module

This module provides the necessary cryptographic primitives for the system. It is based on the cryptography package.

create_signature(private_key, data)[source]

Method to create a PKCS#1 signature using SHA256.

Load a RSA private key in PEM format using load_pem_private_key. Then configure a signer object and sign the passed in data.

Parameters:
  • private_key (bytes) – The RSA private key used during signature creation.
  • data (bytes) – The data to be signed.
Returns:

The signature.
Return type:

bytes
decrypt_aes_gcm(key, iv, auth_tag, cipher_text, associated_data=b'')[source]

Method to decrypt AES in GCM mode.

Constructs a Cipher object from key, iv and authentication tag. The associated data is passed in during decryption.

Parameters:
  • key (bytes) – The symmetric key used during decryption.
  • iv (bytes) – The initialisation vector used during decryption.
  • auth_tag (bytes) – The authentication tag used during decryption.
  • cipher_text (bytes) – Cipher text to decrypt.
  • associated_data (bytes) – Additional authentication data that was passed in during encryption.
Returns:

The decrypted cipher text.
Return type:

bytes
Raises:

InvalidTag – The authentication tag in combination with the given parameters is invalid.
encrypt_aes_gcm(key, iv, plaintext, associated_data=b'')[source]

Method to encrypt AES in GCM mode.

Constructs a Cipher object from key, iv. The plain text is passed in during encryption.

Parameters:
  • key (bytes) – The symmetric key used during encryption.
  • iv (bytes) – The initialisation vector used during encryption.
  • plaintext (bytes) – Plain text to encrypt.
  • associated_data (bytes) – Additional data to authenticate.
Returns:

The encrypted plain text as bytes and the authentication tag

as bytes.
Return type:

tuple
Raises:

InvalidTag – The authentication tag in combination with the given parameters is invalid.
verify_signature(public_key, signature, data)[source]

Method to verify a PKCS#1 signature using SHA256.

Load a RSA public key in PEM format using load_pem_public_key. Then configure a verifier object and verify the passed in data.

Parameters:
  • public_key (bytes) – The RSA public key used in verification.
  • signature (bytes) – The signature to verify.
  • data (bytes) – The expected signed data, which should be verified.
Raises:

InvalidSignature – The expected data was invalid in respect to the signature.

spresso.utils.error module

exception InvalidSettings[source]

Bases: Exception

Raised by spresso.grant.base.SettingsMixin in case an invalid settings class was passed to the instance.

exception InvalidSiteAdapter[source]

Bases: Exception

Raised by spresso.grant.base.SiteAdapterMixin in case an invalid site adapter was passed to the instance.

exception SpressoBaseError(error, uri=None, message=None)[source]

Bases: Exception

Base class used by SPRESSO specific errors.

Parameters:
  • error (str) – Identifier of the error.
  • uri (str) – URL at which the error occurred.
  • message (str) – Short message that describes the error.
exception SpressoInvalidError(error, uri=None, message=None)[source]

Bases: spresso.utils.error.SpressoBaseError

Indicates an error during validation of a request.

exception UnsupportedAdditionalData[source]

Bases: Exception

Indicates incorrectly formatted additional data.

exception UnsupportedGrantError[source]

Bases: Exception

Indicates that a requested grant is not supported by the server.

exception UserNotAuthenticated[source]

Bases: Exception

Raised by spresso.grant.authentication.site_adapter. identity_provider.SignatureSiteAdapter to indicate an unauthenticated user.

spresso.utils.log module

There is one logger available to log uncaught exceptions in <spresso.controller.application>. If logging has not been configured, you will likely see this error:

Make sure that logging is configured to avoid this:

Module contents