Today we discuss a specific automation issue. This pertains to authentication:
We explain a difference between a JWT digest token and an HMAC hash:
We construct a JWT token this way:
PyJwt encapsulates something similar with the following syntax:
import jwt
jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
#codingexercise
Find the longest consecutive subsequence in a sequence
Use a hash table and add all elements in the sequence.
For every element check if it is a start of subsequence, previous one does not occur.
Count the length from each subsequence.
Return the max of the counts.
int GetLMS(List<int> digits)
{
var h = new Hashtable<int>();
for (int i = 0; i < digits.count; i++)
if h.Contains(digits[i])
h[digits[i]]++;
else
h[digits[i]] = 1;
int max = 0;
for (int i = 0; i < digits.count; i++)
{
if (h.Contains(digits[i]-1) == false)
{
int count = 0;
for (int j = digits[i]; h.contains(j); j++)
count++;
if (count > max)
max = count;
}
}
return max;
}
Trivia question:
The question is why does net ads join fail with ads_sasl_spnego_gensec_bind ? Hint: is this a kerberos failure.
We explain a difference between a JWT digest token and an HMAC hash:
We construct a JWT token this way:
def data_to_sign(endpoint, environment, owner):
banner = '{"alg":"SHA256withRSA","kid":"' + environment + '"}'
banner = base64.b64encode(banner)
start = int(datetime.datetime.now().strftime("%s"))*1000
end = datetime.datetime.now() + datetime.timedelta(seconds=300)
end = int(end.strftime("%s"))*1000
expiration = '{"iss":"' + environment + '","nbf":' + str(start) + ',"sub":"' + owner + '","exp":' + str(end) + ',"aud":"' + endpoint + '"}'
expiration = base64.b64encode(expiration)
data_to_sign = banner + "." + expiration
return data_to_sign
def signature(endpoint, environment):
data = data_to_sign(endpoint, environment)
unpacked = data.split('.')
unpacked[0] = base64.b64decode(unpacked[0])
unpacked[1] = base64.b64decode(unpacked[1])
unpacked = unpacked[0]+"."+unpacked[1]
with open('./pem/file.txt', 'w') as f:
f.write(unpacked)
cmd = 'openssl dgst -sha256 -sign ./pem/privateKey.key -out ./pem/signature.sign ./pem/file.txt'
cmd_execute(cmd.split())
digest = ''
with open('./pem/signature.sign', 'rb') as f:
digest = base64.b64encode(f.read())
cmd = 'openssl dgst -sha256 -verify ./pem/privateKey.pub -signature ./pem/signature.sign ./pem/file.txt'
output = self.cmd_execute(cmd.split())
# output says 'Verified'
auth = data_to_sign + "." + digest
return auth
PyJwt encapsulates something similar with the following syntax:
import jwt
jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
The auth goes in the Authentication header field of the https request
We construct an HMAC token this way:
def auth(KeyId, timestamp, token, SomeSecret):
def auth(KeyId, timestamp, token, SomeSecret):
HMAC_KEY = SomeSecret.decode('hex')
CanonicalizedResource = 'timestamp=' + timestamp + '&' + 'token=' + str(token)
StringToSign = CanonicalizedResource
Signature = base64.b64encode(
hmac.new(
HMAC_KEY,
StringToSign,
hashlib.sha256
).digest()
)
auth = KeyId + ":" + Signature
return auth
#codingexercise
Find the longest consecutive subsequence in a sequence
Use a hash table and add all elements in the sequence.
For every element check if it is a start of subsequence, previous one does not occur.
Count the length from each subsequence.
Return the max of the counts.
int GetLMS(List<int> digits)
{
var h = new Hashtable<int>();
for (int i = 0; i < digits.count; i++)
if h.Contains(digits[i])
h[digits[i]]++;
else
h[digits[i]] = 1;
int max = 0;
for (int i = 0; i < digits.count; i++)
{
if (h.Contains(digits[i]-1) == false)
{
int count = 0;
for (int j = digits[i]; h.contains(j); j++)
count++;
if (count > max)
max = count;
}
}
return max;
}
Trivia question:
The question is why does net ads join fail with ads_sasl_spnego_gensec_bind ? Hint: is this a kerberos failure.
No comments:
Post a Comment