aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPieter Wuille <pieter@wuille.net>2023-02-10 17:34:31 -0500
committerPieter Wuille <pieter@wuille.net>2023-02-13 17:11:15 -0500
commite4e17907b686c25dda91e569645a8f501ca48f90 (patch)
tree36028d5b33613c980b3f478c132b17093ab3e7f8
parent2c1fe27bf3c1e504864987cbe80f9c24897d3cb1 (diff)
Modernize rpcauth.py and its tests
-rwxr-xr-xshare/rpcauth/rpcauth.py14
-rwxr-xr-xtest/util/rpcauth-test.py11
2 files changed, 11 insertions, 14 deletions
diff --git a/share/rpcauth/rpcauth.py b/share/rpcauth/rpcauth.py
index d441d5f21d..cc7bba1f8b 100755
--- a/share/rpcauth/rpcauth.py
+++ b/share/rpcauth/rpcauth.py
@@ -4,22 +4,20 @@
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
from argparse import ArgumentParser
-from base64 import urlsafe_b64encode
from getpass import getpass
-from os import urandom
-
+from secrets import token_hex, token_urlsafe
import hmac
def generate_salt(size):
"""Create size byte hex salt"""
- return urandom(size).hex()
+ return token_hex(size)
def generate_password():
"""Create 32 byte b64 password"""
- return urlsafe_b64encode(urandom(32)).decode('utf-8')
+ return token_urlsafe(32)
def password_to_hmac(salt, password):
- m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+ m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
return m.hexdigest()
def main():
@@ -38,8 +36,8 @@ def main():
password_hmac = password_to_hmac(salt, args.password)
print('String to be appended to bitcoin.conf:')
- print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
- print('Your password:\n{0}'.format(args.password))
+ print(f'rpcauth={args.username}:{salt}${password_hmac}')
+ print(f'Your password:\n{args.password}')
if __name__ == '__main__':
main()
diff --git a/test/util/rpcauth-test.py b/test/util/rpcauth-test.py
index 53058dc394..8a7ff26dcb 100755
--- a/test/util/rpcauth-test.py
+++ b/test/util/rpcauth-test.py
@@ -4,7 +4,7 @@
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
"""Test share/rpcauth/rpcauth.py
"""
-import base64
+import re
import configparser
import hmac
import importlib
@@ -28,18 +28,17 @@ class TestRPCAuth(unittest.TestCase):
self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2)
def test_generate_password(self):
+ """Test that generated passwords only consist of urlsafe characters."""
+ r = re.compile(r"[0-9a-zA-Z_-]*")
password = self.rpcauth.generate_password()
- expected_password = base64.urlsafe_b64encode(
- base64.urlsafe_b64decode(password)).decode('utf-8')
- self.assertEqual(expected_password, password)
+ self.assertTrue(r.fullmatch(password))
def test_check_password_hmac(self):
salt = self.rpcauth.generate_salt(16)
password = self.rpcauth.generate_password()
password_hmac = self.rpcauth.password_to_hmac(salt, password)
- m = hmac.new(bytearray(salt, 'utf-8'),
- bytearray(password, 'utf-8'), 'SHA256')
+ m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
expected_password_hmac = m.hexdigest()
self.assertEqual(expected_password_hmac, password_hmac)