blob: e3ed9faeb0e6d821f43296fd3ba3ad8585f2b82b [file] [log] [blame] [edit]
# Copyright 2024 The LUCI Authors. All rights reserved.
# Use of this source code is governed under the Apache License, Version 2.0
# that can be found in the LICENSE file.
"""Implements HMAC-SHA256 using a secret from the GSM."""
import hashlib
import hmac
import logging
from google.appengine.api import app_identity
from components import gsm
from components import utils
def warmup():
"""Warms up local in-memory caches, best effort."""
try:
get_shared_hmac_secret().access()
except Exception:
logging.exception('Failed to warmup up HMAC key')
def new_mac():
"""Returns an hmac object configure to use SHA256 and the shared secret."""
key = get_shared_hmac_secret().access()
return hmac.new(key, digestmod=hashlib.sha256)
@utils.cache
def get_shared_hmac_secret():
"""A gsm.Secret with a key used to HMAC-tag tokens."""
if utils.is_local_dev_server():
return _LocalDevServer()
return gsm.Secret(
project=app_identity.get_application_id(),
secret='shared-hmac',
version='current',
)
class _LocalDevServer(object):
"""Used when running the server locally e.g. in the smoke test."""
def access(self):
return 'local-dev-server'