• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• android-emulator-container-scripts-master
  • aemu-container.code-workspace
  • configure.sh
  • LICENSE
  • CONTRIBUTING.md
  • versioneer.py
  • create_web_container.sh
  • .gitattributes
  • run.sh
  • setup.py
  • TROUBLESHOOTING.md
  • emu
    • template_writer.py
    • emu_downloads_menu.py
    • templates
      • Dockerfile.from_zip
      • cloudbuild.README.MD
      • default.pa
      • README.md
      • Dockerfile
      • launch-emulator.sh
      • avd
        • Pixel2.ini
        • Pixel2.avd
          • config.ini
    • docker_device.py
    • emu_docker.py
    • docker_config.py
    • cloud_build.py
    • __init__.py
    • utils.py
    • _version.py
    • process.py
  • setup.cfg
  • README.md
  • run-with-gpu.sh
  • tests
    • e2e
      • test_launch_containers.py
      • utils.py
      • test_cloud_build.py
    • test_template_writer.py
  • pyproject.toml
  • js
    • src
      • components
        • copyright.js
        • emulator_screen.js
        • login_page.js
        • logcat_view.js
      • service
        • auth_service.js
      • App.js
      • App.test.js
      • App.css
      • serviceWorker.js
      • index.css
      • index.js
      • logo.svg
    • Makefile
    • public
      • favicon.ico
      • manifest.json
      • index.html
    • develop.sh
    • jwt-provider
      • gen-passwords.py
      • jwt-provider.py
      • README.md
      • requirements.txt
      • Dockerfile
      • .gitignore
    • develop
      • Dockerfile.unix
      • envoy.yaml
      • Dockerfile.mac
      • README.md
    • docker
      • docker-compose.yaml
      • emulator.service
      • docker-compose-build.yaml
      • development.yaml
      • envoy.yaml
      • nginx.Dockerfile
      • certs
        • self_sign.crt
        • self_sign.key
      • production.yaml
      • envoy.Dockerfile
    • README.md
    • package.json
    • .gitignore
    • .dockerignore
    • android-emulator-webrtc
      • src
        • components
          • emulator
            • emulator.js
            • views
              • event_handler.js
              • simple_png_view.js
              • webrtc_view.js
            • net
              • logcat.js
              • jsep_protocol_driver.js
              • emulator_status.js
        • index.js
      • Makefile
      • .npmignore
      • eslint_prefix.py
      • webpack.config.js
      • protoc-plugin
        • Makefile
        • grpc_generator.cc
      • gen_md_doc.js
      • ext
        • emulator_web_client_v1.js
        • emulator_web_client_v2.js
      • README.md
      • package.json
      • .gitignore
  • .gitignore
  • MANIFEST.in
  • tox.ini

# Lint as: python3
"""A basic example of a service that hands out JWT tokens.
"""

import json
from datetime import datetime, timedelta

import jwt
from absl import app, flags, logging
from flask import Flask
from flask_httpauth import HTTPBasicAuth
from werkzeug.security import check_password_hash, generate_password_hash

FLAGS = flags.FLAGS

flags.DEFINE_string('passwd', 'passwd', 'The json password file used to verify access, generated by running gen-passwords.py')
flags.DEFINE_string('jwk', 'jwt_secrets_priv.jwks', 'The jwk webkey used for signing, generated by running gen-passwords.py')
flags.DEFINE_integer('port', 8080, 'The port where this service will run')


class MyHTTPBasicAuth(HTTPBasicAuth):
  """Let's prevent these annoying popups in the browser."""
  def authenticate_header(self):
        return 'Token realm="Token"'


api = Flask(__name__)
auth = MyHTTPBasicAuth()
private_key = {}

users = {}

@auth.verify_password
def verify_password(username, password):
  logging.info("user: %s - exists: %s",username, username in users)
  if username in users:
    return check_password_hash(users.get(username), password)
  return False

@api.route('/token', methods=['GET'])
@auth.login_required
def get_token():
  token = {
           # The KeyID, envoy will use this to pick the proper decryption key.
           'kid' : private_key[0],
           # Both the 'iss' and 'aud' must match what is expected
           # in the envoy.yaml configuration
           # under "issuer" and "audiences", without it the token will be rejected.
           'iss' : 'android-emulator@jwt-provider.py',
           'aud' : 'android.emulation.control.EmulatorController',
           # we give users 2 hours of access.
           'exp' : datetime.now() + timedelta(hours=2),
           'iat' : datetime.now(),
           'name' : auth.username()
          }
  return jwt.encode(token, private_key[1], algorithm='RS256')


def main(argv):
  if len(argv) > 1:
    raise app.UsageError('Too many command-line arguments.')

  global users
  global private_key

  with open(FLAGS.passwd) as f:
    users = json.load(f)

  logging.info('Loaded: %s', users.keys())

  # Note you really shouldn't have multiple keys in the jwks, as we will only use the last one.
  with open(FLAGS.jwk) as f:
    jwks = json.load(f)
    for key in jwks['keys']:
      private_key = (key['kid'], jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(key)))


  api.run(host='0.0.0.0', port=FLAGS.port)

if __name__ == '__main__':
  app.run(main)