log more errors during signature's checks (fixes #22615)

2018-03-19 14:21:41 +01:00 · 2018-03-19 14:21:41 +01:00 · d72561e3b8
parent cd140d19cc
commit d72561e3b8
1 changed files with 45 additions and 8 deletions
--- a/bijoe/visualization/signature.py
+++ b/bijoe/visualization/signature.py
@ -21,6 +21,8 @@ import hashlib
 import urllib
 import random
 import urlparse
+import logging
+

 '''Simple signature scheme for query strings'''
 # from http://repos.entrouvert.org/portail-citoyen.git/tree/portail_citoyen/apps/data_source_plugin/signature.py
@ -64,18 +66,43 @@ def check_url(url, key, known_nonce=None, timedelta=30):


 def check_query(query, key, known_nonce=None, timedelta=30):
+    res, error = check_query2(query, key, known_nonce=known_nonce, timedelta=timedelta)
+    if not res:
+        key_hash = 'md5:%s' % hashlib.md5(key).hexdigest()[:6]
+        logging.getLogger(__name__).warning(
+            'could not check signature of query %r with key %s: %s', query, key_hash, error)
+    return res
+
+
+def check_query2(query, key, known_nonce, timedelta):
    parsed = urlparse.parse_qs(query)
-    signature = base64.b64decode(parsed['signature'][0])
-    algo = parsed['algo'][0]
-    timestamp = parsed['timestamp'][0]
-    timestamp = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%SZ')
-    nonce = parsed['nonce']
+    try:
+        signature = parsed['signature'][0]
+        algo = parsed['algo'][0]
+        timestamp = parsed['timestamp'][0]
+        nonce = parsed['nonce'][0]
+    except KeyError as e:
+        return False, 'missing required field %r' % e.args[0]
+    try:
+        signature = base64.b64decode(parsed['signature'][0])
+    except Exception as e:
+        return False, 'could not decode base64 signature (%s)' % e
+
+    if algo not in hashlib.algorithms:
+        return False, 'hash algorithm %s is not supported' % algo
+
+    try:
+        timestamp = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%SZ')
+    except Exception as e:
+        return False, 'could not parse the timestamp %s' % timestamp
    unsigned_query = query.split('&signature=')[0]
    if known_nonce is not None and known_nonce(nonce):
-        return False
+        return False, 'used nonce'
    if abs(datetime.datetime.utcnow() - timestamp) > datetime.timedelta(seconds=timedelta):
-        return False
-    return check_string(unsigned_query, signature, key, algo=algo)
+        return False, 'timestamp is older than %d seconds' % timedelta
+    if not check_string(unsigned_query, signature, key, algo=algo):
+        return False, 'signature does not match'
+    return True, None


 def check_string(s, signature, key, algo='sha256'):
@ -88,8 +115,18 @@ def check_string(s, signature, key, algo='sha256'):
        res |= ord(a) ^ ord(b)
    return res == 0

+
 if __name__ == '__main__':
+    logging.basicConfig()
    key = '12345'
    signed_query = sign_query('NameId=_12345&orig=montpellier', key)
    assert check_query(signed_query, key, timedelta=0) is False
    assert check_query(signed_query, key) is True
+    signed_query2 = signed_query.split('&signature=', 1)[0] + '&signature=1111'
+    assert check_query(signed_query2, key) is False
+    signed_query3 = signed_query.replace('sha256', 'wtf')
+    assert check_query(signed_query3, key) is False
+    signed_query4 = signed_query.split('&signature=', 1)[0]
+    assert check_query(signed_query4, key) is False
+    signed_query5 = signed_query.split('&signature=', 1)[0] + '&signature=111'
+    assert check_query(signed_query5, key) is False