utils: allow checking signature against multiple keys (#10935)
This commit is contained in:
parent
9779837cb4
commit
959b436919
|
@ -204,7 +204,8 @@ def ellipsize(text, length=50):
|
|||
return text
|
||||
return text[:(length-10)] + '...'
|
||||
|
||||
def check_query(query, key, known_nonce=None, timedelta=30):
|
||||
|
||||
def check_query(query, keys, known_nonce=None, timedelta=30):
|
||||
parsed = urlparse.parse_qs(query)
|
||||
if not 'signature' in parsed:
|
||||
return False
|
||||
|
@ -218,14 +219,20 @@ def check_query(query, key, known_nonce=None, timedelta=30):
|
|||
return False
|
||||
if abs(datetime.datetime.utcnow() - timestamp) > datetime.timedelta(seconds=timedelta):
|
||||
return False
|
||||
return check_string(unsigned_query, signature, key, algo=algo)
|
||||
return check_string(unsigned_query, signature, keys, algo=algo)
|
||||
|
||||
def check_string(s, signature, key, algo='sha256'):
|
||||
# constant time compare
|
||||
signature2 = sign_string(s, key, algo=algo)
|
||||
if len(signature2) != len(signature):
|
||||
return False
|
||||
res = 0
|
||||
for a, b in zip(signature, signature2):
|
||||
res |= ord(a) ^ ord(b)
|
||||
return res == 0
|
||||
|
||||
def check_string(s, signature, keys, algo='sha256'):
|
||||
if not isinstance(keys, list):
|
||||
keys = [keys]
|
||||
for key in keys:
|
||||
signature2 = sign_string(s, key, algo=algo)
|
||||
if len(signature2) != len(signature):
|
||||
continue
|
||||
res = 0
|
||||
# constant time compare
|
||||
for a, b in zip(signature, signature2):
|
||||
res |= ord(a) ^ ord(b)
|
||||
if res == 0:
|
||||
return True
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue