utils: allow checking signature against multiple keys (#10935)

2016-09-06 14:02:19 +02:00 · 2016-09-06 14:02:19 +02:00 · 959b436919
parent 9779837cb4
commit 959b436919
1 changed files with 18 additions and 11 deletions
--- a/combo/utils.py
+++ b/combo/utils.py
@ -204,7 +204,8 @@ def ellipsize(text, length=50):
        return text
    return text[:(length-10)] + '...'

-def check_query(query, key, known_nonce=None, timedelta=30):
+
+def check_query(query, keys, known_nonce=None, timedelta=30):
    parsed = urlparse.parse_qs(query)
    if not 'signature' in parsed:
        return False
@ -218,14 +219,20 @@ def check_query(query, key, known_nonce=None, timedelta=30):
        return False
    if abs(datetime.datetime.utcnow() - timestamp) > datetime.timedelta(seconds=timedelta):
        return False
-    return check_string(unsigned_query, signature, key, algo=algo)
+    return check_string(unsigned_query, signature, keys, algo=algo)

-def check_string(s, signature, key, algo='sha256'):
-    # constant time compare
-    signature2 = sign_string(s, key, algo=algo)
-    if len(signature2) != len(signature):
-        return False
-    res = 0
-    for a, b in zip(signature, signature2):
-        res |= ord(a) ^ ord(b)
-    return res == 0
+
+def check_string(s, signature, keys, algo='sha256'):
+    if not isinstance(keys, list):
+        keys = [keys]
+    for key in keys:
+        signature2 = sign_string(s, key, algo=algo)
+        if len(signature2) != len(signature):
+            continue
+        res = 0
+        # constant time compare
+        for a, b in zip(signature, signature2):
+            res |= ord(a) ^ ord(b)
+        if res == 0:
+            return True
+    return False