def _create_signature(self, jid, action):
log_debug(4, jid, action)
attrs = {
'client-id': self.client_id,
'timestamp': int(time.time()),
'serial': self.get_unique_id(),
'action': action,
'jid': self.jid,
}
signing_comps = ['client-id', 'timestamp', 'serial', 'action', 'jid']
args = [self.shared_key, jid]
for sc in signing_comps:
args.append(attrs[sc])
log_debug(4, "Signature args", args)
attrs['signature'] = jabber_lib.sign(*args)
x = jabber_lib.jabber.xmlstream.Node('x')
x.setNamespace(jabber_lib.NS_RHN_SIGNED)
for k, v in attrs.items():
x.putAttr(k, v)
return x
def _create_signature(self, jid, action):
log_debug(4, jid, action)
attrs = {
'client-id' : self.client_id,
'timestamp' : int(time.time()),
'serial' : self.get_unique_id(),
'action' : action,
'jid' : self.jid,
}
signing_comps = ['client-id', 'timestamp', 'serial', 'action', 'jid']
args = [self.shared_key, jid]
for sc in signing_comps:
args.append(attrs[sc])
log_debug(4, "Signature args", args)
attrs['signature'] = jabber_lib.sign(*args)
x = jabber_lib.jabber.xmlstream.Node('x')
x.setNamespace(jabber_lib.NS_RHN_SIGNED)
for k, v in attrs.items():
x.putAttr(k, v)
return x
def _check_signature(self, stanza, actions=None):
# Do we have this client in the table?
jid = stanza.getFrom()
if jid is None:
log_debug(3, 'no from')
return None
# Look for a <x> child that has our namespace
xes = stanza.getTags('x')
for x in xes:
if x.getNamespace() != jabber_lib.NS_RHN_SIGNED:
continue
break
else: #for
log_debug(1, "No signature node found in stanza")
return None
timestamp = x.getAttr('timestamp')
try:
timestamp = int(timestamp)
except ValueError:
log_debug(1, "Invalid message timestamp", timestamp)
return None
now = time.time()
current_drift = timestamp - now
# Allow for a 120 seconds drift
max_drift = 120
abs_drift = abs(current_drift - self.time_drift)
if abs_drift > max_drift:
log_debug(1, "Dropping message, drift is too big", abs_drift)
action = x.getAttr('action')
if actions and action not in actions:
log_debug(1, "action %s not allowed" % action)
return None
# We need the fully qualified JID here too
full_jid = x.getAttr('jid')
if not full_jid:
log_debug(3, "Full JID not found in signature stanza")
return None
attrs = {
'timestamp': x.getAttr('timestamp'),
'serial': x.getAttr('serial'),
'action': x.getAttr('action'),
'jid': full_jid,
}
signing_comps = ['timestamp', 'serial', 'action', 'jid']
args = [self.shared_key, self.jid]
for sc in signing_comps:
args.append(attrs[sc])
log_debug(4, "Signature args", args)
signature = jabber_lib.sign(*args)
x_signature = x.getAttr('signature')
if signature != x_signature:
log_debug(1, "Signatures do not match", signature, x_signature)
return None
# Happy joy
return x
def _check_signature(self, stanza, actions=None):
# Do we have this client in the table?
jid = stanza.getFrom()
if jid is None:
log_debug(3, 'no from')
return None
# Look for a <x> child that has our namespace
xes = stanza.getTags('x')
for x in xes:
if x.getNamespace() != jabber_lib.NS_RHN_SIGNED:
continue
break
else: #for
log_debug(1, "No signature node found in stanza")
return None
timestamp = x.getAttr('timestamp')
try:
timestamp = int(timestamp)
except ValueError:
log_debug(1, "Invalid message timestamp", timestamp)
return None
now = time.time()
current_drift = timestamp - now
# Allow for a 120 seconds drift
max_drift = 120
abs_drift = abs(current_drift - self.time_drift)
if abs_drift > max_drift:
log_debug(1, "Dropping message, drift is too big", abs_drift)
action = x.getAttr('action')
if actions and action not in actions:
log_debug(1, "action %s not allowed" % action)
return None
# We need the fully qualified JID here too
full_jid = x.getAttr('jid')
if not full_jid:
log_debug(3, "Full JID not found in signature stanza")
return None
attrs = {
'timestamp' : x.getAttr('timestamp'),
'serial' : x.getAttr('serial'),
'action' : x.getAttr('action'),
'jid' : full_jid,
}
signing_comps = ['timestamp', 'serial', 'action', 'jid']
args = [self.shared_key, self.jid]
for sc in signing_comps:
args.append(attrs[sc])
log_debug(4, "Signature args", args)
signature = jabber_lib.sign(*args)
x_signature = x.getAttr('signature')
if signature != x_signature:
log_debug(1, "Signatures do not match", signature, x_signature)
return None
# Happy joy
return x
