def _create_signature(self, jid, action): log_debug(4, jid, action) attrs = { 'client-id': self.client_id, 'timestamp': int(time.time()), 'serial': self.get_unique_id(), 'action': action, 'jid': self.jid, } signing_comps = ['client-id', 'timestamp', 'serial', 'action', 'jid'] args = [self.shared_key, jid] for sc in signing_comps: args.append(attrs[sc]) log_debug(4, "Signature args", args) attrs['signature'] = jabber_lib.sign(*args) x = jabber_lib.jabber.xmlstream.Node('x') x.setNamespace(jabber_lib.NS_RHN_SIGNED) for k, v in attrs.items(): x.putAttr(k, v) return x
def _create_signature(self, jid, action): log_debug(4, jid, action) attrs = { 'client-id' : self.client_id, 'timestamp' : int(time.time()), 'serial' : self.get_unique_id(), 'action' : action, 'jid' : self.jid, } signing_comps = ['client-id', 'timestamp', 'serial', 'action', 'jid'] args = [self.shared_key, jid] for sc in signing_comps: args.append(attrs[sc]) log_debug(4, "Signature args", args) attrs['signature'] = jabber_lib.sign(*args) x = jabber_lib.jabber.xmlstream.Node('x') x.setNamespace(jabber_lib.NS_RHN_SIGNED) for k, v in attrs.items(): x.putAttr(k, v) return x
def _check_signature(self, stanza, actions=None): # Do we have this client in the table? jid = stanza.getFrom() if jid is None: log_debug(3, 'no from') return None # Look for a <x> child that has our namespace xes = stanza.getTags('x') for x in xes: if x.getNamespace() != jabber_lib.NS_RHN_SIGNED: continue break else: #for log_debug(1, "No signature node found in stanza") return None timestamp = x.getAttr('timestamp') try: timestamp = int(timestamp) except ValueError: log_debug(1, "Invalid message timestamp", timestamp) return None now = time.time() current_drift = timestamp - now # Allow for a 120 seconds drift max_drift = 120 abs_drift = abs(current_drift - self.time_drift) if abs_drift > max_drift: log_debug(1, "Dropping message, drift is too big", abs_drift) action = x.getAttr('action') if actions and action not in actions: log_debug(1, "action %s not allowed" % action) return None # We need the fully qualified JID here too full_jid = x.getAttr('jid') if not full_jid: log_debug(3, "Full JID not found in signature stanza") return None attrs = { 'timestamp': x.getAttr('timestamp'), 'serial': x.getAttr('serial'), 'action': x.getAttr('action'), 'jid': full_jid, } signing_comps = ['timestamp', 'serial', 'action', 'jid'] args = [self.shared_key, self.jid] for sc in signing_comps: args.append(attrs[sc]) log_debug(4, "Signature args", args) signature = jabber_lib.sign(*args) x_signature = x.getAttr('signature') if signature != x_signature: log_debug(1, "Signatures do not match", signature, x_signature) return None # Happy joy return x
def _check_signature(self, stanza, actions=None): # Do we have this client in the table? jid = stanza.getFrom() if jid is None: log_debug(3, 'no from') return None # Look for a <x> child that has our namespace xes = stanza.getTags('x') for x in xes: if x.getNamespace() != jabber_lib.NS_RHN_SIGNED: continue break else: #for log_debug(1, "No signature node found in stanza") return None timestamp = x.getAttr('timestamp') try: timestamp = int(timestamp) except ValueError: log_debug(1, "Invalid message timestamp", timestamp) return None now = time.time() current_drift = timestamp - now # Allow for a 120 seconds drift max_drift = 120 abs_drift = abs(current_drift - self.time_drift) if abs_drift > max_drift: log_debug(1, "Dropping message, drift is too big", abs_drift) action = x.getAttr('action') if actions and action not in actions: log_debug(1, "action %s not allowed" % action) return None # We need the fully qualified JID here too full_jid = x.getAttr('jid') if not full_jid: log_debug(3, "Full JID not found in signature stanza") return None attrs = { 'timestamp' : x.getAttr('timestamp'), 'serial' : x.getAttr('serial'), 'action' : x.getAttr('action'), 'jid' : full_jid, } signing_comps = ['timestamp', 'serial', 'action', 'jid'] args = [self.shared_key, self.jid] for sc in signing_comps: args.append(attrs[sc]) log_debug(4, "Signature args", args) signature = jabber_lib.sign(*args) x_signature = x.getAttr('signature') if signature != x_signature: log_debug(1, "Signatures do not match", signature, x_signature) return None # Happy joy return x