def verify_header(cls, payload, header, secret, tolerance=None):
try:
timestamp, signatures = cls._get_timestamp_and_signatures(
header, cls.EXPECTED_SCHEME)
except:
raise error.SignatureVerificationError(
"Unable to extract timestamp and signatures from header",
header, payload)
if len(signatures) == 0:
raise error.SignatureVerificationError(
"No signatures found with expected scheme "
"%s" % cls.EXPECTED_SCHEME, header, payload)
signed_payload = "%d.%s" % (timestamp, payload)
expected_sig = cls._compute_signature(signed_payload, secret)
if not any(util.secure_compare(expected_sig, s) for s in signatures):
raise error.SignatureVerificationError(
"No signatures found matching the expected signature for "
"payload", header, payload)
if tolerance and timestamp < time.time() - tolerance:
raise error.SignatureVerificationError(
"Timestamp outside the tolerance zone (%d)" % timestamp,
header, payload)
return True
def verify_header(cls, payload, header, secret, tolerance=None):
try:
timestamp, signatures = cls._get_timestamp_and_signatures(
header, cls.EXPECTED_SCHEME)
except Exception:
raise error.SignatureVerificationError(
"Unable to extract timestamp and signatures from header",
header, payload)
if len(signatures) == 0:
raise error.SignatureVerificationError(
"No signatures found with expected scheme "
"%s" % cls.EXPECTED_SCHEME,
header, payload)
signed_payload = "%d.%s" % (timestamp, payload)
expected_sig = cls._compute_signature(signed_payload, secret)
if not any(util.secure_compare(expected_sig, s) for s in signatures):
raise error.SignatureVerificationError(
"No signatures found matching the expected signature for "
"payload",
header, payload)
if tolerance and timestamp < time.time() - tolerance:
raise error.SignatureVerificationError(
"Timestamp outside the tolerance zone (%d)" % timestamp,
header, payload)
return True