- raise errors.SignatureError('Invalid external message')
-
- if salt and not salt_verifier:
- raise errors.SignatureError('Salted message is not verified')
- elif salt_verifier is not None:
- if not salt_verifier(salt):
- raise errors.SignatureError('Invalid salt')
-
- if hmac.new(key, salt + msg, sha1).hexdigest() != hmac_sign:
- raise errors.SignatureError('Invalid Signature')
- return LoadJson(msg)
-
-
-def SaltEqualTo(expected):
- """Helper salt verifier function that checks for equality.
-
- @type expected: string
- @param expected: expected salt
- @rtype: function
- @return: salt verifier that returns True if the target salt is "x"
-
- """
- return lambda salt: salt == expected
-
-
-def SaltIn(expected):
- """Helper salt verifier function that checks for equality.
+ raise errors.SignatureError("Invalid external message")
+
+ if callable(key):
+ # pylint: disable=E1103
+ key_selector = signed_dict.get("key_selector", None)
+ hmac_key = key(key_selector)
+ if not hmac_key:
+ raise errors.SignatureError("No key with key selector '%s' found" %
+ key_selector)
+ else:
+ key_selector = ""
+ hmac_key = key