check-python-code: Report EOL whitespace

[ganeti-local] / lib / serializer.py

diff --git a/lib/serializer.py b/lib/serializer.py
index c5a8b0d..5df5bfd 100644 (file)
--- a/lib/serializer.py
+++ b/lib/serializer.py
@@ -27,6 +27,14 @@ backend (currently json).
 
 import simplejson
 import re
+import hmac
+
+from ganeti import errors
+
+try:
+  from hashlib import sha1
+except ImportError:
+  import sha as sha1
 
 # Check whether the simplejson module supports indentation
 _JSON_INDENT = 2
@@ -38,14 +46,20 @@ except TypeError:
 _RE_EOLSP = re.compile('[ \t]+$', re.MULTILINE)
 
 
-def DumpJson(data):
+def DumpJson(data, indent=True):
   """Serialize a given object.
 
+  @param data: the data to serialize
+  @param indent: whether to indent output (depends on simplejson version)
+
+  @return: the string representation of data
+
   """
-  if _JSON_INDENT is None:
+  if not indent or _JSON_INDENT is None:
     txt = simplejson.dumps(data)
   else:
     txt = simplejson.dumps(data, indent=_JSON_INDENT)
+
   txt = _RE_EOLSP.sub("", txt)
   if not txt.endswith('\n'):
     txt += '\n'
@@ -55,9 +69,60 @@ def DumpJson(data):
 def LoadJson(txt):
   """Unserialize data from a string.
 
+  @param txt: the json-encoded form
+
+  @return: the original data
+
   """
   return simplejson.loads(txt)
 
 
+def DumpSignedJson(data, key, salt=None):
+  """Serialize a given object and authenticate it.
+
+  @param data: the data to serialize
+  @param key: shared hmac key
+  @return: the string representation of data signed by the hmac key
+
+  """
+  txt = DumpJson(data, indent=False)
+  if salt is None:
+    salt = ''
+  signed_dict = {
+    'msg': txt,
+    'salt': salt,
+    'hmac': hmac.new(key, salt + txt, sha1).hexdigest(),
+  }
+  return DumpJson(signed_dict, indent=False)
+
+
+def LoadSignedJson(txt, key):
+  """Verify that a given message was signed with the given key, and load it.
+
+  @param txt: json-encoded hmac-signed message
+  @param key: shared hmac key
+  @rtype: tuple of original data, string
+  @return: original data, salt
+  @raises errors.SignatureError: if the message signature doesn't verify
+
+  """
+  signed_dict = LoadJson(txt)
+  if not isinstance(signed_dict, dict):
+    raise errors.SignatureError('Invalid external message')
+  try:
+    msg = signed_dict['msg']
+    salt = signed_dict['salt']
+    hmac_sign = signed_dict['hmac']
+  except KeyError:
+    raise errors.SignatureError('Invalid external message')
+
+  if hmac.new(key, salt + msg, sha1).hexdigest() != hmac_sign:
+    raise errors.SignatureError('Invalid Signature')
+
+  return LoadJson(msg), salt
+
+
 Dump = DumpJson
 Load = LoadJson
+DumpSigned = DumpSignedJson
+LoadSigned = LoadSignedJson