Revision 1a0defea htools/Ganeti/Confd/Utils.hs
| b/htools/Ganeti/Confd/Utils.hs | ||
|---|---|---|
| 30 | 30 |
( getClusterHmac |
| 31 | 31 |
, parseSignedMessage |
| 32 | 32 |
, parseRequest |
| 33 |
, parseReply |
|
| 33 | 34 |
, signMessage |
| 34 | 35 |
, getCurrentTime |
| 35 | 36 |
) where |
| ... | ... | |
| 65 | 66 |
else Bad "HMAC verification failed" |
| 66 | 67 |
return (salt, msg, parsedMsg) |
| 67 | 68 |
|
| 68 |
-- | Message parsing. This can either result in a good, valid message,
|
|
| 69 |
-- or fail in the Result monad. |
|
| 69 |
-- | Message parsing. This can either result in a good, valid request
|
|
| 70 |
-- message, or fail in the Result monad.
|
|
| 70 | 71 |
parseRequest :: HashKey -> String -> Integer |
| 71 | 72 |
-> Result (String, ConfdRequest) |
| 72 | 73 |
parseRequest hmac msg curtime = do |
| ... | ... | |
| 76 | 77 |
then fail "Too old/too new timestamp or clock skew" |
| 77 | 78 |
else return (origmsg, request) |
| 78 | 79 |
|
| 80 |
-- | Message parsing. This can either result in a good, valid reply |
|
| 81 |
-- message, or fail in the Result monad. |
|
| 82 |
-- It also checks that the salt in the message corresponds to the one |
|
| 83 |
-- that is expected |
|
| 84 |
parseReply :: HashKey -> String -> String -> Result (String, ConfdReply) |
|
| 85 |
parseReply hmac msg expSalt = do |
|
| 86 |
(salt, origmsg, reply) <- parseSignedMessage hmac msg |
|
| 87 |
if salt /= expSalt |
|
| 88 |
then fail "The received salt differs from the expected salt" |
|
| 89 |
else return (origmsg, reply) |
|
| 90 |
|
|
| 79 | 91 |
-- | Signs a message with a given key and salt. |
| 80 | 92 |
signMessage :: HashKey -> String -> String -> SignedMessage |
| 81 | 93 |
signMessage key salt msg = |
Also available in: Unified diff