Revision 615aaaba lib/utils.py
| b/lib/utils.py | ||
|---|---|---|
| 2608 | 2608 |
|
| 2609 | 2609 |
return ("%s: %s/%s\n\n%s" %
|
| 2610 | 2610 |
(constants.X509_CERT_SIGNATURE_HEADER, salt, |
| 2611 |
hmac.new(key, salt + cert_pem, sha1).hexdigest(),
|
|
| 2611 |
Sha1Hmac(key, salt + cert_pem),
|
|
| 2612 | 2612 |
cert_pem)) |
| 2613 | 2613 |
|
| 2614 | 2614 |
|
| ... | ... | |
| 2647 | 2647 |
# Dump again to ensure it's in a sane format |
| 2648 | 2648 |
sane_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) |
| 2649 | 2649 |
|
| 2650 |
if signature != hmac.new(key, salt + sane_pem, sha1).hexdigest():
|
|
| 2650 |
if not VerifySha1Hmac(key, salt + sane_pem, signature):
|
|
| 2651 | 2651 |
raise errors.GenericError("X509 certificate signature is invalid")
|
| 2652 | 2652 |
|
| 2653 | 2653 |
return (cert, salt) |
| 2654 | 2654 |
|
| 2655 | 2655 |
|
| 2656 |
def Sha1Hmac(key, text): |
|
| 2657 |
"""Calculates the HMAC-SHA1 digest of a text. |
|
| 2658 |
|
|
| 2659 |
HMAC is defined in RFC2104. |
|
| 2660 |
|
|
| 2661 |
@type key: string |
|
| 2662 |
@param key: Secret key |
|
| 2663 |
@type text: string |
|
| 2664 |
|
|
| 2665 |
""" |
|
| 2666 |
return hmac.new(key, text, sha1).hexdigest() |
|
| 2667 |
|
|
| 2668 |
|
|
| 2669 |
def VerifySha1Hmac(key, text, digest): |
|
| 2670 |
"""Verifies the HMAC-SHA1 digest of a text. |
|
| 2671 |
|
|
| 2672 |
HMAC is defined in RFC2104. |
|
| 2673 |
|
|
| 2674 |
@type key: string |
|
| 2675 |
@param key: Secret key |
|
| 2676 |
@type text: string |
|
| 2677 |
@type digest: string |
|
| 2678 |
@param digest: Expected digest |
|
| 2679 |
@rtype: bool |
|
| 2680 |
@return: Whether HMAC-SHA1 digest matches |
|
| 2681 |
|
|
| 2682 |
""" |
|
| 2683 |
return digest.lower() == Sha1Hmac(key, text).lower() |
|
| 2684 |
|
|
| 2685 |
|
|
| 2656 | 2686 |
def SafeEncode(text): |
| 2657 | 2687 |
"""Return a 'safe' version of a source string. |
| 2658 | 2688 |
|
Also available in: Unified diff