Revision 1a0defea htools/Ganeti/Confd/Utils.hs
b/htools/Ganeti/Confd/Utils.hs | ||
---|---|---|
30 | 30 |
( getClusterHmac |
31 | 31 |
, parseSignedMessage |
32 | 32 |
, parseRequest |
33 |
, parseReply |
|
33 | 34 |
, signMessage |
34 | 35 |
, getCurrentTime |
35 | 36 |
) where |
... | ... | |
65 | 66 |
else Bad "HMAC verification failed" |
66 | 67 |
return (salt, msg, parsedMsg) |
67 | 68 |
|
68 |
-- | Message parsing. This can either result in a good, valid message,
|
|
69 |
-- or fail in the Result monad. |
|
69 |
-- | Message parsing. This can either result in a good, valid request
|
|
70 |
-- message, or fail in the Result monad.
|
|
70 | 71 |
parseRequest :: HashKey -> String -> Integer |
71 | 72 |
-> Result (String, ConfdRequest) |
72 | 73 |
parseRequest hmac msg curtime = do |
... | ... | |
76 | 77 |
then fail "Too old/too new timestamp or clock skew" |
77 | 78 |
else return (origmsg, request) |
78 | 79 |
|
80 |
-- | Message parsing. This can either result in a good, valid reply |
|
81 |
-- message, or fail in the Result monad. |
|
82 |
-- It also checks that the salt in the message corresponds to the one |
|
83 |
-- that is expected |
|
84 |
parseReply :: HashKey -> String -> String -> Result (String, ConfdReply) |
|
85 |
parseReply hmac msg expSalt = do |
|
86 |
(salt, origmsg, reply) <- parseSignedMessage hmac msg |
|
87 |
if salt /= expSalt |
|
88 |
then fail "The received salt differs from the expected salt" |
|
89 |
else return (origmsg, reply) |
|
90 |
|
|
79 | 91 |
-- | Signs a message with a given key and salt. |
80 | 92 |
signMessage :: HashKey -> String -> String -> SignedMessage |
81 | 93 |
signMessage key salt msg = |
Also available in: Unified diff