Show More
@@ -27,6 +27,7 b" ATTR_TYPE = 'type'" | |||||
27 | ATTR_NAME = 'name' |
|
27 | ATTR_NAME = 'name' | |
28 | ATTR_VALUE = 'value' |
|
28 | ATTR_VALUE = 'value' | |
29 | ATTR_MIMETYPE = 'mimetype' |
|
29 | ATTR_MIMETYPE = 'mimetype' | |
|
30 | ATTR_KEY = 'key' | |||
30 |
|
31 | |||
31 | STATUS_SUCCESS = 'success' |
|
32 | STATUS_SUCCESS = 'success' | |
32 |
|
33 | |||
@@ -79,12 +80,13 b' class SyncManager:' | |||||
79 | signatures = [Signature( |
|
80 | signatures = [Signature( | |
80 | key_type=key.key_type, |
|
81 | key_type=key.key_type, | |
81 | key=key.public_key, |
|
82 | key=key.public_key, | |
82 |
signature=key.sign(et.tostring( |
|
83 | signature=key.sign(et.tostring(content_tag, ENCODING_UNICODE)), | |
83 | )] |
|
84 | )] | |
84 | for signature in signatures: |
|
85 | for signature in signatures: | |
85 | signature_tag = et.SubElement(signatures_tag, TAG_SIGNATURE) |
|
86 | signature_tag = et.SubElement(signatures_tag, TAG_SIGNATURE) | |
86 | signature_tag.set(ATTR_TYPE, signature.key_type) |
|
87 | signature_tag.set(ATTR_TYPE, signature.key_type) | |
87 | signature_tag.set(ATTR_VALUE, signature.signature) |
|
88 | signature_tag.set(ATTR_VALUE, signature.signature) | |
|
89 | signature_tag.set(ATTR_KEY, signature.key) | |||
88 |
|
90 | |||
89 | return et.tostring(response, ENCODING_UNICODE) |
|
91 | return et.tostring(response, ENCODING_UNICODE) | |
90 |
|
92 | |||
@@ -97,6 +99,12 b' class SyncManager:' | |||||
97 | tag_models = tag_root.find(TAG_MODELS) |
|
99 | tag_models = tag_root.find(TAG_MODELS) | |
98 | for tag_model in tag_models: |
|
100 | for tag_model in tag_models: | |
99 | tag_content = tag_model.find(TAG_CONTENT) |
|
101 | tag_content = tag_model.find(TAG_CONTENT) | |
|
102 | ||||
|
103 | valid = SyncManager.verify_model(tag_content, tag_model) | |||
|
104 | ||||
|
105 | if not valid: | |||
|
106 | raise Exception('Invalid model signature') | |||
|
107 | ||||
100 | tag_id = tag_content.find(TAG_ID) |
|
108 | tag_id = tag_content.find(TAG_ID) | |
101 | global_id, exists = GlobalId.from_xml_element(tag_id) |
|
109 | global_id, exists = GlobalId.from_xml_element(tag_id) | |
102 |
|
110 | |||
@@ -127,3 +135,26 b' class SyncManager:' | |||||
127 | else: |
|
135 | else: | |
128 | # TODO Throw an exception? |
|
136 | # TODO Throw an exception? | |
129 | pass |
|
137 | pass | |
|
138 | ||||
|
139 | @staticmethod | |||
|
140 | def verify_model(tag_content, tag_model): | |||
|
141 | """ | |||
|
142 | Verifies all signatures for a single model. | |||
|
143 | """ | |||
|
144 | ||||
|
145 | valid = True | |||
|
146 | ||||
|
147 | tag_signatures = tag_model.find(TAG_SIGNATURES) | |||
|
148 | for tag_signature in tag_signatures: | |||
|
149 | signature_type = tag_signature.get(ATTR_TYPE) | |||
|
150 | signature_value = tag_signature.get(ATTR_VALUE) | |||
|
151 | signature_key = tag_signature.get(ATTR_KEY) | |||
|
152 | ||||
|
153 | if not KeyPair.objects.verify( | |||
|
154 | signature_key, | |||
|
155 | et.tostring(tag_content, ENCODING_UNICODE), | |||
|
156 | signature_value, signature_type): | |||
|
157 | valid = False | |||
|
158 | break | |||
|
159 | ||||
|
160 | return valid |
@@ -68,23 +68,23 b' author)' | |||||
68 |
|
68 | |||
69 | Sample request is as follows: |
|
69 | Sample request is as follows: | |
70 |
|
70 | |||
71 | <?xml version="1.1" encoding="UTF-8" ?> |
|
71 | <?xml version="1.1" encoding="UTF-8" ?> | |
72 | <request version="1.0" type="pull"> |
|
72 | <request version="1.0" type="pull"> | |
73 | <model version="1.0" name="post"> |
|
73 | <model version="1.0" name="post"> | |
74 | <timestamp_from>0</timestamp_from> |
|
74 | <timestamp_from>0</timestamp_from> | |
75 | <timestamp_to>0</timestamp_to> |
|
75 | <timestamp_to>0</timestamp_to> | |
76 | <tags> |
|
76 | <tags> | |
77 | <tag>tag1</tag> |
|
77 | <tag>tag1</tag> | |
78 | </tags> |
|
78 | </tags> | |
79 | <sender> |
|
79 | <sender> | |
80 | <allow> |
|
80 | <allow> | |
81 | <key>abcehy3h9t</key> |
|
81 | <key>abcehy3h9t</key> | |
82 | <key>ehoehyoe</key> |
|
82 | <key>ehoehyoe</key> | |
83 | </allow> |
|
83 | </allow> | |
84 | <!-- There can be only allow block (all other are denied) or deny block (all other are allowed) --> |
|
84 | <!-- There can be only allow block (all other are denied) or deny block (all other are allowed) --> | |
85 | </sender> |
|
85 | </sender> | |
86 | </model> |
|
86 | </model> | |
87 | </request> |
|
87 | </request> | |
88 |
|
88 | |||
89 | Under the <model> tag there are filters. Filters for the "post" model can |
|
89 | Under the <model> tag there are filters. Filters for the "post" model can | |
90 | be found in DIP-2. |
|
90 | be found in DIP-2. |
General Comments 0
You need to be logged in to leave comments.
Login now