u/bodqhrohro/swineboard Commit - r1237:6c4ec150

Added signature verification for a post

neko259 -

r1237:6c4ec150 decentral

parent child

boards/models/post/sync.py

0 +32 -1

             ATTR_NAME = 'name'
             ATTR_VALUE = 'value'
             ATTR_MIMETYPE = 'mimetype'
+            ATTR_KEY = 'key'
             STATUS_SUCCESS = 'success'
                             signatures = [Signature(
                                 key_type=key.key_type,
                                 key=key.public_key,
-                                signature=key.sign(et.tostring(model, ENCODING_UNICODE)),
+                                signature=key.sign(et.tostring(content_tag, ENCODING_UNICODE)),
                             )]
                         for signature in signatures:
                             signature_tag = et.SubElement(signatures_tag, TAG_SIGNATURE)
                             signature_tag.set(ATTR_TYPE, signature.key_type)
                             signature_tag.set(ATTR_VALUE, signature.signature)
+                            signature_tag.set(ATTR_KEY, signature.key)
                     return et.tostring(response, ENCODING_UNICODE)
                         tag_models = tag_root.find(TAG_MODELS)
                         for tag_model in tag_models:
                             tag_content = tag_model.find(TAG_CONTENT)
+                            valid = SyncManager.verify_model(tag_content, tag_model)
+                            if not valid:
+                                raise Exception('Invalid model signature')
                             tag_id = tag_content.find(TAG_ID)
                             global_id, exists = GlobalId.from_xml_element(tag_id)
                     else:
                         # TODO Throw an exception?
                         pass
+                @staticmethod
+                def verify_model(tag_content, tag_model):
+                    """
+                    Verifies all signatures for a single model.
+                    """
+                    valid = True
+                    tag_signatures = tag_model.find(TAG_SIGNATURES)
+                    for tag_signature in tag_signatures:
+                        signature_type = tag_signature.get(ATTR_TYPE)
+                        signature_value = tag_signature.get(ATTR_VALUE)
+                        signature_key = tag_signature.get(ATTR_KEY)
+                        if not KeyPair.objects.verify(
+                                signature_key,
+                                et.tostring(tag_content, ENCODING_UNICODE),
+                                signature_value, signature_type):
+                            valid = False
+                            break
+                    return valid

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages