From 0e4f772c69bc0e8028d60a332edf344fba0d714e Mon Sep 17 00:00:00 2001 From: Jakob Ketterl Date: Thu, 11 Jun 2020 00:00:16 +0200 Subject: [PATCH] perform actual hmac signature --- owrx/receiverid.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/owrx/receiverid.py b/owrx/receiverid.py index 782e90f..f27bd95 100644 --- a/owrx/receiverid.py +++ b/owrx/receiverid.py @@ -1,6 +1,7 @@ import re import logging import hashlib +import hmac from datetime import datetime from owrx.config import Config @@ -49,6 +50,8 @@ class ReceiverId(object): raise KeyException("invalid authorization header") challenge = KeyChallenge(matches.group(1)) key = ReceiverId.findKey(challenge) + if key is None: + return {} time, signature = ReceiverId.signChallenge(challenge, key) return { "Signature": signature, @@ -60,9 +63,10 @@ class ReceiverId(object): def parseKey(keyString): try: return Key(keyString) - except KeyError as e: + except KeyException as e: logger.error(e) - keys = [key for key in (parseKey(keyString) for keyString in Config.get()['receiver_keys']) if key is not None] + keys = [parseKey(keyString) for keyString in Config.get()['receiver_keys']] + keys = [key for key in keys if key is not None] matching_keys = [key for key in keys if key.source == challenge.source and key.id == challenge.id] if matching_keys: return matching_keys[0] @@ -72,6 +76,5 @@ class ReceiverId(object): def signChallenge(challenge, key): now = datetime.utcnow().isoformat() signString = "{challenge}:{time}".format(challenge=challenge.challenge, time=now) - m = hashlib.sha256() - m.update(signString.encode()) + m = hmac.new(bytes.fromhex(key.secret), msg=signString.encode('utf8'), digestmod=hashlib.sha256) return now, m.hexdigest()