perform actual hmac signature

This commit is contained in:
Jakob Ketterl 2020-06-11 00:00:16 +02:00
parent 8278ece803
commit 0e4f772c69

View File

@ -1,6 +1,7 @@
import re import re
import logging import logging
import hashlib import hashlib
import hmac
from datetime import datetime from datetime import datetime
from owrx.config import Config from owrx.config import Config
@ -49,6 +50,8 @@ class ReceiverId(object):
raise KeyException("invalid authorization header") raise KeyException("invalid authorization header")
challenge = KeyChallenge(matches.group(1)) challenge = KeyChallenge(matches.group(1))
key = ReceiverId.findKey(challenge) key = ReceiverId.findKey(challenge)
if key is None:
return {}
time, signature = ReceiverId.signChallenge(challenge, key) time, signature = ReceiverId.signChallenge(challenge, key)
return { return {
"Signature": signature, "Signature": signature,
@ -60,9 +63,10 @@ class ReceiverId(object):
def parseKey(keyString): def parseKey(keyString):
try: try:
return Key(keyString) return Key(keyString)
except KeyError as e: except KeyException as e:
logger.error(e) logger.error(e)
keys = [key for key in (parseKey(keyString) for keyString in Config.get()['receiver_keys']) if key is not None] keys = [parseKey(keyString) for keyString in Config.get()['receiver_keys']]
keys = [key for key in keys if key is not None]
matching_keys = [key for key in keys if key.source == challenge.source and key.id == challenge.id] matching_keys = [key for key in keys if key.source == challenge.source and key.id == challenge.id]
if matching_keys: if matching_keys:
return matching_keys[0] return matching_keys[0]
@ -72,6 +76,5 @@ class ReceiverId(object):
def signChallenge(challenge, key): def signChallenge(challenge, key):
now = datetime.utcnow().isoformat() now = datetime.utcnow().isoformat()
signString = "{challenge}:{time}".format(challenge=challenge.challenge, time=now) signString = "{challenge}:{time}".format(challenge=challenge.challenge, time=now)
m = hashlib.sha256() m = hmac.new(bytes.fromhex(key.secret), msg=signString.encode('utf8'), digestmod=hashlib.sha256)
m.update(signString.encode())
return now, m.hexdigest() return now, m.hexdigest()