Commit 541822e0 authored by Guido Trotter's avatar Guido Trotter
Browse files

Fix python 2.4 compatibility



I got overexcited and forgot we have to remain compatible with python
2.4. With this patch we move from sha256 to sha1 for hmac authenticated
serialized messages, and we handle both newer and older python, by
importing the right module for each.
Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent d393737d
...@@ -28,10 +28,13 @@ backend (currently json). ...@@ -28,10 +28,13 @@ backend (currently json).
import simplejson import simplejson
import re import re
import hmac import hmac
import hashlib
from ganeti import errors from ganeti import errors
try:
from hashlib import sha1
except ImportError:
import sha as sha1
# Check whether the simplejson module supports indentation # Check whether the simplejson module supports indentation
_JSON_INDENT = 2 _JSON_INDENT = 2
...@@ -88,7 +91,7 @@ def DumpSignedJson(data, key, salt=None): ...@@ -88,7 +91,7 @@ def DumpSignedJson(data, key, salt=None):
signed_dict = { signed_dict = {
'msg': txt, 'msg': txt,
'salt': salt, 'salt': salt,
'hmac': hmac.new(key, salt + txt, hashlib.sha256).hexdigest(), 'hmac': hmac.new(key, salt + txt, sha1).hexdigest(),
} }
return DumpJson(signed_dict) return DumpJson(signed_dict)
...@@ -120,7 +123,7 @@ def LoadSignedJson(txt, key, salt_verifier=None): ...@@ -120,7 +123,7 @@ def LoadSignedJson(txt, key, salt_verifier=None):
if not salt_verifier(salt): if not salt_verifier(salt):
raise errors.SignatureError('Invalid salt') raise errors.SignatureError('Invalid salt')
if hmac.new(key, salt + msg, hashlib.sha256).hexdigest() != hmac_sign: if hmac.new(key, salt + msg, sha1).hexdigest() != hmac_sign:
raise errors.SignatureError('Invalid Signature') raise errors.SignatureError('Invalid Signature')
return LoadJson(msg) return LoadJson(msg)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment