Fix name checking for kem backend

Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-06-05 14:02:34 -0400
committer: Simo Sorce <simo@redhat.com> 2015-06-05 14:02:34 -0400
commit: 3cf9508e5b018bc242bc1ceed6c2cb522e90a00f (patch)
tree: ac7f2d9fecdc8126ce72b0173db91dcd6cff064d /custodia/message/kem.py
parent: 1b55bc36f4176c0d4c6ea8ac5196b48776c08eeb (diff)
download: custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.tar.gz
custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.tar.xz
custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/custodia/message/kem.py b/custodia/message/kem.py
index ebe2a47..3b01a1f 100644
--- a/custodia/message/kem.py
+++ b/custodia/message/kem.py
@@ -155,11 +155,12 @@ class KEMHandler(MessageHandler):
         if 'sub' not in claims:
             raise InvalidMessage('Missing subject in payload')
         if claims['sub'] != name:
-            raise InvalidMessage('Key name does not match payload subject')
+            raise InvalidMessage('Key name %s does not match subject %s' % (
+                name, claims['sub']))
         if 'exp' not in claims:
             raise InvalidMessage('Missing request time in payload')
         if claims['exp'] - (10 * 60) > int(time.time()):
-            raise InvalidMessage('Message expiration too long')
+            raise InvalidMessage('Message expiration too far in the future')
         if claims['exp'] < int(time.time()):
             raise InvalidMessage('Message Expired')
author	Simo Sorce <simo@redhat.com>	2015-06-05 14:02:34 -0400
committer	Simo Sorce <simo@redhat.com>	2015-06-05 14:02:34 -0400
commit	3cf9508e5b018bc242bc1ceed6c2cb522e90a00f (patch)
tree	ac7f2d9fecdc8126ce72b0173db91dcd6cff064d /custodia/message/kem.py
parent	1b55bc36f4176c0d4c6ea8ac5196b48776c08eeb (diff)
download	custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.tar.gz custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.tar.xz custodia-3cf9508e5b018bc242bc1ceed6c2cb522e90a00f.zip