diff options
| -rw-r--r-- | custodia/message/kem.py | 5 | ||||
| -rw-r--r-- | custodia/secrets.py | 6 |
2 files changed, 7 insertions, 4 deletions
diff --git a/custodia/message/kem.py b/custodia/message/kem.py index ebe2a47..3b01a1f 100644 --- a/custodia/message/kem.py +++ b/custodia/message/kem.py @@ -155,11 +155,12 @@ class KEMHandler(MessageHandler): if 'sub' not in claims: raise InvalidMessage('Missing subject in payload') if claims['sub'] != name: - raise InvalidMessage('Key name does not match payload subject') + raise InvalidMessage('Key name %s does not match subject %s' % ( + name, claims['sub'])) if 'exp' not in claims: raise InvalidMessage('Missing request time in payload') if claims['exp'] - (10 * 60) > int(time.time()): - raise InvalidMessage('Message expiration too long') + raise InvalidMessage('Message expiration too far in the future') if claims['exp'] < int(time.time()): raise InvalidMessage('Message Expired') diff --git a/custodia/secrets.py b/custodia/secrets.py index c896564..2497a90 100644 --- a/custodia/secrets.py +++ b/custodia/secrets.py @@ -186,7 +186,8 @@ class Secrets(HTTPConsumer): if len(query) == 0: query = {'type': 'simple', 'value': ''} try: - msg = self._parse(request, query, trail) + name = '/'.join(trail) + msg = self._parse(request, query, name) except Exception as e: raise HTTPError(406, str(e)) key = self._db_key(trail) @@ -208,7 +209,8 @@ class Secrets(HTTPConsumer): raise HTTPError(400) value = bytes(body).decode('utf-8') try: - msg = self._parse(request, json.loads(value), trail) + name = '/'.join(trail) + msg = self._parse(request, json.loads(value), name) except UnknownMessageType as e: raise HTTPError(406, str(e)) except UnallowedMessage as e: |