From 3cf9508e5b018bc242bc1ceed6c2cb522e90a00f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 5 Jun 2015 14:02:34 -0400 Subject: Fix name checking for kem backend Signed-off-by: Simo Sorce --- custodia/message/kem.py | 5 +++-- custodia/secrets.py | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/custodia/message/kem.py b/custodia/message/kem.py index ebe2a47..3b01a1f 100644 --- a/custodia/message/kem.py +++ b/custodia/message/kem.py @@ -155,11 +155,12 @@ class KEMHandler(MessageHandler): if 'sub' not in claims: raise InvalidMessage('Missing subject in payload') if claims['sub'] != name: - raise InvalidMessage('Key name does not match payload subject') + raise InvalidMessage('Key name %s does not match subject %s' % ( + name, claims['sub'])) if 'exp' not in claims: raise InvalidMessage('Missing request time in payload') if claims['exp'] - (10 * 60) > int(time.time()): - raise InvalidMessage('Message expiration too long') + raise InvalidMessage('Message expiration too far in the future') if claims['exp'] < int(time.time()): raise InvalidMessage('Message Expired') diff --git a/custodia/secrets.py b/custodia/secrets.py index c896564..2497a90 100644 --- a/custodia/secrets.py +++ b/custodia/secrets.py @@ -186,7 +186,8 @@ class Secrets(HTTPConsumer): if len(query) == 0: query = {'type': 'simple', 'value': ''} try: - msg = self._parse(request, query, trail) + name = '/'.join(trail) + msg = self._parse(request, query, name) except Exception as e: raise HTTPError(406, str(e)) key = self._db_key(trail) @@ -208,7 +209,8 @@ class Secrets(HTTPConsumer): raise HTTPError(400) value = bytes(body).decode('utf-8') try: - msg = self._parse(request, json.loads(value), trail) + name = '/'.join(trail) + msg = self._parse(request, json.loads(value), name) except UnknownMessageType as e: raise HTTPError(406, str(e)) except UnallowedMessage as e: -- cgit