Merge "fix message signatures for nested dicts"
This commit is contained in:
commit
5705468da2
|
@ -38,11 +38,22 @@ METER_OPTS = [
|
|||
cfg.CONF.register_opts(METER_OPTS)
|
||||
|
||||
|
||||
def recursive_keypairs(d):
|
||||
"""Generator that produces sequence of keypairs for nested dictionaries.
|
||||
"""
|
||||
for name, value in sorted(d.iteritems()):
|
||||
if isinstance(value, dict):
|
||||
for subname, subvalue in recursive_keypairs(value):
|
||||
yield ('%s:%s' % (name, subname), subvalue)
|
||||
else:
|
||||
yield name, value
|
||||
|
||||
|
||||
def compute_signature(message):
|
||||
"""Return the signature for a message dictionary.
|
||||
"""
|
||||
digest_maker = hmac.new(cfg.CONF.metering_secret, '', hashlib.sha256)
|
||||
for name, value in sorted(message.iteritems()):
|
||||
for name, value in recursive_keypairs(message):
|
||||
if name == 'message_signature':
|
||||
# Skip any existing signature value, which would not have
|
||||
# been part of the original message.
|
||||
|
|
|
@ -79,6 +79,32 @@ def test_verify_signature_incorrect():
|
|||
assert not meter.verify_signature(data)
|
||||
|
||||
|
||||
def test_recursive_keypairs():
|
||||
data = {'a': 'A',
|
||||
'b': 'B',
|
||||
'nested': {'a': 'A',
|
||||
'b': 'B',
|
||||
},
|
||||
}
|
||||
pairs = list(meter.recursive_keypairs(data))
|
||||
assert pairs == [('a', 'A'),
|
||||
('b', 'B'),
|
||||
('nested:a', 'A'),
|
||||
('nested:b', 'B'),
|
||||
]
|
||||
|
||||
|
||||
def test_verify_signature_nested():
|
||||
data = {'a': 'A',
|
||||
'b': 'B',
|
||||
'nested': {'a': 'A',
|
||||
'b': 'B',
|
||||
},
|
||||
}
|
||||
data['message_signature'] = meter.compute_signature(data)
|
||||
assert meter.verify_signature(data)
|
||||
|
||||
|
||||
TEST_COUNTER = counter.Counter(source='src',
|
||||
name='name',
|
||||
type='typ',
|
||||
|
|
Loading…
Reference in New Issue