1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
import crypto, socket, time
keyfile = 'subdap-%s.key' % (socket.gethostname())
pubfile = 'subdap-%s.pem' % (socket.gethostname())
keys = ['site', 'user', 'ts', 'sig']
def tgt_create(site, user):
ts = int(time.time())
data = '%s:%d:%s' % (site, ts, user)
sig = crypto.sign(keyfile, data)
return {'site': site, 'user': user, 'ts': ts, 'sig': sig}
def tgt_verify(site, user, ts, sig, maxage = None):
data = '%s:%d:%s' % (site, int(ts), user)
status = crypto.verify(pubfile, data, sig)
if maxage != None:
status &= ts > time.time() - maxage
return status
if __name__ == '__main__':
sig = tgt_create('site', 'test')
print sig
assert not tgt_verify(maxage = -9999, **sig)
assert tgt_verify(maxage = 9999, **sig)
|
