From e846a2b1115e38eca45b06114cf61e82786af986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= Date: Mon, 23 Jul 2018 17:14:44 +0200 Subject: [PATCH] Make TFWServer sign commands issued due to signed triggers --- lib/tfw/networking/server/tfw_server.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/tfw/networking/server/tfw_server.py b/lib/tfw/networking/server/tfw_server.py index 5f297df..c0d98f5 100644 --- a/lib/tfw/networking/server/tfw_server.py +++ b/lib/tfw/networking/server/tfw_server.py @@ -9,6 +9,7 @@ from tornado.web import Application from tfw.networking.event_handlers import ServerUplinkConnector from tfw.networking.server import EventHandlerConnector from tfw.networking import MessageSender +from tfw.crypto import KeyManager, verify_message, sign_message from tfw.config.logs import logging from .zmq_websocket_proxy import ZMQWebSocketProxy @@ -24,6 +25,7 @@ class TFWServer: def __init__(self): self._event_handler_connector = EventHandlerConnector() self._uplink_connector = ServerUplinkConnector() + self._auth_key = KeyManager().auth_key self.application = Application([( r'/ws', ZMQWebSocketProxy, { @@ -37,13 +39,16 @@ class TFWServer: def handle_trigger(self, message): if 'trigger' in message: LOG.debug('Executing handler for trigger "%s"', message.get('trigger', '')) - self._uplink_connector.send_to_eventhandler({ + fsm_eh_command = { 'key': 'fsm', 'data': { 'command': 'trigger', - 'value': message.get('trigger', '') + 'value': message['trigger'] } - }) + } + if verify_message(self._auth_key, message): + sign_message(self._auth_key, fsm_eh_command) + self._uplink_connector.send_to_eventhandler(fsm_eh_command) def handle_recover(self, message): if message['key'] == 'recover':