Merge pull request #37 from avatao-content/require_signature

Require signature
This commit is contained in:
Bokros Bálint 2018-07-23 17:27:04 +02:00 committed by GitHub
commit f58f362e46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 17 deletions

View File

@ -2,18 +2,19 @@
# All Rights Reserved. See LICENSE file for details. # All Rights Reserved. See LICENSE file for details.
from tfw import EventHandlerBase from tfw import EventHandlerBase
from tfw.crypto import KeyManager, sign_message from tfw.crypto import KeyManager, sign_message, verify_message
from tfw.config.logs import logging from tfw.config.logs import logging
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
class FSMManagingEventHandler(EventHandlerBase): class FSMManagingEventHandler(EventHandlerBase):
def __init__(self, key, fsm_type): def __init__(self, key, fsm_type, require_signature=False):
super().__init__(key) super().__init__(key)
self.fsm = fsm_type() self.fsm = fsm_type()
self._fsm_updater = FSMUpdater(self.fsm) self._fsm_updater = FSMUpdater(self.fsm)
self.auth_key = KeyManager().auth_key self.auth_key = KeyManager().auth_key
self._require_signature = require_signature
self.command_handlers = { self.command_handlers = {
'trigger': self.handle_trigger, 'trigger': self.handle_trigger,
@ -22,8 +23,8 @@ class FSMManagingEventHandler(EventHandlerBase):
def handle_event(self, message): def handle_event(self, message):
try: try:
data = message['data'] message = self.command_handlers[message['data']['command']](message)
message['data'] = self.command_handlers[data['command']](data) if message:
fsm_update_message = self._fsm_updater.generate_fsm_update() fsm_update_message = self._fsm_updater.generate_fsm_update()
sign_message(self.auth_key, message) sign_message(self.auth_key, message)
sign_message(self.auth_key, fsm_update_message) sign_message(self.auth_key, fsm_update_message)
@ -32,14 +33,19 @@ class FSMManagingEventHandler(EventHandlerBase):
except KeyError: except KeyError:
LOG.error('IGNORING MESSAGE: Invalid message received: %s', message) LOG.error('IGNORING MESSAGE: Invalid message received: %s', message)
def handle_trigger(self, data): def handle_trigger(self, message):
trigger = data['value'] trigger = message['data']['value']
self.fsm.step(trigger) if self._require_signature:
return data if not verify_message(self.auth_key, message):
LOG.error('Ignoring unsigned trigger command: %s', message)
return None
if self.fsm.step(trigger):
return message
return None
def handle_update(self, data): def handle_update(self, message):
# pylint: disable=no-self-use # pylint: disable=no-self-use
return data return message
class FSMUpdater: class FSMUpdater:

View File

@ -62,5 +62,7 @@ class FSMBase(Machine, CallbackMixin):
try: try:
self.trigger(trigger) self.trigger(trigger)
self.trigger_history.append(trigger) self.trigger_history.append(trigger)
return True
except (AttributeError, MachineError): except (AttributeError, MachineError):
LOG.debug('FSM failed to execute nonexistent trigger: "%s"', trigger) LOG.debug('FSM failed to execute nonexistent trigger: "%s"', trigger)
return False

View File

@ -9,6 +9,7 @@ from tornado.web import Application
from tfw.networking.event_handlers import ServerUplinkConnector from tfw.networking.event_handlers import ServerUplinkConnector
from tfw.networking.server import EventHandlerConnector from tfw.networking.server import EventHandlerConnector
from tfw.networking import MessageSender from tfw.networking import MessageSender
from tfw.crypto import KeyManager, verify_message, sign_message
from tfw.config.logs import logging from tfw.config.logs import logging
from .zmq_websocket_proxy import ZMQWebSocketProxy from .zmq_websocket_proxy import ZMQWebSocketProxy
@ -24,6 +25,7 @@ class TFWServer:
def __init__(self): def __init__(self):
self._event_handler_connector = EventHandlerConnector() self._event_handler_connector = EventHandlerConnector()
self._uplink_connector = ServerUplinkConnector() self._uplink_connector = ServerUplinkConnector()
self._auth_key = KeyManager().auth_key
self.application = Application([( self.application = Application([(
r'/ws', ZMQWebSocketProxy, { r'/ws', ZMQWebSocketProxy, {
@ -37,13 +39,16 @@ class TFWServer:
def handle_trigger(self, message): def handle_trigger(self, message):
if 'trigger' in message: if 'trigger' in message:
LOG.debug('Executing handler for trigger "%s"', message.get('trigger', '')) LOG.debug('Executing handler for trigger "%s"', message.get('trigger', ''))
self._uplink_connector.send_to_eventhandler({ fsm_eh_command = {
'key': 'fsm', 'key': 'fsm',
'data': { 'data': {
'command': 'trigger', 'command': 'trigger',
'value': message.get('trigger', '') 'value': message['trigger']
} }
}) }
if verify_message(self._auth_key, message):
sign_message(self._auth_key, fsm_eh_command)
self._uplink_connector.send_to_eventhandler(fsm_eh_command)
def handle_recover(self, message): def handle_recover(self, message):
if message['key'] == 'recover': if message['key'] == 'recover':