parametrize 'now' function

This commit is contained in:
meejah 2020-05-07 15:52:45 -06:00
parent 7cb7cdfac9
commit c0f0d76563
1 changed files with 9 additions and 3 deletions

View File

@ -313,18 +313,24 @@ def parse_grid_manager_data(gm_data):
return js
def validate_grid_manager_certificate(gm_key, alleged_cert):
def validate_grid_manager_certificate(gm_key, alleged_cert, now_fn=None):
"""
:param gm_key: a VerifyingKey instance, a Grid Manager's public
key.
:param cert: dict with "certificate" and "signature" keys, where
:param alleged_cert: dict with "certificate" and "signature" keys, where
"certificate" contains a JSON-serialized certificate for a Storage
Server (comes from a Grid Manager).
:param now_fn: a zero-argument callable that returns a UTC
timestamp (will use datetime.utcnow by default)
:return: False if the signature is invalid or the certificate is
expired.
"""
if now_fn is None:
now_fn = datetime.utcnow
try:
gm_key.verify(
base32.a2b(alleged_cert['signature'].encode('ascii')),
@ -334,7 +340,7 @@ def validate_grid_manager_certificate(gm_key, alleged_cert):
return False
# signature is valid; now we can load the actual data
cert = json.loads(alleged_cert['certificate'])
now = datetime.utcnow()
now = now_fn()
expires = datetime.utcfromtimestamp(cert['expires'])
# cert_pubkey = keyutil.parse_pubkey(cert['public_key'].encode('ascii'))
if expires < now: