[sldev-commits] r83 - trunk/certified_http

seeping.blister at svn.secondlife.com seeping.blister at svn.secondlife.com
Tue Dec 4 15:49:06 PST 2007


Author: seeping.blister
Date: 2007-12-04 17:49:05 -0600 (Tue, 04 Dec 2007)
New Revision: 83

Modified:
   trunk/certified_http/oplog.py
   trunk/certified_http/server.py
   trunk/certified_http/server_test.py
Trac: http://svn.secondlife.com/trac/certified_http/changeset/83
Log:
added support in server.py to detect clock skew, and global vars in oplog.py defining max allowed skew (1 hr).
Also tests, of course.  Bad skew, good skew, and check for date header.
Also specified "long time" in oplog.py, but no code does anything with it yet.


Modified: trunk/certified_http/oplog.py
===================================================================
--- trunk/certified_http/oplog.py	2007-12-04 01:01:10 UTC (rev 82)
+++ trunk/certified_http/oplog.py	2007-12-04 23:49:05 UTC (rev 83)
@@ -29,6 +29,11 @@
 import datetime
 from datetime import datetime
 
+# "long time" 15 days
+_long_time = 15 * 24 * 60 * 60
+# "clock skew" 1 hr
+_skew = 60 * 60
+
 import sha
 def simple_sha1(s):
     return sha.new(s).hexdigest()

Modified: trunk/certified_http/server.py
===================================================================
--- trunk/certified_http/server.py	2007-12-04 01:01:10 UTC (rev 82)
+++ trunk/certified_http/server.py	2007-12-04 23:49:05 UTC (rev 83)
@@ -19,11 +19,13 @@
 
 
 import md5
+import time
 import urllib
 import uuid
 import oplog
 from mulib import mu
 from eventlet import httpd
+import rfc822
 
 def request_hash(req):
     m = md5.new()
@@ -58,6 +60,14 @@
         if request.get_header('Date') is None:
             raise httpd.ErrorResponse(403, "Cannot access chttp node %s without specifying date header." % request.full_url())
 
+        request_date = request.get_header('Date')
+        request_secs = int(rfc822.mktime_tz(rfc822.parsedate_tz(request_date)))
+        now = int(time.time())
+        skew = (now - request_secs)
+        if abs(skew) > oplog._skew:
+            print "(request_date, request_secs, now, skew): (%s,%s,%s,%s)" % (request_date, request_secs, now, skew)
+            raise httpd.ErrorResponse(403,"Client clock skew is too great: %d seconds, %d allowed" % (skew,oplog._skew))
+
         # create or resume a message with this ID
         try:
             mid = oplog.simple_sha1(full_message_id + str(request.get_header('Date')))

Modified: trunk/certified_http/server_test.py
===================================================================
--- trunk/certified_http/server_test.py	2007-12-04 01:01:10 UTC (rev 82)
+++ trunk/certified_http/server_test.py	2007-12-04 23:49:05 UTC (rev 83)
@@ -120,6 +120,19 @@
         self.assertEquals('abc', headers['x-message-id'])
         self.assertEquals('contents', result)
 
+    def test_needs_date(self):
+        self.assertRaises(httpc.Forbidden, httpc.get_, 'http://localhost:9903/', headers={'X-Message-Id':'abc'})
+
+    def test_clock_skew(self):
+        date = httpdate.format_date_time(time.time() - oplog._skew - 1)
+        self.assertRaises(httpc.Forbidden, httpc.get_, 'http://localhost:9903/', headers={'X-Message-Id':'abc', 'Date': date})
+
+    def test_ok_clock_skew(self):
+        date = httpdate.format_date_time(time.time() - oplog._skew + 1)
+        status, headers, result = httpc.get_('http://localhost:9903/', headers={'X-Message-Id':'abc', 'Date':date})
+        self.assertEquals('abc', headers['x-message-id'])
+        self.assertEquals('contents', result)
+
     def test_post(self):
         date = httpdate.format_date_time(time.time())
 



More information about the sldev-commits mailing list