extended digest.NonceStoreBase interface

The methods now take an optional last parameter called ident. It can
be used to bind nonces to specific uses within one NonceStore.

1 files changed, 29 insertions, 9 deletions

diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index 0aca584..1339fbb 100755
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -77,22 +77,27 @@ class NonceStoreBase:
     """Nonce storage interface."""
     def __init__(self):
         pass
-    def newnonce(self):
+    def newnonce(self, ident=None):
         """
         This method is to be overriden and should return new nonces.
+        @type ident: str
+        @param ident: is an identifier to be associated with this nonce
         @rtype: str
         """
         raise NotImplementedError
-    def isnonce(self, nonce):
+    def isnonce(self, nonce, ident=None):
         """
         This method is to be overridden and should do a quick check for whether
         the given nonce has a chance to be a valid one. This function must not
         return false for a stale nonce.
         @type nonce: str
+        @type ident: str
+        @param ident: it is also checked that the nonce was associated to this
+            identifier when given
         @rtype: bool
         """
         raise NotImplementedError
-    def checknonce(self, nonce, count=1):
+    def checknonce(self, nonce, count=1, ident=None):
         """
         This method is to be overridden and should do a thorough check for
         whether the given nonce is a valid as being used count times.
@@ -100,6 +105,9 @@ class NonceStoreBase:
         @type count: int
         @param count: indicates how often the nonce has been used (including
                 this check)
+        @type ident: str
+        @param ident: it is also checked that the nonce was associated to this
+            identifier when given
         @rtype: bool
         """
         raise NotImplementedError
@@ -140,7 +148,7 @@ class StatelessNonceStore(NonceStoreBase):
             self.server_secret = ("%066X" % sysrand.getrandbits(33*8)
                                   ).decode("hex").encode("base64").strip()
 
-    def newnonce(self):
+    def newnonce(self, ident=None):
         """
         Generates a new nonce string.
         @rtype: str
@@ -149,10 +157,12 @@ class StatelessNonceStore(NonceStoreBase):
         nonce_value = ("%066X" % sysrand.getrandbits(33*8)
                       ).decode("hex").encode("base64").strip()
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (token, ident)
         token = md5(token).hexdigest()
         return "%s:%s:%s" % (nonce_time, nonce_value, token)
 
-    def isnonce(self, nonce):
+    def isnonce(self, nonce, ident=None):
         """
         Do a quick a stateless check for whether the provides string might
         be a nonce.
@@ -164,10 +174,12 @@ class StatelessNonceStore(NonceStoreBase):
         except ValueError:
             return False
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (token, ident)
         token = md5(token).hexdigest()
         return nonce_hash == token
 
-    def checknonce(self, nonce, count=1):
+    def checknonce(self, nonce, count=1, ident=None):
         """
         Do a thorough check for whether the provided string is a nonce and
         increase usage count on returning True.
@@ -182,6 +194,8 @@ class StatelessNonceStore(NonceStoreBase):
         except ValueError:
             return False
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (token, ident)
         token = md5(token).hexdigest()
         if token != nonce_hash:
             return False
@@ -218,7 +232,7 @@ class MemoryNonceStore(NonceStoreBase):
         while self.nonces and self.nonces[0][0] < old:
             self.nonces.pop(0)
 
-    def newnonce(self):
+    def newnonce(self, ident=None):
         """
         Generates a new nonce string.
         @rtype: str
@@ -229,10 +243,12 @@ class MemoryNonceStore(NonceStoreBase):
                       ).decode("hex").encode("base64").strip()
         self.nonces.append((nonce_time, nonce_value, 1))
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (token, ident)
         token = md5(token).hexdigest()
         return "%s:%s:%s" % (nonce_time, nonce_value, token)
 
-    def isnonce(self, nonce):
+    def isnonce(self, nonce, ident=None):
         """
         Do a quick a stateless check for whether the provides string might
         be a nonce.
@@ -244,10 +260,12 @@ class MemoryNonceStore(NonceStoreBase):
         except ValueError:
             return False
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (nonce, ident)
         token = md5(token).hexdigest()
         return nonce_hash == token
 
-    def checknonce(self, nonce, count=1):
+    def checknonce(self, nonce, count=1, ident=None):
         """
         Do a thorough check for whether the provided string is a nonce and
         increase usage count on returning True.
@@ -260,6 +278,8 @@ class MemoryNonceStore(NonceStoreBase):
         except ValueError:
             return False
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        if ident is not None:
+            token = "%s:%s" % (token, ident)
         token = md5(token).hexdigest()
         if token != nonce_hash:
             return False