diff web/secure.py @ 189:101c66da848d

watcher script
author Matt Johnston <matt@ucc.asn.au>
date Sun, 09 Feb 2014 11:41:13 +0800
parents adbf70d1449f
children 8318d50d766d
line wrap: on
line diff
--- a/web/secure.py	Fri Feb 07 23:32:08 2014 +0800
+++ b/web/secure.py	Sun Feb 09 11:41:13 2014 +0800
@@ -4,13 +4,27 @@
 import hmac
 import binascii
 import sys
+import hashlib
+
+import bottle
 
 import config
 
-__all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf"]
+__all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf", "get_user_hash"]
+
+HASH=hashlib.sha1
 
 def get_user_hash():
-    return "aaa"
+    if bottle.request.environ.get('SSL_CLIENT_VERIFY', '') != 'GENEROUS':
+        return 'FAILVERIFY'
+    blob = bottle.request.environ.get('SSL_CLIENT_CERT')
+    if not blob:
+        return 'NOCERT'
+
+    b64 = ''.join(l for l in blob.split('\n')
+        if not l.startswith('-'))
+
+    return HASH(binascii.a2b_base64(b64)).hexdigest()
 
 def setup_csrf():
     NONCE_SIZE=16