Provide more feedback and fix some flow issues

2024-11-26 11:30:23 +00:00 · 2018-04-25 16:47:42 -04:00 · 2018-04-25 16:47:42 -04:00 · 78bf1d5acd
commit 78bf1d5acd
parent 8165b645d9
2 changed files with 9 additions and 2 deletions
--- a/confluent_server/confluent/collective/invites.py
+++ b/confluent_server/confluent/collective/invites.py
@ -38,6 +38,8 @@ def check_server_proof(invitation, mycert, peercert, proof):

 def check_client_proof(servername, mycert, peercert, proof):
    servername = servername.encode('utf-8')
+    if servername not in pending_invites:
+        return False
    invitation = pending_invites[servername]
    validproof = hmac.new(invitation, mycert + peercert, hashlib.sha256
                          ).digest()
--- a/confluent_server/confluent/collective/manager.py
+++ b/confluent_server/confluent/collective/manager.py
@ -43,7 +43,7 @@ def handle_connection(connection, cert, request, local=False):
        if 'join' == operation:
            invitation = request['invitation']
            invitation = base64.b64decode(invitation)
-            name, invitation = invitation.split('@')
+            name, invitation = invitation.split('@', 1)
            host = request['server']
            remote = socket.create_connection((host, 13001))
            # This isn't what it looks like.  We do CERT_NONE to disable
@ -66,17 +66,22 @@ def handle_connection(connection, cert, request, local=False):
            proof = rsp['collective']['approval']
            j = invites.check_server_proof(invitation, mycert, cert, proof)
            if not j:
+                tlvdata.send(connection,
+                             {'errorcode': 500,
+                              'error': 'Response failed validation'})
                return
+            tlvdata.send(remote, {'collective': 'success'})
    if 'joinchallenge' == operation:
        mycert = util.get_certificate_from_file('/etc/confluent/srvcert.pem')
        proof = base64.b64decode(request['hmac'])
        myrsp = invites.check_client_proof(request['name'], mycert,
                                           cert, proof)
        if not myrsp:
+            tlvdata.send(connection, {'error': 'Invalid token'})
            connection.close()
            return
        myrsp = base64.b64encode(myrsp)
-        collcerts[request['name']] = cert
        tlvdata.send(connection, {'collective': {'approval': myrsp}})
        clientready = tlvdata.recv(connection)
        print(repr(clientready))
+        collcerts[request['name']] = cert