Created
July 28, 2016 19:06
-
-
Save johnwheeler/a580d4ee96cb3ad093ab5270d2ee200c to your computer and use it in GitHub Desktop.
verifier.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import base64 | |
| import posixpath | |
| from datetime import datetime | |
| from six.moves.urllib.parse import urlparse | |
| from six.moves.urllib.request import urlopen | |
| from . import logger | |
| class VerificationError(Exception): pass | |
| def verify_timestamp(timestamp): | |
| dt = datetime.utcnow() - timestamp.replace(tzinfo=None) | |
| if dt.seconds > 150: | |
| raise VerificationError("Timestamp verification failed") | |
| def verify_application_id(candidate, records): | |
| if candidate not in records: | |
| raise VerificationError("Application ID verification failed") | |
| def _valid_certificate_url(cert_url): | |
| parsed_url = urlparse(cert_url) | |
| if parsed_url.scheme == 'https': | |
| if parsed_url.hostname == "s3.amazonaws.com": | |
| if posixpath.normpath(parsed_url.path).startswith("/echo.api/"): | |
| return True | |
| return False | |
| def _valid_certificate(cert): | |
| not_after = cert.get_notAfter().decode('utf-8') | |
| not_after = datetime.strptime(not_after, '%Y%m%d%H%M%SZ') | |
| if datetime.utcnow() >= not_after: | |
| return False | |
| found = False | |
| for i in range(0, cert.get_extension_count()): | |
| extension = cert.get_extension(i) | |
| short_name = extension.get_short_name().decode('utf-8') | |
| value = str(extension) | |
| if 'subjectAltName' == short_name and 'DNS:echo-api.amazon.com' == value: | |
| found = True | |
| break | |
| if not found: | |
| return False | |
| return True |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment