On Thu, Feb 18, 2010 at 6:40 PM, Balazs Lecz <[email protected]> wrote: > > Signed-off-by: Balazs Lecz <[email protected]> > --- > lib/serializer.py | 22 ++++++++++++++++++++-- > test/ganeti.serializer_unittest.py | 6 ++++++ > 2 files changed, 26 insertions(+), 2 deletions(-) > > diff --git a/lib/serializer.py b/lib/serializer.py > index b568497..5423f97 100644 > --- a/lib/serializer.py > +++ b/lib/serializer.py > @@ -101,11 +101,13 @@ def LoadJson(txt): > return simplejson.loads(txt) > > > -def DumpSignedJson(data, key, salt=None): > +def DumpSignedJson(data, key, salt=None, key_selector=None): > """Serialize a given object and authenticate it. > > @param data: the data to serialize > @param key: shared hmac key > + �...@param key_selector: name/id that identifies the key (in case there are > + multiple keys in use, e.g. in a multi-cluster environment) > @return: the string representation of data signed by the hmac key > > """ > @@ -117,19 +119,24 @@ def DumpSignedJson(data, key, salt=None): > 'salt': salt, > 'hmac': hmac.new(key, salt + txt, sha1).hexdigest(), > } > + if key_selector: > + signed_dict["key_selector"] = key_selector
We should probably sign the key_selector as well in the hmac. Thanks, Guido
