limit issuers for verifier (bug 857815)

2013-04-04 10:01:18 -07:00 · 2013-04-04 10:01:18 -07:00 · f1a4cb63a4
--- a/lib/settings_base.py
+++ b/lib/settings_base.py
@ -1464,6 +1464,8 @@ SIGNING_SERVER_ACTIVE = False
 SIGNING_SERVER = ''
 # And how long we'll give the server to respond.
 SIGNING_SERVER_TIMEOUT = 10
+# The domains that we will accept certificate issuers for receipts.
+SIGNING_VALID_ISSUERS = []

 # True when the Django app is running from the test suite.
 IN_TEST_SUITE = False
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@ -70,7 +70,7 @@ pytz==2010e
 raven==3.1.16
 rdflib==3.0.0
 recaptcha-client==1.0.5
-receipts==0.2.4.1
+receipts==0.2.6
 requests==0.14.0
 schematic==0.2
 signing_clients==0.1.3
--- a/services/verify.py
+++ b/services/verify.py
@ -187,7 +187,8 @@ def decode_receipt(receipt):
    """
    with statsd.timer('services.decode'):
        if settings.SIGNING_SERVER_ACTIVE:
-            verifier = certs.ReceiptVerifier()
+            verifier = certs.ReceiptVerifier(valid_issuers=
+                                             settings.SIGNING_VALID_ISSUERS)
            try:
                result = verifier.verify(receipt)
            except ExpiredSignatureError:
--- a/sites/altdev/settings_mkt.py
+++ b/sites/altdev/settings_mkt.py
@ -129,6 +129,7 @@ BLUEVIA_SECRET = private_mkt.BLUEVIA_SECRET
 #Bug 748403
 SIGNING_SERVER = private_mkt.SIGNING_SERVER
 SIGNING_SERVER_ACTIVE = True
+SIGNING_VALID_ISSUERS = ['marketplace-dev-cdn.allizom.org']

 METLOG_CONF = {
    'plugins': {'cef': ('metlog_cef.cef_plugin:config_plugin', {
--- a/sites/dev/settings_mkt.py
+++ b/sites/dev/settings_mkt.py
@ -137,6 +137,7 @@ BLUEVIA_SECRET = private_mkt.BLUEVIA_SECRET
 #Bug 748403
 SIGNING_SERVER = private_mkt.SIGNING_SERVER
 SIGNING_SERVER_ACTIVE = True
+SIGNING_VALID_ISSUERS = ['marketplace-dev-cdn.allizom.org']

 #Bug 793876
 SIGNED_APPS_KEY = private_mkt.SIGNED_APPS_KEY
--- a/sites/landfill/settings_mkt.py
+++ b/sites/landfill/settings_mkt.py
@ -126,6 +126,7 @@ BLUEVIA_SECRET = private_mkt.BLUEVIA_SECRET
 #Bug 748403
 SIGNING_SERVER = private_mkt.SIGNING_SERVER
 SIGNING_SERVER_ACTIVE = True
+SIGNING_VALID_ISSUERS = ['marketplace-dev-cdn.allizom.org']

 #Bug 793876
 SIGNED_APPS_KEY = private_mkt.SIGNED_APPS_KEY
--- a/sites/prod/settings_mkt.py
+++ b/sites/prod/settings_mkt.py
@ -112,6 +112,7 @@ SOLITUDE_HOSTS = ('https://payments.firefox.com',)
 # Bug 748403
 SIGNING_SERVER = private_mkt.SIGNING_SERVER
 SIGNING_SERVER_ACTIVE = True
+SIGNING_VALID_ISSUERS = ['marketplace.cdn.mozilla.net']

 # Bug 793876
 SIGNED_APPS_SERVER_ACTIVE = True
--- a/sites/stage/settings_mkt.py
+++ b/sites/stage/settings_mkt.py
@ -142,6 +142,7 @@ BLUEVIA_SECRET = private_mkt.BLUEVIA_SECRET
 #Bug 748403
 SIGNING_SERVER = private_mkt.SIGNING_SERVER
 SIGNING_SERVER_ACTIVE = True
+SIGNING_VALID_ISSUERS = ['marketplace-dev-cdn.allizom.org']

 METLOG_CONF = {
    'plugins': {'cef': ('metlog_cef.cef_plugin:config_plugin', {