mv JWK-canonicalization util.security.fingerprint

2016-04-12 13:36:17 -04:00 · 2016-04-12 13:36:17 -04:00 · 6577ac3e62
commit 6577ac3e62
parent 4020ab9f55
3 changed files with 37 additions and 18 deletions
--- a/data/model/service_keys.py
+++ b/data/model/service_keys.py
@ -1,8 +1,5 @@
-import json
-
 from calendar import timegm
 from datetime import datetime, timedelta
-from hashlib import sha256
 from peewee import JOIN_LEFT_OUTER

 from Crypto.PublicKey import RSA
@ -11,7 +8,7 @@ from jwkest.jwk import RSAKey
 from data.database import db_for_update, User, ServiceKey, ServiceKeyApproval
 from data.model import ServiceKeyDoesNotExist, ServiceKeyAlreadyApproved, db_transaction, config
 from data.model.notification import create_notification, delete_all_notifications_by_path_prefix
-from util import canonicalize
+from util.security.fingerprint import canonical_kid


 def _expired_keys_clause(service):
@ -64,7 +61,7 @@ def generate_service_key(service, expiration_date, kid=None, name='', metadata=N
  private_key = RSA.generate(2048)
  jwk = RSAKey(key=private_key.publickey()).serialize()
  if kid is None:
-    kid = sha256(json.dumps(canonicalize(jwk), separators=(',', ':'))).hexdigest()
+    kid = canonical_kid(jwk)

  key = create_service_key(name, kid, service, jwk, metadata or {}, expiration_date)
  return (private_key, key)