41 lines
1.5 KiB
Python
41 lines
1.5 KiB
Python
import enum
|
|
|
|
import entry
|
|
import hashing
|
|
|
|
def check_fingerprint(entries, domain, port, fingerprint):
|
|
"""check_fingerprint([Entry], str, u16, bytes[32]) → ([str]: successes, [str]: fails)
|
|
Checks if the given host is found with the given fingerprint.
|
|
The successes and fails lists returned by the function have the
|
|
comments for the hosts that match and have the same fingerpring and
|
|
the hosts that match but have a different fingerprint, respectively"""
|
|
assert type(entries) == list and all(type(i) == entry.Entry for i in entries)
|
|
assert type(domain) == str
|
|
assert type(port) == int and 0 <= port <= (1<<16) - 1
|
|
assert type(fingerprint) == bytes and len(fingerprint) == 32
|
|
|
|
# Normalize the host here, so we don't have to do it every time we
|
|
# check for a possible match
|
|
normalized_hosts = [entry.normalize_host(domain, port)]
|
|
|
|
# If we are looking at non-22 port, also check the general form of
|
|
# the host without a port specifier. This seems to be how OpenSSH
|
|
# does it too
|
|
if port != 22:
|
|
normalized_hosts.append(entry.normalize_host(domain, 22))
|
|
|
|
successes = []
|
|
fails = []
|
|
for possible_match in entries:
|
|
for normalized_host in normalized_hosts:
|
|
hashed_host = hashing.hash_with_salt(normalized_host, possible_match.salt)
|
|
if hashed_host == possible_match.hashed_host:
|
|
if fingerprint == possible_match.fingerprint:
|
|
# Fingerprint matches, it passes
|
|
successes.append(possible_match.comment)
|
|
else:
|
|
# Fingerprint different, it fails
|
|
fails.append(possible_match.comment)
|
|
|
|
return successes, fails
|