[bridgedb/master] Use RSA and HMAC captcha keys in resource init in addWebServer(). - tor-commits

16 Mar 2014

commit a7efb1df76433851bd92a51166450a413a76be18
Author: Isis Lovecruft isis@torproject.org
Date:   Wed Mar 12 00:35:03 2014 +0000
Use RSA and HMAC captcha keys in resource init in addWebServer().
---
 lib/bridgedb/HTTPServer.py |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py
index 51c1351..05315de 100644
--- a/lib/bridgedb/HTTPServer.py
+++ b/lib/bridgedb/HTTPServer.py
@@ -747,8 +747,20 @@ def addWebServer(cfg, dist, sched):
                 useForwardedHeader=cfg.HTTP_USE_IP_FROM_FORWARDED_HEADER,
                 resource=resource)
         httpdist.putChild('bridges', protected)
+
     elif cfg.GIMP_CAPTCHA_ENABLED:
+        # Get the HMAC secret key for CAPTCHA challenges and create a new key
+        # from it for use on the server:
+        captchaKey = crypto.getKey(cfg.GIMP_CAPTCHA_HMAC_KEYFILE)
+        hmacKey = crypto.getHMAC(captchaKey, "Captcha-Key")
+
+        # Load or create our encryption keys:
+        secretKey, publicKey = crypto.getRSAKey(cfg.GIMP_CAPTCHA_RSA_KEYFILE)
+
         protected = GimpCaptchaProtectedResource(
+            secretKey=secretKey,
+            publicKey=publicKey,
+            hmacKey=hmacKey,
             captchaDir=cfg.GIMP_CAPTCHA_DIR,
             useForwardedHeader=cfg.HTTP_USE_IP_FROM_FORWARDED_HEADER,
             resource=resource)

    