ignore expired certificates (bug 769739)

mozilla · Jun 29, 2012 · 78073c4 · 78073c4
1 parent 4a125b1
commit 78073c4
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/mkt/receipts/tests/test_verify.py b/mkt/receipts/tests/test_verify.py
@@ -14,6 +14,7 @@
 import amo
 import amo.tests
 from addons.models import Addon
+from browserid.errors import ExpiredSignatureError
 from services import verify
 from services import utils
 from mkt.receipts.utils import create_receipt
@@ -166,6 +167,12 @@ def test_expired_has_receipt(self, sign):
         res = self.get(3615, user_data)
         assert 'receipt' in res
 
+    @mock.patch.object(utils.settings, 'SIGNING_SERVER_ACTIVE', True)
+    @mock.patch('services.verify.receipts.certs.ReceiptVerifier.verify')
+    def test_expired_cert(self, mthd):
+        mthd.side_effect = ExpiredSignatureError
+        assert 'typ' in verify.decode_receipt('.~' + sample)
+
     @mock.patch.object(utils.settings, 'WEBAPPS_RECEIPT_EXPIRED_SEND', True)
     @mock.patch('services.verify.sign')
     def test_new_expiry(self, sign):

diff --git a/services/verify.py b/services/verify.py
@@ -13,6 +13,7 @@
 # Go configure the log.
 log_configure()
 
+from browserid.errors import ExpiredSignatureError
 import jwt
 from lib.crypto.receipt import sign
 from lib.cef_loggers import receipt_cef
@@ -192,7 +193,12 @@ def decode_receipt(receipt):
     with statsd.timer('services.decode'):
         if settings.SIGNING_SERVER_ACTIVE:
             verifier = certs.ReceiptVerifier()
-            if not verifier.verify(receipt):
+            try:
+                result = verifier.verify(receipt)
+            except ExpiredSignatureError:
+                # Until we can do something meaningful with this, just ignore.
+                return jwt.decode(receipt.split('~')[1], verify=False)
+            if not result:
                 raise VerificationError()
             return jwt.decode(receipt.split('~')[1], verify=False)
         else: