"""
Limit unauthorized replay attacks by authenticating that any given nonce is 
only used once in a specified period of time.  The caller of this function
is expected to implement any policies on duration.
"""

__AUTHOR__ = ('Sam Ruby', 'http://intertwingly.net/')
__LICENSE__ = 'Python'

# directory where nonces are to be retained
noncedir = ".nonce"

def authenticate(id, expires=None, data=''):
  """Authenticate a nonce.  Optional parameters include an expiration date
  and data to be logged with the nonce."""
  import glob, time, md5, os, os.path

  # default expiration to five minutes from now
  if not expires: expires = int(time.time()+300)

  # produce a legal file name from the id
  filename=os.path.join(noncedir,md5.new(id).hexdigest())

  # remove any expired nonces
  for name in glob.glob(os.path.join(noncedir,'*')):
    if os.stat(name).st_mtime<time.time():
      os.remove(name)

  # if the file exists, authentication fails
  if os.path.exists(filename): return False

  # record this nonce
  record=open(filename,'w')
  record.write(data)
  record.close()

  # mark when this nonce will expire
  os.utime(filename,(expires,expires))

  # successful authentication
  return True

if __name__ == '__main__':

  import sys,random
  for id in sys.argv[1:] or [str(random.random())]:
    print id, authenticate(id,data=id)