def verify(self, verify_key):
"""Verify that this MAR file has a valid signature.
Args:
verify_key (str): PEM formatted public key
Returns:
True if the MAR file's signature matches its contents
False otherwise; this includes cases where there is no signature.
"""
if not self.mardata.signatures or not self.mardata.signatures.sigs:
# This MAR file can't be verified since it has no signatures
return False
hashers = []
for sig in self.mardata.signatures.sigs:
hashers.append((sig.algorithm_id, sig.signature, make_hasher(sig.algorithm_id)))
assert len(hashers) == len(self.mardata.signatures.sigs)
for block in get_signature_data(self.fileobj,
self.mardata.signatures.filesize):
[h.update(block) for (_, _, h) in hashers]
for algo_id, sig, h in hashers:
if not verify_signature(verify_key, sig, h.finalize(), h.algorithm.name):
return False
else:
return True
def calculate_signatures(self):
"""Calculate the signatures for this MAR file.
Returns:
A list of signature tuples: [(algorithm_id, signature_data), ...]
"""
signers = self.get_signers()
for block in get_signature_data(self.fileobj, self.filesize):
[sig.update(block) for (_, sig) in signers]
signatures = [(algo_id, sig.finalize()) for (algo_id, sig) in signers]
return signatures
def calculate_signatures(self):
"""Calculate the signatures for this MAR file.
Returns:
A list of signature tuples: [(algorithm_id, signature_data), ...]
"""
if not self.signing_algorithm:
return []
algo_id = {'sha1': 1, 'sha384': 2}[self.signing_algorithm]
hashers = [(algo_id, make_hasher(algo_id))]
for block in get_signature_data(self.fileobj, self.filesize):
[h.update(block) for (_, h) in hashers]
signatures = [(algo_id, sign_hash(self.signing_key, h.finalize(), h.algorithm.name)) for (algo_id, h) in hashers]
return signatures
def calculate_signatures(self):
"""Calculate the signatures for this MAR file.
Returns:
A list of signature tuples: [(algorithm_id, signature_data), ...]
"""
if not self.signing_algorithm:
return []
algo_id = {'sha1': 1, 'sha384': 2}[self.signing_algorithm]
hashers = [(algo_id, make_hasher(algo_id))]
for block in get_signature_data(self.fileobj, self.filesize):
[h.update(block) for (_, h) in hashers]
signatures = [(algo_id,
sign_hash(self.signing_key, h.finalize(),
h.algorithm.name))
for (algo_id, h) in hashers]
return signatures
def calculate_hashes(self):
"""Return hashes of the contents of this MAR file.
The hashes depend on the algorithms defined in the MAR file's signature block.
Returns:
A list of (algorithm_id, hash) tuples
"""
hashers = []
if not self.mardata.signatures:
return []
for s in self.mardata.signatures.sigs:
h = make_hasher(s.algorithm_id)
hashers.append((s.algorithm_id, h))
for block in get_signature_data(self.fileobj, self.mardata.signatures.filesize):
[h.update(block) for (_, h) in hashers]
return [(algo_id, h.finalize()) for (algo_id, h) in hashers]
def verify(self, verify_key):
"""Verify that this MAR file has a valid signature.
Args:
verify_key (str): PEM formatted public key
Returns:
True if the MAR file's signature matches its contents
False otherwise; this includes cases where there is no signature.
"""
if not self.mardata.signatures or not self.mardata.signatures.sigs:
# This MAR file can't be verified since it has no signatures
return False
verifiers = []
for sig in self.mardata.signatures.sigs:
if sig.algorithm_id == 1:
verifier = make_verifier_v1(verify_key, sig.signature)
verifiers.append(verifier)
elif sig.algorithm_id == 2:
verifier = make_verifier_v2(verify_key, sig.signature)
verifiers.append(verifier)
else:
raise ValueError('Unsupported algorithm ({})'.format(
sig.algorithm_id))
assert len(verifiers) == len(self.mardata.signatures.sigs)
for block in get_signature_data(self.fileobj,
self.mardata.signatures.filesize):
[v.update(block) for v in verifiers]
for v in verifiers:
try:
v.verify()
except InvalidSignature:
return False
else:
return True
def test_get_signature_data(mar_uu):
with mar_uu.open('rb') as f:
with raises(IOError):
list(get_signature_data(f, mar_uu.size))
def test_get_signature_data(mar_uu):
with mar_uu.open('rb') as f:
with raises(IOError):
list(get_signature_data(f, mar_uu.size))