def test_gpg_functions(self):
"""Signing, key export and util functions must raise on missing gpg. """
with self.assertRaises(UnsupportedLibraryError) as ctx:
create_signature('bar')
self.assertEqual(NO_GPG_MSG, str(ctx.exception))
with self.assertRaises(UnsupportedLibraryError) as ctx:
export_pubkey('f00')
self.assertEqual(NO_GPG_MSG, str(ctx.exception))
with self.assertRaises(UnsupportedLibraryError) as ctx:
export_pubkeys(['f00'])
self.assertEqual(NO_GPG_MSG, str(ctx.exception))
with self.assertRaises(UnsupportedLibraryError) as ctx:
get_version()
self.assertEqual(NO_GPG_MSG, str(ctx.exception))
def test_export_pubkeys(self):
"""Test export multiple pubkeys at once. """
key_dict = export_pubkeys([self.default_keyid, self.keyid_768C43],
homedir=self.gnupg_home)
ANY_PUBKEY_DICT_SCHEMA.check_match(key_dict)
self.assertListEqual(
sorted([self.default_keyid.lower(),
self.keyid_768C43.lower()]), sorted(key_dict.keys()))
def _verify_metadata(metadata, args):
"""
<Purpose>
Internal method to verify link or layout signatures.
<Arguments>
metadata:
Metablock object (contains Link or Layout object)
args:
see argparser
<Exceptions>
SystemExit(0) if verification passes
SystemExit(1) if verification fails
SystemExit(2) if any exception occurs
"""
try:
# Load pubkeys from disk ....
if args.key is not None:
pub_key_dict = interface.import_publickeys_from_file(args.key,
args.key_type)
# ... or from gpg keyring
elif args.gpg is not None: # pragma: no branch
pub_key_dict = gpg_interface.export_pubkeys(
args.gpg, args.gpg_home)
for keyid, verification_key in six.iteritems(pub_key_dict):
metadata.verify_signature(verification_key)
LOG.info("Signature verification passed for keyid '{}'"
.format(keyid))
sys.exit(0)
except exceptions.SignatureVerificationError as e:
LOG.error("Signature verification failed: {}".format(e))
sys.exit(1)
except Exception as e:
LOG.error("The following error occurred while verifying signatures: "
"{}".format(e))
sys.exit(2)
def main():
"""Parse arguments and call in_toto_verify. """
parser = create_parser()
args = parser.parse_args()
LOG.setLevelVerboseOrQuiet(args.verbose, args.quiet)
# For verifying at least one of --layout-keys or --gpg must be specified
# Note: Passing both at the same time is possible.
if (args.layout_keys is None) and (args.gpg is None):
parser.print_help()
parser.error("wrong arguments: specify at least one of"
" '--layout-keys path [path ...]' or '--gpg id [id ...]'")
try:
LOG.info("Loading layout...")
layout = Metablock.load(args.layout)
layout_key_dict = {}
if args.layout_keys is not None:
LOG.info("Loading layout key(s)...")
layout_key_dict.update(
interface.import_publickeys_from_file(args.layout_keys,
args.key_types))
if args.gpg is not None:
LOG.info("Loading layout gpg key(s)...")
layout_key_dict.update(
gpg_interface.export_pubkeys(args.gpg, homedir=args.gpg_home))
verifylib.in_toto_verify(layout, layout_key_dict, args.link_dir)
except Exception as e:
LOG.error("(in-toto-verify) {0}: {1}".format(type(e).__name__, e))
sys.exit(1)
sys.exit(0)