def _signManifest(self): configHolder = ConfigHolder(self.__dict__) signator = Signator(self.manifestFile, configHolder) rc = signator.sign() if rc: raise ExecutionException('Failed to sign manifest.') self.manifestFile = signator.outputManifestFile
def doWork(self): configHolder = ConfigHolder(self.options.__dict__) signator = Signator(self.manifestFile, configHolder) isError = signator.sign() if isError: Util.printError('Error signing metadata file') else: Util.printDetail('Metadata file successfully signed: %s' % signator.outputManifestFile)
def deprecate(self, imageId): tempDeprecatedMetadataFilename = tempfile.mktemp() tempMetadataFilename = tempfile.mktemp() try: imageURI = imageId + '/' + self.email if len(self.created) != 0: imageURI = imageURI + '/' + self.created # Get metadata file self.manifestDownloader.getManifestAsFile(imageURI, tempMetadataFilename) # Strip signature xml = etree.ElementTree(file=tempMetadataFilename) root = xml.getroot() if (root.tag == "metadata"): rootElement = root.find('.//{%s}RDF' % ManifestInfo.NS_RDF) else: rootElement = root descriptionElement = rootElement.find('.//{%s}Description' % ManifestInfo.NS_RDF) descriptionElement.remove(descriptionElement.find('.//{%s}endorsement' % ManifestInfo.NS_SLREQ)) endorsement = etree.Element('{%s}%s' % (ManifestInfo.NS_SLREQ, 'endorsement'), parseType="Resource") descriptionElement.append(endorsement) signatureElement = rootElement.find('.//{%s}Signature' % 'http://www.w3.org/2000/09/xmldsig#') rootElement.remove(signatureElement) xml._setroot(rootElement) # Add deprecated entry elem = etree.Element('{%s}%s' % (ManifestInfo.NS_SLTERMS, 'deprecated')) elem.text = self.reason descriptionElement.append(elem) xml.write(tempDeprecatedMetadataFilename) # Sign and upload signator = Signator(tempDeprecatedMetadataFilename, self.configHolder) isError = signator.sign() if isError: raise ExecutionException('Error signing new manifest') return self.uploader.upload(tempDeprecatedMetadataFilename) finally: try: os.unlink(tempMetadataFilename) os.unlink(tempDeprecatedMetadataFilename) os.unlink(tempDeprecatedMetadataFilename+'.orig') except: pass
def testGenerateManifest(self): manifest_info = ManifestInfo() manifest_info.parseManifest(self.TEST_MANIFEST) ManifestDownloader.getManifestInfo = Mock(return_value=manifest_info) PDISK_ENDPOINT = 'pdisk:0.0.0.0:8445' TMSaveCache._getAttachedVolumeURIs = Mock( return_value=[PDISK_ENDPOINT + ':48ac4190-9a11-4a06-8bef-03fd97080eba']) tm = TMSaveCache({TMSaveCache._ARG_SRC_POS: 'foo:/bar/1'}, conf_filename=self.conf_filename) tm._parseArgs() tm._retrieveAttachedVolumeInfo() tm.createImageInfo = {VmManager.CREATE_IMAGE_KEY_CREATOR_EMAIL: '*****@*****.**', VmManager.CREATE_IMAGE_KEY_CREATOR_NAME: 'Jay Random', VmManager.CREATE_IMAGE_KEY_NEWIMAGE_COMMENT: 'test', VmManager.CREATE_IMAGE_KEY_NEWIMAGE_VERSION: '0.0', VmManager.CREATE_IMAGE_KEY_NEWIMAGE_MARKETPLACE: 'http://new.markeplace.org'} tm.imageSha1 = 'ea7d0ddf7af4e2ea431db89639feb7036fb23062' tm.createdPDiskId = 'foo-bar-baz' try: tm._generateP12Cert() self.failUnless(os.path.exists(tm.p12cert)) tm._generateP12Cert() tm._retrieveManifestsPath() tm.pdiskPathNew = tm._buildPDiskPath(tm.createdPDiskId) tm._buildAndSaveManifest() self.failUnless(os.path.exists(tm.manifestNotSignedPath)) minfo = ManifestInfo() minfo.parseManifestFromFile(tm.manifestNotSignedPath) assert minfo.comment == 'test' assert minfo.creator == 'Jay Random' assert minfo.version == '0.0' assert minfo.sha1 == tm.imageSha1 assert minfo.locations == ['pdisk:' + Util.getHostnamePortFromUri(tm.persistentDiskPublicBaseUrl) + ':foo-bar-baz'] self.failUnless('foo-bar-baz' in str(tm._emailText())) if not Signator.findJar(): print "Skipping signature sub-test as Signator jar can not be found." return tm._signManifest() self.failUnless(os.path.exists(tm.manifestPath)) finally: tm._cleanup()
def doWork(self): configHolder = ConfigHolder(self.options.__dict__) signator = Signator(self.manifestFile, configHolder) rc = signator.validate() if rc != 0: sys.exit(rc)
def verifySignature(self, imageFilename, metadataFilename): signator = Signator(metadataFilename, self.configHolder) res = signator.validate() if res: raise ExecutionException('Failed to validate metadata file')