def testStoreExistingKey(self):
'''Use a known ASCII Armored key and try storing it twice. It should not get imported a second time'''
keys = self.gpg.list_keys(secret=False)
for key in keys:
assert key[
'keyid'] != self.sampleKeyId, "Imported sample key already in keyring"
numkeys = len(keys)
numImported = util.storekey(self.sampleKey,
gnupghome=self.gnupghome,
gpgbin=self.gpgbin)
assert numImported == 1, "sample key not imported into keyring"
numImported = util.storekey(self.sampleKey,
gnupghome=self.gnupghome,
gpgbin=self.gpgbin)
assert numImported == 0, "sample key imported when it shouldn't have been into keyring"
keys = self.gpg.list_keys(secret=False)
assert len(keys) == 1, "no key found matching id"
for key in keys:
assert key[
'keyid'] == self.sampleKeyId, "exported key is not expected"
def validate_digital_signature(self, doc):
from LRSignature.verify.Verify import Verify_0_21
from LRSignature import util
from LRSignature import errors
verifytool = Verify_0_21(gpgbin=gpgbin)
try:
verified = verifytool.verify(doc)
assert verified == True, "Signature did not validate for document."
except errors.MissingPublicKey:
locations = doc['digital_signature']['key_location']
numImported = 0
for location in locations:
rawKeys = util.fetchkeys(location)
for rawKey in rawKeys:
numImported += util.storekey(self.sampleKey, gpgbin=gpgbin)
if numImported > 0:
break
assert numImported > 0, "No new public keys were imported, but were needed"
try:
verified = verifytool.verify(doc)
assert verified == True, "Signature did not validate for document."
except errors.MissingPublicKey:
raise AssertionError("No public key available that can be retrieved to validate doc")
def validate_digital_signature(self, doc):
from LRSignature.verify.Verify import Verify_0_21
from LRSignature import util
from LRSignature import errors
verifytool = Verify_0_21(gpgbin=gpgbin)
try:
verified = verifytool.verify(doc)
assert verified == True, "Signature did not validate for document."
except errors.MissingPublicKey:
locations = doc['digital_signature']['key_location']
numImported = 0
for location in locations:
rawKeys = util.fetchkeys(location)
for rawKey in rawKeys:
numImported += util.storekey(self.sampleKey, gpgbin=gpgbin)
if numImported > 0:
break
assert numImported > 0, "No new public keys were imported, but were needed"
try:
verified = verifytool.verify(doc)
assert verified == True, "Signature did not validate for document."
except errors.MissingPublicKey:
raise AssertionError(
"No public key available that can be retrieved to validate doc"
)
def _import_keys(key_locations):
num_imported = 0
for loc in key_locations:
raw_keys = util.fetchkeys(loc)
for raw_key in raw_keys:
num_imported += util.storekey(raw_key,
gpgbin=gpg_location)
if num_imported > 0:
return
def testStoreExistingKey(self):
'''Use a known ASCII Armored key and try storing it twice. It should not get imported a second time'''
keys = self.gpg.list_keys(secret=False)
for key in keys:
assert key['keyid'] != self.sampleKeyId, "Imported sample key already in keyring"
numkeys = len(keys)
numImported = util.storekey(self.sampleKey, gnupghome=self.gnupghome, gpgbin=self.gpgbin)
assert numImported == 1, "sample key not imported into keyring"
numImported = util.storekey(self.sampleKey, gnupghome=self.gnupghome, gpgbin=self.gpgbin)
assert numImported == 0, "sample key imported when it shouldn't have been into keyring"
keys = self.gpg.list_keys(secret=False)
assert len(keys) == 1, "no key found matching id"
for key in keys:
assert key['keyid'] == self.sampleKeyId, "exported key is not expected"
def _validate_digital_signature(self, doc):
from LRSignature import util
from LRSignature import errors
result = {}
result = {"verified": False}
if doc.has_key("doc_ID"):
result["doc_ID"] = doc["doc_ID"]
if doc.has_key("resource_locator"):
result["resource_locator"] = doc["resource_locator"]
try:
result["verified"] = self.verifytool.verify(doc)
except errors.MissingPublicKey:
locations = doc['digital_signature']['key_location']
numImported = 0
for location in locations:
rawKeys = util.fetchkeys(location)
for rawKey in rawKeys:
numImported += util.storekey(self.sampleKey,
gpgbin=self.args.gpgbin,
gnupgHome=self.args.gnupghome)
if numImported > 0:
break
try:
result["verified"] = self.verifytool.verify(doc)
except errors.MissingPublicKey:
result["verified"] = False
result["error"] = "No available public key to validate."
except errors.BadSignatureFormat as e:
result["verified"] = False
result["error"] = e.message
except errors.UnknownKeyException as e:
result["verified"] = False
result["error"] = e.message
except errors.UnsupportedSignatureAlgorithm as e:
result["verified"] = False
result["error"] = e.message
except Exception as e:
result["verified"] = False
result["error"] = e.message
return result
def _validate_digital_signature(self, doc):
from LRSignature import util
from LRSignature import errors
result = {}
result = {"verified": False}
if doc.has_key("doc_ID"):
result["doc_ID"] = doc["doc_ID"]
if doc.has_key("resource_locator"):
result["resource_locator"] = doc["resource_locator"]
try:
result["verified"] = self.verifytool.verify(doc)
except errors.MissingPublicKey:
locations = doc['digital_signature']['key_location']
numImported = 0
for location in locations:
rawKeys = util.fetchkeys(location)
for rawKey in rawKeys:
numImported += util.storekey(self.sampleKey, gpgbin=self.args.gpgbin, gnupgHome=self.args.gnupghome)
if numImported > 0:
break
try:
result["verified"] = self.verifytool.verify(doc)
except errors.MissingPublicKey:
result["verified"] = False
result["error"] = "No available public key to validate."
except errors.BadSignatureFormat as e:
result["verified"] = False
result["error"] = e.message
except errors.UnknownKeyException as e:
result["verified"] = False
result["error"] = e.message
except errors.UnsupportedSignatureAlgorithm as e:
result["verified"] = False
result["error"] = e.message
except Exception as e:
result["verified"] = False
result["error"] = e.message
return result
def testStoreKey(self):
'''Use a known ASCII Armored key and store it via util.storekey(...)'''
keys = self.gpg.list_keys(secret=False)
for key in keys:
assert key['keyid'] != self.sampleKeyId, "Imported sample key already in keyring"
numkeys = len(keys)
numImported = util.storekey(self.sampleKey, gnupghome=self.gnupghome, gpgbin=self.gpgbin)
assert numImported == 1, "sample key not imported into keyring"
keys = self.gpg.list_keys(secret=False)
assert len(keys) == 1, "no key found matching id"
for key in keys:
assert key['keyid'] == self.sampleKeyId, "exported key is not expected"
def testStoreKey(self):
'''Use a known ASCII Armored key and store it via util.storekey(...)'''
keys = self.gpg.list_keys(secret=False)
for key in keys:
assert key[
'keyid'] != self.sampleKeyId, "Imported sample key already in keyring"
numkeys = len(keys)
numImported = util.storekey(self.sampleKey,
gnupghome=self.gnupghome,
gpgbin=self.gpgbin)
assert numImported == 1, "sample key not imported into keyring"
keys = self.gpg.list_keys(secret=False)
assert len(keys) == 1, "no key found matching id"
for key in keys:
assert key[
'keyid'] == self.sampleKeyId, "exported key is not expected"
# try again...
return get_verification_info(document, attempt+1)
# ran out of key servers, try locations in envelope.
elif attempt == len(_KEYSERVERS):
try:
for loc in document["digital_signature"]["key_location"]:
keys = []
try:
keys = util.fetchkeys(loc)
except Exception, e:
log.info("Problem fetching key from location: %s", e)
for key in keys:
try:
util.storekey(key, gpg.gnupghome, gpg.gpgbinary)
except Exception, e:
log.info("Problem importing or storing key from location: %s", e)
# try again...
return get_verification_info(document, attempt+1)
except:
pass
except SignatureException as ex:
# Catch all other SignatureExceptions to avoid trickling higher...
pass
return None
v = gpg.verify(document["digital_signature"]["signature"])
res = gpg.recv_keys(_KEYSERVERS[attempt], v.key_id)
except Exception, e:
log.info("Problem with getting keys from keyserver: %s", e)
pass
# try again...
return get_verification_info(document, attempt+1)
# ran out of key servers, try locations in envelope.
elif attempt == len(_KEYSERVERS):
try:
for loc in document["digital_signature"]["key_location"]:
try:
keys = util.fetchkeys(loc)
for key in keys:
util.storekey(key, this.gpg.gnupghome, this.gpg.gpgbinary)
except Exception, e:
log.info("Problem importing or storing key from location: %s", e)
# try again...
return get_verification_info(document, attempt+1)
except:
pass
return None
_node_key_info = None
def get_node_key_info():
global _node_key_info
# try again...
return get_verification_info(document, attempt + 1)
# ran out of key servers, try locations in envelope.
elif attempt == len(_KEYSERVERS):
try:
for loc in document["digital_signature"]["key_location"]:
keys = []
try:
keys = util.fetchkeys(loc)
except Exception, e:
log.info("Problem fetching key from location: %s", e)
for key in keys:
try:
util.storekey(key, gpg.gnupghome, gpg.gpgbinary)
except Exception, e:
log.info(
"Problem importing or storing key from location: %s",
e)
# try again...
return get_verification_info(document, attempt + 1)
except:
pass
except SignatureException as ex:
# Catch all other SignatureExceptions to avoid trickling higher...
pass
return None
