def recipe_signatures_are_correct(app_configs, **kwargs): errors = [] try: Recipe = apps.get_model('recipes', 'Recipe') signed_recipes = list(Recipe.objects.exclude(signature=None)) except (ProgrammingError, OperationalError, ImproperlyConfigured): errors.append(Info('Could not retrieve recipes', id=INFO_COULD_NOT_RETRIEVE_RECIPES)) else: for recipe in signed_recipes: data = recipe.canonical_json() signature = recipe.signature.signature pubkey = recipe.signature.public_key try: verify_signature(data, signature, pubkey) except verify_signature.BadSignature as e: msg = ("Recipe '{recipe}' (id={recipe.id}) has a bad signature: {detail}" .format(recipe=recipe, detail=e.detail)) errors.append(Warning(msg, id=WARNING_INVALID_RECIPE_SIGNATURE)) return errors
def test_recipe_signatures(conf, requests_session): r = requests_session.get(conf.getoption('server') + '/api/v1/recipe/signed/') r.raise_for_status() data = r.json() if len(data) == 0: pytest.skip('No signed recipes') for item in data: canonical_recipe = canonicaljson.encode_canonical_json(item['recipe']) signature = item['signature']['signature'] pubkey = item['signature']['public_key'] assert verify_signature(canonical_recipe, signature, pubkey)
def test_recipe_signatures(conf, requests_session): r = requests_session.get(conf.getoption('server') + '/api/v1/recipe/signed/') r.raise_for_status() data = r.json() if len(data) == 0: pytest.skip('No signed recipes') for item in data: canonical_recipe = canonical_json(item['recipe']) signature = item['signature']['signature'] pubkey = item['signature']['public_key'] assert verify_signature(canonical_recipe, signature, pubkey)
def recipe_signatures_are_correct(app_configs, **kwargs): errors = [] try: Recipe = apps.get_model('recipes', 'Recipe') signed_recipes = list(Recipe.objects.exclude(signature=None)) except (ProgrammingError, OperationalError, ImproperlyConfigured): errors.append( Info('Could not retrieve recipes', id=INFO_COULD_NOT_RETRIEVE_RECIPES)) else: for recipe in signed_recipes: data = recipe.canonical_json() signature = recipe.signature.signature pubkey = recipe.signature.public_key try: verify_signature(data, signature, pubkey) except verify_signature.BadSignature as e: msg = ( "Recipe '{recipe}' (id={recipe.id}) has a bad signature: {detail}" .format(recipe=recipe, detail=e.detail)) errors.append(Warning(msg, id=WARNING_INVALID_RECIPE_SIGNATURE)) return errors
def test_raises_nice_error_for_wrong_signature(self): # change the signature, but keep it a valid signature signature = self.signature.replace('s', 'S') with pytest.raises(verify_signature.SignatureDoesNotMatch): verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_good_base64(self): signature = 'aa==' with pytest.raises(verify_signature.WrongSignatureSize): verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_bad_padding(self): signature = 'a_too_short_signature' with pytest.raises(verify_signature.WrongSignatureSize): verify_signature(self.data, signature, self.pubkey)
def test_known_good_signature(self): assert verify_signature(self.data, self.signature, self.pubkey)