Esempio n. 1
0
 def test_invalid_file_verbose(self, tmp_path, mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile='foobar', msg_callback=mock_msg_callback) is False
     assert len(mock_msg_callback.messages) == 1
     assert mock_msg_callback.messages[
         0] == "[Errno 2] No such file or directory: 'foobar'"
Esempio n. 2
0
 def test_invalid_fromkeyid(self, mock_msg_callback):
     # TODO: Switch to use tmp_path fixture
     temp_dir_obj = tempfile.TemporaryDirectory()
     tmp_path = os.path.join(temp_dir_obj.name, '')
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg,
         keyid='foobar',
         keyserver='keyserver.ubuntu.com',
         msg_callback=mock_msg_callback) is False
Esempio n. 3
0
 def test_invalid_wrong_signature_verbose(self, tmp_path, copy_keyring,
                                          mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_verify(
         gpg,
         os.path.join(TEST_DIR, 'file1.txt'),
         os.path.join(TEST_DIR, 'file1.SHA256SUMS.txt.sig'),
         msg_callback=mock_msg_callback) is False
     assert len(mock_msg_callback.messages) == 1
     assert mock_msg_callback.messages[0] ==\
            "[Errno 2] No such file or directory: 'test_data/file1.SHA256SUMS.txt.sig'"
Esempio n. 4
0
 def test_valid_fromfile_verbose(self, tmp_path, mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg,
         keyfile=os.path.join(TEST_DIR, 'pgp_keys.txt'),
         msg_callback=mock_msg_callback) is True
     assert len(mock_msg_callback.messages) == 2
     assert mock_msg_callback.messages[
         0] == '--- Results of key import ---\n'
     assert '[GNUPG:] IMPORTED FBFCC82A015E7330' in mock_msg_callback.messages[
         1]
Esempio n. 5
0
 def test_valid_file_verbose(self, tmp_path, copy_keyring,
                             mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_verify(gpg,
                                     os.path.join(TEST_DIR, 'file1.txt'),
                                     os.path.join(TEST_DIR,
                                                  'file1.txt.sig'),
                                     msg_callback=mock_msg_callback) is True
     assert len(mock_msg_callback.messages) == 2
     assert mock_msg_callback.messages[
         0] == '\n--- Results of verification ---'
     assert '[GNUPG:] SIG_ID crXxiKwsoGFwp1pyl+csVQd53aA 2021-04-22 1619099716' in mock_msg_callback.messages[
         1]
Esempio n. 6
0
def pgp(verbose, filename, signaturefile, keyfile, keyid, keyserver):
    """Verify FILENAME via a PGP signature in SIGNATUREFILE using provided keys"""
    # Check input parameters
    if keyfile is None and (keyid is None or keyserver is None):
        click.echo("ERROR: Either '--keyfile' or '--keyid/--keyserver' parameters must be set!")
        sys.exit(2)

    # Initialize PGP and import keys
    gpg = IcetrustUtils.pgp_init(verbose)
    import_result = IcetrustUtils.pgp_import_keys(gpg, keyfile=keyfile, keyid=keyid, keyserver=keyserver,
                                                  msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if import_result is False:
        _process_result(import_result)

    # Verify file
    verification_result = IcetrustUtils.pgp_verify(gpg, filename, signaturefile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    _process_result(verification_result)
Esempio n. 7
0
def pgpchecksumfile(verbose, filename, checksumfile, signaturefile, algorithm, keyfile, keyid, keyserver):
    """Verify FILENAME via a PGP-signed CHECKSUMFILE, with a signature in SIGNATUREFILE using provided keys"""
    # Check input parameters
    if keyfile is None and (keyid is None or keyserver is None):
        click.echo("ERROR: Either '--keyfile' or '--keyid/--keyserver' parameters must be set!")
        sys.exit(2)

    # Initialize PGP and import keys
    gpg = IcetrustUtils.pgp_init(verbose)
    import_result = IcetrustUtils.pgp_import_keys(gpg, keyfile=keyfile, keyid=keyid, keyserver=keyserver,
                                                  msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if import_result is False:
        _process_result(import_result)

    # Verify checksums file
    verification_result = IcetrustUtils.pgp_verify(gpg, checksumfile, signaturefile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if verification_result.status is False:
        _process_result(verification_result)

    # Check hash against the checksums file
    checksum_valid = IcetrustUtils.verify_checksum(filename, algorithm, checksumfile=checksumfile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    _process_result(checksum_valid)
Esempio n. 8
0
 def test_invalid_bad_dir(self):
     with pytest.raises(ValueError):
         IcetrustUtils.pgp_init("foobar")
Esempio n. 9
0
 def test_valid_checksums(self, tmp_path, copy_keyring):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_verify(
         gpg, os.path.join(TEST_DIR, 'file1.txt.SHA256SUMS'),
         os.path.join(TEST_DIR, 'file1.txt.SHA256SUMS.sig')) is True
Esempio n. 10
0
 def test_invalid_invalid_signature(self, tmp_path, copy_keyring):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_verify(gpg, os.path.join(
         TEST_DIR, 'file1.txt'), os.path.join(TEST_DIR,
                                              'file2.txt')) is False
Esempio n. 11
0
 def test_invalid_file_doesnt_exist(self, tmp_path, copy_keyring):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_verify(
         gpg, os.path.join(TEST_DIR, 'foobar'),
         os.path.join(TEST_DIR, 'file1.txt.sig')) is False
Esempio n. 12
0
 def test_invalid_file_no_keys(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile=os.path.join(TEST_DIR, 'file1.txt.sig')) is False
Esempio n. 13
0
 def test_invalid_file(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(gpg, keyfile='foobar') is False
Esempio n. 14
0
 def test_valid_fromfile(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile=os.path.join(TEST_DIR, 'pgp_keys.txt')) is True
Esempio n. 15
0
def canary(verbose, configfile, output_json, save_file):
    """Does a canary check against a project using information in CONFIGFILE"""
    # Setup objects to be used
    cmd_output = []
    msg_callback = IcetrustUtils.process_verbose_flag(verbose)

    # Validate the config file
    config_data = IcetrustCanaryUtils.validate_config_file(configfile, msg_callback=msg_callback)
    if config_data is None:
        _process_result(False)

    # Select the right mode
    verification_mode =\
        IcetrustCanaryUtils.get_verification_mode(config_data, msg_callback=msg_callback)
    if verification_mode is None:
        click.echo('Unknown verification mode in the config file!')
        _process_result(False)
    print('Using verification mode: ' + verification_mode.name)

    # Extract verification data
    verification_data = IcetrustCanaryUtils.extract_verification_data(config_data, verification_mode,
                                                                      msg_callback=msg_callback)

    # Check verification_data for warnings
    if verbose:
        IcetrustCanaryUtils.check_verification_data(config_data, verification_mode, verification_data,
                                                    msg_callback=msg_callback)

    # Create temporary directory
    temp_dir_obj = tempfile.TemporaryDirectory()
    temp_dir = os.path.join(temp_dir_obj.name, '')

    # Download all of the files required
    IcetrustCanaryUtils.download_all_files(verification_mode, temp_dir, config_data['filename_url'],
                                           verification_data, msg_callback=msg_callback)

    # Import keys for those operations that need it
    if verification_mode in [VerificationModes.PGP, VerificationModes.PGPCHECKSUMFILE]:
        # Initialize PGP
        gpg = IcetrustUtils.pgp_init(gpg_home_dir=temp_dir_obj.name)

        # Import keys if needed
        import_output = []
        import_result = IcetrustCanaryUtils.import_key_material(gpg, temp_dir, verification_data,
                                                                cmd_output=import_output,
                                                                msg_callback=msg_callback)
        if import_result is False:
            if output_json is not None:
                json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, import_result,
                                                              import_output, os.path.join(temp_dir, FILENAME_FILE1),
                                                              msg_callback)
                open(output_json, "w").write(json_data)

            _process_result(import_result)

    # Main operation code
    verification_result = False
    if verification_mode == VerificationModes.COMPARE_FILES:
        verification_result = IcetrustUtils.compare_files(os.path.join(temp_dir, FILENAME_FILE1),
                                                          os.path.join(temp_dir, FILENAME_FILE2),
                                                          msg_callback=msg_callback, cmd_output=cmd_output)
    elif verification_mode == VerificationModes.CHECKSUM:
        algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
        verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
                                                            checksum_value=verification_data['checksum_value'],
                                                            msg_callback=msg_callback, cmd_output=cmd_output)
    elif verification_mode == VerificationModes.CHECKSUMFILE:
        algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
        verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
                                                            checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
                                                            msg_callback=msg_callback, cmd_output=cmd_output)
    elif verification_mode == VerificationModes.PGP:
        verification_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_FILE1),
                                                       os.path.join(temp_dir, FILENAME_SIGNATURE),
                                                       msg_callback=msg_callback, cmd_output=cmd_output)
    elif verification_mode == VerificationModes.PGPCHECKSUMFILE:
        # Verify the signature of the checksum file first
        signature_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_CHECKSUM),
                                                    os.path.join(temp_dir, FILENAME_SIGNATURE),
                                                    msg_callback=msg_callback, cmd_output=cmd_output)

        # Then verify the checksums themselves
        if signature_result:
            algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
            verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
                                                                checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
                                                                msg_callback=msg_callback, cmd_output=cmd_output)
    else:
        click.echo("ERROR: Verification mode not supported!")
        sys.exit(-1)

    # Compare previous version if needed
    comparison_result = None
    if 'previous_version' in config_data:
        previous_file_path = os.path.join(os.getcwd(), config_data['previous_version'])
        if os.path.exists(previous_file_path):
            click.echo('\nComparing with previous version...')
            comparison_result = IcetrustUtils.compare_files(config_data['previous_version'],
                                                            os.path.join(temp_dir, FILENAME_FILE1),
                                                            msg_callback=msg_callback)
            if comparison_result:
                click.echo('File matches previous version')
            else:
                click.echo('ERROR: File doesn\'t match previous version!')

    # Saves the file if needed
    if save_file is not None:
        click.echo('\nSaving file...')
        shutil.copy(os.path.join(temp_dir, FILENAME_FILE1), save_file)

    # Generate JSON file if needed
    if output_json is not None:
        json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode,
                                                      verification_result, comparison_result,
                                                      cmd_output, os.path.join(temp_dir, FILENAME_FILE1),
                                                      msg_callback)
        open(output_json, "w").write(json_data)

    _process_result(verification_result)
Esempio n. 16
0
 def test_valid(self):
     assert type(IcetrustUtils.pgp_init()) is gnupg.GPG
Esempio n. 17
0
 def test_valid_with_dir(self, tmp_path):
     new_dir = os.path.join(tmp_path, "sub")
     os.mkdir(new_dir)
     assert type(IcetrustUtils.pgp_init(gpg_home_dir=new_dir)) is gnupg.GPG
Esempio n. 18
0
 def test_invalid_missing_arguments3(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     with pytest.raises(ValueError):
         IcetrustUtils.pgp_import_keys(gpg, keyserver='foobar')