def verify(self, verify_key): """Verify that this MAR file has a valid signature. Args: verify_key (str): PEM formatted public key Returns: True if the MAR file's signature matches its contents False otherwise; this includes cases where there is no signature. """ if not self.mardata.signatures or not self.mardata.signatures.sigs: # This MAR file can't be verified since it has no signatures return False hashers = [] for sig in self.mardata.signatures.sigs: hashers.append((sig.algorithm_id, sig.signature, make_hasher(sig.algorithm_id))) assert len(hashers) == len(self.mardata.signatures.sigs) for block in get_signature_data(self.fileobj, self.mardata.signatures.filesize): [h.update(block) for (_, _, h) in hashers] for algo_id, sig, h in hashers: if not verify_signature(verify_key, sig, h.finalize(), h.algorithm.name): return False else: return True
def calculate_signatures(self): """Calculate the signatures for this MAR file. Returns: A list of signature tuples: [(algorithm_id, signature_data), ...] """ signers = self.get_signers() for block in get_signature_data(self.fileobj, self.filesize): [sig.update(block) for (_, sig) in signers] signatures = [(algo_id, sig.finalize()) for (algo_id, sig) in signers] return signatures
def calculate_signatures(self): """Calculate the signatures for this MAR file. Returns: A list of signature tuples: [(algorithm_id, signature_data), ...] """ if not self.signing_algorithm: return [] algo_id = {'sha1': 1, 'sha384': 2}[self.signing_algorithm] hashers = [(algo_id, make_hasher(algo_id))] for block in get_signature_data(self.fileobj, self.filesize): [h.update(block) for (_, h) in hashers] signatures = [(algo_id, sign_hash(self.signing_key, h.finalize(), h.algorithm.name)) for (algo_id, h) in hashers] return signatures
def calculate_hashes(self): """Return hashes of the contents of this MAR file. The hashes depend on the algorithms defined in the MAR file's signature block. Returns: A list of (algorithm_id, hash) tuples """ hashers = [] if not self.mardata.signatures: return [] for s in self.mardata.signatures.sigs: h = make_hasher(s.algorithm_id) hashers.append((s.algorithm_id, h)) for block in get_signature_data(self.fileobj, self.mardata.signatures.filesize): [h.update(block) for (_, h) in hashers] return [(algo_id, h.finalize()) for (algo_id, h) in hashers]
def verify(self, verify_key): """Verify that this MAR file has a valid signature. Args: verify_key (str): PEM formatted public key Returns: True if the MAR file's signature matches its contents False otherwise; this includes cases where there is no signature. """ if not self.mardata.signatures or not self.mardata.signatures.sigs: # This MAR file can't be verified since it has no signatures return False verifiers = [] for sig in self.mardata.signatures.sigs: if sig.algorithm_id == 1: verifier = make_verifier_v1(verify_key, sig.signature) verifiers.append(verifier) elif sig.algorithm_id == 2: verifier = make_verifier_v2(verify_key, sig.signature) verifiers.append(verifier) else: raise ValueError('Unsupported algorithm ({})'.format( sig.algorithm_id)) assert len(verifiers) == len(self.mardata.signatures.sigs) for block in get_signature_data(self.fileobj, self.mardata.signatures.filesize): [v.update(block) for v in verifiers] for v in verifiers: try: v.verify() except InvalidSignature: return False else: return True
def test_get_signature_data(mar_uu): with mar_uu.open('rb') as f: with raises(IOError): list(get_signature_data(f, mar_uu.size))