def validate(self, data):
public_key_provider = get_provider()
public_key_pem = public_key_provider.get_public_key(self.keybase_username)
signed_message = data['signed_message']
with gpg_keyring(public_key_pem) as gpg:
verification = gpg.verify(signed_message)
validate_signature(verification)
message = gpg.decrypt(signed_message).data
try:
peer_review_data = json.loads(message)
except ValueError:
raise serializers.ValidationError(self.error_messages['json_invalid'])
validate_peer_review(peer_review_data)
validated_data = {
'data': json.dumps({
'policy_application': peer_review_data,
'signed_message': signed_message,
'public_key': public_key_pem,
'public_key_provider': public_key_provider.name,
'public_key_identity': {
'username': self.keybase_username,
}
}, sort_keys=True),
'result': peer_review_data['result'],
}
return validated_data
def validate(self, data):
if self.instance is None:
raise serializers.ValidationError("Cannot verify without a user instance")
if self.instance.keybase_username:
raise serializers.ValidationError("Cannot override existing keybase username")
public_key_provider = get_provider()
public_key_pem = public_key_provider.get_public_key(data["keybase_username"])
signed_message = data['signed_message']
with gpg_keyring(public_key_pem) as gpg:
verification = gpg.verify(signed_message)
validate_signature(verification)
message = gpg.decrypt(signed_message).data.strip()
try:
user_id = signing.loads(message, max_age=datetime.timedelta(minutes=10))
except signing.SignatureExpired:
raise serializers.ValidationError(
"Token expired. Please refresh and generate a new one."
)
except signing.BadSignature:
raise serializers.ValidationError(
"Could not validate token. Make sure you copied "
"the full token or refresh and try again."
)
if user_id != self.instance.id:
raise serializers.ValidationError("Mismatched user ID")
return data
def validate(self, data):
keybase_username = data["keybase_username"]
signed_message = data['signed_message']
public_key_provider = get_provider()
public_key_pem = public_key_provider.get_public_key(keybase_username)
with gpg_keyring(public_key_pem) as gpg:
verification = gpg.verify(signed_message)
validate_signature(verification)
message = gpg.decrypt(signed_message).data
try:
policy_data = json.loads(message)
except ValueError:
raise serializers.ValidationError(self.error_messages['json_invalid'])
validate_policy_application(policy_data)
expected_proofs = public_key_provider.get_proofs(keybase_username)
actual_proofs = policy_data['identity']['verification_data']['proofs']
expected_proofs_set = set(json.dumps(v, sort_keys=True) for v in expected_proofs)
actual_proofs_set = set(json.dumps(v, sort_keys=True) for v in actual_proofs)
if expected_proofs_set != actual_proofs_set:
raise serializers.ValidationError(self.error_messages['proofs_invalid'])
validated_data = {
'is_final': True,
'data': json.dumps({
'policy_data': policy_data,
'signed_message': signed_message,
'public_key': public_key_pem,
'public_key_provider': public_key_provider.name,
'public_key_identity': {
'username': keybase_username,
}
}, sort_keys=True),
'is_signed': True
}
return validated_data