예제 #1
0
    def validate(self, data):
        public_key_provider = get_provider()
        public_key_pem = public_key_provider.get_public_key(self.keybase_username)
        signed_message = data['signed_message']

        with gpg_keyring(public_key_pem) as gpg:
            verification = gpg.verify(signed_message)
            validate_signature(verification)

            message = gpg.decrypt(signed_message).data

        try:
            peer_review_data = json.loads(message)
        except ValueError:
            raise serializers.ValidationError(self.error_messages['json_invalid'])

        validate_peer_review(peer_review_data)

        validated_data = {
            'data': json.dumps({
                'policy_application': peer_review_data,
                'signed_message': signed_message,
                'public_key': public_key_pem,
                'public_key_provider': public_key_provider.name,
                'public_key_identity': {
                    'username': self.keybase_username,
                }
            }, sort_keys=True),
            'result': peer_review_data['result'],
        }

        return validated_data
예제 #2
0
    def validate(self, data):
        if self.instance is None:
            raise serializers.ValidationError("Cannot verify without a user instance")

        if self.instance.keybase_username:
            raise serializers.ValidationError("Cannot override existing keybase username")

        public_key_provider = get_provider()
        public_key_pem = public_key_provider.get_public_key(data["keybase_username"])
        signed_message = data['signed_message']

        with gpg_keyring(public_key_pem) as gpg:
            verification = gpg.verify(signed_message)
            validate_signature(verification)

            message = gpg.decrypt(signed_message).data.strip()

        try:
            user_id = signing.loads(message, max_age=datetime.timedelta(minutes=10))
        except signing.SignatureExpired:
            raise serializers.ValidationError(
                "Token expired. Please refresh and generate a new one."
            )
        except signing.BadSignature:
            raise serializers.ValidationError(
                "Could not validate token. Make sure you copied "
                "the full token or refresh and try again."
            )

        if user_id != self.instance.id:
            raise serializers.ValidationError("Mismatched user ID")

        return data
예제 #3
0
    def validate(self, data):
        keybase_username = data["keybase_username"]
        signed_message = data['signed_message']

        public_key_provider = get_provider()
        public_key_pem = public_key_provider.get_public_key(keybase_username)

        with gpg_keyring(public_key_pem) as gpg:
            verification = gpg.verify(signed_message)
            validate_signature(verification)

            message = gpg.decrypt(signed_message).data

        try:
            policy_data = json.loads(message)
        except ValueError:
            raise serializers.ValidationError(self.error_messages['json_invalid'])

        validate_policy_application(policy_data)

        expected_proofs = public_key_provider.get_proofs(keybase_username)
        actual_proofs = policy_data['identity']['verification_data']['proofs']

        expected_proofs_set = set(json.dumps(v, sort_keys=True) for v in expected_proofs)
        actual_proofs_set = set(json.dumps(v, sort_keys=True) for v in actual_proofs)

        if expected_proofs_set != actual_proofs_set:
            raise serializers.ValidationError(self.error_messages['proofs_invalid'])

        validated_data = {
            'is_final': True,
            'data': json.dumps({
                'policy_data': policy_data,
                'signed_message': signed_message,
                'public_key': public_key_pem,
                'public_key_provider': public_key_provider.name,
                'public_key_identity': {
                    'username': keybase_username,
                }
            }, sort_keys=True),
            'is_signed': True
        }
        return validated_data