def set_data(self, data, size=None): if size is None: size = 0 # NOTE(markwash): zero -> unknown size location, size, checksum, loc_meta = self.store_api.add_to_backend( CONF, self.image.image_id, utils.LimitingReader(utils.CooperativeReader(data), CONF.image_size_cap), size, context=self.context) # Verify the signature (if correct properties are present) if (signature_utils.should_verify_signature( self.image.extra_properties)): # NOTE(bpoulos): if verification fails, exception will be raised result = signature_utils.verify_signature( self.context, checksum, self.image.extra_properties) if result: msg = (_LI("Successfully verified signature for image " "%s") % self.image.image_id) LOG.info(msg) self.image.locations = [{'url': location, 'metadata': loc_meta, 'status': 'active'}] self.image.size = size self.image.checksum = checksum self.image.status = 'active'
def set_data(self, data, size=None): if size is None: size = 0 # NOTE(markwash): zero -> unknown size location, size, checksum, loc_meta = self.store_api.add_to_backend( CONF, self.image.image_id, utils.LimitingReader(utils.CooperativeReader(data), CONF.image_size_cap), size, context=self.context) # Verify the signature (if correct properties are present) if (signature_utils.should_verify_signature( self.image.extra_properties)): # NOTE(bpoulos): if verification fails, exception will be raised result = signature_utils.verify_signature( self.context, checksum, self.image.extra_properties) if result: LOG.info(_LI("Successfully verified signature for image %s"), self.image.image_id) self.image.locations = [{ 'url': location, 'metadata': loc_meta, 'status': 'active' }] self.image.size = size self.image.checksum = checksum self.image.status = 'active'
def test_should_verify_signature(self): image_props = { CERT_UUID: 'CERT_UUID', HASH_METHOD: 'HASH_METHOD', SIGNATURE: 'SIGNATURE', KEY_TYPE: 'SIG_KEY_TYPE' } self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_old_should_verify_signature(self): image_props = { OLD_CERT_UUID: 'OLD_CERT_UUID', OLD_HASH_METHOD: 'OLD_HASH_METHOD', OLD_SIGNATURE: 'OLD_SIGNATURE', OLD_KEY_TYPE: 'SIG_KEY_TYPE' } self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_should_verify_signature(self): image_props = { CERT_UUID: "CERT_UUID", HASH_METHOD: "HASH_METHOD", SIGNATURE: "SIGNATURE", KEY_TYPE: "SIG_KEY_TYPE", } self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_old_should_verify_signature(self): image_props = { OLD_CERT_UUID: "OLD_CERT_UUID", OLD_HASH_METHOD: "OLD_HASH_METHOD", OLD_SIGNATURE: "OLD_SIGNATURE", OLD_KEY_TYPE: "SIG_KEY_TYPE", } self.assertTrue(signature_utils.should_verify_signature(image_props))
def _verify_signature_if_needed(self, checksum): # Verify the signature (if correct properties are present) if (signature_utils.should_verify_signature( self.image.extra_properties)): # NOTE(bpoulos): if verification fails, exception will be raised result = signature_utils.verify_signature( self.context, checksum, self.image.extra_properties) if result: LOG.info(_LI("Successfully verified signature for image %s"), self.image.image_id)
def test_should_verify_signature_fail(self): bad_image_properties = [ {CERT_UUID: "CERT_UUID", HASH_METHOD: "HASH_METHOD", SIGNATURE: "SIGNATURE"}, {CERT_UUID: "CERT_UUID", HASH_METHOD: "HASH_METHOD", KEY_TYPE: "SIG_KEY_TYPE"}, {CERT_UUID: "CERT_UUID", SIGNATURE: "SIGNATURE", KEY_TYPE: "SIG_KEY_TYPE"}, {HASH_METHOD: "HASH_METHOD", SIGNATURE: "SIGNATURE", KEY_TYPE: "SIG_KEY_TYPE"}, ] for bad_props in bad_image_properties: result = signature_utils.should_verify_signature(bad_props) self.assertFalse(result)
def test_old_should_verify_signature_fail(self): bad_image_properties = [{OLD_CERT_UUID: 'OLD_CERT_UUID', OLD_HASH_METHOD: 'OLD_HASH_METHOD', OLD_SIGNATURE: 'OLD_SIGNATURE'}, {OLD_CERT_UUID: 'OLD_CERT_UUID', OLD_HASH_METHOD: 'OLD_HASH_METHOD', OLD_KEY_TYPE: 'SIG_KEY_TYPE'}, {OLD_CERT_UUID: 'OLD_CERT_UUID', OLD_SIGNATURE: 'OLD_SIGNATURE', OLD_KEY_TYPE: 'SIG_KEY_TYPE'}, {OLD_HASH_METHOD: 'OLD_HASH_METHOD', OLD_SIGNATURE: 'OLD_SIGNATURE', OLD_KEY_TYPE: 'SIG_KEY_TYPE'}] for bad_props in bad_image_properties: result = signature_utils.should_verify_signature(bad_props) self.assertFalse(result)
def test_should_verify_signature_fail(self): bad_image_properties = [{CERT_UUID: 'CERT_UUID', HASH_METHOD: 'HASH_METHOD', SIGNATURE: 'SIGNATURE'}, {CERT_UUID: 'CERT_UUID', HASH_METHOD: 'HASH_METHOD', KEY_TYPE: 'SIG_KEY_TYPE'}, {CERT_UUID: 'CERT_UUID', SIGNATURE: 'SIGNATURE', KEY_TYPE: 'SIG_KEY_TYPE'}, {HASH_METHOD: 'HASH_METHOD', SIGNATURE: 'SIGNATURE', KEY_TYPE: 'SIG_KEY_TYPE'}] for bad_props in bad_image_properties: result = signature_utils.should_verify_signature(bad_props) self.assertFalse(result)
def test_should_verify_signature(self): image_props = {CERT_UUID: 'CERT_UUID', HASH_METHOD: 'HASH_METHOD', SIGNATURE: 'SIGNATURE', KEY_TYPE: 'SIG_KEY_TYPE'} self.assertTrue(signature_utils.should_verify_signature(image_props))