def set_data(self, data, size=None):
if size is None:
size = 0 # NOTE(markwash): zero -> unknown size
location, size, checksum, loc_meta = self.store_api.add_to_backend(
CONF,
self.image.image_id,
utils.LimitingReader(utils.CooperativeReader(data),
CONF.image_size_cap),
size,
context=self.context)
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
self.image.locations = [{
'url': location,
'metadata': loc_meta,
'status': 'active'
}]
self.image.size = size
self.image.checksum = checksum
self.image.status = 'active'
def set_data(self, data, size=None):
if size is None:
size = 0 # NOTE(markwash): zero -> unknown size
location, size, checksum, loc_meta = self.store_api.add_to_backend(
CONF,
self.image.image_id,
utils.LimitingReader(utils.CooperativeReader(data),
CONF.image_size_cap),
size,
context=self.context)
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
msg = (_LI("Successfully verified signature for image "
"%s") % self.image.image_id)
LOG.info(msg)
self.image.locations = [{'url': location, 'metadata': loc_meta,
'status': 'active'}]
self.image.size = size
self.image.checksum = checksum
self.image.status = 'active'
def _verify_signature_if_needed(self, checksum):
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
def _verify_signature_if_needed(self, checksum):
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
def test_verify_signature_PSS(self, mock_get_pub_key):
checksum_hash = "224626ae19824466f2a7f39ab7b80f7f"
mock_get_pub_key.return_value = TEST_PRIVATE_KEY.public_key()
for hash_name, hash_alg in signature_utils.HASH_METHODS.iteritems():
signer = TEST_PRIVATE_KEY.signer(
padding.PSS(mgf=padding.MGF1(hash_alg), salt_length=padding.PSS.MAX_LENGTH), hash_alg
)
signer.update(checksum_hash)
signature = base64.b64encode(signer.finalize())
image_props = {
CERT_UUID: "fea14bc2-d75f-4ba5-bccc-b5c924ad0693",
HASH_METHOD: hash_name,
KEY_TYPE: "RSA-PSS",
MASK_GEN_ALG: "MGF1",
SIGNATURE: signature,
}
self.assertTrue(signature_utils.verify_signature(None, checksum_hash, image_props))
def test_verify_signature_PSS(self, mock_get_pub_key):
checksum_hash = b'224626ae19824466f2a7f39ab7b80f7f'
mock_get_pub_key.return_value = TEST_PRIVATE_KEY.public_key()
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
signer = TEST_PRIVATE_KEY.signer(
padding.PSS(mgf=padding.MGF1(hash_alg),
salt_length=padding.PSS.MAX_LENGTH), hash_alg)
signer.update(checksum_hash)
signature = base64.b64encode(signer.finalize())
image_props = {
CERT_UUID: 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693',
HASH_METHOD: hash_name,
KEY_TYPE: 'RSA-PSS',
MASK_GEN_ALG: 'MGF1',
SIGNATURE: signature
}
self.assertTrue(
signature_utils.verify_signature(None, checksum_hash,
image_props))
def test_old_verify_signature_custom_PSS_salt(self, mock_get_pub_key):
checksum_hash = b'224626ae19824466f2a7f39ab7b80f7f'
mock_get_pub_key.return_value = TEST_PRIVATE_KEY.public_key()
custom_salt_length = 32
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
signer = TEST_PRIVATE_KEY.signer(
padding.PSS(
mgf=padding.MGF1(hash_alg),
salt_length=custom_salt_length
),
hash_alg
)
signer.update(checksum_hash)
signature = base64.b64encode(signer.finalize())
image_props = {OLD_CERT_UUID:
'fea14bc2-d75f-4ba5-bccc-b5c924ad0693',
OLD_HASH_METHOD: hash_name,
OLD_KEY_TYPE: 'RSA-PSS',
MASK_GEN_ALG: 'MGF1',
PSS_SALT_LENGTH: custom_salt_length,
OLD_SIGNATURE: signature}
self.assertTrue(signature_utils.verify_signature(None,
checksum_hash,
image_props))
