def set_data(self, data, size=None):
if size is None:
size = 0 # NOTE(markwash): zero -> unknown size
location, size, checksum, loc_meta = self.store_api.add_to_backend(
CONF,
self.image.image_id,
utils.LimitingReader(utils.CooperativeReader(data),
CONF.image_size_cap),
size,
context=self.context)
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
msg = (_LI("Successfully verified signature for image "
"%s") % self.image.image_id)
LOG.info(msg)
self.image.locations = [{'url': location, 'metadata': loc_meta,
'status': 'active'}]
self.image.size = size
self.image.checksum = checksum
self.image.status = 'active'
def set_data(self, data, size=None):
if size is None:
size = 0 # NOTE(markwash): zero -> unknown size
location, size, checksum, loc_meta = self.store_api.add_to_backend(
CONF,
self.image.image_id,
utils.LimitingReader(utils.CooperativeReader(data),
CONF.image_size_cap),
size,
context=self.context)
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
self.image.locations = [{
'url': location,
'metadata': loc_meta,
'status': 'active'
}]
self.image.size = size
self.image.checksum = checksum
self.image.status = 'active'
def test_should_verify_signature(self):
image_props = {
CERT_UUID: 'CERT_UUID',
HASH_METHOD: 'HASH_METHOD',
SIGNATURE: 'SIGNATURE',
KEY_TYPE: 'SIG_KEY_TYPE'
}
self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_old_should_verify_signature(self):
image_props = {
OLD_CERT_UUID: 'OLD_CERT_UUID',
OLD_HASH_METHOD: 'OLD_HASH_METHOD',
OLD_SIGNATURE: 'OLD_SIGNATURE',
OLD_KEY_TYPE: 'SIG_KEY_TYPE'
}
self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_should_verify_signature(self):
image_props = {
CERT_UUID: "CERT_UUID",
HASH_METHOD: "HASH_METHOD",
SIGNATURE: "SIGNATURE",
KEY_TYPE: "SIG_KEY_TYPE",
}
self.assertTrue(signature_utils.should_verify_signature(image_props))
def test_old_should_verify_signature(self):
image_props = {
OLD_CERT_UUID: "OLD_CERT_UUID",
OLD_HASH_METHOD: "OLD_HASH_METHOD",
OLD_SIGNATURE: "OLD_SIGNATURE",
OLD_KEY_TYPE: "SIG_KEY_TYPE",
}
self.assertTrue(signature_utils.should_verify_signature(image_props))
def _verify_signature_if_needed(self, checksum):
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
def _verify_signature_if_needed(self, checksum):
# Verify the signature (if correct properties are present)
if (signature_utils.should_verify_signature(
self.image.extra_properties)):
# NOTE(bpoulos): if verification fails, exception will be raised
result = signature_utils.verify_signature(
self.context, checksum, self.image.extra_properties)
if result:
LOG.info(_LI("Successfully verified signature for image %s"),
self.image.image_id)
def test_should_verify_signature_fail(self):
bad_image_properties = [
{CERT_UUID: "CERT_UUID", HASH_METHOD: "HASH_METHOD", SIGNATURE: "SIGNATURE"},
{CERT_UUID: "CERT_UUID", HASH_METHOD: "HASH_METHOD", KEY_TYPE: "SIG_KEY_TYPE"},
{CERT_UUID: "CERT_UUID", SIGNATURE: "SIGNATURE", KEY_TYPE: "SIG_KEY_TYPE"},
{HASH_METHOD: "HASH_METHOD", SIGNATURE: "SIGNATURE", KEY_TYPE: "SIG_KEY_TYPE"},
]
for bad_props in bad_image_properties:
result = signature_utils.should_verify_signature(bad_props)
self.assertFalse(result)
def test_old_should_verify_signature_fail(self):
bad_image_properties = [{OLD_CERT_UUID: 'OLD_CERT_UUID',
OLD_HASH_METHOD: 'OLD_HASH_METHOD',
OLD_SIGNATURE: 'OLD_SIGNATURE'},
{OLD_CERT_UUID: 'OLD_CERT_UUID',
OLD_HASH_METHOD: 'OLD_HASH_METHOD',
OLD_KEY_TYPE: 'SIG_KEY_TYPE'},
{OLD_CERT_UUID: 'OLD_CERT_UUID',
OLD_SIGNATURE: 'OLD_SIGNATURE',
OLD_KEY_TYPE: 'SIG_KEY_TYPE'},
{OLD_HASH_METHOD: 'OLD_HASH_METHOD',
OLD_SIGNATURE: 'OLD_SIGNATURE',
OLD_KEY_TYPE: 'SIG_KEY_TYPE'}]
for bad_props in bad_image_properties:
result = signature_utils.should_verify_signature(bad_props)
self.assertFalse(result)
def test_should_verify_signature_fail(self):
bad_image_properties = [{CERT_UUID: 'CERT_UUID',
HASH_METHOD: 'HASH_METHOD',
SIGNATURE: 'SIGNATURE'},
{CERT_UUID: 'CERT_UUID',
HASH_METHOD: 'HASH_METHOD',
KEY_TYPE: 'SIG_KEY_TYPE'},
{CERT_UUID: 'CERT_UUID',
SIGNATURE: 'SIGNATURE',
KEY_TYPE: 'SIG_KEY_TYPE'},
{HASH_METHOD: 'HASH_METHOD',
SIGNATURE: 'SIGNATURE',
KEY_TYPE: 'SIG_KEY_TYPE'}]
for bad_props in bad_image_properties:
result = signature_utils.should_verify_signature(bad_props)
self.assertFalse(result)
def test_should_verify_signature(self):
image_props = {CERT_UUID: 'CERT_UUID',
HASH_METHOD: 'HASH_METHOD',
SIGNATURE: 'SIGNATURE',
KEY_TYPE: 'SIG_KEY_TYPE'}
self.assertTrue(signature_utils.should_verify_signature(image_props))
