def verify(*targets, **kw):
"""
Verify files
Arguments: files and/or directories
KW Arguments:
mfname :- the MANIFEST filename (default ./MANIFEST)
sfname :- the SIGNATURE filename (default ./SIGNATURE)
public_crt :- the signing key (default: /etc/hubble/sign/public.crt)
ca_crt :- the trust chain for the public_crt (default: /etc/hubble/sign/ca-root.crt)
can optionally be a list of cert files; in which case, the
first file is trusted, and additional files are assumed to be
intermediates and are only trusted if a trust path can be
found.
"""
mfname = kw.get('mfname', 'MANIFEST')
sfname = kw.get('sfname', 'SIGNATURE')
public_crt = kw.get('public_crt', HuS.Options.public_crt)
ca_crt = kw.get('ca_crt', HuS.Options.ca_crt)
pwd = os.path.abspath(os.path.curdir)
log.debug(
'signing.verify(targets=%s, mfname=%s, sfname=%s, public_crt=%s, ca_crt=%s, pwd=%s)',
targets, mfname, sfname, public_crt, ca_crt, pwd)
return dict(
HuS.verify_files(targets,
mfname=mfname,
sfname=sfname,
public_crt=public_crt,
ca_crt=ca_crt))
def test_no_ca_given(__salt__, targets, no_ppc, cdbt):
# the public/private-3 is from some unknown CA
# ... so if we don't specify any CA, then our result should be unknown
sig.Options.ca_crt = ''
sig.Options.public_crt = cdb('public-1.crt', cdbt, 2)
sig.Options.private_key = cdb('private-1.key', cdbt, 2)
__salt__['signing.msign'](*targets)
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
for thing in ['MANIFEST'] + list(targets):
assert thing in res and res[thing] == U
def test_cert_outside_ca(__salt__, targets, no_ppc, cdbt):
# the public/private-3 keypair is not from the same modulo group
# as the other keys. we should get a FAIL result here
sig.Options.ca_crt = (cdb('ca-root.crt', cdbt,
1), cdb('bundle.pem', cdbt, 1))
sig.Options.public_crt = cdb('public-1.crt', cdbt, 2)
sig.Options.private_key = cdb('private-1.key', cdbt, 2)
__salt__['signing.msign'](*targets)
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
for thing in ['MANIFEST'] + list(targets):
assert thing in res and res[thing] == F
def test_msign_and_verify_files(__salt__, targets, no_ppc, cdbt):
inverse = {2: 1, 1: 2}
sig.Options.ca_crt = (cdb('ca-root.crt', cdbt,
1), cdb('bundle.pem', cdbt, 1))
for i in (1, 2):
# setup key-{i} and sign the repo
sig.Options.public_crt = cdb('public-{}.crt'.format(i), cdbt, 1)
sig.Options.private_key = cdb('private-{}.key'.format(i), cdbt, 1)
__salt__['signing.msign'](*targets)
# verify that we trust the files
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
for thing in ['MANIFEST'] + list(targets):
assert thing in res and res[thing] == V
# let's mess with one file and see how we do
with open(targets[-1], 'a') as fh:
fh.write('hi there!\n')
res2 = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
assert targets[-1] in res2 and res2[targets[-1]] == F # we ruined it
assert targets[0] in res2 and res2[targets[0]] == V # still good
# swap our configs to use the other public key
# but don't resign the file; uh oh, these aren't signed right now!!
sig.Options.public_crt = cdb('public-{}.crt'.format(inverse[i]), cdbt,
1)
sig.Options.private_key = cdb('private-{}.key'.format(inverse[i]),
cdbt, 1)
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
for thing in ['MANIFEST'] + list(targets):
assert thing in res and res[thing] == F
def test_no_SIGNATURE(__salt__, targets, no_ppc, cdbt):
# the public/private-3 is from some unknown CA
# ... so if we don't specify any CA, then our result should be unknown
sig.Options.ca_crt = (cdb('ca-root.crt', cdbt,
1), cdb('bundle.pem', cdbt, 1))
sig.Options.public_crt = cdb('public-1.crt', cdbt, 1)
sig.Options.private_key = cdb('private-1.key', cdbt, 1)
__salt__['signing.msign'](*targets)
os.unlink('SIGNATURE')
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
for thing in ['MANIFEST'] + list(targets):
assert thing in res and res[thing] == U
def test_no_MANIFEST_or_SIGNATURE(__salt__, targets, no_ppc, cdbt):
# if we have a SIGNATURE without a MANIFEST, we should fail
# because our MANIFEST hash will not match the signed hash
# (a sig without manifest is probably a really bad sign and also a rare condition anyway)
sig.Options.ca_crt = (cdb('ca-root.crt', cdbt,
1), cdb('bundle.pem', cdbt, 1))
sig.Options.public_crt = cdb('public-1.crt', cdbt, 1)
sig.Options.private_key = cdb('private-1.key', cdbt, 1)
__salt__['signing.msign'](
*targets) # re-sign just to make sure the two files are present
os.unlink('MANIFEST') # but remove them
os.unlink('SIGNATURE') # bahleeted
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
len(res) == 0
def test_no_MANIFEST(__salt__, targets, no_ppc, cdbt):
# If we have a SIGNATURE without a MANIFEST, we should fail, because our
# MANIFEST hash will not match the signed hash -- a sig without manifest is
# probably a really bad sign and also a rare condition anyway. Also,
# without the manifest, the most we can say about the rest of the files is
# UNKNOWN
sig.Options.ca_crt = (cdb('ca-root.crt', cdbt,
1), cdb('bundle.pem', cdbt, 1))
sig.Options.public_crt = cdb('public-1.crt', cdbt, 1)
sig.Options.private_key = cdb('private-1.key', cdbt, 1)
__salt__['signing.msign'](*targets)
os.unlink('MANIFEST')
res = sig.verify_files(targets,
public_crt=sig.Options.public_crt,
ca_crt=sig.Options.ca_crt)
assert 'MANIFEST' in res and res['MANIFEST'] == F
for thing in list(targets):
assert thing in res and res[thing] == U
