def _signManifest(self):
configHolder = ConfigHolder(self.__dict__)
signator = Signator(self.manifestFile, configHolder)
rc = signator.sign()
if rc:
raise ExecutionException('Failed to sign manifest.')
self.manifestFile = signator.outputManifestFile
def doWork(self):
configHolder = ConfigHolder(self.options.__dict__)
signator = Signator(self.manifestFile, configHolder)
isError = signator.sign()
if isError:
Util.printError('Error signing metadata file')
else:
Util.printDetail('Metadata file successfully signed: %s' % signator.outputManifestFile)
def deprecate(self, imageId):
tempDeprecatedMetadataFilename = tempfile.mktemp()
tempMetadataFilename = tempfile.mktemp()
try:
imageURI = imageId + '/' + self.email
if len(self.created) != 0:
imageURI = imageURI + '/' + self.created
# Get metadata file
self.manifestDownloader.getManifestAsFile(imageURI, tempMetadataFilename)
# Strip signature
xml = etree.ElementTree(file=tempMetadataFilename)
root = xml.getroot()
if (root.tag == "metadata"):
rootElement = root.find('.//{%s}RDF' % ManifestInfo.NS_RDF)
else:
rootElement = root
descriptionElement = rootElement.find('.//{%s}Description' % ManifestInfo.NS_RDF)
descriptionElement.remove(descriptionElement.find('.//{%s}endorsement' % ManifestInfo.NS_SLREQ))
endorsement = etree.Element('{%s}%s' % (ManifestInfo.NS_SLREQ, 'endorsement'), parseType="Resource")
descriptionElement.append(endorsement)
signatureElement = rootElement.find('.//{%s}Signature' % 'http://www.w3.org/2000/09/xmldsig#')
rootElement.remove(signatureElement)
xml._setroot(rootElement)
# Add deprecated entry
elem = etree.Element('{%s}%s' % (ManifestInfo.NS_SLTERMS, 'deprecated'))
elem.text = self.reason
descriptionElement.append(elem)
xml.write(tempDeprecatedMetadataFilename)
# Sign and upload
signator = Signator(tempDeprecatedMetadataFilename, self.configHolder)
isError = signator.sign()
if isError:
raise ExecutionException('Error signing new manifest')
return self.uploader.upload(tempDeprecatedMetadataFilename)
finally:
try:
os.unlink(tempMetadataFilename)
os.unlink(tempDeprecatedMetadataFilename)
os.unlink(tempDeprecatedMetadataFilename+'.orig')
except:
pass
def testGenerateManifest(self):
manifest_info = ManifestInfo()
manifest_info.parseManifest(self.TEST_MANIFEST)
ManifestDownloader.getManifestInfo = Mock(return_value=manifest_info)
PDISK_ENDPOINT = 'pdisk:0.0.0.0:8445'
TMSaveCache._getAttachedVolumeURIs = Mock(
return_value=[PDISK_ENDPOINT + ':48ac4190-9a11-4a06-8bef-03fd97080eba'])
tm = TMSaveCache({TMSaveCache._ARG_SRC_POS: 'foo:/bar/1'},
conf_filename=self.conf_filename)
tm._parseArgs()
tm._retrieveAttachedVolumeInfo()
tm.createImageInfo = {VmManager.CREATE_IMAGE_KEY_CREATOR_EMAIL: '*****@*****.**',
VmManager.CREATE_IMAGE_KEY_CREATOR_NAME: 'Jay Random',
VmManager.CREATE_IMAGE_KEY_NEWIMAGE_COMMENT: 'test',
VmManager.CREATE_IMAGE_KEY_NEWIMAGE_VERSION: '0.0',
VmManager.CREATE_IMAGE_KEY_NEWIMAGE_MARKETPLACE: 'http://new.markeplace.org'}
tm.imageSha1 = 'ea7d0ddf7af4e2ea431db89639feb7036fb23062'
tm.createdPDiskId = 'foo-bar-baz'
try:
tm._generateP12Cert()
self.failUnless(os.path.exists(tm.p12cert))
tm._generateP12Cert()
tm._retrieveManifestsPath()
tm.pdiskPathNew = tm._buildPDiskPath(tm.createdPDiskId)
tm._buildAndSaveManifest()
self.failUnless(os.path.exists(tm.manifestNotSignedPath))
minfo = ManifestInfo()
minfo.parseManifestFromFile(tm.manifestNotSignedPath)
assert minfo.comment == 'test'
assert minfo.creator == 'Jay Random'
assert minfo.version == '0.0'
assert minfo.sha1 == tm.imageSha1
assert minfo.locations == ['pdisk:' + Util.getHostnamePortFromUri(tm.persistentDiskPublicBaseUrl) + ':foo-bar-baz']
self.failUnless('foo-bar-baz' in str(tm._emailText()))
if not Signator.findJar():
print "Skipping signature sub-test as Signator jar can not be found."
return
tm._signManifest()
self.failUnless(os.path.exists(tm.manifestPath))
finally:
tm._cleanup()
def doWork(self):
configHolder = ConfigHolder(self.options.__dict__)
signator = Signator(self.manifestFile, configHolder)
rc = signator.validate()
if rc != 0:
sys.exit(rc)
def verifySignature(self, imageFilename, metadataFilename):
signator = Signator(metadataFilename, self.configHolder)
res = signator.validate()
if res:
raise ExecutionException('Failed to validate metadata file')
