Пример #1
0
    def import_key_material(gpg,
                            dir,
                            verification_data,
                            cmd_output=None,
                            msg_callback=None):
        """
        Import keys if needed

        :param verification_mode: verification mode being used
        :param dir: directory to download to
        :param filename_url: URL for the main file to be downloaded
        :param verification_data: parsed JSON containing verification data
        :param cmd_output: command output
        :param msg_callback: message callback object, can be used to collect additional data via .echo()
        :return: True if succesful, False if not, None if skipped
        """
        keyfile_path = None
        if 'keyfile_url' in verification_data:
            keyfile_path = os.path.join(dir, FILENAME_KEYS)

        # Do the actual import
        import_result = IcetrustUtils.pgp_import_keys(
            gpg,
            keyfile=keyfile_path,
            keyid=None if keyfile_path else verification_data['keyid'],
            keyserver=None if keyfile_path else verification_data['keyserver'],
            cmd_output=cmd_output,
            msg_callback=msg_callback)
        return import_result
Пример #2
0
 def test_invalid_file_verbose(self, tmp_path, mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile='foobar', msg_callback=mock_msg_callback) is False
     assert len(mock_msg_callback.messages) == 1
     assert mock_msg_callback.messages[
         0] == "[Errno 2] No such file or directory: 'foobar'"
Пример #3
0
 def test_invalid_fromkeyid(self, mock_msg_callback):
     # TODO: Switch to use tmp_path fixture
     temp_dir_obj = tempfile.TemporaryDirectory()
     tmp_path = os.path.join(temp_dir_obj.name, '')
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg,
         keyid='foobar',
         keyserver='keyserver.ubuntu.com',
         msg_callback=mock_msg_callback) is False
Пример #4
0
 def test_valid_fromfile_verbose(self, tmp_path, mock_msg_callback):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg,
         keyfile=os.path.join(TEST_DIR, 'pgp_keys.txt'),
         msg_callback=mock_msg_callback) is True
     assert len(mock_msg_callback.messages) == 2
     assert mock_msg_callback.messages[
         0] == '--- Results of key import ---\n'
     assert '[GNUPG:] IMPORTED FBFCC82A015E7330' in mock_msg_callback.messages[
         1]
Пример #5
0
def pgp(verbose, filename, signaturefile, keyfile, keyid, keyserver):
    """Verify FILENAME via a PGP signature in SIGNATUREFILE using provided keys"""
    # Check input parameters
    if keyfile is None and (keyid is None or keyserver is None):
        click.echo("ERROR: Either '--keyfile' or '--keyid/--keyserver' parameters must be set!")
        sys.exit(2)

    # Initialize PGP and import keys
    gpg = IcetrustUtils.pgp_init(verbose)
    import_result = IcetrustUtils.pgp_import_keys(gpg, keyfile=keyfile, keyid=keyid, keyserver=keyserver,
                                                  msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if import_result is False:
        _process_result(import_result)

    # Verify file
    verification_result = IcetrustUtils.pgp_verify(gpg, filename, signaturefile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    _process_result(verification_result)
Пример #6
0
def pgpchecksumfile(verbose, filename, checksumfile, signaturefile, algorithm, keyfile, keyid, keyserver):
    """Verify FILENAME via a PGP-signed CHECKSUMFILE, with a signature in SIGNATUREFILE using provided keys"""
    # Check input parameters
    if keyfile is None and (keyid is None or keyserver is None):
        click.echo("ERROR: Either '--keyfile' or '--keyid/--keyserver' parameters must be set!")
        sys.exit(2)

    # Initialize PGP and import keys
    gpg = IcetrustUtils.pgp_init(verbose)
    import_result = IcetrustUtils.pgp_import_keys(gpg, keyfile=keyfile, keyid=keyid, keyserver=keyserver,
                                                  msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if import_result is False:
        _process_result(import_result)

    # Verify checksums file
    verification_result = IcetrustUtils.pgp_verify(gpg, checksumfile, signaturefile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    if verification_result.status is False:
        _process_result(verification_result)

    # Check hash against the checksums file
    checksum_valid = IcetrustUtils.verify_checksum(filename, algorithm, checksumfile=checksumfile,
                                                   msg_callback=IcetrustUtils.process_verbose_flag(verbose))
    _process_result(checksum_valid)
Пример #7
0
 def test_invalid_missing_arguments3(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     with pytest.raises(ValueError):
         IcetrustUtils.pgp_import_keys(gpg, keyserver='foobar')
Пример #8
0
 def test_invalid_file_no_keys(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile=os.path.join(TEST_DIR, 'file1.txt.sig')) is False
Пример #9
0
 def test_invalid_file(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(gpg, keyfile='foobar') is False
Пример #10
0
 def test_valid_fromfile(self, tmp_path):
     gpg = IcetrustUtils.pgp_init(tmp_path)
     assert IcetrustUtils.pgp_import_keys(
         gpg, keyfile=os.path.join(TEST_DIR, 'pgp_keys.txt')) is True