def recipe_signatures_are_correct(app_configs, **kwargs):
errors = []
try:
Recipe = apps.get_model('recipes', 'Recipe')
signed_recipes = list(Recipe.objects.exclude(signature=None))
except (ProgrammingError, OperationalError, ImproperlyConfigured):
errors.append(Info('Could not retrieve recipes', id=INFO_COULD_NOT_RETRIEVE_RECIPES))
else:
for recipe in signed_recipes:
data = recipe.canonical_json()
signature = recipe.signature.signature
pubkey = recipe.signature.public_key
try:
verify_signature(data, signature, pubkey)
except verify_signature.BadSignature as e:
msg = ("Recipe '{recipe}' (id={recipe.id}) has a bad signature: {detail}"
.format(recipe=recipe, detail=e.detail))
errors.append(Warning(msg, id=WARNING_INVALID_RECIPE_SIGNATURE))
return errors
def test_recipe_signatures(conf, requests_session):
r = requests_session.get(conf.getoption('server') + '/api/v1/recipe/signed/')
r.raise_for_status()
data = r.json()
if len(data) == 0:
pytest.skip('No signed recipes')
for item in data:
canonical_recipe = canonicaljson.encode_canonical_json(item['recipe'])
signature = item['signature']['signature']
pubkey = item['signature']['public_key']
assert verify_signature(canonical_recipe, signature, pubkey)
def test_recipe_signatures(conf, requests_session):
r = requests_session.get(conf.getoption('server') + '/api/v1/recipe/signed/')
r.raise_for_status()
data = r.json()
if len(data) == 0:
pytest.skip('No signed recipes')
for item in data:
canonical_recipe = canonical_json(item['recipe'])
signature = item['signature']['signature']
pubkey = item['signature']['public_key']
assert verify_signature(canonical_recipe, signature, pubkey)
def recipe_signatures_are_correct(app_configs, **kwargs):
errors = []
try:
Recipe = apps.get_model('recipes', 'Recipe')
signed_recipes = list(Recipe.objects.exclude(signature=None))
except (ProgrammingError, OperationalError, ImproperlyConfigured):
errors.append(
Info('Could not retrieve recipes',
id=INFO_COULD_NOT_RETRIEVE_RECIPES))
else:
for recipe in signed_recipes:
data = recipe.canonical_json()
signature = recipe.signature.signature
pubkey = recipe.signature.public_key
try:
verify_signature(data, signature, pubkey)
except verify_signature.BadSignature as e:
msg = (
"Recipe '{recipe}' (id={recipe.id}) has a bad signature: {detail}"
.format(recipe=recipe, detail=e.detail))
errors.append(Warning(msg,
id=WARNING_INVALID_RECIPE_SIGNATURE))
return errors
def test_raises_nice_error_for_wrong_signature(self):
# change the signature, but keep it a valid signature
signature = self.signature.replace('s', 'S')
with pytest.raises(verify_signature.SignatureDoesNotMatch):
verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_good_base64(self):
signature = 'aa=='
with pytest.raises(verify_signature.WrongSignatureSize):
verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_bad_padding(self):
signature = 'a_too_short_signature'
with pytest.raises(verify_signature.WrongSignatureSize):
verify_signature(self.data, signature, self.pubkey)
def test_known_good_signature(self):
assert verify_signature(self.data, self.signature, self.pubkey)
def test_raises_nice_error_for_wrong_signature(self):
# change the signature, but keep it a valid signature
signature = self.signature.replace('s', 'S')
with pytest.raises(verify_signature.SignatureDoesNotMatch):
verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_good_base64(self):
signature = 'aa=='
with pytest.raises(verify_signature.WrongSignatureSize):
verify_signature(self.data, signature, self.pubkey)
def test_raises_nice_error_for_too_short_signatures_bad_padding(self):
signature = 'a_too_short_signature'
with pytest.raises(verify_signature.WrongSignatureSize):
verify_signature(self.data, signature, self.pubkey)
def test_known_good_signature(self):
assert verify_signature(self.data, self.signature, self.pubkey)
