def test_valid_verbose(self, mock_msg_callback):
verification_data = dict()
verification_data['algorithm'] = 'sha1'
assert IcetrustCanaryUtils.get_algorithm(
verification_data, msg_callback=mock_msg_callback) == 'sha1'
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[0] == "Using algorithm: sha1"
def test_valid_default_verbose(self, mock_msg_callback):
verification_data = dict()
assert IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=mock_msg_callback)\
== DEFAULT_HASH_ALGORITHM
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[0] == "Using algorithm: sha256"
def test_valid(self):
verification_data = dict()
verification_data['algorithm'] = 'sha1'
assert IcetrustCanaryUtils.get_algorithm(verification_data) == 'sha1'
def test_valid_default(self):
verification_data = dict()
assert IcetrustCanaryUtils.get_algorithm(
verification_data) == DEFAULT_HASH_ALGORITHM
def canary(verbose, configfile, output_json, save_file):
"""Does a canary check against a project using information in CONFIGFILE"""
# Setup objects to be used
cmd_output = []
msg_callback = IcetrustUtils.process_verbose_flag(verbose)
# Validate the config file
config_data = IcetrustCanaryUtils.validate_config_file(configfile, msg_callback=msg_callback)
if config_data is None:
_process_result(False)
# Select the right mode
verification_mode =\
IcetrustCanaryUtils.get_verification_mode(config_data, msg_callback=msg_callback)
if verification_mode is None:
click.echo('Unknown verification mode in the config file!')
_process_result(False)
print('Using verification mode: ' + verification_mode.name)
# Extract verification data
verification_data = IcetrustCanaryUtils.extract_verification_data(config_data, verification_mode,
msg_callback=msg_callback)
# Check verification_data for warnings
if verbose:
IcetrustCanaryUtils.check_verification_data(config_data, verification_mode, verification_data,
msg_callback=msg_callback)
# Create temporary directory
temp_dir_obj = tempfile.TemporaryDirectory()
temp_dir = os.path.join(temp_dir_obj.name, '')
# Download all of the files required
IcetrustCanaryUtils.download_all_files(verification_mode, temp_dir, config_data['filename_url'],
verification_data, msg_callback=msg_callback)
# Import keys for those operations that need it
if verification_mode in [VerificationModes.PGP, VerificationModes.PGPCHECKSUMFILE]:
# Initialize PGP
gpg = IcetrustUtils.pgp_init(gpg_home_dir=temp_dir_obj.name)
# Import keys if needed
import_output = []
import_result = IcetrustCanaryUtils.import_key_material(gpg, temp_dir, verification_data,
cmd_output=import_output,
msg_callback=msg_callback)
if import_result is False:
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, import_result,
import_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(import_result)
# Main operation code
verification_result = False
if verification_mode == VerificationModes.COMPARE_FILES:
verification_result = IcetrustUtils.compare_files(os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_FILE2),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUM:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksum_value=verification_data['checksum_value'],
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUMFILE:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGP:
verification_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGPCHECKSUMFILE:
# Verify the signature of the checksum file first
signature_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_CHECKSUM),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
# Then verify the checksums themselves
if signature_result:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
else:
click.echo("ERROR: Verification mode not supported!")
sys.exit(-1)
# Compare previous version if needed
comparison_result = None
if 'previous_version' in config_data:
previous_file_path = os.path.join(os.getcwd(), config_data['previous_version'])
if os.path.exists(previous_file_path):
click.echo('\nComparing with previous version...')
comparison_result = IcetrustUtils.compare_files(config_data['previous_version'],
os.path.join(temp_dir, FILENAME_FILE1),
msg_callback=msg_callback)
if comparison_result:
click.echo('File matches previous version')
else:
click.echo('ERROR: File doesn\'t match previous version!')
# Saves the file if needed
if save_file is not None:
click.echo('\nSaving file...')
shutil.copy(os.path.join(temp_dir, FILENAME_FILE1), save_file)
# Generate JSON file if needed
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode,
verification_result, comparison_result,
cmd_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(verification_result)