def verify_inner_zip(self, zip_file): """ Extract contents of outer zip, verify the inner zip """ zip = ZipFile(zip_file, "r") nfiles = len(zip.namelist()) for fi, afile in enumerate(zip.namelist()): zip.extract(afile, path=self.working_dir) self.signature_file = os.path.join(self.working_dir, Command.signature_filename) self.inner_zip_file = os.path.join(self.working_dir, Command.inner_zip_filename) central_server = Device.get_central_server() lines = open(self.signature_file, "r").read().split("\n") chunk_size = int(lines.pop(0)) if not central_server: logging.warn( "No central server device object found; trusting zip file because you asked me to..." ) elif central_server.key and central_server.key.verify_large_file( self.inner_zip_file, signature=lines, chunk_size=chunk_size): logging.info("Verified file!") else: raise Exception("Failed to verify inner zip file.") return self.inner_zip_file
def verify_inner_zip(self, zip_file): """ Extract contents of outer zip, verify the inner zip """ zip = ZipFile(zip_file, "r") nfiles = len(zip.namelist()) for fi,afile in enumerate(zip.namelist()): zip.extract(afile, path=self.working_dir) self.signature_file = os.path.join(self.working_dir, Command.signature_filename) self.inner_zip_file = os.path.join(self.working_dir, Command.inner_zip_filename) central_server = Device.get_central_server() lines = open(self.signature_file, "r").read().split("\n") chunk_size = int(lines.pop(0)) if not central_server: logging.warn("No central server device object found; trusting zip file because you asked me to...") elif central_server.key.verify_large_file(self.inner_zip_file, signature=lines, chunk_size=chunk_size): logging.info("Verified file!") else: raise Exception("Failed to verify inner zip file.") return self.inner_zip_file
def create_json_file(include_data): central_server = Device.get_central_server() if not zone_id: models = [central_server] if central_server else [] else: # Get a chain of trust to the zone owner. # Because we're on the central server, this will # simply be the central server, but in the future # this would return an actual chain. logging.debug("Generating a zone invitation...") zone = Zone.objects.get(id=zone_id) chain = ChainOfTrust(zone=zone) assert chain.validate() new_invitation = ZoneInvitation.generate( zone=zone, invited_by=Device.get_own_device()) new_invitation.save( ) # keep a record of the invitation, for future revocation. Also, signs the thing # This ordering of objects is a bit be hokey, but OK--invitation usually must be # inserted before devicezones--but because it's not pointing to any devices, # it's OK to be at the end. # Note that the central server will always be at the front of the chain of trust, # so no need to explicitly include. models = chain.objects() + [new_invitation] # if include_data: logging.debug("Serializing entire dataset...") devices = Device.objects.by_zone(zone) devicezones = DeviceZone.objects.filter(zone=zone) models += list(devices) + list(devicezones) models += engine.get_models( zone=zone, limit=None) # get all models on this zone models_file = tempfile.mkstemp()[1] with open(models_file, "w") as fp: fp.write(engine.serialize(models)) return models_file
def create_json_file(include_data): central_server = Device.get_central_server() if not zone_id: models = [central_server] if central_server else [] else: # Get a chain of trust to the zone owner. # Because we're on the central server, this will # simply be the central server, but in the future # this would return an actual chain. logging.debug("Generating a zone invitation...") zone = Zone.objects.get(id=zone_id) chain = ChainOfTrust(zone=zone) assert chain.validate() new_invitation = ZoneInvitation.generate(zone=zone, invited_by=Device.get_own_device()) new_invitation.save() # keep a record of the invitation, for future revocation. Also, signs the thing # This ordering of objects is a bit be hokey, but OK--invitation usually must be # inserted before devicezones--but because it's not pointing to any devices, # it's OK to be at the end. # Note that the central server will always be at the front of the chain of trust, # so no need to explicitly include. models = chain.objects() + [new_invitation] # if include_data: logging.debug("Serializing entire dataset...") devices = Device.objects.by_zone(zone) devicezones = DeviceZone.objects.filter(zone=zone) models += list(devices) + list(devicezones) models += engine.get_models(zone=zone, limit=None) # get all models on this zone models_file = tempfile.mkstemp()[1] with open(models_file, "w") as fp: fp.write(engine.serialize(models)) return models_file