Add should_create_verifier method

This change adds a should_create_verifier method to the signature_utils module, since the existing signature verification code in Glance requires this method. Change-Id: Ic4be5dd900425ba0eceafca97b549a499dc6606e
2016-08-02 20:59:09 -04:00 · 2016-08-02 20:59:09 -04:00 · d5e395cc35
parent 0aefe7a813
commit d5e395cc35
2 changed files with 57 additions and 0 deletions
--- a/cursive/signature_utils.py
+++ b/cursive/signature_utils.py
@ -70,6 +70,14 @@ MASK_GEN_ALGORITHMS = {
    'MGF1': padding.MGF1,
 }

+# Required image property names
+(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
+    'img_signature',
+    'img_signature_hash_method',
+    'img_signature_key_type',
+    'img_signature_certificate_uuid'
+)
+

 class SignatureKeyType(object):

@ -172,6 +180,22 @@ for curve in ECC_CURVES:
                                  create_verifier_for_ecc)


+def should_create_verifier(image_properties):
+    """Determine whether a verifier should be created.
+
+    Using the image properties, determine whether existing properties indicate
+    that signature verification should be done.
+
+    :param image_properties: the key-value properties about the image
+    :return: True, if signature metadata properties exist, False otherwise
+    """
+    return (image_properties is not None and
+            CERT_UUID in image_properties and
+            HASH_METHOD in image_properties and
+            SIGNATURE in image_properties and
+            KEY_TYPE in image_properties)
+
+
 def get_verifier(context, img_signature_certificate_uuid,
                 img_signature_hash_method, img_signature,
                 img_signature_key_type):
--- a/cursive/tests/unit/test_signature_utils.py
+++ b/cursive/tests/unit/test_signature_utils.py
@ -38,6 +38,14 @@ TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(),
 TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072,
                                                backend=default_backend())

+# Required image property names
+(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
+    signature_utils.SIGNATURE,
+    signature_utils.HASH_METHOD,
+    signature_utils.KEY_TYPE,
+    signature_utils.CERT_UUID
+)
+

 class FakeKeyManager(object):

@ -102,6 +110,31 @@ class BadPublicKey(object):
 class TestSignatureUtils(base.TestCase):
    """Test methods of signature_utils"""

+    def test_should_create_verifier(self):
+        image_props = {CERT_UUID: 'CERT_UUID',
+                       HASH_METHOD: 'HASH_METHOD',
+                       SIGNATURE: 'SIGNATURE',
+                       KEY_TYPE: 'SIG_KEY_TYPE'}
+        self.assertTrue(signature_utils.should_create_verifier(image_props))
+
+    def test_should_create_verifier_fail(self):
+        bad_image_properties = [{CERT_UUID: 'CERT_UUID',
+                                 HASH_METHOD: 'HASH_METHOD',
+                                 SIGNATURE: 'SIGNATURE'},
+                                {CERT_UUID: 'CERT_UUID',
+                                 HASH_METHOD: 'HASH_METHOD',
+                                 KEY_TYPE: 'SIG_KEY_TYPE'},
+                                {CERT_UUID: 'CERT_UUID',
+                                 SIGNATURE: 'SIGNATURE',
+                                 KEY_TYPE: 'SIG_KEY_TYPE'},
+                                {HASH_METHOD: 'HASH_METHOD',
+                                 SIGNATURE: 'SIGNATURE',
+                                 KEY_TYPE: 'SIG_KEY_TYPE'}]
+
+        for bad_props in bad_image_properties:
+            result = signature_utils.should_create_verifier(bad_props)
+            self.assertFalse(result)
+
    @mock.patch('cursive.signature_utils.get_public_key')
    def test_verify_signature_PSS(self, mock_get_pub_key):
        data = b'224626ae19824466f2a7f39ab7b80f7f'