Add should_create_verifier method
This change adds a should_create_verifier method to the signature_utils module, since the existing signature verification code in Glance requires this method. Change-Id: Ic4be5dd900425ba0eceafca97b549a499dc6606e
This commit is contained in:
parent
0aefe7a813
commit
d5e395cc35
|
@ -70,6 +70,14 @@ MASK_GEN_ALGORITHMS = {
|
|||
'MGF1': padding.MGF1,
|
||||
}
|
||||
|
||||
# Required image property names
|
||||
(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
|
||||
'img_signature',
|
||||
'img_signature_hash_method',
|
||||
'img_signature_key_type',
|
||||
'img_signature_certificate_uuid'
|
||||
)
|
||||
|
||||
|
||||
class SignatureKeyType(object):
|
||||
|
||||
|
@ -172,6 +180,22 @@ for curve in ECC_CURVES:
|
|||
create_verifier_for_ecc)
|
||||
|
||||
|
||||
def should_create_verifier(image_properties):
|
||||
"""Determine whether a verifier should be created.
|
||||
|
||||
Using the image properties, determine whether existing properties indicate
|
||||
that signature verification should be done.
|
||||
|
||||
:param image_properties: the key-value properties about the image
|
||||
:return: True, if signature metadata properties exist, False otherwise
|
||||
"""
|
||||
return (image_properties is not None and
|
||||
CERT_UUID in image_properties and
|
||||
HASH_METHOD in image_properties and
|
||||
SIGNATURE in image_properties and
|
||||
KEY_TYPE in image_properties)
|
||||
|
||||
|
||||
def get_verifier(context, img_signature_certificate_uuid,
|
||||
img_signature_hash_method, img_signature,
|
||||
img_signature_key_type):
|
||||
|
|
|
@ -38,6 +38,14 @@ TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(),
|
|||
TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072,
|
||||
backend=default_backend())
|
||||
|
||||
# Required image property names
|
||||
(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
|
||||
signature_utils.SIGNATURE,
|
||||
signature_utils.HASH_METHOD,
|
||||
signature_utils.KEY_TYPE,
|
||||
signature_utils.CERT_UUID
|
||||
)
|
||||
|
||||
|
||||
class FakeKeyManager(object):
|
||||
|
||||
|
@ -102,6 +110,31 @@ class BadPublicKey(object):
|
|||
class TestSignatureUtils(base.TestCase):
|
||||
"""Test methods of signature_utils"""
|
||||
|
||||
def test_should_create_verifier(self):
|
||||
image_props = {CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'}
|
||||
self.assertTrue(signature_utils.should_create_verifier(image_props))
|
||||
|
||||
def test_should_create_verifier_fail(self):
|
||||
bad_image_properties = [{CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE'},
|
||||
{CERT_UUID: 'CERT_UUID',
|
||||
HASH_METHOD: 'HASH_METHOD',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'},
|
||||
{CERT_UUID: 'CERT_UUID',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'},
|
||||
{HASH_METHOD: 'HASH_METHOD',
|
||||
SIGNATURE: 'SIGNATURE',
|
||||
KEY_TYPE: 'SIG_KEY_TYPE'}]
|
||||
|
||||
for bad_props in bad_image_properties:
|
||||
result = signature_utils.should_create_verifier(bad_props)
|
||||
self.assertFalse(result)
|
||||
|
||||
@mock.patch('cursive.signature_utils.get_public_key')
|
||||
def test_verify_signature_PSS(self, mock_get_pub_key):
|
||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
|
|
Loading…
Reference in New Issue