Commit Graph

9 Commits

Author SHA1 Message Date
Tobias Urdin ad4437300d Stop using removed verifier and signer methods
These methods is removed in [1] so we move to our
wrappers for verifiers introduced in [2] and then
updateo ur testing to not use signer as well.

[1] https://github.com/pyca/cryptography/pull/6639
[2] https://review.opendev.org/c/x/cursive/+/547146

Closes-Bug: #1750633
Change-Id: I07b2d9c41c5c659692e5bfd6570b66fd646faa2b
2022-11-17 09:14:28 +00:00
Luigi Toscano 450f696589 zuul: move jobs in-tree and related updates
Move the job definitions in-tree, updating them when needed.
This lead to several changes:

- update tox.ini and setup.cfg to align it to the newest standards
  (including newer python classifiers);
- no more python 2.x jobs;
- bump hacking requirements to make the pep8 job work with the newest
  python releases;
- ignore a few spurious flake8 warnings;
- switch to stestr as test runner;
- update cryptography dependency.

The old barbican simple-crypto job name is still available as an alias
for a while, but it is time to switch away from it, so directly
use the new job.

Depends-On: https://review.opendev.org/771443
Change-Id: Iba7b4106c49e4b492c97097648c7b8f599a2ca4b
2021-01-19 15:25:08 +01:00
Brianna Poulos edd60e3a17 Address verifier DeprecationWarning
The use of signer and verifier in cryptography has been
deprecated, and causes the following warning:

cursive/cursive/signature_utils.py:139: DeprecationWarning: signer
and verifier have been deprecated. Please use sign and verify
instead.

This patch adds a wrapper around the use of verifier, so
that sign and verify are used with cryptography, but the
client use of the library doesn't have to change.

Change-Id: Ib4aaa4fc9eb893b74f08bc8ff732a4dae152f685
2018-02-28 22:14:49 +00:00
Abhishek Kekane 74ca49cab6 Uncaught ManagedObjectNotFoundError exception leads to 500 error
ManagedObjectNotFoundError which is raised from a several places of
castellan library
(for example castellan/key_manager/barbican_key_manager.py) is not
caught in signature_utils.py.

Caught ManagedObjectNotFoundError and raised SignatureVerificationError
to avoid 500 error response.

Change-Id: Ia8310f8cc9604d11cc4a25617b55a1b61436cd71
Closes-Bug: #1736679
2017-12-07 04:25:36 +00:00
Peter Hamilton ad879a1fbc Add certificate validation
This change adds support for certificate validation, including
certificate inspection utilities. Validating a certificate
requires the certificate UUID of the certificate to validate,
a set of UUIDs corresponding to the set of trusted certificates
needed to validate the certificate, and a user context for
authentication to the key manager. A new certificate verification
context is included that is used to store the set of trusted
certificates once they are loaded from the key manager. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the set of trusted certificates.

All new certificate utility code is added in a new module named
certificate_utils.

For more information on this work, see the spec:
https://review.openstack.org/#/c/488541/

SecurityImpact
DocImpact

Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
Implements: blueprint nova-validate-certificates
2017-10-03 15:57:27 -04:00
dane-fichter fac14bcac3 Make REGISTERED_TYPES public
This change makes the _REGISTERED_TYPES member
of the signature_utils object public so that it
can be referenced by Nova.

Change-Id: Ia1615dcd4ca20702693b6c5ebddc472fe29f224c
2017-03-21 09:16:16 -07:00
Dane Fichter d5e395cc35 Add should_create_verifier method
This change adds a should_create_verifier method
to the signature_utils module, since the existing
signature verification code in Glance requires
this method.

Change-Id: Ic4be5dd900425ba0eceafca97b549a499dc6606e
2016-08-02 20:59:09 -04:00
dane-fichter b2aba64263 Add signature_utils module
This change ports Nova's signature_utils module
into the cursive library.

Change-Id: Ic54dc204e41b3758bc2e8e1571d697931b371889
Partial-Bug: #1528349
2016-06-28 08:55:11 -07:00
dane-fichter 0da0dd357d Initial cookiecutter commit
This commit establishes the test and
development environment for the cursive
repository.

Change-Id: I440c4c55172cddd194efafe5d8f8d18728d7f8c0
2016-06-27 18:28:04 -07:00