Browse Source

Add should_create_verifier method

This change adds a should_create_verifier method
to the signature_utils module, since the existing
signature verification code in Glance requires
this method.

Change-Id: Ic4be5dd900425ba0eceafca97b549a499dc6606e
Dane Fichter 2 years ago
parent
commit
d5e395cc35
2 changed files with 57 additions and 0 deletions
  1. 24
    0
      cursive/signature_utils.py
  2. 33
    0
      cursive/tests/unit/test_signature_utils.py

+ 24
- 0
cursive/signature_utils.py View File

@@ -70,6 +70,14 @@ MASK_GEN_ALGORITHMS = {
70 70
     'MGF1': padding.MGF1,
71 71
 }
72 72
 
73
+# Required image property names
74
+(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
75
+    'img_signature',
76
+    'img_signature_hash_method',
77
+    'img_signature_key_type',
78
+    'img_signature_certificate_uuid'
79
+)
80
+
73 81
 
74 82
 class SignatureKeyType(object):
75 83
 
@@ -172,6 +180,22 @@ for curve in ECC_CURVES:
172 180
                                   create_verifier_for_ecc)
173 181
 
174 182
 
183
+def should_create_verifier(image_properties):
184
+    """Determine whether a verifier should be created.
185
+
186
+    Using the image properties, determine whether existing properties indicate
187
+    that signature verification should be done.
188
+
189
+    :param image_properties: the key-value properties about the image
190
+    :return: True, if signature metadata properties exist, False otherwise
191
+    """
192
+    return (image_properties is not None and
193
+            CERT_UUID in image_properties and
194
+            HASH_METHOD in image_properties and
195
+            SIGNATURE in image_properties and
196
+            KEY_TYPE in image_properties)
197
+
198
+
175 199
 def get_verifier(context, img_signature_certificate_uuid,
176 200
                  img_signature_hash_method, img_signature,
177 201
                  img_signature_key_type):

+ 33
- 0
cursive/tests/unit/test_signature_utils.py View File

@@ -38,6 +38,14 @@ TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(),
38 38
 TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072,
39 39
                                                 backend=default_backend())
40 40
 
41
+# Required image property names
42
+(SIGNATURE, HASH_METHOD, KEY_TYPE, CERT_UUID) = (
43
+    signature_utils.SIGNATURE,
44
+    signature_utils.HASH_METHOD,
45
+    signature_utils.KEY_TYPE,
46
+    signature_utils.CERT_UUID
47
+)
48
+
41 49
 
42 50
 class FakeKeyManager(object):
43 51
 
@@ -102,6 +110,31 @@ class BadPublicKey(object):
102 110
 class TestSignatureUtils(base.TestCase):
103 111
     """Test methods of signature_utils"""
104 112
 
113
+    def test_should_create_verifier(self):
114
+        image_props = {CERT_UUID: 'CERT_UUID',
115
+                       HASH_METHOD: 'HASH_METHOD',
116
+                       SIGNATURE: 'SIGNATURE',
117
+                       KEY_TYPE: 'SIG_KEY_TYPE'}
118
+        self.assertTrue(signature_utils.should_create_verifier(image_props))
119
+
120
+    def test_should_create_verifier_fail(self):
121
+        bad_image_properties = [{CERT_UUID: 'CERT_UUID',
122
+                                 HASH_METHOD: 'HASH_METHOD',
123
+                                 SIGNATURE: 'SIGNATURE'},
124
+                                {CERT_UUID: 'CERT_UUID',
125
+                                 HASH_METHOD: 'HASH_METHOD',
126
+                                 KEY_TYPE: 'SIG_KEY_TYPE'},
127
+                                {CERT_UUID: 'CERT_UUID',
128
+                                 SIGNATURE: 'SIGNATURE',
129
+                                 KEY_TYPE: 'SIG_KEY_TYPE'},
130
+                                {HASH_METHOD: 'HASH_METHOD',
131
+                                 SIGNATURE: 'SIGNATURE',
132
+                                 KEY_TYPE: 'SIG_KEY_TYPE'}]
133
+
134
+        for bad_props in bad_image_properties:
135
+            result = signature_utils.should_create_verifier(bad_props)
136
+            self.assertFalse(result)
137
+
105 138
     @mock.patch('cursive.signature_utils.get_public_key')
106 139
     def test_verify_signature_PSS(self, mock_get_pub_key):
107 140
         data = b'224626ae19824466f2a7f39ab7b80f7f'

Loading…
Cancel
Save