Merge "Address verifier DeprecationWarning"
This commit is contained in:
commit
d7cea1f30f
|
@ -30,6 +30,7 @@ from oslo_utils import encodeutils
|
||||||
|
|
||||||
from cursive import exception
|
from cursive import exception
|
||||||
from cursive.i18n import _, _LE
|
from cursive.i18n import _, _LE
|
||||||
|
from cursive import verifiers
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -126,6 +127,10 @@ def create_verifier_for_pss(signature, hash_method, public_key):
|
||||||
are invalid
|
are invalid
|
||||||
:returns: the verifier to use to verify the signature for RSA-PSS
|
:returns: the verifier to use to verify the signature for RSA-PSS
|
||||||
"""
|
"""
|
||||||
|
# confirm none of the inputs are None
|
||||||
|
if not signature or not hash_method or not public_key:
|
||||||
|
return None
|
||||||
|
|
||||||
# default to MGF1
|
# default to MGF1
|
||||||
mgf = padding.MGF1(hash_method)
|
mgf = padding.MGF1(hash_method)
|
||||||
|
|
||||||
|
@ -133,10 +138,14 @@ def create_verifier_for_pss(signature, hash_method, public_key):
|
||||||
salt_length = padding.PSS.MAX_LENGTH
|
salt_length = padding.PSS.MAX_LENGTH
|
||||||
|
|
||||||
# return the verifier
|
# return the verifier
|
||||||
return public_key.verifier(
|
return verifiers.RSAVerifier(
|
||||||
signature,
|
signature,
|
||||||
padding.PSS(mgf=mgf, salt_length=salt_length),
|
hash_method,
|
||||||
hash_method
|
public_key,
|
||||||
|
padding.PSS(
|
||||||
|
mgf=mgf,
|
||||||
|
salt_length=salt_length
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -148,10 +157,15 @@ def create_verifier_for_ecc(signature, hash_method, public_key):
|
||||||
:param public_key: the public key to use, as a cryptography object
|
:param public_key: the public key to use, as a cryptography object
|
||||||
:returns: the verifier to use to verify the signature for ECC_*.
|
:returns: the verifier to use to verify the signature for ECC_*.
|
||||||
"""
|
"""
|
||||||
|
# confirm none of the inputs are None
|
||||||
|
if not signature or not hash_method or not public_key:
|
||||||
|
return None
|
||||||
|
|
||||||
# return the verifier
|
# return the verifier
|
||||||
return public_key.verifier(
|
return verifiers.ECCVerifier(
|
||||||
signature,
|
signature,
|
||||||
ec.ECDSA(hash_method)
|
hash_method,
|
||||||
|
public_key,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -163,10 +177,15 @@ def create_verifier_for_dsa(signature, hash_method, public_key):
|
||||||
:param public_key: the public key to use, as a cryptography object
|
:param public_key: the public key to use, as a cryptography object
|
||||||
:returns: the verifier to use to verify the signature for DSA
|
:returns: the verifier to use to verify the signature for DSA
|
||||||
"""
|
"""
|
||||||
|
# confirm none of the inputs are None
|
||||||
|
if not signature or not hash_method or not public_key:
|
||||||
|
return None
|
||||||
|
|
||||||
# return the verifier
|
# return the verifier
|
||||||
return public_key.verifier(
|
return verifiers.DSAVerifier(
|
||||||
signature,
|
signature,
|
||||||
hash_method
|
hash_method,
|
||||||
|
public_key,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -106,12 +106,6 @@ class FakeCryptoCertificate(object):
|
||||||
return self.cert_not_valid_after
|
return self.cert_not_valid_after
|
||||||
|
|
||||||
|
|
||||||
class BadPublicKey(object):
|
|
||||||
|
|
||||||
def verifier(self, signature, padding, hash_method):
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
class TestSignatureUtils(base.TestCase):
|
class TestSignatureUtils(base.TestCase):
|
||||||
"""Test methods of signature_utils"""
|
"""Test methods of signature_utils"""
|
||||||
|
|
||||||
|
@ -248,7 +242,7 @@ class TestSignatureUtils(base.TestCase):
|
||||||
|
|
||||||
@mock.patch('cursive.signature_utils.get_public_key')
|
@mock.patch('cursive.signature_utils.get_public_key')
|
||||||
def test_get_verifier_none(self, mock_get_pub_key):
|
def test_get_verifier_none(self, mock_get_pub_key):
|
||||||
mock_get_pub_key.return_value = BadPublicKey()
|
mock_get_pub_key.return_value = None
|
||||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||||
self.assertRaisesRegex(exception.SignatureVerificationError,
|
self.assertRaisesRegex(exception.SignatureVerificationError,
|
||||||
'Error occurred while creating'
|
'Error occurred while creating'
|
||||||
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
"""Wrap cryptography verify with verifier."""
|
||||||
|
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import ec
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import utils
|
||||||
|
from cryptography.hazmat.primitives import hashes
|
||||||
|
|
||||||
|
|
||||||
|
class RSAVerifier(object):
|
||||||
|
def __init__(self, signature, hash_method, public_key, padding):
|
||||||
|
self._signature = signature
|
||||||
|
self._hash_method = hash_method
|
||||||
|
self._public_key = public_key
|
||||||
|
self._padding = padding
|
||||||
|
self._hasher = hashes.Hash(hash_method, default_backend())
|
||||||
|
|
||||||
|
def update(self, data):
|
||||||
|
self._hasher.update(data)
|
||||||
|
|
||||||
|
def verify(self):
|
||||||
|
digest = self._hasher.finalize()
|
||||||
|
self._public_key.verify(
|
||||||
|
self._signature,
|
||||||
|
digest,
|
||||||
|
self._padding,
|
||||||
|
utils.Prehashed(self._hash_method)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class ECCVerifier(object):
|
||||||
|
def __init__(self, signature, hash_method, public_key):
|
||||||
|
self._signature = signature
|
||||||
|
self._hash_method = hash_method
|
||||||
|
self._public_key = public_key
|
||||||
|
self._hasher = hashes.Hash(hash_method, default_backend())
|
||||||
|
|
||||||
|
def update(self, data):
|
||||||
|
self._hasher.update(data)
|
||||||
|
|
||||||
|
def verify(self):
|
||||||
|
digest = self._hasher.finalize()
|
||||||
|
self._public_key.verify(
|
||||||
|
self._signature,
|
||||||
|
digest,
|
||||||
|
ec.ECDSA(utils.Prehashed(self._hash_method))
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class DSAVerifier(object):
|
||||||
|
def __init__(self, signature, hash_method, public_key):
|
||||||
|
self._signature = signature
|
||||||
|
self._hash_method = hash_method
|
||||||
|
self._public_key = public_key
|
||||||
|
self._hasher = hashes.Hash(hash_method, default_backend())
|
||||||
|
|
||||||
|
def update(self, data):
|
||||||
|
self._hasher.update(data)
|
||||||
|
|
||||||
|
def verify(self):
|
||||||
|
digest = self._hasher.finalize()
|
||||||
|
self._public_key.verify(
|
||||||
|
self._signature,
|
||||||
|
digest,
|
||||||
|
utils.Prehashed(self._hash_method)
|
||||||
|
)
|
Loading…
Reference in New Issue