Emit a warning when using unsafe public key url
When encrypting secrets we use a public key retrieved from zuul. If we get this key from an unencrypted url a man in the middle attack could replace this encryption key. To make the user aware of this we should emit a warning when using untrusted key sources. Change-Id: I7f26e93d863be710a558e15fa1d086b223f465bf
This commit is contained in:
parent
d07c3d2749
commit
0f3f605974
|
@ -26,9 +26,11 @@ import textwrap
|
||||||
try:
|
try:
|
||||||
from urllib.request import Request
|
from urllib.request import Request
|
||||||
from urllib.request import urlopen
|
from urllib.request import urlopen
|
||||||
|
from urllib.parse import urlparse
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from urllib2 import Request
|
from urllib2 import Request
|
||||||
from urllib2 import urlopen
|
from urllib2 import urlopen
|
||||||
|
from urlparse import urlparse
|
||||||
|
|
||||||
DESCRIPTION = """Encrypt a secret for Zuul.
|
DESCRIPTION = """Encrypt a secret for Zuul.
|
||||||
|
|
||||||
|
@ -43,7 +45,6 @@ def main():
|
||||||
parser.add_argument('url',
|
parser.add_argument('url',
|
||||||
help="The base URL of the zuul server and tenant. "
|
help="The base URL of the zuul server and tenant. "
|
||||||
"E.g., https://zuul.example.com/tenant-name")
|
"E.g., https://zuul.example.com/tenant-name")
|
||||||
# TODO(jeblair): Throw a fit if SSL is not used.
|
|
||||||
parser.add_argument('project',
|
parser.add_argument('project',
|
||||||
help="The name of the project.")
|
help="The name of the project.")
|
||||||
parser.add_argument('--strip', action='store_true', default=False,
|
parser.add_argument('--strip', action='store_true', default=False,
|
||||||
|
@ -60,6 +61,15 @@ def main():
|
||||||
"to standard output.")
|
"to standard output.")
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
# We should not use unencrypted connections for retrieving the public key.
|
||||||
|
# Otherwise our secret can be compromised. The schemes file and https are
|
||||||
|
# considered safe.
|
||||||
|
url = urlparse(args.url)
|
||||||
|
if url.scheme not in ('file', 'https'):
|
||||||
|
sys.stderr.write("WARNING: Retrieving encryption key via an "
|
||||||
|
"unencrypted connection. Your secret may get "
|
||||||
|
"compromised.\n")
|
||||||
|
|
||||||
req = Request("%s/%s.pub" % (args.url.rstrip('/'), args.project))
|
req = Request("%s/%s.pub" % (args.url.rstrip('/'), args.project))
|
||||||
pubkey = urlopen(req)
|
pubkey = urlopen(req)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue