Commit 55732eaf authored by Lucas Carvalho's avatar Lucas Carvalho

signature_certificate_file_list may have url and/or paths.

Well, before this change the signature_certificate_file_list worked
only with filesystem paths.
 - i.e ['/home/user/public.pem']

Now it is possible to define urls as well.
 - i.e ['http://example.com/public.pem']

The url content will be downloaded to a temporary file before the
verification and automatically removed after.

The filesystem paths has higher priority than url, it is checked first.
If it does not find any valid certificate, then it will try
to download the certificates from the url provided.
parent 5e0fcfd6
...@@ -66,7 +66,16 @@ class NetworkcacheClient(object): ...@@ -66,7 +66,16 @@ class NetworkcacheClient(object):
setattr(self, 'shadir_%s' % k, v) setattr(self, 'shadir_%s' % k, v)
self.signature_private_key_file = signature_private_key_file self.signature_private_key_file = signature_private_key_file
self.signature_certificate_file_list = signature_certificate_file_list
self.signature_certificate_file_list = []
self.signature_certificate_url_list = []
if signature_certificate_file_list is not None:
# Split the path and urls
for value in signature_certificate_file_list:
if os.path.exists(value):
self.signature_certificate_file_list.append(value)
elif value.startswith('http'):
self.signature_certificate_url_list.append(value)
def upload(self, file_descriptor, directory_key=None, **kw): def upload(self, file_descriptor, directory_key=None, **kw):
''' Upload the file to the server. ''' Upload the file to the server.
...@@ -199,21 +208,43 @@ class NetworkcacheClient(object): ...@@ -199,21 +208,43 @@ class NetworkcacheClient(object):
def _verifySignatureInCertificateList(self, signature_string): def _verifySignatureInCertificateList(self, signature_string):
""" """
Returns true if it can find any valid certificate. Returns true if it can find any valid certificate or false if it does not
""" find any.
if self.signature_certificate_file_list in _MARKER:
return 0
It must check the local certificate files first before checking the files
which are available under HTTP.
"""
for certificate_path in self.signature_certificate_file_list: for certificate_path in self.signature_certificate_file_list:
if self._verifySignatureCertificate(signature_string, certificate_path):
return True
for certificate_url in self.signature_certificate_url_list:
file_descriptor = self._fetchCertificateFileFromUrl(certificate_url)
try:
file_name = file_descriptor.name
if self._verifySignatureCertificate(signature_string, file_name):
return True
finally:
file_descriptor.close()
return False
def _verifySignatureCertificate(self, signature_string, certificate_path):
""" verify if the signature is valid for a given certificate. """
PubKey = M2Crypto.X509.load_cert(certificate_path) PubKey = M2Crypto.X509.load_cert(certificate_path)
VerifyEVP = M2Crypto.EVP.PKey() VerifyEVP = M2Crypto.EVP.PKey()
VerifyEVP.assign_rsa(PubKey.get_pubkey().get_rsa()) VerifyEVP.assign_rsa(PubKey.get_pubkey().get_rsa())
VerifyEVP.verify_init() VerifyEVP.verify_init()
VerifyEVP.verify_update('') VerifyEVP.verify_update('')
if VerifyEVP.verify_final(signature_string.decode('base64')): return VerifyEVP.verify_final(signature_string.decode('base64'))
return True
def _fetchCertificateFileFromUrl(self, certification_file_url):
""" Download the certification files from the url. """
file_descriptor = tempfile.NamedTemporaryFile()
path, headers = urllib.urlretrieve(certification_file_url, file_descriptor.name)
file_descriptor.seek(0)
return file_descriptor
return False
class DirectoryNotFound(Exception): class DirectoryNotFound(Exception):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment