author | Edward Pilatowicz <edward.pilatowicz@oracle.com> |
Mon, 11 Jul 2011 13:49:50 -0700 | |
changeset 2690 | 11a8cae074e0 |
parent 2511 | 9ce778d8c86a |
child 3177 | 173c3b46334b |
permissions | -rw-r--r-- |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
1 |
#!/usr/bin/python2.6 |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
2 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
3 |
# CDDL HEADER START |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
4 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
5 |
# The contents of this file are subject to the terms of the |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
6 |
# Common Development and Distribution License (the "License"). |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
7 |
# You may not use this file except in compliance with the License. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
8 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
9 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
10 |
# or http://www.opensolaris.org/os/licensing. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
11 |
# See the License for the specific language governing permissions |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
12 |
# and limitations under the License. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
13 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
14 |
# When distributing Covered Code, include this CDDL HEADER in each |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
15 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
16 |
# If applicable, add the following below this CDDL HEADER, with the |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
17 |
# fields enclosed by brackets "[]" replaced with your own identifying |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
18 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
19 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
20 |
# CDDL HEADER END |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
21 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
22 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
23 |
# |
2286
938fbb350ad2
16867 pkgsign should handle existing signatures better
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2026
diff
changeset
|
24 |
# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
25 |
# |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
26 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
27 |
import pkg.client.api_errors as apx |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
28 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
29 |
class Policy(object): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
30 |
"""Abstract base Policy class. It defines the interface all subclasses |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
31 |
must provide. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
32 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
33 |
Each subclass must also define its "strictness". |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
34 |
Strictness is a positive integer and is relative to the other |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
35 |
subclasses in existence. More than one subclass may have the same |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
36 |
strictness level. In the abscence of other information, when combining |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
37 |
two policies, the result is the stricter policy.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
38 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
39 |
_policies = {} |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
40 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
41 |
def __init__(self, *args, **kwargs): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
42 |
# This method exists to provide a consistent __init__ method |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
43 |
# for the factory below. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
44 |
object.__init__(self) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
45 |
|
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
46 |
def process_signatures(self, sigs, acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
47 |
use_crls): |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
48 |
"""Check that the signatures ("sigs") verify against the actions |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
49 |
("acts") using the publisher ("pub") as the repository for |
2286
938fbb350ad2
16867 pkgsign should handle existing signatures better
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2026
diff
changeset
|
50 |
certificates and "trust_anchors" as the dictionary of trust |
938fbb350ad2
16867 pkgsign should handle existing signatures better
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2026
diff
changeset
|
51 |
anchors. |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
52 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
53 |
Not implemented in the base class.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
54 |
raise NotImplementedError() |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
55 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
56 |
def __cmp__(self, other): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
57 |
return cmp(self.strictness, other.strictness) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
58 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
59 |
def combine(self, other): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
60 |
"""If the other signature policy is more strict than this |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
61 |
policy, use the other policy. Otherwise, use this policy.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
62 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
63 |
if self > other: |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
64 |
return self |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
65 |
return other |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
66 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
67 |
def __str__(self): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
68 |
return self.name |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
69 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
70 |
@staticmethod |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
71 |
def policies(): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
72 |
"""Return the names of the signature policies available.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
73 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
74 |
return set(Policy._policies.keys()) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
75 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
76 |
@staticmethod |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
77 |
def policy_factory(name, *args, **kwargs): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
78 |
"""Given the name of a policy, return a new policy object of |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
79 |
that type.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
80 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
81 |
assert name in Policy._policies |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
82 |
return Policy._policies[name](*args, **kwargs) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
83 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
84 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
85 |
class Ignore(Policy): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
86 |
"""This policy ignores all signatures except to attempt to retrieve |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
87 |
any certificates that might be needed if the policy changes.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
88 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
89 |
strictness = 1 |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
90 |
name = "ignore" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
91 |
|
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
92 |
def process_signatures(self, sigs, acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
93 |
use_crls): |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
94 |
"""Since this policy ignores signatures, only download the |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
95 |
certificates that might be needed so that they're present if |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
96 |
the policy changes later.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
97 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
98 |
for s in sigs: |
2286
938fbb350ad2
16867 pkgsign should handle existing signatures better
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2026
diff
changeset
|
99 |
s.retrieve_chain_certs(pub) |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
100 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
101 |
Policy._policies[Ignore.name] = Ignore |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
102 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
103 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
104 |
class Verify(Policy): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
105 |
"""This policy verifies that all signatures present are valid but |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
106 |
doesn't require that a signature be present.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
107 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
108 |
strictness = 2 |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
109 |
name = "verify" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
110 |
|
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
111 |
def process_signatures(self, sigs, acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
112 |
use_crls): |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
113 |
"""Check that all signatures present are valid signatures.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
114 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
115 |
# Ensure that acts can be iterated over repeatedly. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
116 |
acts = list(acts) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
117 |
for s in sigs: |
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
118 |
s.verify_sig(acts, pub, trust_anchors, use_crls) |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
119 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
120 |
Policy._policies[Verify.name] = Verify |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
121 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
122 |
class RequireSigs(Policy): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
123 |
"""This policy that all signatures present are valid and insists that |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
124 |
at least one signature is seen with each package.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
125 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
126 |
strictness = 3 |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
127 |
name = "require-signatures" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
128 |
|
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
129 |
def process_signatures(self, sigs, acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
130 |
use_crls): |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
131 |
"""Check that all signatures present are valid signatures and |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
132 |
at least one signature action which has been signed with a |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
133 |
private key is present.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
134 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
135 |
# Ensure that acts can be iterated over repeatedly. |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
136 |
acts = list(acts) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
137 |
verified = False |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
138 |
for s in sigs: |
2286
938fbb350ad2
16867 pkgsign should handle existing signatures better
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2026
diff
changeset
|
139 |
verified |= \ |
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
140 |
bool(s.verify_sig(acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
141 |
use_crls)) and \ |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
142 |
s.is_signed() |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
143 |
if not verified: |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
144 |
raise apx.RequiredSignaturePolicyException(pub) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
145 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
146 |
Policy._policies[RequireSigs.name] = RequireSigs |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
147 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
148 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
149 |
class RequireNames(Policy): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
150 |
"""This policy that all signatures present are valid and insists that |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
151 |
at least one signature is seen with each package. In addition, it has |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
152 |
a set of names that must seen as CN's in the chain of trust.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
153 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
154 |
strictness = 4 |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
155 |
name = "require-names" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
156 |
def __init__(self, req_names, *args, **kwargs): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
157 |
assert req_names, "RequireNames requires at least one name " \ |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
158 |
"to be passed to the constructor." |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
159 |
Policy.__init__(self, *args, **kwargs) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
160 |
if isinstance(req_names, basestring): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
161 |
req_names = [req_names] |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
162 |
self.required_names = frozenset(req_names) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
163 |
|
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
164 |
def process_signatures(self, sigs, acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
165 |
use_crls): |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
166 |
acts = list(acts) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
167 |
missing_names = set(self.required_names) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
168 |
verified = False |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
169 |
for s in sigs: |
2458
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
170 |
verified |= bool(s.verify_sig(acts, pub, trust_anchors, |
7c1227ad555e
18466 pkg needs an option to skip crl verification
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2286
diff
changeset
|
171 |
use_crls, missing_names)) and \ |
2026
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
172 |
s.is_signed() |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
173 |
if missing_names: |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
174 |
raise apx.MissingRequiredNamesException(pub, |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
175 |
missing_names) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
176 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
177 |
def combine(self, other): |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
178 |
"""Determines how RequireNames policies combine with another |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
179 |
policy. If the other policy is also a RequireNames policy, |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
180 |
the result is a policy which requires the union of both policies |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
181 |
required names.""" |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
182 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
183 |
if self > other: |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
184 |
return self |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
185 |
if other > self: |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
186 |
return other |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
187 |
return RequireNames(self.required_names | other.required_names) |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
188 |
|
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
189 |
Policy._policies[RequireNames.name] = RequireNames |
d1b30615bc99
9196 pkg(5) should have support for cryptographic manifest signatures
Brock Pytlik <bpytlik@sun.com>
parents:
diff
changeset
|
190 |
|
2511
9ce778d8c86a
16865 change default policy for images to be verify instead of ignore
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2458
diff
changeset
|
191 |
DEFAULT_POLICY = "verify" |
9ce778d8c86a
16865 change default policy for images to be verify instead of ignore
Brock Pytlik <brock.pytlik@oracle.com>
parents:
2458
diff
changeset
|
192 |