self.valid = False
self.expired = False
self.invalid = False
- self.fingerprint = None
- self.primary_fingerprint = None
- self.signature_id = None
+ self.fingerprints = []
+ self.primary_fingerprints = []
+ self.signature_ids = []
self._verify(data, require_signature)
+ @property
+ def fingerprint(self):
+ assert len(self.fingerprints) == 1
+ return self.fingerprints[0]
+
+ @property
+ def primary_fingerprint(self):
+ assert len(self.primary_fingerprints) == 1
+ return self.primary_fingerprints[0]
+
+ @property
+ def signature_id(self):
+ assert len(self.signature_ids) == 1
+ return self.signature_ids[0]
+
def _verify(self, data, require_signature):
with _Pipe() as stdin:
with _Pipe() as contents:
if require_signature and not self.valid:
raise GpgException("No valid signature found. (GPG exited with status code %s)\n%s" % (exit_code, self.stderr))
+ assert len(self.fingerprints) == len(self.primary_fingerprints)
+ assert len(self.fingerprints) == len(self.signature_ids)
+
def _do_io(self, read, write):
for fd in write.keys():
old = fcntl.fcntl(fd, fcntl.F_GETFL)
return dict( (fd, "".join(read_lines[fd])) for fd in read_lines.keys() )
- def _parse_date(self, value):
- """parse date string in YYYY-MM-DD format
+ def _parse_timestamp(self, timestamp, datestring=None):
+ """parse timestamp in GnuPG's format
@rtype: L{datetime.datetime}
- @returns: datetime objects for 0:00 on the given day
+ @returns: datetime object for the given timestamp
"""
- year, month, day = value.split('-')
- date = datetime.date(int(year), int(month), int(day))
- time = datetime.time(0, 0)
- return datetime.datetime.combine(date, time)
+ # The old implementation did only return the date. As we already
+ # used this for replay production, return the legacy value for
+ # old signatures.
+ if datestring is not None:
+ year, month, day = datestring.split('-')
+ date = datetime.date(int(year), int(month), int(day))
+ time = datetime.time(0, 0)
+ if date < datetime.date(2014, 8, 4):
+ return datetime.datetime.combine(date, time)
+
+ if 'T' in timestamp:
+ raise Exception('No support for ISO 8601 timestamps.')
+ return datetime.datetime.utcfromtimestamp(long(timestamp))
def _parse_status(self, line):
fields = line.split()
# <expire-timestamp> <sig-version> <reserved> <pubkey-algo>
# <hash-algo> <sig-class> <primary-key-fpr>
if fields[1] == "VALIDSIG":
- if self.fingerprint is not None:
- raise GpgException("More than one signature is not (yet) supported.")
+ # GnuPG accepted MD5 as a hash algorithm until gnupg 1.4.20,
+ # which Debian 8 does not yet include. We want to make sure
+ # to not accept uploads covered by a MD5-based signature.
+ if fields[9] == "1":
+ raise GpgException("Digest algorithm MD5 is not trusted.")
self.valid = True
- self.fingerprint = fields[2]
- self.primary_fingerprint = fields[11]
- self.signature_timestamp = self._parse_date(fields[3])
+ self.fingerprints.append(fields[2])
+ self.primary_fingerprints.append(fields[11])
+ self.signature_timestamp = self._parse_timestamp(fields[4], fields[3])
elif fields[1] == "BADARMOR":
raise GpgException("Bad armor.")
raise GpgException("Other error: %s %s" % (fields[2], fields[3]))
elif fields[1] == "SIG_ID":
- if self.signature_id is not None:
- raise GpgException("More than one signature id.")
- self.signature_id = fields[2]
+ self.signature_ids.append(fields[2])
- elif fields[1] in ('PLAINTEXT', 'GOODSIG'):
+ elif fields[1] in ('PLAINTEXT', 'GOODSIG', 'NOTATION_NAME', 'NOTATION_DATA', 'SIGEXPIRED', 'KEYEXPIRED', 'POLICY_URL'):
pass
elif fields[1] in ('EXPSIG', 'EXPKEYSIG'):
self.expired = True
self.invalid = True
- elif fields[1] in ('REVKEYSIG', 'BADSIG', 'ERRSIG'):
+ elif fields[1] in ('REVKEYSIG', 'BADSIG', 'ERRSIG', 'KEYREVOKED', 'NO_PUBKEY'):
self.invalid = True
else:
"--no-default-keyring",
"--batch",
"--no-tty",
- "--trust-model", "always"]
+ "--trust-model", "always",
+ "--fixed-list-mode"]
for k in self.keyrings:
args.append("--keyring=%s" % k)
args.extend(["--decrypt", "-"])
projects / dak.git / blobdiff