File: image_signer.py

package info (click to toggle)
python-openstacksdk 4.4.0-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 13,352 kB
  • sloc: python: 122,960; sh: 153; makefile: 23
file content (71 lines) | stat: -rw-r--r-- 2,620 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
#   Licensed under the Apache License, Version 2.0 (the "License"); you may
#   not use this file except in compliance with the License. You may obtain
#   a copy of the License at
#
#        http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#   License for the specific language governing permissions and limitations
#   under the License.

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import utils
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization

from openstack import exceptions
from openstack.image.iterable_chunked_file import IterableChunkedFile

HASH_METHODS = {
    'SHA-224': hashes.SHA224(),
    'SHA-256': hashes.SHA256(),
    'SHA-384': hashes.SHA384(),
    'SHA-512': hashes.SHA512(),
}


class ImageSigner:
    """Image file signature generator.

    Generates signatures for files using a specified private key file.
    """

    def __init__(self, hash_method='SHA-256', padding_method='RSA-PSS'):
        padding_types = {
            'RSA-PSS': padding.PSS(
                mgf=padding.MGF1(HASH_METHODS[hash_method]),
                salt_length=padding.PSS.MAX_LENGTH,
            )
        }
        # informational attributes
        self.hash_method = hash_method
        self.padding_method = padding_method
        # runtime objects
        self.private_key = None
        self.hash = HASH_METHODS[hash_method]
        self.hasher = hashes.Hash(self.hash, default_backend())
        self.padding = padding_types[padding_method]

    def load_private_key(self, file_path, password=None):
        with open(file_path, 'rb') as key_file:
            self.private_key = serialization.load_pem_private_key(
                key_file.read(), password=password, backend=default_backend()
            )

    def generate_signature(self, file_obj):
        if not self.private_key:
            raise exceptions.SDKException("private_key not set")

        file_obj.seek(0)
        chunked_file = IterableChunkedFile(file_obj)
        for chunk in chunked_file:
            self.hasher.update(chunk)
        file_obj.seek(0)
        digest = self.hasher.finalize()
        signature = self.private_key.sign(
            digest, self.padding, utils.Prehashed(self.hash)
        )
        return signature