[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [stem/master] Strip header and footer from parsed certificate



commit f95959591e3e5ac393ded9e31b020e2748599b41
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Tue Mar 28 20:03:48 2017 +0200

    Strip header and footer from parsed certificate
    
    Oops, forgot to drop the '-----BEGIN ED25519 CERT-----' wrapper. Caught thanks
    to our server descriptor unit tests. They still fail if you have pynacl because
    I don't have the crypto bits right yet, but progress!
---
 stem/descriptor/certificate.py            |  2 +-
 stem/descriptor/server_descriptor.py      |  7 ++++++-
 test/unit/descriptor/server_descriptor.py | 17 +++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index eafa51e..8888554 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -187,7 +187,7 @@ class Ed25519CertificateV1(Ed25519Certificate):
 
     return datetime.datetime.now() > self.expiration
 
-  def verify(self, server_descriptor):
+  def validate(self, server_descriptor):
     """
     Validates our signing key and that the given descriptor content matches its
     Ed25519 signature.
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 2501b0e..35b1303 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -391,7 +391,12 @@ def _parse_exit_policy(descriptor, entries):
 
 def _parse_identity_ed25519_line(descriptor, entries):
   _parse_key_block('identity-ed25519', 'ed25519_certificate', 'ED25519 CERT')(descriptor, entries)
-  descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(descriptor.ed25519_certificate)
+
+  if descriptor.ed25519_certificate:
+    cert_lines = descriptor.ed25519_certificate.split('\n')
+
+    if cert_lines[0] == '-----BEGIN ED25519 CERT-----' and cert_lines[-1] == '-----END ED25519 CERT-----':
+      descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(''.join(cert_lines[1:-1]))
 
 
 _parse_master_key_ed25519_line = _parse_simple_line('master-key-ed25519', 'ed25519_master_key')
diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py
index b48f3a6..5a1d94f 100644
--- a/test/unit/descriptor/server_descriptor.py
+++ b/test/unit/descriptor/server_descriptor.py
@@ -16,6 +16,7 @@ import stem.version
 import stem.util.str_tools
 
 from stem.util import str_type
+from stem.descriptor.certificate import CertType, ExtensionType
 from stem.descriptor.server_descriptor import RelayDescriptor, BridgeDescriptor
 
 from test.mocking import (
@@ -110,6 +111,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4=
     self.assertEqual(9001, desc.or_port)
     self.assertEqual(None, desc.socks_port)
     self.assertEqual(None, desc.dir_port)
+    self.assertEqual(None, desc.certificate)
     self.assertEqual(None, desc.ed25519_certificate)
     self.assertEqual(None, desc.ed25519_master_key)
     self.assertEqual(None, desc.ed25519_signature)
@@ -263,6 +265,21 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4=
       '$EC116BCB80565A408CE67F8EC3FE3B0B02C3A065',
     ])
 
+    self.assertEqual(1, desc.certificate.version)
+    self.assertEqual(CertType.SIGNING, desc.certificate.type)
+    self.assertEqual(datetime.datetime(2015, 8, 28, 19, 0, 0), desc.certificate.expiration)
+    self.assertEqual(1, desc.certificate.key_type)
+    self.assertTrue(desc.certificate.key.startswith('\xa5\xb6\x1a\x80D\x0f'))
+    self.assertTrue(desc.certificate.signature.startswith('\xc6\x8e\xd3\xae\x0b'))
+    self.assertEqual(1, len(desc.certificate.extensions))
+    self.assertTrue('bWPo2fIzo3uOywfoM' in desc.certificate.encoded)
+
+    extension = desc.certificate.extensions[0]
+    self.assertEqual(ExtensionType.HAS_SIGNING_KEY, extension.type)
+    self.assertEqual([], extension.flags)
+    self.assertEqual(0, extension.flag_int)
+    self.assertTrue(extension.data.startswith('g\xa6\xb5Q\xa6\xd2'))
+
     self.assertEqual('destiny', desc.nickname)
     self.assertEqual('F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0', desc.fingerprint)
     self.assertEqual('94.242.246.23', desc.address)



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits