commit f95959591e3e5ac393ded9e31b020e2748599b41 Author: Damian Johnson <atagar@torproject.org> Date: Tue Mar 28 20:03:48 2017 +0200 Strip header and footer from parsed certificate Oops, forgot to drop the '-----BEGIN ED25519 CERT-----' wrapper. Caught thanks to our server descriptor unit tests. They still fail if you have pynacl because I don't have the crypto bits right yet, but progress! --- stem/descriptor/certificate.py | 2 +- stem/descriptor/server_descriptor.py | 7 ++++++- test/unit/descriptor/server_descriptor.py | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py index eafa51e..8888554 100644 --- a/stem/descriptor/certificate.py +++ b/stem/descriptor/certificate.py @@ -187,7 +187,7 @@ class Ed25519CertificateV1(Ed25519Certificate): return datetime.datetime.now() > self.expiration - def verify(self, server_descriptor): + def validate(self, server_descriptor): """ Validates our signing key and that the given descriptor content matches its Ed25519 signature. diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 2501b0e..35b1303 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -391,7 +391,12 @@ def _parse_exit_policy(descriptor, entries): def _parse_identity_ed25519_line(descriptor, entries): _parse_key_block('identity-ed25519', 'ed25519_certificate', 'ED25519 CERT')(descriptor, entries) - descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(descriptor.ed25519_certificate) + + if descriptor.ed25519_certificate: + cert_lines = descriptor.ed25519_certificate.split('\n') + + if cert_lines[0] == '-----BEGIN ED25519 CERT-----' and cert_lines[-1] == '-----END ED25519 CERT-----': + descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(''.join(cert_lines[1:-1])) _parse_master_key_ed25519_line = _parse_simple_line('master-key-ed25519', 'ed25519_master_key') diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py index b48f3a6..5a1d94f 100644 --- a/test/unit/descriptor/server_descriptor.py +++ b/test/unit/descriptor/server_descriptor.py @@ -16,6 +16,7 @@ import stem.version import stem.util.str_tools from stem.util import str_type +from stem.descriptor.certificate import CertType, ExtensionType from stem.descriptor.server_descriptor import RelayDescriptor, BridgeDescriptor from test.mocking import ( @@ -110,6 +111,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(9001, desc.or_port) self.assertEqual(None, desc.socks_port) self.assertEqual(None, desc.dir_port) + self.assertEqual(None, desc.certificate) self.assertEqual(None, desc.ed25519_certificate) self.assertEqual(None, desc.ed25519_master_key) self.assertEqual(None, desc.ed25519_signature) @@ -263,6 +265,21 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= '$EC116BCB80565A408CE67F8EC3FE3B0B02C3A065', ]) + self.assertEqual(1, desc.certificate.version) + self.assertEqual(CertType.SIGNING, desc.certificate.type) + self.assertEqual(datetime.datetime(2015, 8, 28, 19, 0, 0), desc.certificate.expiration) + self.assertEqual(1, desc.certificate.key_type) + self.assertTrue(desc.certificate.key.startswith('\xa5\xb6\x1a\x80D\x0f')) + self.assertTrue(desc.certificate.signature.startswith('\xc6\x8e\xd3\xae\x0b')) + self.assertEqual(1, len(desc.certificate.extensions)) + self.assertTrue('bWPo2fIzo3uOywfoM' in desc.certificate.encoded) + + extension = desc.certificate.extensions[0] + self.assertEqual(ExtensionType.HAS_SIGNING_KEY, extension.type) + self.assertEqual([], extension.flags) + self.assertEqual(0, extension.flag_int) + self.assertTrue(extension.data.startswith('g\xa6\xb5Q\xa6\xd2')) + self.assertEqual('destiny', desc.nickname) self.assertEqual('F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0', desc.fingerprint) self.assertEqual('94.242.246.23', desc.address)