[tor-commits] [stem/master] Strip header and footer from parsed certificate
atagar at torproject.org
atagar at torproject.org
Thu Mar 30 04:18:03 UTC 2017
commit f95959591e3e5ac393ded9e31b020e2748599b41
Author: Damian Johnson <atagar at torproject.org>
Date: Tue Mar 28 20:03:48 2017 +0200
Strip header and footer from parsed certificate
Oops, forgot to drop the '-----BEGIN ED25519 CERT-----' wrapper. Caught thanks
to our server descriptor unit tests. They still fail if you have pynacl because
I don't have the crypto bits right yet, but progress!
---
stem/descriptor/certificate.py | 2 +-
stem/descriptor/server_descriptor.py | 7 ++++++-
test/unit/descriptor/server_descriptor.py | 17 +++++++++++++++++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index eafa51e..8888554 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -187,7 +187,7 @@ class Ed25519CertificateV1(Ed25519Certificate):
return datetime.datetime.now() > self.expiration
- def verify(self, server_descriptor):
+ def validate(self, server_descriptor):
"""
Validates our signing key and that the given descriptor content matches its
Ed25519 signature.
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 2501b0e..35b1303 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -391,7 +391,12 @@ def _parse_exit_policy(descriptor, entries):
def _parse_identity_ed25519_line(descriptor, entries):
_parse_key_block('identity-ed25519', 'ed25519_certificate', 'ED25519 CERT')(descriptor, entries)
- descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(descriptor.ed25519_certificate)
+
+ if descriptor.ed25519_certificate:
+ cert_lines = descriptor.ed25519_certificate.split('\n')
+
+ if cert_lines[0] == '-----BEGIN ED25519 CERT-----' and cert_lines[-1] == '-----END ED25519 CERT-----':
+ descriptor.certificate = stem.descriptor.certificate.Ed25519Certificate.parse(''.join(cert_lines[1:-1]))
_parse_master_key_ed25519_line = _parse_simple_line('master-key-ed25519', 'ed25519_master_key')
diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py
index b48f3a6..5a1d94f 100644
--- a/test/unit/descriptor/server_descriptor.py
+++ b/test/unit/descriptor/server_descriptor.py
@@ -16,6 +16,7 @@ import stem.version
import stem.util.str_tools
from stem.util import str_type
+from stem.descriptor.certificate import CertType, ExtensionType
from stem.descriptor.server_descriptor import RelayDescriptor, BridgeDescriptor
from test.mocking import (
@@ -110,6 +111,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4=
self.assertEqual(9001, desc.or_port)
self.assertEqual(None, desc.socks_port)
self.assertEqual(None, desc.dir_port)
+ self.assertEqual(None, desc.certificate)
self.assertEqual(None, desc.ed25519_certificate)
self.assertEqual(None, desc.ed25519_master_key)
self.assertEqual(None, desc.ed25519_signature)
@@ -263,6 +265,21 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4=
'$EC116BCB80565A408CE67F8EC3FE3B0B02C3A065',
])
+ self.assertEqual(1, desc.certificate.version)
+ self.assertEqual(CertType.SIGNING, desc.certificate.type)
+ self.assertEqual(datetime.datetime(2015, 8, 28, 19, 0, 0), desc.certificate.expiration)
+ self.assertEqual(1, desc.certificate.key_type)
+ self.assertTrue(desc.certificate.key.startswith('\xa5\xb6\x1a\x80D\x0f'))
+ self.assertTrue(desc.certificate.signature.startswith('\xc6\x8e\xd3\xae\x0b'))
+ self.assertEqual(1, len(desc.certificate.extensions))
+ self.assertTrue('bWPo2fIzo3uOywfoM' in desc.certificate.encoded)
+
+ extension = desc.certificate.extensions[0]
+ self.assertEqual(ExtensionType.HAS_SIGNING_KEY, extension.type)
+ self.assertEqual([], extension.flags)
+ self.assertEqual(0, extension.flag_int)
+ self.assertTrue(extension.data.startswith('g\xa6\xb5Q\xa6\xd2'))
+
self.assertEqual('destiny', desc.nickname)
self.assertEqual('F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0', desc.fingerprint)
self.assertEqual('94.242.246.23', desc.address)
More information about the tor-commits
mailing list