Initialize public key for online repo only when needed
This commit is contained in:
parent
d3455b5dcd
commit
261f237dc7
@ -15,11 +15,14 @@ from cryptography.hazmat.primitives.serialization import load_pem_public_key
|
||||
from .exceptions import AppNotFoundError, ImageNotFoundError
|
||||
from .config import ONLINE_PUBKEY, ONLINE_REPO_URL, ONLINE_SIG_URL, TYPE_APP, TYPE_IMAGE
|
||||
|
||||
def get_pubkey():
|
||||
pubkey = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----'
|
||||
return load_pem_public_key(pubkey.encode(), default_backend())
|
||||
public_key = None
|
||||
|
||||
PUBLIC_KEY = get_pubkey()
|
||||
def get_public_key():
|
||||
global public_key
|
||||
if not public_key:
|
||||
pem = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----'
|
||||
public_key = load_pem_public_key(pem.encode(), default_backend())
|
||||
return public_key
|
||||
|
||||
def verify_fileobj(fileobj, expected_hash):
|
||||
hasher = hashes.Hash(hashes.SHA512(), default_backend())
|
||||
@ -28,7 +31,7 @@ def verify_fileobj(fileobj, expected_hash):
|
||||
if not data:
|
||||
break
|
||||
hasher.update(data)
|
||||
PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512())))
|
||||
get_public_key().verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512())))
|
||||
|
||||
def download_archive(archive_url, archive_path, expected_hash, observer=None):
|
||||
# Check if an archive needs to be downloaded via http(s)
|
||||
@ -97,7 +100,7 @@ def load():
|
||||
resource = session.get(ONLINE_SIG_URL, timeout=5)
|
||||
resource.raise_for_status()
|
||||
packages_sig = resource.content
|
||||
PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
|
||||
get_public_key().verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
|
||||
data = json.loads(packages.decode())
|
||||
mtime = time.time()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user