Initialize public key for online repo only when needed
This commit is contained in:
parent
d3455b5dcd
commit
261f237dc7
@ -15,11 +15,14 @@ from cryptography.hazmat.primitives.serialization import load_pem_public_key
|
|||||||
from .exceptions import AppNotFoundError, ImageNotFoundError
|
from .exceptions import AppNotFoundError, ImageNotFoundError
|
||||||
from .config import ONLINE_PUBKEY, ONLINE_REPO_URL, ONLINE_SIG_URL, TYPE_APP, TYPE_IMAGE
|
from .config import ONLINE_PUBKEY, ONLINE_REPO_URL, ONLINE_SIG_URL, TYPE_APP, TYPE_IMAGE
|
||||||
|
|
||||||
def get_pubkey():
|
public_key = None
|
||||||
pubkey = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----'
|
|
||||||
return load_pem_public_key(pubkey.encode(), default_backend())
|
|
||||||
|
|
||||||
PUBLIC_KEY = get_pubkey()
|
def get_public_key():
|
||||||
|
global public_key
|
||||||
|
if not public_key:
|
||||||
|
pem = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----'
|
||||||
|
public_key = load_pem_public_key(pem.encode(), default_backend())
|
||||||
|
return public_key
|
||||||
|
|
||||||
def verify_fileobj(fileobj, expected_hash):
|
def verify_fileobj(fileobj, expected_hash):
|
||||||
hasher = hashes.Hash(hashes.SHA512(), default_backend())
|
hasher = hashes.Hash(hashes.SHA512(), default_backend())
|
||||||
@ -28,7 +31,7 @@ def verify_fileobj(fileobj, expected_hash):
|
|||||||
if not data:
|
if not data:
|
||||||
break
|
break
|
||||||
hasher.update(data)
|
hasher.update(data)
|
||||||
PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512())))
|
get_public_key().verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512())))
|
||||||
|
|
||||||
def download_archive(archive_url, archive_path, expected_hash, observer=None):
|
def download_archive(archive_url, archive_path, expected_hash, observer=None):
|
||||||
# Check if an archive needs to be downloaded via http(s)
|
# Check if an archive needs to be downloaded via http(s)
|
||||||
@ -97,7 +100,7 @@ def load():
|
|||||||
resource = session.get(ONLINE_SIG_URL, timeout=5)
|
resource = session.get(ONLINE_SIG_URL, timeout=5)
|
||||||
resource.raise_for_status()
|
resource.raise_for_status()
|
||||||
packages_sig = resource.content
|
packages_sig = resource.content
|
||||||
PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
|
get_public_key().verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
|
||||||
data = json.loads(packages.decode())
|
data = json.loads(packages.decode())
|
||||||
mtime = time.time()
|
mtime = time.time()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user