aif-ng/aif/utils/gpg_handler.py

import copy
import io
import os
import shutil
import tempfile
##
import gpg
import gpg.errors


class GPG(object):
    def __init__(self, homedir = None, primary_key = None):
        self.homedir = homedir
        self.primary_key = primary_key
        self.temporary = None
        self.gpg = None
        self._imported_keys = []

    def _initContext(self):
        if not self.homedir:
            self.homedir = tempfile.mkdtemp(suffix = '.gpg', prefix = '.aif.')
        self.homedir = os.path.abspath(os.path.expanduser(self.homedir))
        self.temporary = False
        if not os.path.isdir(self.homedir):
            self.temporary = True
            os.makedirs(self.homedir, exist_ok = True)
            os.chmod(self.homedir, 0o0700)
        self.gpg = gpg.Context(home_dir = self.homedir)
        if self.temporary:
            self.primary_key = self.createKey('AIF-NG File Verification Key', sign = True, force = True)
        else:
            self.primary_key = self.getKey(self.primary_key, secret = True)
        return()

    def clean(self):
        # This is mostly just to cleanup the stuff we did before.
        self.primary_key = self.primary_key.fpr
        if self.temporary:
            self.primary_key = None
            shutil.rmtree(self.homedir)
        self.gpg = None
        return()

    def createKey(self, userid, *args, **kwargs):
        # algorithm=None, expires_in=0, expires=True, sign=False, encrypt=False, certify=False,
        # authenticate=False, passphrase=None, force=False
        keyinfo = {'userid': userid,
                   'algorithm': kwargs.get('algorithm', 'rsa4096'),
                   'expires_in': kwargs.get('expires_in'),
                   'sign': kwargs.get('sign', True),
                   'encrypt': kwargs.get('encrypt', False),
                   'certify': kwargs.get('certify', False),
                   'authenticate': kwargs.get('authenticate', False),
                   'passphrase': kwargs.get('passphrase'),
                   'force': kwargs.get('force')}
        if not keyinfo['expires_in']:
            del(keyinfo['expires_in'])
            keyinfo['expires'] = False
        k = self.gpg.create_key(**keyinfo)
        return(k.fpr)

    def findKey(self, searchstr, secret = False, local = True, remote = True,
                secret_only = False, keyring_import = False):
        fltr = 0
        if secret:
            fltr = fltr | gpg.constants.KEYLIST_MODE_WITH_SECRET
        if local:
            fltr = fltr | gpg.constants.KEYLIST_MODE_LOCAL
        if remote:
            fltr = fltr | gpg.constants.KEYLIST_MODE_EXTERN
        keys = [k for k in self.gpg.keylist(pattern = searchstr, secret = secret_only, mode = fltr)]
        if keyring_import:
            self.importKeys(keys, native = True)
        return(keys)

    def getKey(self, key_id, secret = False, strict = False):
        try:
            getattr(key_id, 'fpr')
            return(key_id)
        except AttributeError:
            if not strict:
                self.findKey(key_id, keyring_import = True)
            try:
                key = self.gpg.get_key(key_id, secret = secret)
            except gpg.errors.KeyNotFound:
                key = None
            return(key)
        return()

    def getKeyFile(self, keyfile, keyring_import = False):
        keyfile = os.path.abspath(os.path.expanduser(keyfile))
        with open(keyfile, 'rb') as fh:
            rawkey_data = fh.read()
            fh.seek(0, 0)
            keys = [k for k in self.gpg.keylist(source = fh)]
        if keyring_import:
            self.importKeys(keys, native = True)
        return((keys, rawkey_data))

    def getKeyStr(self, keydata, keyring_import = False):
        orig_keydata = keydata
        if isinstance(keydata, str):
            keydata = keydata.encode('utf-8')
        buf = io.BytesIO(keydata)
        keys = [k for k in self.gpg.keylist(source = buf)]
        buf.close()
        if keyring_import:
            self.importKeys(keys, native = True)
        return((keys, orig_keydata))

    def importKeys(self, keydata, native = False):
        if not native:
            self.gpg.key_import(keydata)
        else:
            if not isinstance(keydata, list):
                keydata = [keydata]
            self.gpg.op_import_keys(keydata)
        return()

    def verifyData(self, data, keys = None, strict = False, detached = None, *args, **kwargs):
        results = {}
        if keys:
            if not isinstance(keys, list):
                keys = [self.getKey(keys)]
            else:
                keys = [self.getKey(k) for k in keys]
        if isinstance(data, str):
            data = data.encode('utf-8')
        args = {'signed_data': data}
        if detached:
            if isinstance(detached, str):
                detached = detached.encode('utf-8')
            args['signature'] = detached
        if strict:
            if keys:
                if not isinstance(keys, list):
                    keys = [keys]
                args['verify'] = keys
            results[None] = self.gpg.verify(**args)
        else:
            if keys:
                for k in keys:
                    _args = copy.deepcopy(args)
                    _args['verify'] = [k]
                    results[k.fpr] = self.gpg.verify(**_args)
            else:
                results[None] = self.gpg.verify(**args)
        return(results)

    def verifyFile(self, filepath, *args, **kwargs):
        filepath = os.path.abspath(os.path.expanduser(filepath))
        with open(filepath, 'rb') as fh:
            results = self.verifyData(fh.read(), **kwargs)
        return(results)
XML validation is a LOT cleaner now 2019-12-11 04:32:07 -05:00			`import copy`
			`import io`
			`import os`
			`import shutil`
			`import tempfile`
			`##`
			`import gpg`
			`import gpg.errors`


			`class GPG(object):`
			`def __init__(self, homedir = None, primary_key = None):`
			`self.homedir = homedir`
			`self.primary_key = primary_key`
			`self.temporary = None`
			`self.gpg = None`
			`self._imported_keys = []`

			`def _initContext(self):`
			`if not self.homedir:`
			`self.homedir = tempfile.mkdtemp(suffix = '.gpg', prefix = '.aif.')`
			`self.homedir = os.path.abspath(os.path.expanduser(self.homedir))`
			`self.temporary = False`
			`if not os.path.isdir(self.homedir):`
			`self.temporary = True`
			`os.makedirs(self.homedir, exist_ok = True)`
			`os.chmod(self.homedir, 0o0700)`
			`self.gpg = gpg.Context(home_dir = self.homedir)`
			`if self.temporary:`
			`self.primary_key = self.createKey('AIF-NG File Verification Key', sign = True, force = True)`
			`else:`
			`self.primary_key = self.getKey(self.primary_key, secret = True)`
			`return()`

			`def clean(self):`
			`# This is mostly just to cleanup the stuff we did before.`
			`self.primary_key = self.primary_key.fpr`
			`if self.temporary:`
			`self.primary_key = None`
			`shutil.rmtree(self.homedir)`
			`self.gpg = None`
			`return()`

			`def createKey(self, userid, args, *kwargs):`
			`# algorithm=None, expires_in=0, expires=True, sign=False, encrypt=False, certify=False,`
			`# authenticate=False, passphrase=None, force=False`
			`keyinfo = {'userid': userid,`
			`'algorithm': kwargs.get('algorithm', 'rsa4096'),`
			`'expires_in': kwargs.get('expires_in'),`
			`'sign': kwargs.get('sign', True),`
			`'encrypt': kwargs.get('encrypt', False),`
			`'certify': kwargs.get('certify', False),`
			`'authenticate': kwargs.get('authenticate', False),`
			`'passphrase': kwargs.get('passphrase'),`
			`'force': kwargs.get('force')}`
			`if not keyinfo['expires_in']:`
			`del(keyinfo['expires_in'])`
			`keyinfo['expires'] = False`
			`k = self.gpg.create_key(**keyinfo)`
			`return(k.fpr)`

			`def findKey(self, searchstr, secret = False, local = True, remote = True,`
			`secret_only = False, keyring_import = False):`
			`fltr = 0`
			`if secret:`
			`fltr = fltr \| gpg.constants.KEYLIST_MODE_WITH_SECRET`
			`if local:`
			`fltr = fltr \| gpg.constants.KEYLIST_MODE_LOCAL`
			`if remote:`
			`fltr = fltr \| gpg.constants.KEYLIST_MODE_EXTERN`
			`keys = [k for k in self.gpg.keylist(pattern = searchstr, secret = secret_only, mode = fltr)]`
			`if keyring_import:`
			`self.importKeys(keys, native = True)`
			`return(keys)`

			`def getKey(self, key_id, secret = False, strict = False):`
			`try:`
			`getattr(key_id, 'fpr')`
			`return(key_id)`
			`except AttributeError:`
			`if not strict:`
			`self.findKey(key_id, keyring_import = True)`
			`try:`
			`key = self.gpg.get_key(key_id, secret = secret)`
			`except gpg.errors.KeyNotFound:`
			`key = None`
			`return(key)`
			`return()`

			`def getKeyFile(self, keyfile, keyring_import = False):`
			`keyfile = os.path.abspath(os.path.expanduser(keyfile))`
			`with open(keyfile, 'rb') as fh:`
			`rawkey_data = fh.read()`
			`fh.seek(0, 0)`
			`keys = [k for k in self.gpg.keylist(source = fh)]`
			`if keyring_import:`
			`self.importKeys(keys, native = True)`
			`return((keys, rawkey_data))`

			`def getKeyStr(self, keydata, keyring_import = False):`
			`orig_keydata = keydata`
			`if isinstance(keydata, str):`
			`keydata = keydata.encode('utf-8')`
			`buf = io.BytesIO(keydata)`
			`keys = [k for k in self.gpg.keylist(source = buf)]`
			`buf.close()`
			`if keyring_import:`
			`self.importKeys(keys, native = True)`
			`return((keys, orig_keydata))`

			`def importKeys(self, keydata, native = False):`
			`if not native:`
			`self.gpg.key_import(keydata)`
			`else:`
			`if not isinstance(keydata, list):`
			`keydata = [keydata]`
			`self.gpg.op_import_keys(keydata)`
			`return()`

			`def verifyData(self, data, keys = None, strict = False, detached = None, args, *kwargs):`
			`results = {}`
			`if keys:`
			`if not isinstance(keys, list):`
			`keys = [self.getKey(keys)]`
			`else:`
			`keys = [self.getKey(k) for k in keys]`
			`if isinstance(data, str):`
			`data = data.encode('utf-8')`
			`args = {'signed_data': data}`
			`if detached:`
			`if isinstance(detached, str):`
			`detached = detached.encode('utf-8')`
			`args['signature'] = detached`
			`if strict:`
			`if keys:`
			`if not isinstance(keys, list):`
			`keys = [keys]`
			`args['verify'] = keys`
			`results[None] = self.gpg.verify(**args)`
			`else:`
			`if keys:`
			`for k in keys:`
			`_args = copy.deepcopy(args)`
			`_args['verify'] = [k]`
			`results[k.fpr] = self.gpg.verify(**_args)`
			`else:`
			`results[None] = self.gpg.verify(**args)`
			`return(results)`

			`def verifyFile(self, filepath, args, *kwargs):`
			`filepath = os.path.abspath(os.path.expanduser(filepath))`
			`with open(filepath, 'rb') as fh:`
			`results = self.verifyData(fh.read(), **kwargs)`
			`return(results)`