diff --git a/util/config/validator.py b/util/config/validator.py index 9724a8cf2..a492be3d6 100644 --- a/util/config/validator.py +++ b/util/config/validator.py @@ -1,6 +1,5 @@ import logging -from StringIO import StringIO from hashlib import sha1 import peewee @@ -16,7 +15,6 @@ from oauth.services.github import GithubOAuthService from oauth.services.google import GoogleOAuthService from oauth.services.gitlab import GitLabOAuthService from util.registry.torrent import torrent_jwt -from util.security.signing import SIGNING_ENGINES from util.security.ssl import load_certificate, CertInvalidException, KeyInvalidException from util.config.validators.validate_database import DatabaseValidator @@ -27,6 +25,7 @@ from util.config.validators.validate_ldap import LDAPValidator from util.config.validators.validate_keystone import KeystoneValidator from util.config.validators.validate_jwt import JWTAuthValidator from util.config.validators.validate_secscan import SecurityScannerValidator +from util.config.validators.validate_signer import SignerValidator logger = logging.getLogger(__name__) @@ -234,18 +233,6 @@ def _validate_ssl(config, user_obj, _): raise ConfigValidationException('SSL private key failed to validate: %s' % kie.message) -def _validate_signer(config, user_obj, _): - """ Validates the GPG public+private key pair used for signing converted ACIs. """ - if config.get('SIGNING_ENGINE') is None: - return - - if config['SIGNING_ENGINE'] not in SIGNING_ENGINES: - raise ConfigValidationException('Unknown signing engine: %s' % config['SIGNING_ENGINE']) - - engine = SIGNING_ENGINES[config['SIGNING_ENGINE']](config, config_provider) - engine.detached_sign(StringIO('test string')) - - def _validate_bittorrent(config, user_obj, _): """ Validates the configuration for using BitTorrent for downloads. """ announce_url = config.get('BITTORRENT_ANNOUNCE_URL') @@ -301,7 +288,7 @@ VALIDATORS = { LDAPValidator.name: LDAPValidator.validate, JWTAuthValidator.name: JWTAuthValidator.validate, KeystoneValidator.name: KeystoneValidator.validate, - 'signer': _validate_signer, + SignerValidator.name: SignerValidator.validate, SecurityScannerValidator.name: SecurityScannerValidator.validate, 'bittorrent': _validate_bittorrent, } diff --git a/util/config/validators/test/test_validate_signer.py b/util/config/validators/test/test_validate_signer.py new file mode 100644 index 000000000..e7501723f --- /dev/null +++ b/util/config/validators/test/test_validate_signer.py @@ -0,0 +1,17 @@ +import pytest + +from util.config.validators import ConfigValidationException +from util.config.validators.validate_signer import SignerValidator + +@pytest.mark.parametrize('unvalidated_config,expected', [ + ({}, None), + ({'SIGNING_ENGINE': 'foobar'}, ConfigValidationException), + ({'SIGNING_ENGINE': 'gpg2'}, Exception), +]) +def test_validate_signer(unvalidated_config,expected): + validator = SignerValidator() + if expected is not None: + with pytest.raises(expected): + validator.validate(unvalidated_config, None, None) + else: + validator.validate(unvalidated_config, None, None) diff --git a/util/config/validators/validate_signer.py b/util/config/validators/validate_signer.py new file mode 100644 index 000000000..b44cb3c3d --- /dev/null +++ b/util/config/validators/validate_signer.py @@ -0,0 +1,20 @@ +from StringIO import StringIO + +from app import config_provider +from util.config.validators import BaseValidator, ConfigValidationException +from util.security.signing import SIGNING_ENGINES + +class SignerValidator(BaseValidator): + name = "signer" + + @classmethod + def validate(cls, config, user, user_password): + """ Validates the GPG public+private key pair used for signing converted ACIs. """ + if config.get('SIGNING_ENGINE') is None: + return + + if config['SIGNING_ENGINE'] not in SIGNING_ENGINES: + raise ConfigValidationException('Unknown signing engine: %s' % config['SIGNING_ENGINE']) + + engine = SIGNING_ENGINES[config['SIGNING_ENGINE']](config, config_provider) + engine.detached_sign(StringIO('test string'))