Pull out signing validation into validator class

util/config/validators/test/test_validate_signer.py

@@ -0,0 +1,17 @@
+import pytest
+
+from util.config.validators import ConfigValidationException
+from util.config.validators.validate_signer import SignerValidator
+
+@pytest.mark.parametrize('unvalidated_config,expected', [
+  ({}, None),
+  ({'SIGNING_ENGINE': 'foobar'}, ConfigValidationException),
+  ({'SIGNING_ENGINE': 'gpg2'}, Exception),
+])
+def test_validate_signer(unvalidated_config,expected):
+  validator = SignerValidator()
+  if expected is not None:
+    with pytest.raises(expected):
+      validator.validate(unvalidated_config, None, None)
+  else:
+    validator.validate(unvalidated_config, None, None)

util/config/validators/validate_signer.py

@@ -0,0 +1,20 @@
+from StringIO import StringIO
+
+from app import config_provider
+from util.config.validators import BaseValidator, ConfigValidationException
+from util.security.signing import SIGNING_ENGINES
+
+class SignerValidator(BaseValidator):
+  name = "signer"
+
+  @classmethod
+  def validate(cls, config, user, user_password):
+    """ Validates the GPG public+private key pair used for signing converted ACIs. """
+    if config.get('SIGNING_ENGINE') is None:
+      return
+
+    if config['SIGNING_ENGINE'] not in SIGNING_ENGINES:
+      raise ConfigValidationException('Unknown signing engine: %s' % config['SIGNING_ENGINE'])
+
+    engine = SIGNING_ENGINES[config['SIGNING_ENGINE']](config, config_provider)
+    engine.detached_sign(StringIO('test string'))