X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=ticket.py;h=c6dc4f734481defcf6abddf0669fc0df3305c718;hb=ccc7b9c4b76a89faad66867b00d16ac45333b6de;hp=33890272d75e6b867e6132f3d1fad98c45fd4444;hpb=aac3e5d7c3443d6e1cb33525aefad35be5fe077a;p=nodemanager.git
diff --git a/ticket.py b/ticket.py
index 3389027..c6dc4f7 100644
--- a/ticket.py
+++ b/ticket.py
@@ -1,55 +1,41 @@
-import SocketServer
-import os
-import subprocess
-
-from config import KEY_FILE, TICKET_SERVER_PORT
-import tools
-
-
-class TicketServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
- allow_reuse_address = True
-
-
-class TicketRequestHandler(SocketServer.StreamRequestHandler):
- def handle(self):
- data = self.rfile.read()
- filename = tools.write_temp_file(lambda thefile:
- thefile.write(TEMPLATE % data))
- result = subprocess.Popen([XMLSEC1, '--sign',
- '--privkey-pem', KEY_FILE, filename],
- stdout=subprocess.PIPE).stdout
- self.wfile.write(result.read())
- result.close()
-# os.unlink(filename)
-
-
-def start():
- tools.as_daemon_thread(TicketServer(('', TICKET_SERVER_PORT),
- TicketRequestHandler).serve_forever)
-
-
-XMLSEC1 = '/usr/bin/xmlsec1'
-
-TEMPLATE = '''
-
- %s
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-'''
-
+"""An extremely simple interface to the signing/verifying capabilities
+of gnupg.
+
+You must already have the key in the keyring.
+"""
+
+from subprocess import PIPE, Popen
+from xmlrpclib import dumps, loads
+
+GPG = '/usr/bin/gpg'
+
+def _popen_gpg(*args):
+ """Return a Popen object to GPG."""
+ return Popen((GPG, '--batch', '--no-tty') + args,
+ stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
+
+def sign(data):
+ """Return signed with the default GPG key."""
+ msg = dumps((data,), methodresponse = True)
+ p = _popen_gpg('--armor', '--sign', '--keyring', '/etc/planetlab/secring.gpg', '--no-default-keyring')
+ p.stdin.write(msg)
+ p.stdin.close()
+ signed_msg = p.stdout.read()
+ p.stdout.close()
+ p.stderr.close()
+ p.wait()
+ return signed_msg
+
+def verify(signed_msg):
+ """If is a valid signed document, return its contents. Otherwise, return None."""
+ p = _popen_gpg('--decrypt', '--keyring', '/usr/boot/pubring.gpg', '--no-default-keyring')
+ p.stdin.write(signed_msg)
+ p.stdin.close()
+ msg = p.stdout.read()
+ p.stdout.close()
+ p.stderr.close()
+ if p.wait():
+ return None # verification failed
+ else:
+ data, = loads(msg)[0]
+ return data