From: David E. Eisenstat <deisenst@cs.princeton.edu>
Date: Wed, 1 Nov 2006 21:56:29 +0000 (+0000)
Subject: Added a very simple gnupg interface.
X-Git-Tag: planetlab-4_0-rc1~66
X-Git-Url: http://git.onelab.eu/?p=nodemanager.git;a=commitdiff_plain;h=2cdb68a20824f5aa0245916f42decec37bc71bef

Added a very simple gnupg interface.
---

diff --git a/ticket.py b/ticket.py
index 3389027..2e87eb1 100644
--- a/ticket.py
+++ b/ticket.py
@@ -1,55 +1,40 @@
-import SocketServer
-import os
-import subprocess
-
-from config import KEY_FILE, TICKET_SERVER_PORT
-import tools
-
-
-class TicketServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
-    allow_reuse_address = True
-
-
-class TicketRequestHandler(SocketServer.StreamRequestHandler):
-    def handle(self):
-        data = self.rfile.read()
-        filename = tools.write_temp_file(lambda thefile:
-                                         thefile.write(TEMPLATE % data))
-        result = subprocess.Popen([XMLSEC1, '--sign',
-                                   '--privkey-pem', KEY_FILE, filename],
-                                  stdout=subprocess.PIPE).stdout
-        self.wfile.write(result.read())
-        result.close()
-#         os.unlink(filename)
-
-
-def start():
-    tools.as_daemon_thread(TicketServer(('', TICKET_SERVER_PORT),
-                                        TicketRequestHandler).serve_forever)
-
-
-XMLSEC1 = '/usr/bin/xmlsec1'
-
-TEMPLATE = '''<?xml version="1.0" encoding="UTF-8"?>
-<Envelope xmlns="urn:envelope">
-  <Data>%s</Data>
-  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-    <SignedInfo>
-      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
-      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
-      <Reference URI="">
-        <Transforms>
-          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
-        </Transforms>
-        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
-        <DigestValue></DigestValue>
-      </Reference>
-    </SignedInfo>
-    <SignatureValue/>
-    <KeyInfo>
-	<KeyName/>
-    </KeyInfo>
-  </Signature>
-</Envelope>
-'''
-
+"""An extremely simple interface to the signing/verifying capabilities
+of gnupg.
+
+You must already have the key in the keyring.
+"""
+
+from subprocess import PIPE, Popen
+from xmlrpclib import dumps, loads
+
+GPG = '/usr/bin/gpg'
+
+
+def sign(data):
+    """Return <data> signed with the default GPG key."""
+    msg = dumps((data,))
+    p = _popen_gpg('--armor', '--sign')
+    p.stdin.write(msg)
+    p.stdin.close()
+    signed_msg = p.stdout.read()
+    p.stdout.close()
+    p.stderr.close()
+    p.wait()
+    return signed_msg
+
+def verify(signed_msg):
+    """If <signed_msg> is a valid signed document, return its contents.  Otherwise, return None."""
+    p = _popen_gpg('--decrypt')
+    p.stdin.write(signed_msg)
+    p.stdin.close()
+    msg = p.stdout.read()
+    p.stdout.close()
+    p.stderr.close()
+    if p.wait(): return None  # verification failed
+    else:
+        data, = loads(msg)[0]
+        return data
+
+def _popen_gpg(*args):
+    """Return a Popen object to GPG."""
+    return Popen((GPG, '--batch', '--no-tty') + args, stdin=PIPE, stdout=PIPE, stderr=PIPE)