Add detached signature support to the django_gpg API

2011-12-06 01:50:38 -04:00
parent 11edaaf4e7
commit 755d140132
1 changed files with 17 additions and 5 deletions
--- a/apps/django_gpg/api.py
+++ b/apps/django_gpg/api.py
@@ -2,6 +2,8 @@ import types
 from StringIO import StringIO
 from pickle import dumps
 import logging
+import tempfile
+import os

 from django.core.files.base import File
 from django.utils.translation import ugettext_lazy as _
@@ -164,7 +166,7 @@ class GPG(object):

        self.gpg = gnupg.GPG(**kwargs)

-    def verify_w_retry(self, file_input):
+    def verify_w_retry(self, file_input, detached_signature=None):
        if isinstance(file_input, types.StringTypes):
            input_descriptor = open(file_input, 'rb')
        elif isinstance(file_input, types.FileType) or isinstance(file_input, File):
@@ -175,12 +177,12 @@ class GPG(object):
            raise ValueError('Invalid file_input argument type')        

        try:
-            verify = self.verify_file(input_descriptor)
+            verify = self.verify_file(input_descriptor, detached_signature)
            if verify.status == 'no public key':
                # Try to fetch the public key from the keyservers
                try:
                    self.receive_key(verify.key_id)
-                    return self.verify_w_retry(file_input)
+                    return self.verify_w_retry(file_input, detached_signature)
                except KeyFetchingError:
                    return verify
            else:
@@ -188,7 +190,7 @@ class GPG(object):
        except IOError:
            return False

-    def verify_file(self, file_input):
+    def verify_file(self, file_input, detached_signature=None):
        """
        Verify the signature of a file.
        """
@@ -199,7 +201,17 @@ class GPG(object):
        else:
            raise ValueError('Invalid file_input argument type')
        
-        verify = self.gpg.verify_file(descriptor)
+        if detached_signature:
+            # Save the original data and invert the argument order
+            # Signature first, file second
+            file_descriptor, filename = tempfile.mkstemp(prefix='django_gpg')
+            file_data = file_input.read()
+            file_input.close()
+            os.write(file_descriptor, file_data)
+            os.close(file_descriptor)
+            verify = self.gpg.verify_file(detached_signature, data_filename=filename)
+        else:
+            verify = self.gpg.verify_file(descriptor)
        descriptor.close()
        
        if verify: