tools: Correct insert keys behavior on pem files

Insert keys would erroneously process pem files with openssl headers in them. Also, the tool would be fooled into attempting to use pem files that had private keys and other things in the format. This patch strengthens the formatting requirements and increases the verboseness of error messages when processing pem files. Change-Id: I03353faaa641233a000d1a18943024ae47c63e0f
2013-10-06 18:32:05 -04:00 · 2013-10-06 18:32:05 -04:00 · 1ecb4e8ad1
commit 1ecb4e8ad1
parent ec7d39ba16
1 changed files with 54 additions and 8 deletions
--- a/tools/insertkeys.py
+++ b/tools/insertkeys.py
@ -34,19 +34,65 @@ class GenerateKeys(object):

        pkFile = open(path, 'rb').readlines()
        base64Key = ""
+        lineNo = 1
+        certNo = 1
        inCert = False
        for line in pkFile:
-            if line.startswith("-"):
-                inCert = not inCert
-                continue
+            line = line.strip()
+            # Are we starting the certificate?
+            if line.startswith("-----BEGIN CERTIFICATE-----"):
+                if inCert:
+                    sys.exit("Encountered another BEGIN CERTIFICATE without END CERTIFICATE on " +
+                             "line: " + str(lineNo))

-            base64Key += line.strip()
+                inCert = True

+            # Are we ending the ceritifcate?
+            elif line.startswith("-----END CERTIFICATE-----"):
+                if not inCert:
+                    sys.exit("Encountered END CERTIFICATE before BEGIN CERTIFICATE on line: "
+                            + str(lineNo))
+
+                # If we ended the certificate trip the flag
+                inCert = False
+
+                # Sanity check the input
+                if len(base64Key) == 0:
+                    sys.exit("Empty certficate , certificate "+ str(certNo) + " found in file: "
+                            + path)
+
+                # ... and append the certificate to the list
                # Base 64 includes uppercase. DO NOT tolower()
                self._base64Key.append(base64Key)
-
-        # Pkgmanager and setool see hex strings with lowercase, lets be consistent.
+                try:
+                    # Pkgmanager and setool see hex strings with lowercase, lets be consistent
                    self._base16Key.append(base64.b16encode(base64.b64decode(base64Key)).lower())
+                except TypeError:
+                    sys.exit("Invalid certificate, certificate "+ str(certNo) + " found in file: "
+                            + path)
+
+                # After adding the key, reset the accumulator as pem files may have subsequent keys
+                base64Key=""
+
+                # And increment your cert number
+                certNo = certNo + 1
+
+            # If we haven't started the certificate, then we should not encounter any data
+            elif not inCert:
+                sys.exit("Detected erroneous line \""+ line + "\" on " + str(lineNo)
+                        + " in pem file: " + path)
+
+            # else we have started the certicate and need to append the data
+            elif inCert:
+                base64Key += line
+
+            else:
+                # We should never hit this assert, if we do then an unaccounted for state
+                # was entered that was NOT addressed by the if/elif statements above
+                assert(False == True)
+
+            # The last thing to do before looping up is to increment line number
+            lineNo = lineNo + 1

    def __len__(self):
        return len(self._base16Key)