From 116b1352b6435f57c46bdcf1d029c78e75b78d1d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 29 Nov 2019 19:16:05 +0000
Subject: [PATCH] location-downloader: Verify the database after download

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/python/location-downloader.in | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/python/location-downloader.in b/src/python/location-downloader.in
index 4fdf404..f0acb23 100644
--- a/src/python/location-downloader.in
+++ b/src/python/location-downloader.in
@@ -145,7 +145,7 @@ class Downloader(object):
 
 		return res
 
-	def download(self, url, timestamp=None, **kwargs):
+	def download(self, url, public_key, timestamp=None, **kwargs):
 		headers = {}
 
 		if timestamp:
@@ -197,7 +197,7 @@ class Downloader(object):
 
 				else:
 					# Check if the downloaded database is recent
-					if not self._check_database(t, timestamp):
+					if not self._check_database(t, public_key, timestamp):
 						log.warning("Downloaded database is outdated. Trying next mirror...")
 
 						# Throw away the data and try again
@@ -209,7 +209,7 @@ class Downloader(object):
 
 		raise FileNotFoundError(url)
 
-	def _check_database(self, f, timestamp=None):
+	def _check_database(self, f, public_key, timestamp=None):
 		"""
 			Checks the downloaded database if it can be opened,
 			verified and if it is recent enough
@@ -226,6 +226,12 @@ class Downloader(object):
 			"%a, %d %b %Y %H:%M:%S GMT", time.gmtime(db.created_at),
 		)))
 
+		# Verify the database
+		with open(public_key, "r") as f:
+			if not db.verify(f):
+				log.error("Could not verify database")
+				return False
+
 		return True
 
 
@@ -252,6 +258,11 @@ class CLI(object):
 			default="@databasedir@/database.db", help=_("Path to database"),
 		)
 
+		# public key
+		parser.add_argument("--public-key", "-k",
+			default="@databasedir@/signing-key.pem", help=_("Public Signing Key"),
+		)
+
 		# Update
 		update = subparsers.add_parser("update", help=_("Update database"))
 		update.set_defaults(func=self.handle_update)
@@ -307,7 +318,8 @@ class CLI(object):
 
 		# Try downloading a new database
 		try:
-			t = self.downloader.download(DATABASE_FILENAME, timestamp=timestamp)
+			t = self.downloader.download(DATABASE_FILENAME,
+				public_key=ns.public_key, timestamp=timestamp)
 
 		# If no file could be downloaded, log a message
 		except FileNotFoundError as e:
-- 
2.39.2