Beispiel #1
0
    def command(cls, args, data=None, expect_err=False):
        """ Given array of args, and optionally data to write,
            return results of openssl command.
            Some commands always write something to stderr, so allow
            for that with the expect_err param. """
        cmd = [OPENSSL] + args
        cmd_str = ' '.join(cmd)
        log.debug('running openssl command ' + cmd_str)
        proc = subprocess.Popen(cmd,
                                stdin=subprocess.PIPE,
                                stderr=subprocess.PIPE,
                                stdout=subprocess.PIPE)
        if data is not None:
            proc.stdin.write(data)
        out, err = proc.communicate()

        if not expect_err:
            if err is not None and err != '':
                log.error("Command `{0}` returned error:\n{1}".format(cmd_str, err))

        if proc.returncode != 0:
            msg = "openssl command `{0}` failed, see log for error".format(cmd_str)
            raise OpenSslFailure(msg)

        if expect_err:
            return (out, err)
        else:
            return out
Beispiel #2
0
 def sign(self, data):
     """ sign data, return filehandle """
     cmd = [
         "cms", "-sign", "-binary", "-nosmimecap", "-certfile",
         self.apple_cert_file, "-signer", self.signer_cert_file, "-inkey",
         self.signer_key_file, "-keyform", "pem", "-outform", "DER"
     ]
     signature = openssl_command(cmd, data)
     # in some cases we've seen this return a zero length file.
     # Misconfigured machines?
     if len(signature) < 128:
         too_small_msg = "Command `{0}` returned success, but signature "
         "seems too small ({1} bytes)"
         raise OpenSslFailure(
             too_small_msg.format(' '.join(cmd), len(signature)))
     return signature