def set_signature(self,
acts,
key_path=None,
chain_paths=misc.EmptyI,
chash_dir=None):
"""Sets the signature value for this action.
The 'acts' parameter is the iterable of actions this action
should sign.
The 'key_path' parameter is the path to the file containing the
private key which is used to sign the actions.
The 'chain_paths' parameter is an iterable of paths to
certificates which are needed to form the chain of trust from
the certificate associated with the key in 'key_path' to one of
the CAs for the publisher of the actions.
The 'chash_dir' parameter is the temporary directory to use
while calculating the compressed hashes for chain certs."""
# Turning this into a list makes debugging vastly more
# tractable.
acts = list(acts)
# If key_path is None, then set value to be the hash
# of the actions.
if key_path is None:
# If no private key is set, then no certificate should
# have been given.
assert self.data is None
dgst = m2.EVP.MessageDigest(self.hash_alg)
res = dgst.update(
self.actions_to_str(acts, generic.Action.sig_version))
assert res == 1, \
"Res was expected to be 1, it was {0}".format(res)
self.attrs["value"] = \
misc.binary_to_hex(dgst.final())
else:
# If a private key is used, then the certificate it's
# paired with must be provided.
assert self.data is not None
self.__set_chain_certs_data(chain_paths, chash_dir)
try:
priv_key = m2.RSA.load_key(key_path)
except m2.RSA.RSAError:
raise apx.BadFileFormat(
_("{0} was expected to "
"be a RSA key but could not be read "
"correctly.").format(key_path))
signer = m2.EVP.PKey(md=self.hash_alg)
signer.assign_rsa(priv_key, 1)
del priv_key
signer.sign_init()
signer.sign_update(
self.actions_to_str(acts, generic.Action.sig_version))
self.attrs["value"] = \
misc.binary_to_hex(signer.sign_final())
def set_signature(self, acts, key_path=None, chain_paths=misc.EmptyI,
chash_dir=None):
"""Sets the signature value for this action.
The 'acts' parameter is the iterable of actions this action
should sign.
The 'key_path' parameter is the path to the file containing the
private key which is used to sign the actions.
The 'chain_paths' parameter is an iterable of paths to
certificates which are needed to form the chain of trust from
the certificate associated with the key in 'key_path' to one of
the CAs for the publisher of the actions.
The 'chash_dir' parameter is the temporary directory to use
while calculating the compressed hashes for chain certs."""
# Turning this into a list makes debugging vastly more
# tractable.
acts = list(acts)
# If key_path is None, then set value to be the hash
# of the actions.
if key_path is None:
# If no private key is set, then no certificate should
# have been given.
assert self.data is None
dgst = m2.EVP.MessageDigest(self.hash_alg)
res = dgst.update(self.actions_to_str(acts,
generic.Action.sig_version))
assert res == 1, \
"Res was expected to be 1, it was %s" % res
self.attrs["value"] = \
misc.binary_to_hex(dgst.final())
else:
# If a private key is used, then the certificate it's
# paired with must be provided.
assert self.data is not None
self.__set_chain_certs_data(chain_paths, chash_dir)
try:
priv_key = m2.RSA.load_key(key_path)
except m2.RSA.RSAError:
raise apx.BadFileFormat(_("%s was expected to "
"be a RSA key but could not be read "
"correctly.") % key_path)
signer = m2.EVP.PKey(md=self.hash_alg)
signer.assign_rsa(priv_key, 1)
del priv_key
signer.sign_init()
signer.sign_update(self.actions_to_str(acts,
generic.Action.sig_version))
self.attrs["value"] = \
misc.binary_to_hex(signer.sign_final())
def hexdigest(self):
"""Return hexadecimal digest of the strings passed to the update()
method so far."""
# import goes here to prevent circular import
from pkg.misc import binary_to_hex
return binary_to_hex(self.digest())
def set_signature(self,
acts,
key_path=None,
chain_paths=misc.EmptyI,
chash_dir=None):
"""Sets the signature value for this action.
The 'acts' parameter is the iterable of actions this action
should sign.
The 'key_path' parameter is the path to the file containing the
private key which is used to sign the actions.
The 'chain_paths' parameter is an iterable of paths to
certificates which are needed to form the chain of trust from
the certificate associated with the key in 'key_path' to one of
the CAs for the publisher of the actions.
The 'chash_dir' parameter is the temporary directory to use
while calculating the compressed hashes for chain certs."""
# Turning this into a list makes debugging vastly more
# tractable.
acts = list(acts)
# If key_path is None, then set value to be the hash
# of the actions.
if key_path is None:
# If no private key is set, then no certificate should
# have been given.
assert self.data is None
h = hashlib.new(self.hash_alg)
h.update(
misc.force_bytes(
self.actions_to_str(acts, generic.Action.sig_version)))
self.attrs["value"] = h.hexdigest()
else:
# If a private key is used, then the certificate it's
# paired with must be provided.
assert self.data is not None
self.__set_chain_certs_data(chain_paths, chash_dir)
try:
with open(key_path, "rb") as f:
priv_key = serialization.load_pem_private_key(
f.read(), password=None, backend=default_backend())
except ValueError:
raise apx.BadFileFormat(
_("{0} was expected to "
"be a RSA key but could not be read "
"correctly.").format(key_path))
hhash = self.__get_hash_by_name(self.hash_alg)
signer = priv_key.signer(padding.PKCS1v15(), hhash())
signer.update(
misc.force_bytes(
self.actions_to_str(acts, generic.Action.sig_version)))
self.attrs["value"] = \
misc.binary_to_hex(signer.finalize())
