def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName):
"""Given a COSE algorithm ('ES256', 'ES384', 'ES512') and an issuer
name, returns a (algorithm id, pykey.ECCKey, encoded certificate)
triplet for use with coseSig.
"""
if coseAlgorithm == 'ES256':
keyName = 'secp256r1'
algId = ES256
elif coseAlgorithm == 'ES384':
keyName = 'secp384r1'
algId = ES384
elif coseAlgorithm == 'ES512':
keyName = 'secp521r1' # COSE uses the hash algorithm; this is the curve
algId = ES512
else:
raise UnknownCOSEAlgorithmError(coseAlgorithm)
key = pykey.ECCKey(keyName)
certSpecification = 'issuer:%s\n' % issuerName + \
'subject: xpcshell signed app test signer\n' + \
'subjectKey:%s\n' % keyName + \
'extension:keyUsage:digitalSignature'
certSpecificationStream = StringIO.StringIO()
print >> certSpecificationStream, certSpecification
certSpecificationStream.seek(0)
cert = pycert.Certificate(certSpecificationStream)
return (algId, key, cert.toDER())
def getCert(subject, keyName, issuerName, ee, issuerKey=""):
"""Helper function to create an X509 cert from a specification.
Takes the subject, the subject key name to use, the issuer name,
a bool whether this is an EE cert or not, and optionally an issuer key
name."""
certSpecification = (
"issuer:%s\n" % issuerName
+ "subject:"
+ subject
+ "\n"
+ "subjectKey:%s\n" % keyName
)
if ee:
certSpecification += "extension:keyUsage:digitalSignature"
else:
certSpecification += (
"extension:basicConstraints:cA,\n"
+ "extension:keyUsage:cRLSign,keyCertSign"
)
if issuerKey:
certSpecification += "\nissuerKey:%s" % issuerKey
certSpecificationStream = StringIO()
print(certSpecification, file=certSpecificationStream)
certSpecificationStream.seek(0)
return pycert.Certificate(certSpecificationStream)
def __init__(self, paramStream):
self.sha1 = ''
self.sha256 = ''
signerSpecification = StringIO.StringIO()
readingSignerSpecification = False
for line in paramStream.readlines():
if readingSignerSpecification:
print >> signerSpecification, line.strip()
elif line.strip() == 'signer:':
readingSignerSpecification = True
elif line.startswith('sha1:'):
self.sha1 = line.strip()[len('sha1:'):]
elif line.startswith('sha256:'):
self.sha256 = line.strip()[len('sha256:'):]
else:
raise UnknownDirectiveError(line.strip())
signerSpecification.seek(0)
self.signer = pycert.Certificate(signerSpecification)
self.signingKey = pykey.keyFromSpecification('default')
def getCert(subject, keyName, issuerName, ee, issuerKey=""):
"""Helper function to create an X509 cert from a specification.
Takes the subject, the subject key name to use, the issuer name,
a bool whether this is an EE cert or not, and optionally an issuer key
name."""
certSpecification = 'issuer:%s\n' % issuerName + \
'subject:' + subject + '\n' + \
'subjectKey:%s\n' % keyName
if ee:
certSpecification += 'extension:keyUsage:digitalSignature'
else:
certSpecification += 'extension:basicConstraints:cA,\n' + \
'extension:keyUsage:cRLSign,keyCertSign'
if issuerKey:
certSpecification += '\nissuerKey:%s' % issuerKey
certSpecificationStream = StringIO.StringIO()
print >> certSpecificationStream, certSpecification
certSpecificationStream.seek(0)
return pycert.Certificate(certSpecificationStream)
def __init__(self, paramStream):
self.sha1 = ""
self.sha256 = ""
signerSpecification = StringIO()
readingSignerSpecification = False
for line in paramStream.readlines():
if readingSignerSpecification:
print(line.strip(), file=signerSpecification)
elif line.strip() == "signer:":
readingSignerSpecification = True
elif line.startswith("sha1:"):
self.sha1 = line.strip()[len("sha1:"):]
elif line.startswith("sha256:"):
self.sha256 = line.strip()[len("sha256:"):]
else:
raise UnknownDirectiveError(line.strip())
signerSpecification.seek(0)
self.signer = pycert.Certificate(signerSpecification)
self.signingKey = pykey.keyFromSpecification("default")