Exemple #1
0
def sign(jar_file, cert_file, key_file, key_alias, extra_certs=None, digest=None):
    """
    Signs the jar (almost) identically to jarsigner.
    """

    from .crypto import private_key_type

    jar = ZipFile(jar_file, "a")
    if "META-INF/MANIFEST.MF" not in jar.namelist():
        print "META-INF/MANIFEST.MF not found in %s" % jar_file
        return 1

    mf = Manifest()
    mf.parse(jar.read("META-INF/MANIFEST.MF"))

    # create a signature manifest, and make it match the line separator
    # style of the manifest it'll be digesting.
    sf = SignatureManifest(linesep=mf.linesep)

    sf_digest_algorithm = "SHA-256"
    sf.digest_manifest(mf, sf_digest_algorithm)
    jar.writestr("META-INF/%s.SF" % key_alias, sf.get_data())

    sig_digest_algorithm = sf_digest_algorithm  # No point to make it different
    sig_block_extension = private_key_type(key_file)

    jar.writestr("META-INF/%s.%s" % (key_alias, sig_block_extension),
        sf.get_signature(cert_file, key_file, extra_certs, sig_digest_algorithm))

    return 0
Exemple #2
0
def cli_sign_jar(options, jar_file, cert_file, key_file, key_alias):
    """
    Signs the jar (almost) identically to jarsigner.
    """

    from .crypto import private_key_type, CannotFindKeyTypeError

    jar = ZipFile(jar_file, "a")
    if not "META-INF/MANIFEST.MF" in jar.namelist():
        print "META-INF/MANIFEST.MF not found in %s" % jar_file
        return 1

    try:
        sig_block_extension = private_key_type(key_file)
    except CannotFindKeyTypeError:
        print "Cannot determine private key type (is it in PEM format?)"
        return 1

    mf = Manifest()
    mf.parse(jar.read("META-INF/MANIFEST.MF"))

    # create a signature manifest, and make it match the line separator
    # style of the manifest it'll be digesting.
    sf = SignatureManifest(linesep=mf.linesep)

    sf_digest_algorithm = "SHA-256"
    if options and options.digest:
        sf_digest_algorithm = options.digest
    sf.digest_manifest(mf, sf_digest_algorithm)
    jar.writestr("META-INF/%s.SF" % key_alias, sf.get_data())

    sig_digest_algorithm = sf_digest_algorithm  # No point to make it different
    jar.writestr("META-INF/%s.%s" % (key_alias, sig_block_extension),
        sf.get_signature(cert_file, key_file, sig_digest_algorithm))

    return 0